I have been thinking about putting together a looking glass site on my network and have looked at Ed Kern's (DIGEX) html and perl script but do not want to enable rsh (anywhere) and do not want to reinvent the wheel if not necessary. Has anyone seen an updated script written to use other access means like telnet or ssh to exchange CLI/commands and results with an IOS router? ---------------------------------------------- Don Simpson ----------------------------------------------
Mon, Mar 12, 2001 at 03:18:17PM -0600, Don Simpson:
I have been thinking about putting together a looking glass site on my network and have looked at Ed Kern's (DIGEX) html and perl script but do not want to enable rsh (anywhere) and do not want to reinvent the wheel if not necessary. Has anyone seen an updated script written to use other access means like telnet or ssh to exchange CLI/commands and results with an IOS router?
www.shrubbery.net/rancid comes with such a implementation of ed's LG.
I have been thinking about putting together a looking glass site on my network and have looked at Ed Kern's (DIGEX) html and perl script but do not want to enable rsh (anywhere) and do not want to reinvent the wheel if not necessary. Has anyone seen an updated script written to use other access means like telnet or ssh to exchange CLI/commands and results with an IOS router?
---------------------------------------------- Don Simpson ----------------------------------------------
http://www.cctec.com/maillists/nanog/historical/9710/msg00223.html We're using a variation of this one on our internal LG pages. Works quite well, and at least fits your "telnet" requirement. JT
I have been thinking about putting together a looking glass site on my network and have looked at Ed Kern's (DIGEX) html and perl script but do not want to enable rsh (anywhere) and do not want to reinvent the wheel if not necessary. Has anyone seen an updated script written to use other access means like telnet or ssh to exchange CLI/commands and results with an IOS router?
A seriously whacked but also rather minimalistic version which uses perl's telnet module can be found on ftp://ftp.nordu.net/nordunet/lg.tar.gz ...all 4K of it... Regards, - HÃ¥vard
On Mon, 12 Mar 2001, Don Simpson wrote: I have posted a list of such resources a while back (you can either look it up in the archives, or I'll send it to you in private). About your concerns, I don't think automated telnet/ssh access (using some script, which means you'll be storing the password for access somewhere on the disk, either as a different file, or as a part of the code) is more secure than rsh to a router with privilege level 1 (you can create a user, and using the aaa new-model authentication model, you can create a privilege level for that user, specifying exactly what commands that user is allowed to use) for example. --Ariel
I have been thinking about putting together a looking glass site on my network and have looked at Ed Kern's (DIGEX) html and perl script but do not want to enable rsh (anywhere) and do not want to reinvent the wheel if not necessary. Has anyone seenan updated script written to use other access means like telnet or ssh to exchange CLI/commands and results with an IOS router?
---------------------------------------------- Don Simpson ----------------------------------------------
-- Ariel Biener e-mail: ariel@post.tau.ac.il PGP(6.5.8) public key http://www.tau.ac.il/~ariel/pgp.html
Hi Ariel If you really want to get paranoid - give the rsh privilege level 0 & then you really get to specify exactly what IOS commands can be run by the Looking Glass Regards Rafi P.S. AFAIK Cisco IOS SSH will only do telnet/rlogin type sessions - not single commands - for the really paranoid set up the telnet/rsh connection over encrypted IPSEC ;-) On Tue, 13 Mar 2001, Ariel Biener wrote:
On Mon, 12 Mar 2001, Don Simpson wrote:
I have posted a list of such resources a while back (you can either look it up in the archives, or I'll send it to you in private).
About your concerns, I don't think automated telnet/ssh access (using some script, which means you'll be storing the password for access somewhere on the disk, either as a different file, or as a part of the code) is more secure than rsh to a router with privilege level 1 (you can create a user, and using the aaa new-model authentication model, you can create a privilege level for that user, specifying exactly what commands that user is allowed to use) for example.
--Ariel
I have been thinking about putting together a looking glass site on my network and have looked at Ed Kern's (DIGEX) html and perl script but do not want to enable rsh (anywhere) and do not want to reinvent the wheel if not necessary. Has anyone seenan updated script written to use other access means like telnet or ssh to exchange CLI/commands and results with an IOS router?
---------------------------------------------- Don Simpson ----------------------------------------------
-- Ariel Biener e-mail: ariel@post.tau.ac.il PGP(6.5.8) public key http://www.tau.ac.il/~ariel/pgp.html
participants (6)
-
Ariel Biener
-
Don Simpson
-
Havard Eidnes
-
john heasley
-
John Todd
-
Rafi Sadowsky