EEM Applet SSH won't get passed Enable Prompt

Cory Anderson · ‎04-28-2015

Hi All,

I'm not sure what the issue is, but I've created an SSH Applet to log into an ASA from an ISR. If I debug, I see that it logs in, and sends "enable" but never gets a "Password:" response.

Here's the script:

event manager applet FIREWALL

event action timer watchdog time 60

action 1.0 cli command "enable"

action 2.0 cli command "ssh -l username 1.1.1.1" pattern "assword:"

action 3.0 cli command "SecretPassword00**" pattern ">"

action 4.0 cli command "enable" pattern "assword:"

action 5.0 cli command "enablePassword123!@#" pattern "#"

action 6.0 cli command "show conn address 2.2.2.2"

action 7.0 cli command "exit"

action 8.0 cli command "exit"

I believe these are all the relevant logs.

%HA_EM-6-LOG: FIREWALL : DEBUG(cli_lib) : : OUT : FIREWALL>

%HA_EM-6-LOG: FIREWALL : DEBUG(cli_lib) : : IN : enable

%HA_EM-6-LOG: FIREWALL : DEBUG(cli_lib) : : CTL : cli_close called

Joe Clarke · ‎04-29-2015

You might try relaxing the pattern. Maybe try .* to see what you get. Of course, you should run through this exact thing manually from the router to see exactly what you see at each step.

Cory Anderson · ‎04-29-2015

Hi Joseph! Thanks for the response. I changed the pattern from line 4.0 down to "*", but I have the same results. I even tried removing the patterns with no change.

Joe Clarke · ‎04-29-2015

A * by itself is wrong. You need to use ".*". But have you tried these same sequence of commands manually from the same router? Are the prompts what you expect?