Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

EEM - SSH to ASA and issue commands?

Hi all.

I'm using EEM running on a 3750 running 12.2(55)SEE9 to monitor up/down status of a server. If the server goes down (icmp-echo ipsla fails), I'd like to SSH into an ASA running 9.1(5) and issue a change to the NAT configuration so that the outside global NAT points to a different (still up) server.

The issue is that when the EEM applet executes, it hangs after logging in.

If this post provides any clues, it seems to have something to do with the ASA handles non-interactive SSH input: http://blog.ipspace.net/2008/01/telnetssh-session-cannot-be-started.html

Specifically, it seems that EEM isn't able to successfully pass a newline/carriage return with the action cli command, e.g.:

action 1.0 cli command "enable" pattern "#"

action 2.0 cli command "ssh -l admin <ASA-IP>" pattern "word:"

action 3.0 cli command "Cisco123" pattern "#"

action 4.0 cli command "enable" pattern "#"

action 5.0 cli command "no nat ... " etc.

 

In this example, I get through the password and then EEM hangs on "enable"

I've tried passing the newline character along with the command (I've tried both \012 and \x0a) and in neither case does the ASA seem to take it.

Running an EEM applet to SSH into any other IOS switch or router doesn't give me issues. It's only when I try to log into the ASA.

 

Does anyone know of a way to get SSH to work with an ASA through EEM?

 

Thanks!

Justin

1 ACCEPTED SOLUTION

Accepted Solutions
New Member

ssh -l admin 192.168.59.12

ssh -l admin 192.168.59.12 "you command" Here is my script for home cisco: event manager applet remote event none action 1.0 cli command "ssh -l admin 192.168.59.12 "clear int dot11radio 0"" pattern "word:" action 1.2 cli command "superpassword" pattern "#"
6 REPLIES
New Member

ssh -l admin 192.168.59.12

ssh -l admin 192.168.59.12 "you command" Here is my script for home cisco: event manager applet remote event none action 1.0 cli command "ssh -l admin 192.168.59.12 "clear int dot11radio 0"" pattern "word:" action 1.2 cli command "superpassword" pattern "#"

rsharmad,Thanks for posting.

rsharmad,

Thanks for posting. Your syntax made me look more closely at the reference post and I finally see how the example is passing the entire command string in as a parameter with the ssh command (after the username and host).

Unfortunately, the way you use quotes doesn't work in my version of EEM (3.2), as the CLI thinks that the second quote is a closure for the first instead of treating the two sets of quotes as inner and outer.

I was able to solve this issue by creating an environment variable for the quote mark and then using that on the ssh command, like this:

event manager environment quote "

event manager applet ASASSH

 event none

 action 1.0 cli command "ssh -l admin 192.168.1.1 $quote clear arp $quote" pattern "word:"

 action 2.0 cli command "superpassword" pattern "#"

 

This worked for me. Thanks for posting!

 

New Member

I would like to do like you

I would like to do like you but running more than one command in the remote device : conf t, interface xxx, shutdown.

Is it possible or I can just do one command with your solution?

Hey Jeremy,

Hey Jeremy,

This is an older thread, so my recall may be inaccurate, but I believe you can pass '\n' (no quotes) into the command string to separate commands onto newlines.

Justin

New Member

Hi Justin,

Hi Justin,

thanks for your quick reply. It's an old thread but the problem is still true.

You mean that for example ? :

 action 1.0 cli command "ssh -l admin 192.168.1.1 $quote conf t \n int do0 \n shut $quote" pattern "word:"

 action 2.0 cli command "superpassword" pattern "#"

Just another question, why do you create an environment variable named quote and you use $quote in the example? 

I can just try this in one week. I'll tell here if it works.

Thanks in advance,

Jeremy,

Jeremy,

You'll have to play with it, but yes, along those lines.

I explained in an earlier post why I had to create a variable for quote. Look at that for an explanation.

Would like to hear how it goes. Please report back. Good luck!

Justin

909
Views
5
Helpful
6
Replies