[j-nsp] ssh (cli?) differences in 6.4R2.

[Scott A. McIntyre]

Hello,

After recently upgrading a M160 from 5.7 to 6.4R2 we've noticed a change in 
behaviour that we're not sure is associated with the process of upgrading, 
or a configuration change in how SSH and the CLI behaves.

The issue is that previously we could invoke CLI commands via a ssh 
session, chaining commands together with ";" to perform a series of 
actions.  For example:

ssh user at 6.4-router "edit ; set policy-options prefix-list FUBAR 1.2.3.4/32 
; commit"

However, with 6.4R2 any attempt to submit a command with the SSH login 
request is not sent to the JunOS cli but directly to the shell (apparently 
because sh -c is invoked by default):

ssh scott at 6.4-router "id"

uid=2007(scott) gid=20(staff) groups=20(staff), 0(wheel), 10(field), 
11(floppy)

Whilst we can invoke the cli by making the command to run "cli" we lose the 
ability to chain commands together.

On any other version of JunOS we have (5.7 -> 6.4R1):

ssh scott at 5.7-router "id"

error: unknown command: id

(As it's at the CLI level).

Note that this behaviour is only seen when you include a command to execute 
with the SSH request; with no command you end up at the normal JunOS CLI 
prompt (not the shell).

What is the right way to make this the default so that ssh sessions 
inclusive of commands to execute are done at the CLI level, and not sent 
through /bin/sh?

Thanks,

Scott A. McIntyre
XS4ALL Internet B.V.