[j-nsp] ssh (cli?) differences in 6.4R2.

Paul Goyette pgoyette at juniper.net
Tue Nov 16 07:37:30 EST 2004 

Scott,

Your observation is correct.  If "ssh <router> <command text>" is
used, and the <command text> is present, then we start /bin/sh
rather than the JUNOS CLI.  This is done in order to enable some
other functionality (details irrelevant).

Since the ability to pass any <command text> to the router was
never documented, this change did not warrant a release note.
The capability is still unsupported (except for the specific case
for which it was enabled).


-----Original Message-----
From: juniper-nsp-bounces at puck.nether.net
[mailto:juniper-nsp-bounces at puck.nether.net]On Behalf Of Scott A.
McIntyre
Sent: Monday, November 15, 2004 11:01 PM
To: J-nsp
Subject: [j-nsp] ssh (cli?) differences in 6.4R2.


Hello,

After recently upgrading a M160 from 5.7 to 6.4R2 we've noticed a change in
behaviour that we're not sure is associated with the process of upgrading,
or a configuration change in how SSH and the CLI behaves.

The issue is that previously we could invoke CLI commands via a ssh
session, chaining commands together with ";" to perform a series of
actions.  For example:

ssh user at 6.4-router "edit ; set policy-options prefix-list FUBAR 1.2.3.4/32
; commit"

However, with 6.4R2 any attempt to submit a command with the SSH login
request is not sent to the JunOS cli but directly to the shell (apparently
because sh -c is invoked by default):

ssh scott at 6.4-router "id"

uid=2007(scott) gid=20(staff) groups=20(staff), 0(wheel), 10(field),
11(floppy)

Whilst we can invoke the cli by making the command to run "cli" we lose the
ability to chain commands together.

On any other version of JunOS we have (5.7 -> 6.4R1):

ssh scott at 5.7-router "id"

error: unknown command: id

(As it's at the CLI level).

Note that this behaviour is only seen when you include a command to execute
with the SSH request; with no command you end up at the normal JunOS CLI
prompt (not the shell).

What is the right way to make this the default so that ssh sessions
inclusive of commands to execute are done at the CLI level, and not sent
through /bin/sh?

Thanks,

Scott A. McIntyre
XS4ALL Internet B.V.

_______________________________________________
juniper-nsp mailing list juniper-nsp at puck.nether.net
http://puck.nether.net/mailman/listinfo/juniper-nsp

More information about the juniper-nsp mailing list