[j-nsp] ssh (cli?) differences in 6.4R2.

Carl Hayter hayter at usc.edu
Tue Nov 16 15:37:12 EST 2004

> ssh user at 6.4-router "edit ; set policy-options prefix-list FUBAR 
> ; commit"

You don't want to rely on this.  For certain combinations of filter
complexity, prefix-list length and frequency of updates JUNOS has
problems with some part of the filter compilation/download process
that will leave your router in a state where it is unable to
modify the filters.  The only way to regain the ability to change
the filter is to reload/failover.  So, if you do this, don't do it
often and cross your fingers before you hit Enter.

Carl Hayter

On Tue, Nov 16, 2004 at 08:00:57AM +0100, Scott A. McIntyre wrote:
> Hello,
> After recently upgrading a M160 from 5.7 to 6.4R2 we've noticed a change in 
> behaviour that we're not sure is associated with the process of upgrading, 
> or a configuration change in how SSH and the CLI behaves.
> The issue is that previously we could invoke CLI commands via a ssh 
> session, chaining commands together with ";" to perform a series of 
> actions.  For example:
> ssh user at 6.4-router "edit ; set policy-options prefix-list FUBAR 
> ; commit"
> However, with 6.4R2 any attempt to submit a command with the SSH login 
> request is not sent to the JunOS cli but directly to the shell (apparently 
> because sh -c is invoked by default):
> ssh scott at 6.4-router "id"
> uid=2007(scott) gid=20(staff) groups=20(staff), 0(wheel), 10(field), 
> 11(floppy)
> Whilst we can invoke the cli by making the command to run "cli" we lose the 
> ability to chain commands together.
> On any other version of JunOS we have (5.7 -> 6.4R1):
> ssh scott at 5.7-router "id"
> error: unknown command: id
> (As it's at the CLI level).
> Note that this behaviour is only seen when you include a command to execute 
> with the SSH request; with no command you end up at the normal JunOS CLI 
> prompt (not the shell).
> What is the right way to make this the default so that ssh sessions 
> inclusive of commands to execute are done at the CLI level, and not sent 
> through /bin/sh?
> Thanks,
> Scott A. McIntyre
> XS4ALL Internet B.V.
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> http://puck.nether.net/mailman/listinfo/juniper-nsp
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 185 bytes
Desc: not available
Url : https://puck.nether.net/pipermail/juniper-nsp/attachments/20041116/36558c70/attachment.bin

More information about the juniper-nsp mailing list