[j-nsp] ssh (cli?) differences in 6.4R2.

Eli Dart dart at nersc.gov
Tue Nov 16 15:59:58 EST 2004


In reply to Carl Hayter <hayter at usc.edu> :

> 
> > ssh user at 6.4-router "edit ; set policy-options prefix-list FUBAR 1.2.3.4/=
> 32=20
> > ; commit"
> 
> You don't want to rely on this.  For certain combinations of filter
> complexity, prefix-list length and frequency of updates JUNOS has
> problems with some part of the filter compilation/download process
> that will leave your router in a state where it is unable to
> modify the filters.  The only way to regain the ability to change
> the filter is to reload/failover.  So, if you do this, don't do it
> often and cross your fingers before you hit Enter.

Hmmm....is this the memory leak in the PFE?  I thought that had been 
fixed....

		--eli


> 
> ----
> Carl Hayter
> 
> On Tue, Nov 16, 2004 at 08:00:57AM +0100, Scott A. McIntyre wrote:
> > Hello,
> >=20
> > After recently upgrading a M160 from 5.7 to 6.4R2 we've noticed a change =
> in=20
> > behaviour that we're not sure is associated with the process of upgrading=
> ,=20
> > or a configuration change in how SSH and the CLI behaves.
> >=20
> > The issue is that previously we could invoke CLI commands via a ssh=20
> > session, chaining commands together with ";" to perform a series of=20
> > actions.  For example:
> >=20
> > ssh user at 6.4-router "edit ; set policy-options prefix-list FUBAR 1.2.3.4/=
> 32=20
> > ; commit"
> >=20
> > However, with 6.4R2 any attempt to submit a command with the SSH login=20
> > request is not sent to the JunOS cli but directly to the shell (apparentl=
> y=20
> > because sh -c is invoked by default):
> >=20
> > ssh scott at 6.4-router "id"
> >=20
> > uid=3D2007(scott) gid=3D20(staff) groups=3D20(staff), 0(wheel), 10(field)=
> ,=20
> > 11(floppy)
> >=20
> > Whilst we can invoke the cli by making the command to run "cli" we lose t=
> he=20
> > ability to chain commands together.
> >=20
> > On any other version of JunOS we have (5.7 -> 6.4R1):
> >=20
> > ssh scott at 5.7-router "id"
> >=20
> > error: unknown command: id
> >=20
> > (As it's at the CLI level).
> >=20
> > Note that this behaviour is only seen when you include a command to execu=
> te=20
> > with the SSH request; with no command you end up at the normal JunOS CLI=
> =20
> > prompt (not the shell).
> >=20
> > What is the right way to make this the default so that ssh sessions=20
> > inclusive of commands to execute are done at the CLI level, and not sent=
> =20
> > through /bin/sh?
> >=20
> > Thanks,
> >=20
> > Scott A. McIntyre
> > XS4ALL Internet B.V.
> >=20
> > _______________________________________________
> > juniper-nsp mailing list juniper-nsp at puck.nether.net
> > http://puck.nether.net/mailman/listinfo/juniper-nsp
> 
> --2uQJ4X0rBgtQpAza
> Content-Type: application/pgp-signature
> Content-Disposition: inline
> 
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.2 (SunOS)
> 
> iD8DBQFBmmT4jSUgp1gR7V8RAiH5AKCT8nkmgyVXvjLo3Q/YmyUzwVlzLQCfbjdT
> 7D+ZsvuolY+MqLJjA2QlmFc=
> =NSjl
> -----END PGP SIGNATURE-----
> 
> --2uQJ4X0rBgtQpAza--
> 
> --===============0443775494==
> Content-Type: text/plain; charset="us-ascii"
> MIME-Version: 1.0
> Content-Transfer-Encoding: 7bit
> Content-Disposition: inline
> 
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> http://puck.nether.net/mailman/listinfo/juniper-nsp
> 
> --===============0443775494==--
> 


-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 224 bytes
Desc: not available
Url : https://puck.nether.net/pipermail/juniper-nsp/attachments/20041116/aa52a69a/attachment.bin


More information about the juniper-nsp mailing list