[j-nsp] ssh (cli?) differences in 6.4R2.
Carl Hayter
hayter at usc.edu
Tue Nov 16 17:59:22 EST 2004
On Tue, Nov 16, 2004 at 12:59:58PM -0800, Eli Dart wrote:
>
> In reply to Carl Hayter <hayter at usc.edu> :
>
> >
> > > ssh user at 6.4-router "edit ; set policy-options prefix-list FUBAR 1.2.3.4/=
> > 32=20
> > > ; commit"
> >
> > You don't want to rely on this. For certain combinations of filter
> > complexity, prefix-list length and frequency of updates JUNOS has
> > problems with some part of the filter compilation/download process
> > that will leave your router in a state where it is unable to
> > modify the filters. The only way to regain the ability to change
> > the filter is to reload/failover. So, if you do this, don't do it
> > often and cross your fingers before you hit Enter.
>
> Hmmm....is this the memory leak in the PFE? I thought that had been
> fixed....
Indeed, the original problem manifested itself in the PFE resulting
in loss of forwarding. I think it was a secondary interaction.
When they fixed that, the MTBF increased and the failure manifested
itself only in the filter update failure.
----
Carl Hayter
>
> --eli
>
>
> >
> > ----
> > Carl Hayter
> >
> > On Tue, Nov 16, 2004 at 08:00:57AM +0100, Scott A. McIntyre wrote:
> > > Hello,
> > >=20
> > > After recently upgrading a M160 from 5.7 to 6.4R2 we've noticed a change =
> > in=20
> > > behaviour that we're not sure is associated with the process of upgrading=
> > ,=20
> > > or a configuration change in how SSH and the CLI behaves.
> > >=20
> > > The issue is that previously we could invoke CLI commands via a ssh=20
> > > session, chaining commands together with ";" to perform a series of=20
> > > actions. For example:
> > >=20
> > > ssh user at 6.4-router "edit ; set policy-options prefix-list FUBAR 1.2.3.4/=
> > 32=20
> > > ; commit"
> > >=20
> > > However, with 6.4R2 any attempt to submit a command with the SSH login=20
> > > request is not sent to the JunOS cli but directly to the shell (apparentl=
> > y=20
> > > because sh -c is invoked by default):
> > >=20
> > > ssh scott at 6.4-router "id"
> > >=20
> > > uid=3D2007(scott) gid=3D20(staff) groups=3D20(staff), 0(wheel), 10(field)=
> > ,=20
> > > 11(floppy)
> > >=20
> > > Whilst we can invoke the cli by making the command to run "cli" we lose t=
> > he=20
> > > ability to chain commands together.
> > >=20
> > > On any other version of JunOS we have (5.7 -> 6.4R1):
> > >=20
> > > ssh scott at 5.7-router "id"
> > >=20
> > > error: unknown command: id
> > >=20
> > > (As it's at the CLI level).
> > >=20
> > > Note that this behaviour is only seen when you include a command to execu=
> > te=20
> > > with the SSH request; with no command you end up at the normal JunOS CLI=
> > =20
> > > prompt (not the shell).
> > >=20
> > > What is the right way to make this the default so that ssh sessions=20
> > > inclusive of commands to execute are done at the CLI level, and not sent=
> > =20
> > > through /bin/sh?
> > >=20
> > > Thanks,
> > >=20
> > > Scott A. McIntyre
> > > XS4ALL Internet B.V.
> > >=20
> > > _______________________________________________
> > > juniper-nsp mailing list juniper-nsp at puck.nether.net
> > > http://puck.nether.net/mailman/listinfo/juniper-nsp
> >
> > --2uQJ4X0rBgtQpAza
> > Content-Type: application/pgp-signature
> > Content-Disposition: inline
> >
> > -----BEGIN PGP SIGNATURE-----
> > Version: GnuPG v1.2.2 (SunOS)
> >
> > iD8DBQFBmmT4jSUgp1gR7V8RAiH5AKCT8nkmgyVXvjLo3Q/YmyUzwVlzLQCfbjdT
> > 7D+ZsvuolY+MqLJjA2QlmFc=
> > =NSjl
> > -----END PGP SIGNATURE-----
> >
> > --2uQJ4X0rBgtQpAza--
> >
> > --===============0443775494==
> > Content-Type: text/plain; charset="us-ascii"
> > MIME-Version: 1.0
> > Content-Transfer-Encoding: 7bit
> > Content-Disposition: inline
> >
> > _______________________________________________
> > juniper-nsp mailing list juniper-nsp at puck.nether.net
> > http://puck.nether.net/mailman/listinfo/juniper-nsp
> >
> > --===============0443775494==--
> >
>
>
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> http://puck.nether.net/mailman/listinfo/juniper-nsp
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 185 bytes
Desc: not available
Url : https://puck.nether.net/pipermail/juniper-nsp/attachments/20041116/9b26d8f9/attachment.bin
More information about the juniper-nsp
mailing list