[j-nsp] NETCONF in Junos
Stepan Kucherenko
twh at megagroup.ru
Tue Dec 22 11:25:37 EST 2015
Sometimes it does strange stuff with SSH internally though. Example:
Let's say I do " show route table ?" at a router.
Logs show:
mgd[62935]: UI_CHILD_START: Starting child '/bin/sh'
mgd[68498]: UI_AUTH_EVENT: Authenticated user 'root' at permission level 'super-user'
mgd[68498]: UI_LOGIN_EVENT: User 'root' login, class 'super-user' [68498], ssh-connection '<my PC address> 60259 <router address> 22', client-mode 'cli'
mgd[68498]: UI_CMDLINE_READ_LINE: User 'root', command 'show route summary | display xml | grep table-name '
mgd[68498]: UI_LOGOUT_EVENT: User 'root' logout
mgd[62935]: UI_CHILD_STATUS: Cleanup child '/bin/sh', PID 68494, status 0
Obviously I don't login under root, but somehow my CLI spawns a shell, then sshes to itself under root (?) using my credentials (?) to do a single command. Then it logs out. Every time I request something about route tables.
I'm still puzzled why it can't do that in my CLI session.
On 21.12.2015 12:04, Matt Bernstein via juniper-nsp wrote:
> On 21/12/2015 08:57, Martin T wrote:
>> Thanks! So as I understand, the general idea is that it doesn't matter
>> much for Junos if the command is executed in the CLI or from the
>> remote(management server) NETCONF manager, i.e. Junos is basically
>> built around the NETCONF? However, local calls(for example if one
>> executes "show version" in Junos CLI) do not travel internally over
>> SSH as remote calls would, do they?
> Yes. the Junos CLI can itself be considered a (really nice) NETCONF
> wrapper. It makes me idly wish other vendors' NETCONF implementations
> were good enough that the Junos CLI could be used on them!
>
> I doubt the CLI uses SSH internally, but I suppose it wouldn't really
> matter if it did.
>
> Matt
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
More information about the juniper-nsp
mailing list