Passing SSH arguments to SecureCRT [Cisco VIRL]

[laurent prat]

Hi all,

I am using a software from Cisco called VIRL. With this software it is possible to use SecureCRT as an external terminal to SSH and telnet to the different virtual nodes (router,switch,server).

Telnet is working find but SSH is not working as expected. I have the following arguments:

SSH Command: C:\Program Files\VanDyke Software\SecureCRT\SecureCRT.exe

SSH arguments: /N %t /T /SSH2 /P %p %h

That is working find and the above arguments are resolved to the following command for example when trying to SSH to a host:

Opening External Terminal: C:\Program Files\VanDyke Software\SecureCRT\SecureCRT.exe /N lxc-routem-1 /T /SSH2 /P 58178 10.9.100.12

The issue is that 10.9.100.12 is not the final node but a jump host. Actually to reach the final host I need to ssh from the jump host to it with the following command: ssh cisco@HOST-IP.

Actually The Cisco VIRL software is saying the following: "The external terminal app is not currently configured to accept redirect commands. You may add this by using the %r placeholder in the command, or issue the redirect command manually"

So if I add the %r placeholder in the command:

SSH arguments: /N %t /T /SSH2 /P %p %h %r

I can see that the following command is sent to SecureCRT:

Opening External Terminal: C:\Program Files\VanDyke Software\SecureCRT\SecureCRT.exe /N lxc-routem-1 /T /SSH2 /P 58178 10.9.100.12 ssh cisco@10.255.0.72

But nothing happen. The host is 10.255.0.72 in this case. I guess that SecureCRT doesn´t understand the final argument in the SSH command: "ssh cisco@10.255.0.72".

My question is how can I make that work? I hope that I have explained it clearly.

Thanks in advance.
Regards,
Laurent

[bgagnon]

Hi Laurent,

What version of SecureCRT are you using?

You diagnosed the issue correctly. A complete list of supported command-line arguments is found in SecureCRT's Help file under the topics:

• Using the Software / Command-Line Options / Table of Standard Command-Line Options
  
  
• Using the Software / Command-Line Options / Table of Protocol-Specific Command-Line Options

Is the "host" part of the ssh command something you wish to be completely flexible? In other words, I assume you need to ssh to many different hosts from the jump host, correct?

If so, your best option might be just to use a script and pass in the argument for the ssh command.

It is also not clear to me where you are providing the authentication for the jump host. If you have done that via Default Session, and if you only need to ssh to this one host, then that is also how you can send the ssh command. I can expand on that once I have more info.

Did you configure Default Session to authenticate to the jump host? Or is it something you will do from the command-line and you (wisely so) omitted it for this public forum post?

[laurent prat]

Hi Brenda,

Thanks for your reply. I am using version 7.3.5

That is correct.I need to ssh to many different hosts from the jump host.

As for the Jump host authentication I was thinking about using the following command:

/N %t /T /SSH2 /P %p %h /L guest /PASSWORD guest

Then When I choose a host to SSH on the topology, I right click on it and ask for SSH. The following command is then excecuted and the secure CRT client is opened:

C:\Program Files\VanDyke Software\SecureCRT\SecureCRT.exe /N lxc-routem-2 /T /SSH2 /P 34855 10.9.100.12 /L guest /PASSWORD guest

That is working and I get then prompt on the jump host but then I still miss the ssh redirect to the host with the option %r. The host IP address will always change.

Regards,
Laurent

[bgagnon]

Hi Laurent,

So you won't be able to use Logon Actions for the "redirect", but perhaps a simple script where you supply the argument by running it via a button on the button bar (the argument would be the redirected host).

See attached for the mapped button configuration.

And you could actually use that as the logon script (/SCRIPT and /ARG) and launch SecureCRT from the command-line if that more closely matches how you would access the hosts.

[laurent prat]

Hi Brenda,

Perfect, it is now working.

Here is what I have done:

SSH Command: C:\Program Files\VanDyke Software\SecureCRT\SecureCRT.exe

SSH arguments: /SCRIPT "C:\Users\lap\Desktop\ScriptHost.vbs" /N %t /T /SSH2 /P %p %h /L guest /PASSWORD guest /ARG %r

Your script:

crt.Screen.Send vbcr
crt.Screen.WaitForString "$"
crt.Screen.Send crt.Arguments.GetArg(0) & vbcr

Now when I right click on a node and choose SSH, I get directly into the node:

guest@mgmt-COWvBV$ telnet 10.255.0.129
Trying 10.255.0.129...
Connected to 10.255.0.129.
Escape character is '^]'.

!!!OUTPUT OMITTED!!!

User Access Verification

Username:

I have writen the solution into the Cisco VIRL forum also:

http://community.dev-innovate.com/t/...irl-1-0/6134/9

Many thanks for your help! That is amazing that you could help;-)

Regards,
Laurent

[bgagnon]

Hi Laurent,

Great, I am glad to hear you were able to resolve the issue. Thanks for posting the solution here (and in the Cisco forums).


Note that to be super strict as to proper command-line usage, /ARG, being a standard option should come before the "SSH2 commands" which are protocol-specific options.

/SCRIPT "C:\Users\lap\Desktop\ScriptHost.vbs" /N %t /T /ARG %r /SSH2 /P %p %h /L guest /PASSWORD guest

See the SecureCRT Help topic Using the Software / Command-Line Options / Overview of Command-Line Options for info regarding the proper order of the command-line options.

[hooknife]

Quote:

Originally Posted by laurent prat

Hi Brenda,

Perfect, it is now working.

Here is what I have done:

SSH Command: C:\Program Files\VanDyke Software\SecureCRT\SecureCRT.exe

SSH arguments: /SCRIPT "C:\Users\lap\Desktop\ScriptHost.vbs" /N %t /T /SSH2 /P %p %h /L guest /PASSWORD guest /ARG %r

Your script:

crt.Screen.Send vbcr
crt.Screen.WaitForString "$"
crt.Screen.Send crt.Arguments.GetArg(0) & vbcr

Now when I right click on a node and choose SSH, I get directly into the node:

guest@mgmt-COWvBV$ telnet 10.255.0.129
Trying 10.255.0.129...
Connected to 10.255.0.129.
Escape character is '^]'.

!!!OUTPUT OMITTED!!!

User Access Verification

Username:

I have writen the solution into the Cisco VIRL forum also:

http://community.dev-innovate.com/t/...irl-1-0/6134/9

Many thanks for your help! That is amazing that you could help;-)

Regards,
Laurent

Hi Laurent,

Thank you for this - it works great when I connect to a single host at a time. If I try to connect to multiple host at the same time SecureCRT telnets to the same router management address in every tab. Do you have this issue as well? Any ideas?

Here is a SecureCRT forum post I just created outlining the issue - https://forums.vandyke.com/showthrea...6444#post46444

Also, I posted to VIRL's forum as well - https://learningnetwork.cisco.com/message/581677#581677

Any help is much appreciated.

[winstroll]

Hi all,

is there any similar option for Mac OS? .vbs is a windows language.

I'm getting this from console:
Opening External Terminal: /Applications/SecureCRT.app/Contents/MacOS/SecureCRT /N ROUTES_GEN_ALL (Management (via mgmt LXC)) - MDT_JPMC /T /ARG ssh cisco@10.255.1.133 /SSH2 /P 10001 10.62.156.231 /L XXXX /PASSWORD YYYY

But I'm not able to "jump" to the connect and need to put again "ssh cisco@10.255.1.133".

Many thanks

[bgagnon]

Hi winstroll,

I will leave it up to Laurent to answer whether he maybe has a Python version of his script he can share with you, but just in general, the objects, methods and properties related to SecureCRT are the same. You just have to conform to the syntax of your chosen scripting language.

For example, this in VBScript:

Code:

  crt.Screen.Send vbcr
  crt.Screen.WaitForString "$"
  crt.Screen.Send crt.Arguments.GetArg(0) & vbcr

Would be this in Python:

Code:

  crt.Screen.Send("\r")
  crt.Screen.WaitForString("$")
  crt.Screen.Send(crt.Arguments.GetArg(0) + "\r")

The only notable difference is that SendKeys() is not presently supported in Python.

All of SecureCRT's objects, methods and properties are documented in the Help topic Scripting / Script Objects Reference.