Welcome to the VanDyke Software Forums

Join the discussion today!


Go Back   VanDyke Software Forums > Scripting

Reply
 
Thread Tools Rate Thread Display Modes
  #1  
Old 09-25-2018, 07:49 AM
vvishnevskiy vvishnevskiy is offline
Registered User
 
Join Date: Oct 2009
Posts: 6
Use variables across sessions

Team,
perhaps this was asked - I am wondering if there is a way to store a variable across sessions (perhaps for as long as securecrt instance is running). For instance, I could collect it in session 1/tab 1, check for its existence in session 2 tab 2 and do something with it if it was set. Thanks
Reply With Quote
  #2  
Old 09-25-2018, 09:34 AM
jdev's Avatar
jdev jdev is offline
VanDyke Technical Support
 
Join Date: Nov 2003
Location: Albuquerque, NM
Posts: 846
There isn't a mechanism native to SecureCRT's Scripting API that would provide you with any easy keep-this-variable-around-for-other-scripts-to-use-as-long-as-SecureCRT-remains-running-and-make-it-available-to-all-scripts-that-could-ever-be-run-inside-of-SecureCRT (TM) functionality.

However, there may be mechanisms available through the script engine you're using that can provide you with this functionality if you desire to implement them.

On which operating system (Windows/Linux/macOS) are you running SecureCRT?

Which version of the OS are you on?

And which version of SecureCRT are you running?

Regarding the variable value you want to store, is it sensitive/private in nature (like a passphrase, password, passcode, token, etc.), or is it merely some data that
you want around for all of your scripts to use in concert?

--Jake
__________________
Jake Devenport
VanDyke Software
Technical Support
YouTube Channel: http://www.youtube.com/vandykesoftware
Email: support@vandyke.com
Web: http://www.vandyke.com/support
Reply With Quote
  #3  
Old 09-25-2018, 08:37 PM
vvishnevskiy vvishnevskiy is offline
Registered User
 
Join Date: Oct 2009
Posts: 6
Use variables across sessions

this is windows and securecrt 8. I am using Python. After the company merger/reorg, the naming scheme for devices is all over the map so I am having a hard time remembering them. So I organized them in functional folders. The target for all is the same jump box. The credential for the jump box are stored within the session. Upon login, I ssh to the device name that I collect from the session name (I do need to make sure that the session name is correct). In a perfect world, I could enter my credential once, store them such that only securecrt and its scripts could access them and use them while securecrt is running.
Example: jump box host name is jump.
All my sessions use that hostname. Once I connect to session \temp\test\blah , the logon script collect my credentials, runs ssh me@blah on the jump box and logs me in. The annoying part is having to enter the credentials all the time. I do have to rely on password and usernames to login.


One possible way I am thinking I can possibly go around this is by using the credentials stored within the session. They happen to be the same ones, but i do not know if api exists to use them in a script.
Thanks
Reply With Quote
  #4  
Old 09-26-2018, 02:18 PM
jdev's Avatar
jdev jdev is offline
VanDyke Technical Support
 
Join Date: Nov 2003
Location: Albuquerque, NM
Posts: 846
Does the Dependent Sessions feature in SecureCRT not work for you?
https://youtu.be/XHOVTuv-LKY
If your jump host supports port forwarding, dependent session utilization would be the way to go.

If your jump host does not support port forwarding, then you should be able to use Logon Actions to access the devices beyond the jump host with your ssh user@2ndHost command.
Such an approach is described here in another forum post.

Do either of these approaches work for you?

If not, can you provide me with details as to the "why" so that I can better understand the feature request(s) that I would need to add specific to your situation?

Thanks!
--Jake
__________________
Jake Devenport
VanDyke Software
Technical Support
YouTube Channel: http://www.youtube.com/vandykesoftware
Email: support@vandyke.com
Web: http://www.vandyke.com/support
Reply With Quote
  #5  
Old 09-26-2018, 08:16 PM
vvishnevskiy vvishnevskiy is offline
Registered User
 
Join Date: Oct 2009
Posts: 6
yes, so I have, in fact, been using it with some success. I think my situation is perhaps a bit unique. The issue is that some our jump boxes do support forwarding (they are actually a load balanced VIP and one never knows where he would end up), some do not. In some cases the jump box gets changed enough that secondary prompt is not static (> vs # vs ~). On top of that different equipment have different prompts (password vs pass code, vs pwd). Some devices (Cisco, Arista) have enable mode, some do not (Juniper). Some have enable mode and drop you there right away some do not. I thought I would write a script that would recognize all or most of these conditions. It is not that hard actually. I call the session using the device name I intend to connect to and use the session name in the ssh command.

I also thought that I could be even more efficient by not having to prompt myself for credentials upon lunching the 2nd, 3rd, etc. sessions if the 1st one was already launched and the credentials collected. Sounds like it is not possible to persist variable containing credentials across sessions securely at this point.

Incidentally, and a bit off topic, there seems to be no way to include a non-standard library in the script, is it true? I think I would benefit to see if the host is dns resolvable. In a standard python script i can do with socket library. Is this something that can be supported somehow? Thanks a lot!
Reply With Quote
  #6  
Old 09-27-2018, 12:25 PM
jdev's Avatar
jdev jdev is offline
VanDyke Technical Support
 
Join Date: Nov 2003
Location: Albuquerque, NM
Posts: 846
Quote:
Originally Posted by vvishnevskiy View Post
yes, so I have, in fact, been using it with some success. I think my situation is perhaps a bit unique. The issue is that some our jump boxes do support forwarding (they are actually a load balanced VIP and one never knows where he would end up), some do not.
Ah. Yes. Disparate systems on different jumphosts that aren't all the same make and model. Make sense why you wouldn't be able to use dependent sessions nor logon actions to accomplish what you desire since the remote systems are at such variance with each other.


Quote:
Originally Posted by vvishnevskiy View Post
In some cases the jump box gets changed enough that secondary prompt is not static (> vs # vs ~). On top of that different equipment have different prompts (password vs pass code, vs pwd). Some devices (Cisco, Arista) have enable mode, some do not (Juniper). Some have enable mode and drop you there right away some do not. I thought I would write a script that would recognize all or most of these conditions. It is not that hard actually. I call the session using the device name I intend to connect to and use the session name in the ssh command.

I also thought that I could be even more efficient by not having to prompt myself for credentials upon lunching the 2nd, 3rd, etc. sessions if the 1st one was already launched and the credentials collected. Sounds like it is not possible to persist variable containing credentials across sessions securely at this point.
Not easily, and not absolutely securely.

I've added a few feature requests for you, but that doesn't help you until such time (if ever) the features are implemented.

In the mean time, one workaround would be to use process-level environment variables to stash data. Here's one approach... only the same SecureCRT.exe process will be able to see the env variable, so you could stash something sensitive in the process-level env and then recall it throughout any script that is running from that same SecureCRT process. Not absolutely foolproof, but better than stashing plaintext data in a file for reading, or in the registry where it's more permanent.

Code:
# $language = "Python"
# $interface = "1.0"

import os

#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
def Main():
    # Demonstrate use of system tools to get at process-level env vars
    import datetime
    strToday = str(datetime.date.today())
    # Create name for an environment variable we can reasonably be
    # assured didn't exist until today:
    strEnvVarName = "VARNAME_{0}".format(strToday)

    # Attempt to read the env variable by its just-created name:
    try:
        strValue = os.environ[str(strEnvVarName)]
        crt.Dialog.MessageBox(
            "Env var '{0}' exists, and it's value is: {1}".format(
                strEnvVarName,
                strValue))
    except Exception, objInst:
        # We this must be our first time through... variable doesn't
        # yet exist. Let's prompt the individual for the data they
        # want to store in our special process-level env var:
        strValue = crt.Dialog.Prompt(
            "Process-level env var '{0}' was not found.\r\n".format(
                strEnvVarName) +
            "\r\n\t" + repr(objInst) +
            "\r\n\r\n" +
            "We'll create it now.\r\n" +
            "\r\n" +
            "Please specify the value you want to store:")
        if strValue == "":
            return
        else:
            os.environ[str(strEnvVarName)] = strValue

Main()
Run the script once in an instance of SecureCRT; First time running the script, it won't be able to find the env var, and will prompt for the value to store.

Subsequent times running the script within the same instance of the SecureCRT.exe process, you'll see that the value does exist (and to prove it, the example shows the value read in).

Close that instance of SecureCRT and launch another instance of SecureCRT and then run the script again. The env var will be gone (because it only existed at the process level and that process is no longer running).

Quote:
Originally Posted by vvishnevskiy View Post
Incidentally, and a bit off topic, there seems to be no way to include a non-standard library in the script, is it true? I think I would benefit to see if the host is dns resolvable. In a standard python script i can do with socket library. Is this something that can be supported somehow?
SecureCRT's built-in python environment on Windows isn't a complete/full python environment. And you currently can't import pre-compiled modules that come from elsewhere, nor can you use an external python engine.

I've added another couple of feature requests for you (include <sockets> module in SecureCRT's python environment, or be able to use a third party python engine instead of being restricted to the one that comes with SecureCRT).

In the mean time, you can use system utilities to perform these functions for you, and logically determine success/fail. Here's one approach:

Code:
# $language = "Python"
# $interface = "1.0"

import subprocess

g_nReturnCode = 0

#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
def getShellCmdOutput(strCmd):
    global g_nReturnCode
    objProc = subprocess.Popen(
        strCmd,
        shell=True,
        bufsize=1,
        stdout=subprocess.PIPE,
        stderr=subprocess.STDOUT)
    [strStdOut, strStdErr] = objProc.communicate()
    # strStdErr will always be <none> because
    # we've redirected all StdErr's output to
    # the StdOut stream in calling Popen() above.
    g_nReturnCode = objProc.returncode
    return strStdOut

#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
def Main():
    # Demonstrate use of system tools to do name lookup & ping
    global g_nReturnCode
    strHost = crt.Dialog.Prompt("Enter the hostname")
    if strHost == "":
        return

    strCommand = "nslookup {0}".format(strHost)
    strLookupOutput = getShellCmdOutput(strCommand)

    crt.Dialog.MessageBox(
        "Command:\t'{0}'\r\nExit code:\t{1}\r\nOutput:\t{2}".format(
        strCommand,
        g_nReturnCode,
        strLookupOutput))

    strCommand = "ping -4 -n 1 -w 75 {0}".format(strHost)
    strPingOutput = getShellCmdOutput(strCommand)
    crt.Dialog.MessageBox(
        "Command:\t'{0}'\r\nExit code:\t{1}\r\nOutput:\t{2}".format(
        strCommand,
        g_nReturnCode,
        strPingOutput))

Main()
--Jake
__________________
Jake Devenport
VanDyke Software
Technical Support
YouTube Channel: http://www.youtube.com/vandykesoftware
Email: support@vandyke.com
Web: http://www.vandyke.com/support
Reply With Quote
Reply

Tags
variable session scope


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes Rate This Thread
Rate This Thread:

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -6. The time now is 04:26 PM.