Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1253
Views
0
Helpful
2
Replies

How to break SSH login to WLC from Linux jumphost?

Go to solution
viktor.nagyfenyvesi
Level 1
Level 1

‎03-14-2021 06:29 AM - edited ‎07-05-2021 01:23 PM

Hi,

The thing is, I'm writing a python software, which is connecting to Cisco routers / WLCs and connects information. There is an option to use a jumpserver (linux).

My problem is, if I connect to a WLC (3504, 8.5.135.0) from the linux jumpserver and try to login with wrong username/password, I can't terminate the SSH session, only if I wait a lot (like 70-80 seconds), or I send the incorrect user/password combination 5 times.

So I'm stuck at "User:" "Password:" prompt, and can't terminate the SSH session. I've tried pressing CTRL+c, CTRL+SHIFT+6, CTRL+SHIFT+6-x, none of them worked.

Any idea to break the SSH session before logging in to the WLC?

Thank you!

1 person had this problem
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
viktor.nagyfenyvesi
Level 1
Level 1
In response to Scott Fella

‎03-14-2021 12:01 PM

Thank you for your reply, yes, a bit more information would've been more useful from my part, sorry.

I'm using python with netmiko, with that I connect to a jumphost, then running ssh to connect to the Cisco device.

 

Something like this (lot of part, checks, etc left out, just to get the general idea):

import netmiko

jumpserver = {'device_type': 'terminal_server', 'ip': jumpip, 'username': jmpuser, 'password': jmppass,
              'default_enter': '\r\n', 'global_delay_factor': 2, 'fast_cli': True}

net_connect = netmiko.ConnectHandler(**jumpserver)
net_connect.find_prompt()

net_connect.write_channel('ssh ' + ipaddr + '\n')
sshtest = net_connect.read_channel()
if 'ser:' in sshtest:
    net_connect.write_channel(uname + '\n')
    for n in range(1, 10):
        passtest = net_connect.read_channel()
        if 'assword:' in passtest:
            net_connect.write_channel(passwd + '\n')
            break
        time.sleep(1)
    for o in range(1, 10):
        prompttest = net_connect.read_channel()
        if '>' in prompttest:
            break
        if 'ser:' in prompttest:
            outbox.insert(END, 'Authentication failed, check username/password.\n\n')
            outbox.see(END)
            net_connect.write_channel('~.') #<<< This is what I was missing, terminating WLC connection
                                            #before logged in
            time.sleep(0.5)
            failed = 'Connetion failed: Authentication error'
            return failed
        time.sleep(1)
    netmiko.redispatch(net_connect, device_type='cisco_wlc_ssh', session_prep=False)
devname = (net_connect.find_prompt()[:-1])[1:-2]
print(f'Connected to {devname}.\n')

So, as it can be seen in the code, someone answered my question elsewhere, and you can break the WLC ssh session with tilde, then . (~.).

Thank you again for your reply!

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Scott Fella
Hall of Fame
Hall of Fame

‎03-14-2021 10:05 AM

If you are doing any type of automation using ssh is to make sure the host is up and the login is correct.  How keys are sent from one host to a Cisco device varies, and to me it seems like you need to send a command to the linux host to break.  Like in Ansible, you would have to build some error handling for this.  Fix the login, so that when you run automation, it just works or else, you will just have your automation timeout or just hang and never complete.

-Scott
*** Please rate helpful posts ***
0 Helpful

Go to solution
viktor.nagyfenyvesi
Level 1
Level 1
In response to Scott Fella

‎03-14-2021 12:01 PM

Thank you for your reply, yes, a bit more information would've been more useful from my part, sorry.

I'm using python with netmiko, with that I connect to a jumphost, then running ssh to connect to the Cisco device.

 

Something like this (lot of part, checks, etc left out, just to get the general idea):

import netmiko

jumpserver = {'device_type': 'terminal_server', 'ip': jumpip, 'username': jmpuser, 'password': jmppass,
              'default_enter': '\r\n', 'global_delay_factor': 2, 'fast_cli': True}

net_connect = netmiko.ConnectHandler(**jumpserver)
net_connect.find_prompt()

net_connect.write_channel('ssh ' + ipaddr + '\n')
sshtest = net_connect.read_channel()
if 'ser:' in sshtest:
    net_connect.write_channel(uname + '\n')
    for n in range(1, 10):
        passtest = net_connect.read_channel()
        if 'assword:' in passtest:
            net_connect.write_channel(passwd + '\n')
            break
        time.sleep(1)
    for o in range(1, 10):
        prompttest = net_connect.read_channel()
        if '>' in prompttest:
            break
        if 'ser:' in prompttest:
            outbox.insert(END, 'Authentication failed, check username/password.\n\n')
            outbox.see(END)
            net_connect.write_channel('~.') #<<< This is what I was missing, terminating WLC connection
                                            #before logged in
            time.sleep(0.5)
            failed = 'Connetion failed: Authentication error'
            return failed
        time.sleep(1)
    netmiko.redispatch(net_connect, device_type='cisco_wlc_ssh', session_prep=False)
devname = (net_connect.find_prompt()[:-1])[1:-2]
print(f'Connected to {devname}.\n')

So, as it can be seen in the code, someone answered my question elsewhere, and you can break the WLC ssh session with tilde, then . (~.).

Thank you again for your reply!

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card