? IP_CLIENT_OPEN to ssh port 22
bob
Posts: 296
Hi there,
is it possible to login to an IP device (Linux fileserver) to port 22 (ssh)?
The command
IP_CLIENT_OPEN(dvIP.PORT, '192.168.1.2", 22, IP_TCP)
doesn't provide for additional parameters like username!?
The string which I have to execute to connect to the fileserver is
"ssh -l root 192.168.1.2"
or
"ssh root@192.168.1.2"
just
"ssh 192.168.1.2"
(what IP_CLIENT_OPEN() is certainly executing) doesn't work as there is no provision for the user name. Connecting through ssh is slightly different in comparisson to telnet where after a successful connection a username and password are input separately (in the STRING section of the corresponding DATA_EVENT). With ssh the username must be specified as part of the command and then only a password request is available, but not for the username.
Thanks much,
Bob
is it possible to login to an IP device (Linux fileserver) to port 22 (ssh)?
The command
IP_CLIENT_OPEN(dvIP.PORT, '192.168.1.2", 22, IP_TCP)
doesn't provide for additional parameters like username!?
The string which I have to execute to connect to the fileserver is
"ssh -l root 192.168.1.2"
or
"ssh root@192.168.1.2"
just
"ssh 192.168.1.2"
(what IP_CLIENT_OPEN() is certainly executing) doesn't work as there is no provision for the user name. Connecting through ssh is slightly different in comparisson to telnet where after a successful connection a username and password are input separately (in the STRING section of the corresponding DATA_EVENT). With ssh the username must be specified as part of the command and then only a password request is available, but not for the username.
Thanks much,
Bob
0
Comments
"ssh -l root 192.168.1.2" or "ssh root@192.168.1.2" and not as with
telnet 192.168.1.2
and then you enter username and password on the prompt.
With ssh only a password prompt is presented and if the username is not already specified with the login command you can not login.
The ssh protocol is TCP and the port is 22, it is just as I said I need to specify "-l root" with the IP_CLIENT_OPEN and I don't see a possibility to do that?! Would an "IP_CLIENT_OPEN(dvIP.PORT, 'root@192.168.1.2", 22, IP_TCP)" work (notice the root@ with the IP-address)?
Just "ssh 192.168.1.2" doesn't work so do not IP_CLIENT_OPEN. In contrast to that "telnet 192.168.1.2" would work so do IP_CLIENT_OPEN with telnet (port 23). I am just not allowed to use telnet and am looking how to specify the username with IP_CLIENT_OPEN() when making the ssh-connection to the fileserver.
Thanks again!
only thing you could do is build an SSH tunnel (http://www.amx.com/techsupport/techNote.asp?id=721) and connect through that
While it's theoretically possible, I don't think you're going to be able to do it unless somebody has already written an SSH client module. There is no AMX support for SSH connections, so you'd have to write an SSH client from scratch in NetLinx, which I don't recommend -- the SSH protocol is extremely complex.
IP_CLIENT_OPEN is more closely equivalent to "telnet" rather than "ssh", which is why there are no parameters to support SSH logins. If you can telnet to something from the command line, you can talk to it via AMX.
As yuri mentioned, you can use an SSH client running on a PC to create a tunnel. PuTTY is one Windows-based client that will do tunnels. There's a command-line version of it called PLink that can be run from a batch file to create the tunnel. On Unixy systems, just run SSH with the correct parameters (look for -L in the man page for a local-to-remote forward)
Jeremy
I have changed to telnet, however I still can't login. Here is the code, don't know what I am doing wrong:
DEFINE_DEVICE dvIPFileServer = 0:2:0 DEFINE_VARIABLE FileServer_BUFF[512] INTEGER nIPFileServerConnEstablished = 0 INTEGER nIPFileServerLogedIn = FALSE DEFINE_START CREATE_BUFFER dvIPFileServer, FileServer_BUFF DATA_EVENT[dvIPFileServer] { ONLINE: { nIPFileServerConnEstablished = TRUE } OFFLINE: { nIPFileServerConnEstablished = FALSE nIPFileServerLogedIn = FALSE } STRING: { } } DEFINE_PROGRAM IF (LENGTH_STRING(FileServer_BUFF)) { IF (FIND_STRING(FileServer_BUFF, 'login: ',1)) { trash = REMOVE_STRING(FileServer_BUFF, 'login: ',1) SEND_STRING dvIPFileServer, "'username',$0D" } IF (FIND_STRING(FileServer_BUFF,'Password: ',1)) // request for password { trash = REMOVE_STRING(FileServer_BUFF, 'Password: ',1) SEND_STRING dvIPFileServer, "'passwd',$0D" } IF (FIND_STRING(FileServer_BUFF,'servername: ',1)) // this is the prompt after login { trash = REMOVE_STRING(FileServer_BUFF, 'servername: ',1) nIPFileServerLogedIn = TRUE } } PUSH [dvVPN2_4, 37] // turn off file server { IF (!nIPFileServerConnEstablished) IP_CLIENT_OPEN(dvIPFileServer.PORT, '192.168.1.2', 23, IP_TCP) WAIT_UNTIL (nIPFileServerConnEstablished) AND (nIPFileServerLogedIn)) { SEND_STRING dvIPFileServer, "'/sbin/halt',$0D" SEND_STRING dvIPFileServer, "'exit',$0D" IP_CLIENT_CLOSE(23) // this is the port for telnet nIPFileServerConnEstablished = FALSE nIPFileServerLogedIn = FALSE } }Jeremy
Should I call IP_CLIENT_CLOSE for port 23 or for the localport "dvIPFileServer.PORT"?
Greetings,
Bob.
{
IF (!nIPFileServerConnEstablished)
IP_CLIENT_OPEN(dvIPFileServer.PORT, '192.168.1.2', 23, IP_TCP)
Do you have IP_TCP defined somewhere else in your code? If I remember correctly IP_TCP need to be = 1.
CHAR IP_TCP = 1
Tech note 286 discusses using Netlinx as a telnet client and suggests that a Netlinx client session should probably work with most telnet server software without a lot of work:
That was not my experience with a known working Windows XP Telnet server (supplied with Windows XP Professsional). The server kept halting after sending escape code sequences and, apparently, not getting the desired reply from the Netlinx client. By accessing the Windows telnet server from a networked computer running Windows Telnet client and watching the traffic with Ethereal I was able to identify valid responses for the strings coming from the server.The telnet protocol reference in the Tech note explains what the strings mean though I couldn't compose a valid response without watching the sample traffic.
This is the string section from the ip client data_event that enabled me to connect to the Windows telnet server. Once properly connected, valid "DOS" commands would work. I don't know if other responses would be necessary for other servers.
STRING: { sFromServer = DATA.TEXT IF(FIND_STRING(sFromServer,"$FF,$FD,$27,$FF,$FD,$1F,$FF,$FD,$00",1)) { SEND_STRING 0:5:0,"$FF,$FC,$25" } IF(FIND_STRING(sFromServer,"'Welcome to Microsoft Telnet Service'",1)) { SEND_STRING 0:5:0,"$FF,$FC,$27" } IF(FIND_STRING(sFromServer,"13,'password:'",1)) { SEND_STRING 0:5:0,"spassword,13,10" } IF(FIND_STRING(sFromServer,"13,'login:'",1)) { SEND_STRING 0:5:0,"susername,13,10" } IF(FIND_STRING(sFromServer,"$FF,$FD,$18",1)) { SEND_STRING 0:5:0,"$FF,$FB,$18" } IF(FIND_STRING(sFromServer,"$FF,$FA,$18,$01,$FF,$F0",1)) { SEND_STRING 0:5:0,"$FF,$FA,$18,$00,$6E,$6F,$6E,$65,$FF,$F0" } }i understand what you are trying to do, im just saying this is the only possibility you have
Jeremy
I traced the telnet communication between a WinXP box and also an Apple Powermac computer to this particular SUSE Linux fileserver and those commsetting commands are a little bit different meaning that (while snooping with ethereal between the master and the file server) I have to do trial and error fiddling with sending strings until I get to the server login prompt :-(
Here is some snippets of code that work for me connecting to an xperinet media server. This is a linux platform running the fedora core. It should work for you application.
IP_CLIENT_OPEN(ipXPN.PORT, '192.168.1.30',23,TCP) // Open IP port for Xperinet control
IF(FIND_STRING(xpn_string,'Login:',1)) { SEND_STRING ipXPN, "'Username',$0D, $0A" }
IF(FIND_STRING(xpn_string,'Password:',1)) { SEND_STRING ipXPN, "'password',$0D, $0A" }
You cant monitor TCP/IP traffic through netlinx, but you can create a char array and see what the Telnet Server is returning, so you can figure out what to look for.
I would think that you could copy the dialog by watching any telnet client (Hyper term, a Linux client, etc) that successfully connects to the server you want to connect to, but I haven't tried any server but the one that's built into Window XP Pro.
After studying the telnet protocol stuff for a while, I thought that I could teach the Netlinx IP Client to anticipate the negotiation stuff and send notifications to the server rather than waiting for a particular string and then responding, but I was not able to figure out how to do it in the brief amount of time that I had. In other words, I tried a little and gave up as I had already solved the basic problem I had (connecting to the particular server).
Good luck with this stuff. I know for me it's like trying to learn Russian by listening to a Russian read War and Peace in the original with nothing to go by but a really poor inter-language dictionary. Or, perhaps with a Russian to French dictionary along with a French to English.
Got it reverseengineered from snooping a connection. In case anyone is interested here is the code. I have emulated within the DATA_EVENT the telnet connection from a WinXP box to a SUSE 9.3 Linux server as this involved the least commands for handshake and negotiation. Enjoy and thanks everyone for the help and comments!
DATA_EVENT[dvIPFileServer] { ONLINE: { nIPFileServerConnEstablished = TRUE } OFFLINE: { nIPFileServerConnEstablished = FALSE nIPFileServerLogedIn = FALSE } STRING: { // Command: Do Terminal Type // Command: Do Terminal Speed // Command: Do X Display Location // Command: Do New Environment Option IF (FIND_STRING(DATA.TEXT, "$FF,$FD,$18,$FF,$FD,$20,$FF,$FD,$23,$FF,$FD,$27",1)) { // Command: Will Terminal Type // Command: Will Negotiate about Window Size SEND_STRING dvIPFileServer, "$FF,$FB,$18,$FF,$FB,$1F" } // Command: Do Negotiate about Window Size IF (FIND_STRING(DATA.TEXT, "$FF,$FD,$1F",1)) { // Command: Won't Terminal Speed // Command: Won't X Display Location // Command: Will New Environment Option SEND_STRING dvIPFileServer, "$FF,$FC,$20,$FF,$FC,$23,$FF,$FB,$27" // Suboption Begin: Negotiate About Window Size SEND_STRING dvIPFileServer, "$FF,$FA,$1F,$00,$64,$00,$32,$FF,$F0" } // Suboption Begin: New Environment Option IF (FIND_STRING(DATA.TEXT, "$FF,$FA,$27,$01,$FF,$F0,$FF,$FA,$18,$01,$FF,$F0",1)) { // Suboption Begin: New Environment Option SEND_STRING dvIPFileServer, "$FF,$FA,$27,$00,$FF,$F0" // Suboption Begin: Terminal Type SEND_STRING dvIPFileServer, "$FF,$FA,$18,$00,$41,$4E,$53,$49,$FF,$F0" } // Command: Will Supress Go Ahead // Command: Do Echo // Command: Will Status // Command: Do Remote Flow Control IF (FIND_STRING(DATA.TEXT, "$FF,$FB,$03,$FF,$FD,$01,$FF,$FB,$05,$FF,$FD,$21",1)) { // Command: Do Supress Go Ahead SEND_STRING dvIPFileServer, "$FF,$FD,$03" // Command: Will Echo // Command: Don't Status // Command: Won't Remote Flow Control SEND_STRING dvIPFileServer, "$FF,$FB,$01,$FF,$FE,$05,$FF,$FC,$21" } // Command: Don't Echo // Command: Will Echo // Data: Welcome IF (FIND_STRING(DATA.TEXT, "$FF,$FE,$01,$FF,$FB,$01,$57,$65,$6C,$63,$6F,$6D,$65",1)) { // Command: Won't Echo SEND_STRING dvIPFileServer, "$FF,$FC,$01" } IF (FIND_STRING(DATA.TEXT, 'fileserver login: ',1)) // change this to match your server login prompt { // Command: Do Echo SEND_STRING dvIPFileServer, "$FF,$FD,$01" // username SEND_STRING dvIPFileServer, "'sUsername',$0D" // no need to send $0A } IF (FIND_STRING(DATA.TEXT,'Password: ',1)) // change this to match your server passwd prompt { SEND_STRING dvIPFileServer, "'sPassword',$0D" // no need to send $0A } IF (FIND_STRING(DATA.TEXT,'fileserver:',1)) // got a prompt - change this to match your prompt { nIPFileServerLogedIn = TRUE } } }- Chip
I would love to see more protocol support from AMX for common TCP/IP protocols in the future (telnet, SSH, FTP, HTTP, HTTPS, maybe others?). It seems like having fully-fledged protocol handlers would really open up some additional options in integration.
Jeremy
Guys, here the Netlinx code to login to an Apple computer running Mac OS X 10.4. You may then control iTunes via AppleScript from the command line, pull out track/artist information and readin back in Netlinx, sleep the computer or do whatever you want. Have fun (especially try this one in terminal interactive mode (controlled from the netlinx telnet) - http://blog.experimentalworks.net/archives/19-iTunes-Remote-Control.html)!
I also verified the code section from Harold Hedberg to login to a Windows XP Professional box and it also works like a charm. Thanks very much again!
DATA_EVENT[dvIPAppleServer] { ONLINE: { nIPAppleServerConnEstablished = TRUE } OFFLINE: { nIPAppleServerConnEstablished = FALSE nIPAppleServerLogedIn = FALSE } STRING: { // Command: Do Terminal Type // Command: Do Terminal Speed // Command: Do X Display Location // Command: Do New Environment Option // Command: Do Environment Option IF (FIND_STRING(DATA.TEXT, "$FF,$FD,$18,$FF,$FD,$20,$FF,$FD,$23,$FF,$FD,$27,$FF,$FD,$24",1)) { // Command: Will Terminal Type // Command: Will Negotiate about Window Size SEND_STRING dvIPAppleServer, "$FF,$FB,$18,$FF,$FB,$1F" // Command: Do Negotiate about Window Size WAIT_UNTIL (FIND_STRING(DATA.TEXT, "$FF,$FD,$1F",1)) { // Command: Won't Terminal Speed // Command: Won't X Display Location // Command: Will New Environment Option // Command: Won't Environment Option SEND_STRING dvIPAppleServer, "$FF,$FC,$20,$FF,$FC,$23,$FF,$FB,$27,$FF,$FC,$24" // Suboption Begin: Negotiate About Window Size // Command: Suboption End SEND_STRING dvIPAppleServer, "$FF,$FA,$1F,$00,$67,$00,$1C,$FF,$F0" } // Suboption Begin: New Environment Option WAIT_UNTIL (FIND_STRING(DATA.TEXT, "$FF,$FA,$27,$01,$FF,$F0,$FF,$FA,$18,$01,$FF,$F0",1)) { // Suboption Begin: New Environment Option SEND_STRING dvIPAppleServer, "$FF,$FA,$27,$00,$FF,$F0" // Suboption Begin: Terminal Type SEND_STRING dvIPAppleServer, "$FF,$FA,$18,$00,$41,$4E,$53,$49,$FF,$F0" } // Command: Will Supress Go Ahead // Command: Do Echo // Command: Do Linemode // Command: Will Status // Command: Do Remote Flow Control WAIT_UNTIL (FIND_STRING(DATA.TEXT, "$FF,$FB,$03,$FF,$FD,$01,$FF,$FD,$22,$FF,$FB,$05,$FF,$FD,$21",1)) { // Command: Do Supress Go Ahead SEND_STRING dvIPAppleServer, "$FF,$FD,$03" // Command: Will Echo // Command: Won't Linemode // Command: Don't Status // Command: Won't Remote Flow Control SEND_STRING dvIPAppleServer, "$FF,$FB,$01,$FF,$FC,$22,$FF,$FE,$05,$FF,$FC,$21" } // Command: Don't Echo // Command: Will Echo // Command: Do Timing Mark WAIT_UNTIL (FIND_STRING(DATA.TEXT, "$FF,$FE,$01,$FF,$FB,$01,$FF,$FD,$06",1)) { // Command: Won't Echo SEND_STRING dvIPAppleServer, "$FF,$FC,$01" // Command: Do Echo // Command: Won't Timing Mark SEND_STRING dvIPAppleServer, "$FF,$FD,$01,$FF,$FC,$06" } WAIT_UNTIL (FIND_STRING(DATA.TEXT, 'login:',1)) { SEND_STRING dvIPAppleServer, "sUsername,$0D" } WAIT_UNTIL (FIND_STRING(DATA.TEXT,'Password:',1)) { SEND_STRING dvIPAppleServer, "sPassword,$0D" } WAIT_UNTIL (FIND_STRING(DATA.TEXT,'appleserver:',1)) // got a prompt - change this to match your prompt { nIPAppleServerLogedIn = TRUE } } } }- Chip
- Chip