使用SAFEGUARD为HP Nonstop Guardian编写SSH脚本

我们有一些perl脚本可以在带有telnet的hp不间断机器上的guardian操作系统上执行操作。现在，我们必须关闭telnet，并且必须使用带有safeguarduser的ssh(comforte(连接。

我们尝试使用下面的perl代码进行连接，任何东西似乎都能工作，但shell并没有保持打开状态。

use Net::SSH::Perl;
use Term::ReadKey;
my $host = "XX.XXX.XXX.XXX";
my $user = "safeguarduser";
my $pass = "";
my $ssh = Net::SSH::Perl->new($host, options => [
"Cipher +aes256-ctr", "MACs +hmac-sha2-256", "HostKeyAlgorithms +ssh-dss"], debug => 1);
$ssh->login($user, $pass);

调试日志显示：

p-066280682253: Reading configuration data C:UsersUser.sshconfig
p-066280682253: Reading configuration data C:WINDOWSssh_config
p-066280682253: Connecting to XX.XXX.XXX.XXX, port 22.
p-066280682253: Remote version string: SSH-2.0-1.37g sshlib: TXXXXH0X_14MAY2018_comForte_SSH2_0105a:TXXXX.$SSH01
p-066280682253: Remote protocol version 2.0, remote software version 1.37g sshlib: TXXXXH0X_14MAY2018_comForte_SSH2_0105a:TXXXX.$SSH01
p-066280682253: Net::SSH::Perl Version 2.14, protocol version 2.0.
p-066280682253: No compat match: 1.37g sshlib: TXXXXH0X_14MAY2018_comForte_SSH2_0105a:TXXXX.$SSH01.
p-066280682253: Connection established.
p-066280682253: Sent key-exchange init (KEXINIT), waiting for response.
p-066280682253: Using diffie-hellman-group-exchange-sha256 for key exchange
p-066280682253: Host key algorithm: ssh-dss
p-066280682253: Algorithms, c->s: aes256-ctr hmac-sha2-512 none
p-066280682253: Algorithms, s->c: aes256-ctr hmac-sha2-512 none
p-066280682253: Entering Diffie-Hellman Group Exchange.
p-066280682253: SSH2_MSG_KEX_DH_GEX_REQUEST(2048<4096<8192) sent
p-066280682253: Sent DH Group Exchange request, waiting for reply.
p-066280682253: Received 2048 bit DH Group Exchange reply.
p-066280682253: Generating new Diffie-Hellman keys.
p-066280682253: Entering Diffie-Hellman key exchange.
p-066280682253: Sent DH public key, waiting for reply.
p-066280682253: Received host key, type 'ssh-dss'.
p-066280682253: Host 'XX.XXX.XXX.XXX' is known and matches the host key.
p-066280682253: Verifying server signature.
p-066280682253: Send NEWKEYS.
p-066280682253: Waiting for NEWKEYS message.
p-066280682253: Enabling encryption/MAC/compression.
p-066280682253: Sending request for user-authentication service.
p-066280682253: Service accepted: ssh-userauth.
p-066280682253: Trying empty user-authentication request.
p-066280682253: Login completed, opening dummy shell channel.
p-066280682253: channel 0: new [client-session]
p-066280682253: Requesting channel_open for channel 0.
p-066280682253: channel 0: open confirm rwindow 1048576 rmax 57344
p-066280682253: Got channel open confirmation, requesting shell.
p-066280682253: Requesting service shell on channel 0.

我们可以与Putty联系并合作。腻子设置中的exec命令是"tacl"。对于plink，它只在我们使用腻子会话名称时起作用。使用param和-c tacl，我们会得到与perl脚本相同的错误，没有shell。

(信息：客户端是Windows PC(

希望有人能帮助我们，我们已经尝试了很多。

谢谢您并向致以最良好的问候

您能准确解释一下在切换到SSH之前对telnet会话做了什么吗？顺便说一下，我认为你最终可能会使用OSS(NonStop的UNIX个性(，因为puTTY(可能还有plink(模仿了XTerm。如果SSH协商期间指定的终端类型不是"TN6530-8"(NonStop Guardian终端模拟器(，NonStop SSH会自动将您放入OSS。

我刚刚尝试了plink(Windows 10 CMD提示符(，得到了这个，这是意料之中的：

C： \用户\安迪\下载>plink-ssh-pw xxxxxxxandyw@nnn.nn.nnn.nngtacl-c'状态*，用户'

使用键盘交互式身份验证。

最后登录时间：2018年12月3日，05:37

最后一次失败尝试：2018年12月3日，05:31总失败次数：20

处理Pri PFR%WT用户ID程序文件Hometerm

$Z4YN B 0119 146 001 8,1$SYSTEM.SYS07.TACL$ZTN0.#PTB2NV5

$SSLS 0504 148 001 8,1$SYSTEM.SSLPRXY.SSLPRXY$ZPTY#ZWN0517

$SSFS 0749 148 001 8,1$SYSTEM.SSLPRXY.SSLFTPS$ZPTY#ZWN0517

$Z2TJ 2,74 149 005 8,1$SYSTEM.SYS07.TACL$ZPTY#ZWN0882

$Z5MZ 2,75 149 001 8,1$系统.SYS07.TACL$ZPTY#ZWN0886

$Z5NR 2254 149 004 8,1$系统.SYS07.TACL$ZHOME

2,1019  148     001   8,1   $SYSTEM.SYS07.OSH          $ZPTY.#ZWN0886
X  2,1098  148     004   8,1   /bin/ksh                   $ZPTY.#ZWN0886

$Z5NQ X 21139 149 001 8,1/bin/gtacl$ZHOME

$Z4YN 3,9 146 001 8,1$SYSTEM.SYS07.TACL$ZTN0.#PTB2NV5

$Z5MZ B 3,42 149 001 8,1$系统.SYS07.TACL$ZPTY#ZWN0886

$Z2TJ B 3201 149 001 8,1$SYSTEM.SYS07.TACL$ZPTY#ZWN0882

$SSLS B 31014 148 001 8,1$SYSTEM.SSLPRXY.SSLPRXY$ZPTY#ZWN0517

$SSFS B 31018 148 001 8,1$SYSTEM.SSLPRXY.SSLFTPS$ZPTY#ZWN0517

$CAIL 31045 145 011 8,1$SYSTEM.SYS07.TELSERV$ZTN0.#PTB2P0J

C： \用户\安迪\下载>

我没有看到Perl代码要求TACL。

有了全新的Putty安装，并且没有配置，我可以使用plink:进行连接

PS C:Program FilesPuTTY> plink d.trump@10.0.0.173 tacl
Using keyboard-interactive authentication.
Password:
Using keyboard-interactive authentication.
Last Logon:  20 DEC 2018, 01:05
Last Unsuccessful Attempt: 06 DEC 2018, 03:40  Total Failures: 33
Last Logon Failures: 0
TACL (T9205H01 - 24AUG2018), Operating System L06, Release L18.08.01
<usual TACL startup output omitted>
(Invoking $DT.WHOUSE.TACLCSTM)
Current volume is $DT.WHOUSE
$DT WHOUSE 1>

在NonStop上的SSH审核文件中，我看到：

$SSH00|20Dec18 01:05:29.67|50|10.0.3.40:56431:10.0.0.173: accepted connection from client
$SSH00|20Dec18 01:05:29.68|50|10.0.3.40:56431:10.0.0.173: client version string: SSH-2.0-PuTTY_Release_0.70
$SSH00|20Dec18 01:05:30.75|50|10.0.3.40:56431:10.0.0.173: key-exchange done and server authentication by client successful.
$SSH00|20Dec18 01:05:30.75|40|10.0.3.40:56431:10.0.0.173: SSH session established. 
$SSH00|20Dec18 01:05:31.44|20|10.0.3.40:56431:10.0.0.173: gssapi-with-mic authentication failed: GSSAPI not available
$SSH00|20Dec18 01:05:36.81|40|10.0.3.40:56431:10.0.0.173: keyboard-interactive dialog successful for user 'd.trump', keyboard-interactive authentication successful
$SSH00|20Dec18 01:05:37.50|50|10.0.3.40:56431:10.0.0.173: channel exec request, launching /bin/sh -c param -c tacl 
$SSH00|20Dec18 01:05:37.63|50|10.0.3.40:56431:10.0.0.173: spawned program /bin/sh successfully (pid 520093761) 
$SSH00|20Dec18 01:05:37.67|50|10.0.3.40:56431:10.0.0.173: spawned program /bin/sh terminated with exit code 127
$SSH00|20Dec18 01:05:38.02|40|10.0.3.40:56431:10.0.0.173: SSH session terminated 
$SSH00|20Dec18 01:06:04.79|50|10.0.3.40:56440:10.0.0.173: accepted connection from client
$SSH00|20Dec18 01:06:04.80|50|10.0.3.40:56440:10.0.0.173: client version string: SSH-2.0-PuTTY_Release_0.70
$SSH00|20Dec18 01:06:05.87|50|10.0.3.40:56440:10.0.0.173: key-exchange done and server authentication by client successful.
$SSH00|20Dec18 01:06:05.87|40|10.0.3.40:56440:10.0.0.173: SSH session established. 
$SSH00|20Dec18 01:06:06.55|20|10.0.3.40:56440:10.0.0.173: gssapi-with-mic authentication failed: GSSAPI not available
$SSH00|20Dec18 01:06:10.92|40|10.0.3.40:56440:10.0.0.173: keyboard-interactive dialog successful for user 'd.trump', keyboard-interactive authentication successful
$SSH00|20Dec18 01:06:11.61|50|10.0.3.40:56440:10.0.0.173: channel request for subsystem tacl, launching XXX.$SYSTEM.SYS03.TACL with process name 'XXX.$Z4ML' 
$SSH00|20Dec18 01:06:11.67|50|10.0.3.40:56440:10.0.0.173: launched program XXX.$SYSTEM.SYS03.TACL successfully (XXX.$Z4ML:3750193)

在SSH日志文件中，我看到：

$SSH00|20Dec18 01:06:06|10.0.3.40:56440:10.0.0.173: d.trump@10.0.3.40 authentication failed (method gssapi-with-mic): GSSAPI not available.
$SSH00|20Dec18 01:06:10|10.0.3.40:56440:10.0.0.173: d.trump@10.0.3.40 authentication granted (method keyboard-interactive): keyboard-interactive dialog successful. System user: d.trump 
$SSH00|20Dec18 01:06:11|10.0.3.40:56440:10.0.0.173: d.trump@10.0.3.40 subsystem tacl granted (process: XXX.$Z4ML)

试着查看SSH日志文件，比较正常工作时会发生什么和不正常工作时发生什么。请记住，如果您真的陷入困境，您可以将此信息传递给TNSC。

终于让Perl安装完成了我想要的操作，我想我理解你在说什么(我看到了相同的输出(，但看起来并没有什么问题。如果我在登录后添加一个命令，它会起作用。

use Net::SSH::Perl;
use Term::ReadKey;
my $host = "x.x.x.x";
my $user = "group.user";
my $pass = "secretsanta";
my $ssh = Net::SSH::Perl->new($host, options => [
"Cipher +aes256-ctr", "MACs +hmac-sha2-256", "HostKeyAlgorithms +ssh-dss"], debug => 1);
$ssh->login($user, $pass);
print "Enter a command to execute: [ls -l] ";
chomp(my $cmd = <STDIN>);
my($out, $err) = $ssh->cmd($cmd || "ls -l");
print $out;

日志：

dev-as: Requesting service shell on channel 0.
Enter a command to execute: [ls -l] ls -la
dev-as: channel 1: new [client-session]
dev-as: Requesting channel_open for channel 1.
dev-as: Entering interactive session.
dev-as: Requesting service exec on channel 1.
dev-as: channel 1: open confirm rwindow 1048576 rmax 57344
dev-as: input_channel_request: rtype exit-status reply 0
dev-as: channel 1: rcvd eof
dev-as: channel 1: output open -> drain
dev-as: channel 1: obuf empty
dev-as: channel 1: output drain -> closed
dev-as: channel 1: close_write
dev-as: channel 1: rcvd close
dev-as: channel 1: input open -> closed
dev-as: channel 1: close_read
dev-as: channel 1: send close
dev-as: channel 1: full closed
total 388615
-rw-rw-rw-    1 GROUP.USER            COMF      810000 Nov 21 23:07 test1

我自己设计了一个解决方案，并在Powershell和Ubuntu中直接从命令行使用了"ssh"命令。

ssh -t -o HostKeyAlgorithms=+ssh-dss safeguarduser@XXXX tacl

实际上，它涵盖了脚本中的所有内容，但添加了代表创建PTY分配请求的-t选项。这似乎是一些遗留系统所需要的。请调整您的perl脚本以考虑这个标志，并让我们知道它是否有效。

相关内容

最新更新

热门标签：