[MX] Seamless script execution in collecting data from peer router through SSH 05/06/24, 9:40 PM

[MX] Seamless script execution in collecting data from peer

router through SSH

Article ID KB36984 Created 2021-05-13 Last Updated 2021-05-26

Description

When executing a script from a local DUT to collect an output from

peer node, the script is halted while collecting command output from
peer node asking for password.
This article provides the procedure where the script will be executed
seamlessly without the need for password while connecting via SSH.

Symptoms
For example, checking if the script on the peer node is running (If you
want to stop that script from local node):
labroot@re0:/var/home/labroot # ssh -t
[email protected] 'start shell command "ps -
aux | grep sh"'
The authenticity of host 'R.R.R.R (R.R.R.R)'
can't be established.
ECDSA key fingerprint is
SHA256:/IaQEjqPkeT/xMtCps5vi2gkBk0XmuYyIB5w8
8YR1rQ.
Are you sure you want to continue connecting
(yes/no)? yes
Warning: Permanently added 'R.R.R.R' (ECDSA)
to the list of known hosts.
Password:
Here, the command execution asks for the remote node "labroot"
password. Including this command in the shell script, and attempting
to run every 30 secs in a loop will not be productive as it will ask for
the password.

https://supportportal.juniper.net/s/article/MX-Seamless-script-execution-in-collecting-data-from-peer-router-through-SSH?language=en_US Page 1 of 6
[MX] Seamless script execution in collecting data from peer router through SSH 05/06/24, 9:40 PM

labroot@re0:/var/home/labroot # vi test1.sh
#!/bin/sh

while [ : ]
do
a=`ssh -t [email protected] 'start shell command "ps -aux | grep sh"'`
echo $a
sleep 30
done

labroot@re0:/var/home/labroot # sh test1.sh
Password:
Password: -------- you have to key in password each iteration.
Password:

Solution
This is normal operational behavior for remote connection where the
SSH service is enabled with user profile having local password / Root
authentication with plain text password.
SSH makes use of public key authentication which is saved in the
below path:
labroot@re0:/var/home/labroot/.ssh # cd /root/.ssh
labroot@re0:~/.ssh # ls
id_rsa id_rsa.pub known_hosts
labroot@re0:~/.ssh #
1. If the Public file is not available, try creating it using ssh-
keygen -t rsa .
2. With this public key, copy it to the remote node in
/var/tmp/id_rsa.pub and make use of that file for login password.
labroot@re0:~/.ssh # more id_rsa.pub
ssh-rsa <<<<< KEY FROM THE FILE OF THIS LOCAL
NODE >>>> user@re0
user@re0:~/.ssh #

Copy this entire content to the remote node

labroot@re0:~/.ssh # scp id_rsa.pub

R.R.R.R:/var/tmp
Password:
id_rsa.pub 100%
407 811.1KB/s 00:00
user@re0:~/.ssh #
3. Now on the peer node, we need to alter the login method
credentials for labroot on the peer node:

https://supportportal.juniper.net/s/article/MX-Seamless-script-execution-in-collecting-data-from-peer-router-through-SSH?language=en_US Page 2 of 6
[MX] Seamless script execution in collecting data from peer router through SSH 05/06/24, 9:40 PM

[edit]
labroot@re0# delete groups default system
login user labroot authentication
warning: [groups default] is protected,
'groups default system login user labroot
authentication' cannot be deleted

[edit]
labroot@re0# unprotect groups default

[edit]
labroot@re0# delete groups default system
login user labroot authentication

[edit]
labroot@re0# set groups default system login
user labroot authentication load-key-file
/var/tmp/id_rsa.pub <<<<< This being same as
the local node, the SSH from local node will
be bypassed authentication.

[edit]
labroot@re0# commit synchronize and-quit
warning: 'synchronize' ignored in single
routing engine chassis
re0:
commit complete
Exiting configuration mode

labroot@re0>
4. Execute the script on the local node, which will not ask for
password.
user@re0:~/.ssh # ssh -t [email protected]
"show chassis hardware"
Hardware inventory:
Item Version Part number Serial
number Description
Chassis
JN125BE62AFB MX480
Midplane REV 09 750-047862
ACRF1802 Enhanced MX480 Midplane
FPM Board REV 02 710-017254
ABDE5285 Front Panel Display
PEM 0 Rev 10 740-029970
QCS1522U044 PS 1.4-2.52kW; 90-264V AC
in
PEM 1 Rev 10 740-029970
QCS1522U046 PS 1.4-2.52kW; 90-264V AC

https://supportportal.juniper.net/s/article/MX-Seamless-script-execution-in-collecting-data-from-peer-router-through-SSH?language=en_US Page 3 of 6
[MX] Seamless script execution in collecting data from peer router through SSH 05/06/24, 9:40 PM

in
PEM 2 Rev 10 740-029970
QCS1522U02M PS 1.4-2.52kW; 90-264V AC
in
PEM 3 Rev 10 740-029970
QCS1522U04F PS 1.4-2.52kW; 90-264V AC
in
Routing Engine 0 REV 17 740-031116
9016309194 RE-S-1800x4
CB 0 REV 08 750-055976
CAFN2361 Enhanced MX SCB 2
FPC 1 REV 18 750-062865
CAPW5522 MPC4E 3D 32XGE
CPU REV 03 711-062860
CAPV9681 HMPC PMB 2G
PIC 0 BUILTIN
BUILTIN 8X10GE SFPP
Xcvr 0 REV 01 740-021308
CJ20YP1Q9 SFP+-10G-SR
Xcvr 1 REV 01 740-031980
MTN1BZ0 SFP+-10G-SR
Xcvr 2 REV 01 740-031980
CH09KN0KL SFP+-10G-SR
Xcvr 3 REV 01 740-031980
A4HADWE SFP+-10G-SR
Xcvr 4 REV 01 740-031980
AMC0KQR SFP+-10G-SR
PIC 1 BUILTIN
BUILTIN 8X10GE SFPP
Xcvr 0 REV 01 740-021308
AD1501306DJ SFP+-10G-SR
Xcvr 1 REV 01 740-031980
CJ05YJ044 SFP+-10G-SR
Xcvr 2 REV 01 740-031980
A4GAW1Y SFP+-10G-SR
Xcvr 3 REV 01 740-031980
A4GASZK SFP+-10G-SR
PIC 2 BUILTIN
BUILTIN 8X10GE SFPP
Xcvr 0 REV 01 740-031980
AA170330AMY SFP+-10G-SR
Xcvr 1 REV 01 740-031980
MTP05MK SFP+-10G-SR
Xcvr 2 REV 01 740-031980
AA1744306ZK SFP+-10G-SR
Xcvr 3 REV 01 740-031980
A4HAG79 SFP+-10G-SR
Xcvr 4 REV 01 740-031980

https://supportportal.juniper.net/s/article/MX-Seamless-script-execution-in-collecting-data-from-peer-router-through-SSH?language=en_US Page 4 of 6
[MX] Seamless script execution in collecting data from peer router through SSH 05/06/24, 9:40 PM

AA1743302ZL SFP+-10G-SR
Xcvr 6 REV 01 740-031980
A4HADWW SFP+-10G-SR
Xcvr 7 REV 01 740-031980
AA173730EBY SFP+-10G-SR
PIC 3 BUILTIN
BUILTIN 8X10GE SFPP
Xcvr 0 REV 01 740-031980
AMC0ZWG SFP+-10G-SR
Xcvr 1 REV 01 740-031980
AA190130EDB SFP+-10G-SR
Xcvr 2 REV 01 740-031980
AA174330H7T SFP+-10G-SR
Fan Tray
Enhanced Left Fan Tray
5. For shell command execution, use the below Unix command:
user@re0:~/.ssh # ssh -t [email protected]
'start shell command "ps -aux | grep sh"'
root 5476 0.0 0.0 737208 6676 - S
Sat13 2:37.05 /usr/sbin/shm-rtsdbd -N
root 5496 0.0 0.0 14892 1672 - S
Sat13 0:00.68 /bin/sh /usr/sbin/rmpsd
-N
root 5497 0.0 0.0 14892 1672 - S
Sat13 0:00.71 /bin/sh
/usr/sbin/charged -N
root 76851 0.0 0.1 862512 11608 -
Ss 15:18 0:00.03 sshd: labroot@2
(sshd)
root 19472 0.0 0.0 40964 6800 u0 I
Mon13 0:00.01 -csh (csh)
root 36543 0.0 0.0 14892 2472 0- I
17:32 0:00.16 sh BounceAE.sh
labroot 76853 0.0 0.2 785556 33164 2
Ss+ 15:18 0:00.19 cli -c start shell
command "ps -aux | grep sh"
labroot 76855 0.0 0.0 40964 6460 2
S+ 15:18 0:00.01 /bin/csh -c ps -aux |
grep sh
labroot 76858 0.0 0.0 16620 2272 2
S+ 15:18 0:00.00 grep sh
Connection to 10.219.38.136 closed.
user@re0:~/.ssh #

https://supportportal.juniper.net/s/article/MX-Seamless-script-execution-in-collecting-data-from-peer-router-through-SSH?language=en_US Page 5 of 6
[MX] Seamless script execution in collecting data from peer router through SSH 05/06/24, 9:40 PM

AFFECTED PRODUCT SERIES / FEATURES

https://supportportal.juniper.net/s/article/MX-Seamless-script-execution-in-collecting-data-from-peer-router-through-SSH?language=en_US Page 6 of 6