 | ||
 Remote scripting via SSH | ||
| CPUG | |
| The Check Point User Group | |
| A Resource For The Check Point Community. Fast. Useful. Independent. | |
|
| |||||||
 |
| | LinkBack | Thread Tools | Display Modes |
 2008-09-09 | |||
| |||
 Remote scripting via SSH I'm wanting to script periodic restarts of my edge boxes, etc. by calling the Edge command line via scripts and SSH. I stumbled across a page here at - Z e d d - » Blog Archive » CheckPoint VPN-1/UTM Edge automatic SSH login where someone is claiming to have gotten this to work. Unfortunately I'm to the point where when I try to implement the "edge_login" script he mentions I just get hung SSH sessions - running with setsid and not running with setsid. Has anybody been able to remotely script to their edge boxes via SSH, and if so how the heck did you do it? Thanks.  |
| 2008-09-10 | |||
| |||
| Re: Remote scripting via SSH Idd, I've tried with ssh but gave up after a while mostly because function i was after was for backup purposes so I used wget via http to /export as Dantro describes (inside VPN tunnelns on internal IP of the unit) A bit OT... Even http was a bit so-so. Each time you call that url from regular browser there are no issues, but with wget, it sometimes downloads portion of the file and then just hangs in middle of the download until wget timeouts resulting in incomplete config file. But all in all, its manageable. In my case i have arround 150 nokia ip40,45,60 units, so I'll try Horizon Manager when new rewritten version comes next year |
| 2008-09-10 | |||
| |||
| Re: Remote scripting via SSH I know I'd appreciate a brief tutorial or even a couple of sentences on how it is done. Besides the scripted restarts, I've got a bunch of edge boxes that I'd like to script the user password changes on. Heck, tons of stuff. All doable via ssh when you login that way remotely. As I mentioned, unfortunately right now the appliance sees my script login but doesn't do anything from there. I tried the script mentioned on the web page from Zedd, but no dice. I've spent way too much time on it, so I'm now punting. Any feedback is appreciated. In the meantime I'm going to try the url method. Hopefully I won't encounter the wget problems mentioned for what I need to do. I'm not sure if I can do what I need to do with the url method though... |
| 2008-09-19 | |||
| |||
| Re: Remote scripting via SSH Thank you Dantro. Unfortunately it looks like the FAQ has disappeared. I only see the four entries describing the product site, specs site, etc. Did the FAQ move? I could have sworn I was looking at it a couple of weeks ago. |
| 2008-09-21 | |||
| |||
| Re: Remote scripting via SSH Quote:
|
| 2008-09-22 | |||
| |||
| Re: Remote scripting via SSH I'm sorry, I had not been able to get back to this until Friday and our spam filter caught the post notification email. Can you please repost the edge_cmd.sh script? I looked in google's cache (and even tried the Internet Archive), but it appears the forums are setup not to allow caching. Google does have an older cached version of the FAQ I grabbed as a .pdf. Should I repost it? Do you want me to email it to you Dantro? In the meantime if you could please repost the script I would appreciate your help. |
| 2008-09-22 | |||
| |||
| Re: Remote scripting via SSH For those of you that would like to automate user password changes for hotspot users, etc. (another thing I wanted to do from the command line in addition to what I'd already mentioned), look into Expect and Autoexpect for the creation of the Expect script. Credit to Dantro for that based on Google's cache output of the first sentence of a reply that I have no idea where it went and why he's being the way he is. Seriously, for those of you reading this that want to automate command line stuff on your Edge boxes - Expect will do what you need to do if it can be done from the command line. It's going to save me a lot of time. |
| 2008-10-28 | |||
| |||
| Re: Remote scripting via SSH Well it aint SSH, but https should do the trick... Use perl (or activeperl) with crypt-ssleay installed... An write your own bash script around it to change configurations on multiple edges. Code: #!/usr/bin/perl
use strict;
use Data::Dumper;
use LWP;
use Getopt::Long;
my $admin = 'admin';
my $password = 'password';
my $path;
my $command = 'help';
my $edgeIP;
GetOptions( "admin:s" => \$admin, # --admin=string or --admin string
"password:s" => \$password, # --password=string or --password string
"edgeIP=s" => \$edgeIP, # --edgeIP=string or --edgeIP string mandatory
"command:s" => \$command, # --command=string or --command string
"path:s" => \$path # --path=string or --path string
);
my $authentication = $admin . ":" . $password . '@';
my $form = "https://". $authentication . $edgeIP . ':981/console' ;
my $url;
if (defined $path ) {
$url = "https://". $authentication . $edgeIP . ':981' . $path;
} else {
$url = URI->new($form);
$url->query_form('cmd' => "$command",);
}
my $browser = LWP::UserAgent->new;
my $response = $browser->get($url);
die "Error at $url\n ", $response->status_line, "\n Aborting"
unless $response->is_success;
print $response->content; |
| 2008-10-28 | |||
| |||
| Re: Remote scripting via SSH Why don't you just use the script from our UTM-1 Edges FAQ? |
|
| Thread Tools | |
| Display Modes | |
| |
Linear Mode
