Looking Glass Code

Don_Simpson · March 12, 2001, 9:18pm

I have been thinking about putting together a looking glass site on my
network and have looked at Ed Kern's (DIGEX) html and perl script but do not
want to enable rsh (anywhere) and do not want to reinvent the wheel if not
necessary. Has anyone seen an updated script written to use other access
means like telnet or ssh to exchange CLI/commands and results with an IOS
router?

john_heasley · March 12, 2001, 9:29pm

Mon, Mar 12, 2001 at 03:18:17PM -0600, Don Simpson:

I have been thinking about putting together a looking glass site on my
network and have looked at Ed Kern's (DIGEX) html and perl script but do not
want to enable rsh (anywhere) and do not want to reinvent the wheel if not
necessary. Has anyone seen an updated script written to use other access
means like telnet or ssh to exchange CLI/commands and results with an IOS
router?

www.shrubbery.net/rancid comes with such a implementation of ed's LG.

John_Todd · March 12, 2001, 9:59pm

I have been thinking about putting together a looking glass site on my
network and have looked at Ed Kern's (DIGEX) html and perl script but do not
want to enable rsh (anywhere) and do not want to reinvent the wheel if not
necessary. Has anyone seen an updated script written to use other access
means like telnet or ssh to exchange CLI/commands and results with an IOS
router?

----------------------------------------------
Don Simpson
----------------------------------------------

http://www.cctec.com/maillists/nanog/historical/9710/msg00223.html

We're using a variation of this one on our internal LG pages. Works quite well, and at least fits your "telnet" requirement.

JT

Havard_Eidnes2 · March 12, 2001, 10:48pm

I have been thinking about putting together a looking glass
site on my network and have looked at Ed Kern's (DIGEX) html
and perl script but do not want to enable rsh (anywhere) and do
not want to reinvent the wheel if not necessary. Has anyone
seen an updated script written to use other access means like
telnet or ssh to exchange CLI/commands and results with an IOS
router?

A seriously whacked but also rather minimalistic version which
uses perl's telnet module can be found on

ftp://ftp.nordu.net/nordunet/lg.tar.gz

...all 4K of it...

Regards,

- H�vard

Ariel_Biener · March 13, 2001, 1:14am

I have posted a list of such resources a while back (you can either look
it up in the archives, or I'll send it to you in private).

About your concerns, I don't think automated telnet/ssh access (using some
script, which means you'll be storing the password for access somewhere on
the disk, either as a different file, or as a part of the code) is more
secure than rsh to a router with privilege level 1 (you can create a user,
and using the aaa new-model authentication model, you can create a
privilege level for that user, specifying exactly what commands that user
is allowed to use) for example.

--Ariel

Rafi_Sadowsky · March 13, 2001, 12:35pm

Hi Ariel

If you really want to get paranoid - give the rsh privilege level 0 &
then you really get to specify exactly what IOS commands can be run by the
Looking Glass

Regards
Rafi

P.S. AFAIK Cisco IOS SSH will only do telnet/rlogin type sessions - not
single commands - for the really paranoid set up the telnet/rsh connection
over encrypted IPSEC