GreenO » Uncategorized http://blog.chrisgreenough.com GreenO from Technical to Personal and everything in between! Fri, 26 Feb 2010 19:53:35 +0000 en hourly 1 http://wordpress.org/?v=3.0.1 Tcl Script to Probe SSH Connections for Cisco ACE Router http://blog.chrisgreenough.com/2010/02/tcl-script-to-probe-ssh-connections-for-cisco-ace-router/ http://blog.chrisgreenough.com/2010/02/tcl-script-to-probe-ssh-connections-for-cisco-ace-router/#comments Fri, 26 Feb 2010 19:48:52 +0000 admin http://blog.chrisgreenough.com/?p=110 We were having problems with default TCP probes on port 22 from our Cisco ACE Load Balancer showing up in our logs as bad SSH connections. I modified a Cisco TCL script for checking SSL to send a greeting to a SSH server and check that a SSH greeting is returned. It by no means does a complete login, but it does check to make sure the SSH service is alive. Tested on RedHat and Ubuntu. Let me know if this works on other services.

Ubuntu

root@***:/var/log# uname -a
Linux ***2.6.31-19-generic-pae #56-Ubuntu SMP Thu Jan 28 02:29:51 UTC 2010 i686 GNU/Linux
root@***:/var/log# ssh -V
OpenSSH_5.1p1 Debian-6ubuntu2, OpenSSL 0.9.8g 19 Oct 2007

Redhat

[root@*** root]# uname -a
Linux *** 2.4.21-63.ELsmp #1 SMP Wed Oct 28 23:15:46 EDT 2009 i686 i686 i386 GNU/Linux
[root@*** root]# ssh -V
OpenSSH_3.6.1p2, SSH protocols 1.5/2.0, OpenSSL 0x0090701f

sshProbe.tcl
SSH_PROBE_SCRIPT.tcl

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99

#!name = SSH_PROBE_SCRIPT
########################################################################################
# 
# Description :
#    Script connects sends a connect request to a SSH server to see if its alive.
#
# ACE version :
#   1.0+
#    
# Author :
#   Chris Greenough (Chris.Greenough@nau.edu)
#
# Parameters :
#   [debugFlag]
#     debug  - default 0. Do NOT turn on while multiple probes are configured
#
# Example config :
#       probe sshProbe script
#           script SSH_PROBE [0]
# 
########################################################################################
#-------------------------------------------
# debug procedure
# set the EXIT_MSG environment varaible to help debug
# also print the debug message when debug flag is on
#-------------------------------------------
proc ace_debug { msg } { 
    global debug ip port EXIT_MSG
 
    set EXIT_MSG $msg
    if { [ info exists ip ] && [ info exists port ] } { 
	set EXIT_MSG "[ info script ]:$ip:$port: $EXIT_MSG "
    }  
    if { [ info exists debug ] && $debug } { 
	puts $EXIT_MSG
    } 
} 
 
#-------------------------------------------
# main 
#-------------------------------------------
 
ace_debug "initializing varaible"
set EXIT_MSG "Error config:  script SSH_PROBE  <debug(0|1)>"
 
set ip $scriptprobe_env(realIP) 
set port $scriptprobe_env(realPort)
 
## if port is 0 , use default port 22
if { $port == 0 } {
    set port 22
} 
set debug [ lindex $argv 0 ]
if { $debug == "" } {
    set debug 0
} 
# open connection 
ace_debug "opening socket"
set sock [ socket $ip $port ]
 
ace_debug "setting fconfigure to binary"
fconfigure $sock -translation binary 
 
ace_debug "sending ssh client hand-shake message"
# Sending SSH-2.0-SecureCRT_6.5.0 (build 335) SecureCRT??
set ssh_hello "5353482d322e302d5365637572654352545f362e352e3020286275696c642033333529205365637572654352540d0a"
 
set ssh_length  [ string length $ssh_hello ]
puts -nonewline $sock [ binary format "H${ssh_length}" $ssh_hello ]
flush $sock
 
#  read frist 100 bytes from server
ace_debug "receiving response"
set lines [ read $sock 100 ]
 
#  close connection
ace_debug "closing socket"
close $sock
 
#  parsing the 1st 3 bytes from the ssh headers 
#  if it is not a ssh hand shake successful message. failed the probe with exit 30002
# If the server responds with its SSH info then it must be alive
set ssh_header "SSH"
 
ace_debug $lines
 
if { ![ binary scan $lines "@0a3" res ] } { 
    ace_debug "probe fail : ssh server response parsing failure"
    exit 30002
} 
ace_debug $res
if { $res != $ssh_header } { 
    ace_debug "probe fail : ssh hand shake failure with $res !"
    exit 30002
} 
 
#  Everything went fine. probe exit with success exit_code 30001
ace_debug "probe success"
exit 30001
]]> http://blog.chrisgreenough.com/2010/02/tcl-script-to-probe-ssh-connections-for-cisco-ace-router/feed/ 0 Check out the Garden!?!? http://blog.chrisgreenough.com/2008/08/check-out-the-garden/ http://blog.chrisgreenough.com/2008/08/check-out-the-garden/#comments Tue, 19 Aug 2008 17:57:32 +0000 GreenO http://blog.chrisgreenough.com/?p=9 I don’t know if I am getting old or what but I am REALLY excited about how my garden is doing! My first attempt at a green thumb (Or I guess GreenO thumb)… Just hope it does not Freeze before all the tomatoes are ripe!

]]> http://blog.chrisgreenough.com/2008/08/check-out-the-garden/feed/ 0