How do I use scripted SSH from Linux into my 2920VN router?

I am able to monitor my various different systems wifi, lan, wan, voip etc using a Raspberry Pi, but so I would now like to get information from the 2920VN automatically or for example drop one of my wan connections when the ISP has failed.

The 2920VN has a great set of commands available via SSH or Telnet, which I am able to connect to the router from Windows / OS X / Linux with no problem apart from an annoying error message "exec request failed on channel 0".

However trying to use the SSH interface via a script fails presumably due to the same error message not being ignored:

Code:

pi@domoticz:~$ sshpass -p password ssh admin@192.168.1.1 'show dns' exec request failed on channel 0

So I get the error message but no output from the command.

I have tried redirecting the error message, using the -q option for SSH etc..

I believe I need to suppress the error message on the router or find another SSH option that will carry on despite errors.

Having played with batchmode options in SSH and still had no success.

Is it possible to do loginless SSH into the router using keygen? Having generated a key I tried to copy it, but failed:

Code:

pi@domoticz:~/draytek$ sudo ssh-copy-id -i /root/.ssh/id_rsa.pub admin@192.168.1.1 /usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed /usr/bin/ssh-copy-id: ERROR: ssh_exchange_identification: Connection closed by remote host

__________________________________________________________________
Working interactively:

Code:

pi@domoticz:~$ ssh admin@192.168.1.1 admin@192.168.1.1's password: PTY allocation request failed on channel 0 Type ? for command help > show dns show dns %% Domain name server settings: % Primary DNS: 8.8.8.8 % Secondary DNS: 8.8.4.4

Hello simonrg,
SSH will not permit what you are trying to do if the key exchange won't work (I'm not sure if it is actually possible to access ~/.ssh/authorized_keys on the Draytek ?)
You can however do what you are trying to do using telnet - I do a similar thing to look at IP addresses on the WANs on a 2925
I run a script on a Raspberry Pi under cron, this would be a start towards what you're after:
#!/bin/bash
host=192.168.1.1
port=23
user=admin
pass=<your_password>
cmd1='show dns'
log=rtr-dns.log
WRKDIR=/mnt/usb1 # this is a USB stick mounted on the pi

cd ${WRKDIR}

( echo open ${host}
sleep 1
echo ${user}
sleep 1
echo ${pass}
sleep 1
echo ${cmd1}
sleep 2
) | telnet >${log}

I must confess I haven't played around creating another user ID (other than "admin" to try this with - laziness on my part !)

For what it's worth, I can help with one of the errors you're seeing
The "PTY allocation request failed on channel 0" message can be removed by invoking SSH with '-T' option (ssh -T <user>@<host>)

Hope the above might be of some help to you
Cheers
Simon

Simon,

Thanks perfect, telnet just works, as per your very clear reply. I don't really know why ssh doesn't work but it doesn't. So just need to now parse the output.

I run Domoticz to control my house, so now I can integrate the router in properly, reroute phone calls when the alarm is set, properly monitor available bandwidth as sum of speed test and used bandwidth from router, disable one wan connectin when bandwidth is zero etc..

As you imply I should really now set up a user for the router with more limited permissions than admin, time for some more reading.

Thanks, Simon

Hi Simon, don't know if you're still watching this one, but I've gotten SSH to work (sort of)
I had to install "expect" and abandon "sshpass", running this on a raspberry pi running Jessie lite.
Prerequisites for this:
Install "expect"
Modify '~/.ssh/config' because the Draytek uses ssh-dss which newer versions of ssh clients don't support by default !
Add the following into the file:

Code:

Host rtr* HostkeyAlgorithms ssh-dss

Here's the basic script I'm using, note that I'm interested in the "wan status" so I can get the IP addresses.

Code:

#!/usr/bin/expect -f spawn ssh admin@router <<== should be obvious expect "password:" send "yourpassword\r" <<== again, hope it's obvious expect "router>" <<== this must match your router prompt unset expect_out(buffer) <<== see note below about this line ! send "wan status\r" expect "MORE" <<== I don't need the second page, so I'll just bomb out at this point send "quit\r" <<== log off the session

Please note that I've added comments with the double headed arrows, to try and explain things that need changing
The "unset" line is to cope with the SHED LOADS of carriage returns and newlines that are returned by the banner page when you log on to the router - they play HAVOC with expect :shock:

Once the script is created as above, it is invoked thus:

Code:

expect >

If you want to see the HAVOC I was referring to, invoke it thus:

Code:

expect -d

Sorry for the tatty post, it's been a long night working this one out
Cheers
Simon