DX NetOps

Hi,

From a bash terminal or script, I'd like to access a device which I don't have direct access to. In an ideal world, we'd use an SSH proxy to accomplish this. However, since one is not available, I wondered whether we could utilise the telnetd service on SpectroServer.

From doing a packet capture, I can see that the Spectrum Console will open a telnet session to the SpectroServer on port 31415 and send the command relay <host> <port>. After which, the session to the device is opened.

If I try this manually, I can successfully connect to a Telnet-based device (e.g. sending command relay 172.16.30.2 23). However, if the device is SSH only (e.g. sending command relay 172.16.30.3 22), the session is established but it fails since the device is expecting SSH messages (cipher exchange etc), but my host still thinks it is a telnet session:

I realise this issue quite niche but was interested to know if anyone else has tried something similar and had better success?

Thanks,
John

To follow up on this, the end goal was basically to execute Python scripts against the devices using Netmiko. But rather than connecting to the devices directly from my host (which wasn't possible anyway), it would instead relay the connection via SpectroServer.

After a bit of trial and error, I was able to come up with a basic script to demonstrate this is possible:

#!/usr/env/bin python3
"""
Example of connecting to an SSH device via SpectroServer telnetd service using
Netmiko.
"""

from telnetlib import Telnet
from netmiko import ConnectHandler
from getpass import getpass

SPECTROSERVER_HOST = "10.10.10.10" # Change accordingly
SPECTROSERVER_PORT = 31415 # This is default port of telnetd service
DEVICE_IP = "172.16.200.12" # Change to IP address of network device


def main() -> None:

    device = {
        "device_type": "cisco_ios",
        "host": DEVICE_IP,
        "username": input("Device username: "),
        "password": getpass("Device password: ")
    }
   
    relay_cmd = f"relay {DEVICE_IP} 22"

    tn = Telnet(SPECTROSERVER_HOST, SPECTROSERVER_PORT)
    tn.write(relay_cmd.encode('ascii') + "\r\n".encode('ascii'))
    sock = tn.get_socket()

    net_connect = ConnectHandler(sock=sock, **device)
    output = net_connect.send_command("show version")
    print(output)
    net_connect.disconnect()


if __name__ == "__main__":
    main()​

Original Message:
Sent: 07-18-2020 04:34 AM
From: John Dowson
Subject: Using telnetd service on SpectroServer

Hi,

From a bash terminal or script, I'd like to access a device which I don't have direct access to. In an ideal world, we'd use an SSH proxy to accomplish this. However, since one is not available, I wondered whether we could utilise the telnetd service on SpectroServer.

From doing a packet capture, I can see that the Spectrum Console will open a telnet session to the SpectroServer on port 31415 and send the command relay <host> <port>. After which, the session to the device is opened.

If I try this manually, I can successfully connect to a Telnet-based device (e.g. sending command relay 172.16.30.2 23). However, if the device is SSH only (e.g. sending command relay 172.16.30.3 22), the session is established but it fails since the device is expecting SSH messages (cipher exchange etc), but my host still thinks it is a telnet session:

I realise this issue quite niche but was interested to know if anyone else has tried something similar and had better success?

Thanks,
John