目标
我试图自动化几十个路由器的fortigate配置更改,我没有赢。已经尝试了Python的paramiko库,Python结构和Perl的期望以及Rex接口/库。Fortigate自动化与perl或python
其他信息
*路由器:飞塔60D
*固件:V5.0,build0252(GA补丁5)
启用* SSH:真
我可以登录通过SSH和运行这些手动命令!
我在过去使用Fortinet 60B的perl expect库,但它不再有效。在我分享代码之前,我想问:
Fortigate是否有一些新功能可以防止这种类型的自动化?
一种简单且无害命令测试[列表当前DHCP租赁]:
execute dhcp lease-list wifi
代码
的Perl /期望值:
my $timeout = 10;
$ssh->expect($timeout, [ qr/password: /i ]);
$ssh->send("$passwd\r\n");
$ssh->expect($timeout, [ qr/#/i ]);
$ssh->send("execute dhcp lease-list wifi\r");
$ssh->expect($timeout, [ qr/#/i ]);
$ssh->send("exit\r");
$ssh->soft_close();
输出:无
的Perl /雷克斯:
desc "List all dhcp leases";
task "leases", group => "forti", sub {
my $output = run "execute dhcp lease-list wifi";
say $output;
};
输出:
[2014-02-11 13:14:48] (30011) - INFO - Running task: leases [2014-02-11 13:14:48] (30022) - INFO - Connecting to 10.10.10.2 (admin) [2014-02-11 13:14:49] (30022) - INFO - Connected to 10.10.10.2, trying to authenticate. Fortigate # Unknown action 0 Fortigate #
的Python /的paramiko:
ssh = paramiko.SSHClient()
ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())
ssh.connect('10.10.10.2',username='fake_root',password='fake_pass')
stdin, stdout, stderr=ssh.exec_command("execute dhcp lease-list wifi")
stdout.readlines()
ssh.close()
输出:无
的Python /面料:
def view_dhcp_leases():
print("Viewing dhcp leases")
run("execute dhcp lease-list wifi")
输出:
[10.10.10.2] Executing task 'view_dhcp_leases' Viewing dhcp leases [10.10.10.2] run: execute dhcp lease-list wifi [10.10.10.2] out: Fortigate # Unknown action 0 [10.10.10.2] out: [10.10.10.2] out: Fortigate # Done. Disconnecting from 10.10.10.2 ... done.
结论......到目前为止
Unknown action 0
手段, “我不知道这个命令[在这方面]”。这个命令可以在第一次提示时手动运行。另外,正如您在面料和rex示例中所看到的那样:确实验证并连接!我的结论是,这是出于安全原因而设计的......并且更可能出售他们专有的管理废话。
您可能会受到[此处]描述的问题的影响(https://metacpan.org/pod/Net::OpenSSH#FAQ)! – salva