Recommendations on pulling a file from SSH session?

Recommendations on pulling, on-demand, a file from SSH session? I have a remote device, that I have only SSH access to, I need to connect via SSH, pull a file over the connection, then of course close the SSH session.

I can see or envision various ways to do this, that would be better than using SSH, but I can't touch the remote device, i.e. I can install anything or script anything. Frankly, I would rather implement a script and cron-tab job on the device and just have NR watch/listen for the transport, but that is not an option in this case.

You should be able to use scp which copies a file over ssh.

4 Likes

Yep - and obviously if automating it you will need to have exchanged keys etc between the two machines to enable passwordless access.

your other option would be SFTP which can/is configured to run over ssh also - but if it is a single file then scp makes the most sense

then there is rsync also

Craig

Yeah, keys are no problem that I can do fortunately. I can't use SFTP per se, since it is not native to the device, but SSH is. This is pulling statistics and configuration data from a remote router. I don't believe rsync is present, I will need to check on that. I was thinking SCP as well, but never hurts to ask what others have done. :slight_smile:

I discover this evening that I might be able to use the REST API that the documentation suggests is native to the router OS, if that is enabled/in place that might be an option as well.

Which Router OS ?

Craig

I suspect that will be the easiest solution. If you already have the keys setup then it should just be a matter of running the command in an exec node.

Many routers support SNMP for this type of thing. Might be an alternative option.

Yes indeed, that may well be a good solution, if the required data are available by that route.

All depending on your personal taste & skill, you could also ssh using a Python script and the python ssh client paramiko

Unfortunately, SNMP was the first thing I looked at, then the REST API, neither give specific visibility to the DHCP lease information. I got the administration team to make the issue a bit more manageable, in that I got them to segment the log files, geez which they should have been doing anyway... but I digress, so I have the key information isolated to a specific file, now I just need to grab it, parse a bit, and present it, and since NR has a lot of flexibility to present data, well, preaching to the choir at this point right? The router technology is better than consumer grade but not as robust as Cisco... where the custom OIDs would make this almost painless. Why is all this important? Well with the significant increase in wireless use, the rather poor auditing available, etc., etc. The entity is small, so does not have a robust budget. Time to get creative.

Love it, I thinking about using python in fact, very timely! I just finished revising my python MQTT based "Listener" that responds to NR requests on/to ESP based IoT devices, Raspberry Pi devices, etc. A few days I should have one of the new Pi Pico with integrated WiFi devices, to develop my "Listener" on using micro-python or Circuit-Python on.

I don't see the advantage of that over a simple exec of scp.

2 Likes

Well, from wiki, outdated but for me you may use whatever

According to OpenSSH developers in April 2019, SCP is outdated, inflexible and not readily fixed; they recommend the use of more modern protocols like SFTP and rsync for file transfer.[3] As of OpenSSH version 9.0, scp client therefore uses SFTP for file transfers by default instead of the legacy SCP/RCP protocol.[4]

:rofl: love the optimism! I've never found CISCO painless for anything. Wish we didn't have to use them at work.

Great use-case for node-red.

True, python would just be a consistency scenario since much of what we have scripted is python based. Initial crack at this... going to use scp or rsync.

This is the second or third time I have seen this referenced that SCP is now dead. And yet, I often see if recommended by audit teams and security teams still for one-off transport. Clearly SCP is still tested and actively evaluated by many. I have no strong position just pointing out that SCP is still used. Given use of VPNs, encrypted file level compression methods, and other layered security (stacks) I am sure SCP is still used because it is easy and straight-forward, say compared to rsync for example. I don't think anyone would use SCP now, as secure transport, as it was once was. The issue with SFTP is the (negative) association with former FTP. I know for a fact, that one Fortune 10 company has banned SFTP simply because it is associated with FTP. The internal security team is just not listening or acknowledging the difference. Again, I just pointing out my experience, not voicing any option. Just as a foot note, ROBOCOPY has not been updated since Windows 2000 server or so as I recall, and yet it is still used among Windows administrators extensively even now.

@TotallyInformation, man, you crack me up at times. The Cisco comment was priceless!

I would have originally suggested rsync, but it may not be installed on the remote machine, so I did not suggest that.

scp is perfectly good and adequate if the requirement is just to transfer a small file. It is secure and is not going to disappear in the foreseeable future. If rsync is available then by all means use that.

When I asked about the advantage over scp I was referring to writing a python script to do the same thing, which seems pointless.

Right, I understood your intent about python. Given my long history with python, it was passing thought, and a fall back if needed, but with various other options, not likely.

I am checking on rsync... given the router is a customized version of Debian, it might be there.

The bummer is that the dhcp information now isolated, is in a 'user' file system, which as far, as I have found as yet, is not visible to the REST API. Which seems odd. I have a query to the router OS team of the vendor to ask about this. They have a REST API that can capture the entire 'config' state of the router which is its own file system, so I suspect the REST API could be amended with little effort to expose the 'user' file system. The trick is to get the vendor to see that.

Well, just validated, rsync is not available, but scp of course is, so the die is cast. :slight_smile: What was it my dad used to say... "The obvious answer, is quite often, the right one."