Net::SSH 'channel_failure: 0' Error on Remote Host

Hi,
I am having trouble with the Net::SSH:start() function on one device,
but not another. During a DEBUG I receive a ‘channel_failure: 0’ error
resulting in the commands passed to my exec!() function not executing
on the remote host.

I AM able to execute the code below on a Cisco switch and router, but
receive errors when trying to execute similar code on a Cisco Wireless
LAN Controller (WLC).

#Works on a switch…
require ‘net/ssh’
output=""
Net::SSH.start(‘192.168.4.15’, ‘username’, :password => “Cisco”) do |
ssh|
output = ssh.exec!(“show interfaces status”)
end

#Fails on a WLC…
require ‘net/ssh’
output=""
Net::SSH.start(‘192.168.4.40’, ‘username’, :password => “Cisco”) do |
ssh|
output = ssh.exec!(“show ap summary”)
end

I think this may be due to how a WLC prompts for login credentials;
below is the sign on for a Cisco switch, followed by a WLC:

#Switch SSH sign on…
Username: username
Password: *****

SW1>

#WLC SSH sign on…
login as: username

Username: username
Password: *****

Notice the extra ‘login as:’ prompt on the WLC. Note that when using
PuTTy if you enter the hostname as ‘[email protected]’ as oppossed
to just ‘192.168.4.40’ the extra ‘login as:’ field gets auto-
populated.

Below is a most of the DEBUG from the WLC SSH sign on including the
‘channel_failure: 0’ error:

#Unneccessary lines above ommitted

C:\Apps\Cisco SSH>irb
irb(main):001:0> require ‘net/ssh’
=> true
irb(main):002:0> output=""
=> “”
irb(main):003:0> Net::SSH.start(‘192.168.4.40’, ‘username’, :password
=> “Cisco”, :verbose => Logger::DEBUG) do |ssh|
irb(main):004:1* output = ssh.exec!(“show ap summary”)
irb(main):005:1> end
D, [2008-05-08T20:40:05.041000 #3148] DEBUG –
net.ssh.transport.session[170ebf2]: establishing connection to
192.168.4.40:22

#omitted lines…

D, [2008-05-08T20:40:11.931000 #3148] DEBUG –
net.ssh.authentication.session[16fe4c8]: beginning authentication of
`username’

#omitted lines…

D, [2008-05-08T20:40:11.961000 #3148] DEBUG –
net.ssh.authentication.session[16fe4c8]: trying password
D, [2008-05-08T20:40:11.961000 #3148] DEBUG – tcpsocket[170ea12]:
queueing packet nr 5 type 50 len 60
D, [2008-05-08T20:40:11.961000 #3148] DEBUG – tcpsocket[170ea12]:
sent 84 bytes
D, [2008-05-08T20:40:11.971000 #3148] DEBUG – tcpsocket[170ea12]:
read 36 bytes
D, [2008-05-08T20:40:11.971000 #3148] DEBUG – tcpsocket[170ea12]:
received packet nr 5 type 52 len 12
D, [2008-05-08T20:40:11.981000 #3148] DEBUG –
net.ssh.authentication.methods.password[16fcff6]: password succeeded
D, [2008-05-08T20:40:11.981000 #3148] DEBUG – tcpsocket[170ea12]:
queueing packet nr 6 type 90 len 44
D, [2008-05-08T20:40:11.981000 #3148] DEBUG – tcpsocket[170ea12]:
sent 68 bytes
D, [2008-05-08T20:40:11.991000 #3148] DEBUG – tcpsocket[170ea12]:
read 52 bytes
D, [2008-05-08T20:40:12.001000 #3148] DEBUG – tcpsocket[170ea12]:
received packet nr 6 type 91 len 28
I, [2008-05-08T20:40:12.001000 #3148] INFO –
net.ssh.connection.session[16fc47a]: channel_open_confirmation:
0 0 0 32768
I, [2008-05-08T20:40:12.001000 #3148] INFO –
net.ssh.connection.channel[16fc376]: sending channel request “exec”
D, [2008-05-08T20:40:12.001000 #3148] DEBUG – tcpsocket[170ea12]:
queueing packet nr 7 type 98 len 44
D, [2008-05-08T20:40:12.001000 #3148] DEBUG – tcpsocket[170ea12]:
sent 68 bytes
D, [2008-05-08T20:40:12.011000 #3148] DEBUG – tcpsocket[170ea12]:
read 36 bytes
D, [2008-05-08T20:40:12.021000 #3148] DEBUG – tcpsocket[170ea12]:
received packet nr 7 type 100 len 12
I, [2008-05-08T20:40:12.021000 #3148] INFO –
net.ssh.connection.session[16fc47a]: channel_failure: 0
RuntimeError: could not execute command: “show ap summary”
from C:/ruby/lib/ruby/gems/1.8/gems/net-ssh-2.0.1/lib/net/ssh/
connection/session.rb:294:in exec' from C:/ruby/lib/ruby/gems/1.8/gems/net-ssh-2.0.1/lib/net/ssh/ connection/channel.rb:592:incall’
from C:/ruby/lib/ruby/gems/1.8/gems/net-ssh-2.0.1/lib/net/ssh/
connection/channel.rb:592:in do_failure' from C:/ruby/lib/ruby/gems/1.8/gems/net-ssh-2.0.1/lib/net/ssh/ connection/session.rb:558:inchannel_failure’
from C:/ruby/lib/ruby/gems/1.8/gems/net-ssh-2.0.1/lib/net/ssh/
connection/session.rb:428:in send' from C:/ruby/lib/ruby/gems/1.8/gems/net-ssh-2.0.1/lib/net/ssh/ connection/session.rb:428:indispatch_incoming_packets’
from C:/ruby/lib/ruby/gems/1.8/gems/net-ssh-2.0.1/lib/net/ssh/
connection/session.rb:185:in preprocess' from C:/ruby/lib/ruby/gems/1.8/gems/net-ssh-2.0.1/lib/net/ssh/ connection/session.rb:169:inprocess’
from C:/ruby/lib/ruby/gems/1.8/gems/net-ssh-2.0.1/lib/net/ssh/
connection/session.rb:133:in loop' from C:/ruby/lib/ruby/gems/1.8/gems/net-ssh-2.0.1/lib/net/ssh/ connection/session.rb:133:inloop_forev
er’
from C:/ruby/lib/ruby/gems/1.8/gems/net-ssh-2.0.1/lib/net/ssh/
connection/session.rb:133:in loop' from C:/ruby/lib/ruby/gems/1.8/gems/net-ssh-2.0.1/lib/net/ssh/ connection/channel.rb:269:inwait’
from C:/ruby/lib/ruby/gems/1.8/gems/net-ssh-2.0.1/lib/net/ssh/
connection/session.rb:327:in exec!' from (irb):4 from C:/ruby/lib/ruby/gems/1.8/gems/net-ssh-2.0.1/lib/net/ ssh.rb:189:instart’
from (irb):3
irb(main):006:0>

Any help would be greatly appreciated.

Thanks,
Mike.

Try using the command:

show ap config general AP

instead. (AP being your access point name)

Regards,

  • Mac

Hi Mac,
I tried you suggestion of changing the command to execute in the
exec() function, I get the same error. I don’t think this error is
stemming from the command so much as the ssh channel not being setup
properly on the WLC.

Still working on this… I would appreciate any other suggestions.

Mike.

Hmm, perhaps it has to do with the fact that a Cisco router actually
requires 2 passwords, a login…and an ‘enable’ password to gain root,
if I’m mistaken correct me. That said, perhaps this is a command that
can only be run at root?

Just spitballing here, I’ll let you know if I think of anything else. I
don’t have a Cisco Router available to me at the moment so I can’t test
much.

  • Mac

Hi,
I figured out the answer to my original post. I used the PuTTy SSH
packets logging feature and was able to to make a script that mimicked
how PuTTY interacts with a Cisco Wireless LAN controller (WLC) when
logging in using SSH.

In a nutshell; you have to request an ‘xterm’ PTY (virtual terminal)
on the WLC, then request a new shell be created. Once I did that I
could see the WLC prompting for login credentials. After this is was
just a matter of sending strings as WLC commands over the channel.

Below is a basic script showing how I accomplished this:

require ‘net/ssh’
#Open a new SSH connection
Net::SSH.start(‘1.1.1.1’, ‘username’, :password =>
“password”, :verbose => Logger::DEBUG) do |ssh|
#Open a new channel
ssh.open_channel do |channel|
channel.request_pty(:term => “xterm”) do |ch, success|
if success
puts “pty successfully obtained”
ch.send_channel_request “shell” do |ch, success|
if success
puts “user shell started successfully”
ch.on_data do |ch, data|
puts “got stdout: #{data}”
end
ch.send_data(“username\n”)
ch.on_data do |ch, data|
puts “got stdout: #{data}”
end
ch.send_data(“password\n”)
ch.on_data do |ch, data|
puts “got stdout: #{data}”
end
ch.send_data(“show ap summary\n”)
ch.on_data do |ch, data|
puts “got stdout: #{data}”
end
ch.send_data(“logout\nn\n”)
ch.on_eof do |ch|
puts “remote end is done sending data”
ch.do_close
end
else
puts “could not start user shell”
end
end
else
puts “could not obtain pty”
end
end
end
end

Hope this can help someone.

Mike.