New Member

Question

Running CLI commands through batch using putty/plink .exe

Forum|Forum|10 years ago
September 14, 2015
7 replies
24118 views

I am trying to run cli to create admin accounts on fortigates: cd c:\Program Files\PuTTY plink.exe -l username -pw password fgt_ipaddress C:\pat_to_command.txt pause and then in command.txt: config system admin edit test set accprofile "super_admin" set password test end I keep getting the "unknow action 0" which according to fgt doc: "If you do not enter a known command, the CLI will return an error message such as: Unknown action 0" Would appreciate lil help on understanding what is going wrong here.

jiangchundi

New Member

if you connect FGT through SSH, type "edit test" without type "config system admin" at first, you will get a "Unknown action". From "config..." to "end" can be considered 1 conversational command, not 5 independent commands.

You may check my post "Is that possible for a scheduled shutdown?" which I have answered myself.

Allwyn_MascarenhasAuthor

New Member

jiangchundi wrote:
if you connect FGT through SSH, type "edit test" without type "config system admin" at first, you will get a "Unknown action". From "config..." to "end" can be considered 1 conversational command, not 5 independent commands.
You may check my post "Is that possible for a scheduled shutdown?" which I have answered myself.

Thanks for the response.

I did not get that though. I have added config sys admin and then added edit <usrname>. Can't figure out what is wrong here.

config system admin
edit <adminuser>
set accprofile "super_admin"
set password <password>
end

jiangchundi

New Member

You can use PowerShell and SSH.Net library to do this, not Putty.exe or Plink.exe.

$client = New-Object Renci.SshNet.SshClient($hostip,"admin",$passwd) $client.Connect(); sleep 1 if ($client.IsConnected){ $stream = $client.CreateShellStream("Test",0,0,0,0,1000); sleep 1 $log += $stream.Read(); sleep 1 $stream.Write("config system admin`n"); $stream.Flush(); sleep 1 $log += $stream.Read(); sleep 1 $stream.Write("edit test`n"); $stream.Flush(); sleep 1 $log += $stream.Read(); sleep 1

....... $stream.Write("end`n"); $stream.Flush(); sleep 1 $stream.Close() ........

jiangchundi

New Member

you can call powershell.exe from a bactch file:

pathtotheexe\powershell.exe pathtoscript\scriptname.ps1

jiangchundi

New Member

you can call powershell.exe from a bactch file:

pathtotheexe\powershell.exe pathtoscript\scriptname.ps1

to use the library, before new-object, you need to:

Add-Type -Path "pathtothedll\Renci.SshNet.dll"

TuncayBAS

Explorer

You do not have VDOM structure?

if there is one config global config sys admin editor admin password set 1234856 end end

ede_pfau

SuperUser

Why don't you use the batch command interface for this? See System > Config > Advanced.

Write down the commands into a text file, one command per line, then upload it as a batch command. File extension can be anything.

Now for debugging which line throws the error:

connect to the Console

enter this:

diag debug enable

diag deb cli 7

- now do the upload and watch the messages -

to reset:

diag deb cli 3

diag deb dis

Allwyn_MascarenhasAuthor

New Member

ede_pfau wrote:
Why don't you use the batch command interface for this? See System > Config > Advanced.
Write down the commands into a text file, one command per line, then upload it as a batch command. File extension can be anything.
Now for debugging which line throws the error:
connect to the Console
enter this:
diag debug enable
diag deb cli 7

- now do the upload and watch the messages -
to reset:
diag deb cli 3
diag deb dis

I got the following debug log. I uploaded an .conf file with the syntax as follows, is it something to do with the spacing etc?

I have no experience to understand this debug output so will google for it and report back.

config system admin
edit testadmin
set password testsnaadmin#
set acc_profile super_admin
end

SNA # diagnose debug cli 3

SNA # diagnose debug disable

SNA # diagnose debug enable

SNA # diagnose debug cli 9[K7

SNA # 0: config system admin

0: edit testadmin

0: set password testsnaadmin#

-61: set acc_profile super_admin

0: config system admin
0: edit "testadmin"
0: unset vdom
entry 0x313f298:0xbefedba8 duplicated action=add, vdom=root, node=system.admin.vdom.name, key=root, cmf_shm_api.c,__bsearch_index,291.
cmf_query_shm.c:1926, Add table index error: type=4
0: end
-56: endcmf_query_util.c:1511: grp=00000002, obj=system.global
cmf_query_util.c:1511: grp=00000002, obj=system.global
cmf_query_util.c:1511: grp=00000002, obj=system.global
cmf_query_util.c:1511: grp=00000002, obj=system.global
cmf_query_util.c:1511: grp=00000002, obj=system.global
cmf_query_util.c:1511: grp=00000002, obj=system.global
cmf_query_util.c:1511: grp=00000002, obj=system.global

cmf_query_util.c:1511: grp=00000002, obj=system.global
SNA # diagnose debug disable [K[K[K[K[K[K[Kcli 3

SNA # diagnose debug disable

ede_pfau

SuperUser

From the debug output I'd say you (= your account) is not allowed to create a super-user admin.

And, only a minor flaw: you close the "edit testadmin" config with "next", then "end". "next" is missing.

Allwyn_MascarenhasAuthor

New Member

ede_pfau wrote:
From the debug output I'd say you (= your account) is not allowed to create a super-user admin.
And, only a minor flaw: you close the "edit testadmin" config with "next", then "end". "next" is missing.

I can create a admin with the same account when i login through the gui, its an super_admin account. I showed this to FGT chat and the guy simply said, bulk upload might or might not work so this needs to be troubleshooted further and i should open a ticket.

Thanks and Regards.

ede_pfau

SuperUser

You've got a typo in your command file: it should read

 set accprofile super_admin

not

set acc_profile

(this will earn me another beer :)

Allwyn_MascarenhasAuthor

New Member

ede_pfau wrote:
You've got a typo in your command file: it should read
 set accprofile super_admin
not
set acc_profile
(this will earn me another beer :)

HAHA jesus i swear i've done it with acc_profile!!

I tried this on another device and the bulk upload worked:

IINFRALAB # diagnose debug cli 3

IINFRALAB # diagnose debug reset

IINFRALAB #
IINFRALAB # diagnose debug enable

IINFRALAB # diagnose debug cli 8

IINFRALAB # 0: config system admin
0: edit testadmin
0: set password testsnaadmin#
0: set accprofile super_admin
0: endopen file 14 to write config
open file 14 to write config
write config file success, prepare to save in flash
zip config file /data/./config/sys_global.conf.gz success!

but when i do it with using plink and ssh like im trying it's go some issue with the very first config line itself:

as seen in the cmd window


C:\Users\net\Google Drive\batch>cd c:\Program Files\PuTTY

c:\Program Files\PuTTY>plink -ssh 192.168.2.1 -l admin -pw admin321 -m C:\Users\
net\Google Drive\batch\createiinfra.txt
IINFRALAB # Unknown action 0

IINFRALAB # IINFRALAB # Unknown action 0

IINFRALAB # IINFRALAB # Unknown action 0

IINFRALAB # IINFRALAB # Unknown action 0

IINFRALAB # IINFRALAB # Unknown action 0

IINFRALAB #
c:\Program Files\PuTTY>pause
Press any key to continue . . .

the doc says:

If you do not enter a known command, the CLI will return an error message such as:
Unknown action 0

PS: man i'll buy you 2 beers. .

Allwyn_MascarenhasAuthor

New Member

Got this finally.

Just had to embrace the path to the txt containing the code in "" ..without them the path was being passed to the FGT.

As below

cd c:\Program Files\PuTTY
plink -ssh fgtipaddress -l user -pw password -m "C:\path to\command.txt"
pause

cheers

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded