Running CLI commands through batch using putty/plink .exe

Allwyn_Mascarenhas · ‎09-14-2015

I am trying to run cli to create admin accounts on fortigates: cd c:\Program Files\PuTTY plink.exe -l username -pw password fgt_ipaddress C:\pat_to_command.txt pause and then in command.txt: config system admin edit test set accprofile "super_admin" set password test end I keep getting the "unknow action 0" which according to fgt doc: "If you do not enter a known command, the CLI will return an error message such as: Unknown action 0" Would appreciate lil help on understanding what is going wrong here.

jiangchundi · ‎09-20-2015

if you connect FGT through SSH, type "edit test" without type "config system admin" at first, you will get a "Unknown action". From "config..." to "end" can be considered 1 conversational command, not 5 independent commands.

You may check my post "Is that possible for a scheduled shutdown?" which I have answered myself.

Allwyn_Mascarenhas · ‎09-20-2015

jiangchundi wrote:
if you connect FGT through SSH, type "edit test" without type "config system admin" at first, you will get a "Unknown action". From "config..." to "end" can be considered 1 conversational command, not 5 independent commands.
You may check my post "Is that possible for a scheduled shutdown?" which I have answered myself.

Thanks for the response.

I did not get that though. I have added config sys admin and then added edit <usrname>. Can't figure out what is wrong here.

config system admin
edit <adminuser>
set accprofile "super_admin"
set password <password>
end

jiangchundi · ‎09-20-2015

You can use PowerShell and SSH.Net library to do this, not Putty.exe or Plink.exe.

$client = New-Object Renci.SshNet.SshClient($hostip,"admin",$passwd) $client.Connect(); sleep 1 if ($client.IsConnected){ $stream = $client.CreateShellStream("Test",0,0,0,0,1000); sleep 1 $log += $stream.Read(); sleep 1 $stream.Write("config system admin`n"); $stream.Flush(); sleep 1 $log += $stream.Read(); sleep 1 $stream.Write("edit test`n"); $stream.Flush(); sleep 1 $log += $stream.Read(); sleep 1

....... $stream.Write("end`n"); $stream.Flush(); sleep 1 $stream.Close() ........

Allwyn_Mascarenhas · ‎09-20-2015

jiangchundi wrote:
You can use PowerShell and SSH.Net library to do this, not Putty.exe or Plink.exe.
$client = New-Object Renci.SshNet.SshClient($hostip,"admin",$passwd) $client.Connect(); sleep 1 if ($client.IsConnected){ $stream = $client.CreateShellStream("Test",0,0,0,0,1000); sleep 1 $log += $stream.Read(); sleep 1 $stream.Write("config system admin`n"); $stream.Flush(); sleep 1 $log += $stream.Read(); sleep 1 $stream.Write("edit test`n"); $stream.Flush(); sleep 1 $log += $stream.Read(); sleep 1
....... $stream.Write("end`n"); $stream.Flush(); sleep 1 $stream.Close() ........

I can use this as a batch file? I will look into this and report back asap.

jiangchundi · ‎09-20-2015

you can call powershell.exe from a bactch file:

pathtotheexe\powershell.exe pathtoscript\scriptname.ps1

jiangchundi · ‎09-20-2015

you can call powershell.exe from a bactch file:

pathtotheexe\powershell.exe pathtoscript\scriptname.ps1

to use the library, before new-object, you need to:

Add-Type -Path "pathtothedll\Renci.SshNet.dll"

TuncayBAS · ‎09-20-2015

You do not have VDOM structure?

if there is one config global config sys admin editor admin password set 1234856 end end

Tuncay BAS RZK Muhendislik Turkey NSE 4 5 6 FCESP v5

ede_pfau · ‎09-21-2015

Why don't you use the batch command interface for this? See System > Config > Advanced.

Write down the commands into a text file, one command per line, then upload it as a batch command. File extension can be anything.

Now for debugging which line throws the error:

connect to the Console

enter this:

diag debug enable

diag deb cli 7

- now do the upload and watch the messages -

to reset:

diag deb cli 3

diag deb dis

Ede

"Kernel panic: Aiee, killing interrupt handler!"

Allwyn_Mascarenhas · ‎09-27-2015

ede_pfau wrote:
Why don't you use the batch command interface for this? See System > Config > Advanced.
Write down the commands into a text file, one command per line, then upload it as a batch command. File extension can be anything.
Now for debugging which line throws the error:
connect to the Console
enter this:
diag debug enable
diag deb cli 7

- now do the upload and watch the messages -
to reset:
diag deb cli 3
diag deb dis

I got the following debug log. I uploaded an .conf file with the syntax as follows, is it something to do with the spacing etc?

I have no experience to understand this debug output so will google for it and report back.

config system admin
edit testadmin
set password testsnaadmin#
set acc_profile super_admin
end

SNA # diagnose debug cli 3

SNA # diagnose debug disable

SNA # diagnose debug enable

SNA # diagnose debug cli 9[K7

SNA # 0: config system admin

0: edit testadmin

0: set password testsnaadmin#

-61: set acc_profile super_admin

0: config system admin
0: edit "testadmin"
0: unset vdom
entry 0x313f298:0xbefedba8 duplicated action=add, vdom=root, node=system.admin.vdom.name, key=root, cmf_shm_api.c,__bsearch_index,291.
cmf_query_shm.c:1926, Add table index error: type=4
0: end
-56: endcmf_query_util.c:1511: grp=00000002, obj=system.global
cmf_query_util.c:1511: grp=00000002, obj=system.global
cmf_query_util.c:1511: grp=00000002, obj=system.global
cmf_query_util.c:1511: grp=00000002, obj=system.global
cmf_query_util.c:1511: grp=00000002, obj=system.global
cmf_query_util.c:1511: grp=00000002, obj=system.global
cmf_query_util.c:1511: grp=00000002, obj=system.global

cmf_query_util.c:1511: grp=00000002, obj=system.global
SNA # diagnose debug disable [K[K[K[K[K[K[Kcli 3

SNA # diagnose debug disable