Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Dual Jumphost #56

Open
cmacasae opened this issue Jun 3, 2022 · 3 comments
Open

Dual Jumphost #56

cmacasae opened this issue Jun 3, 2022 · 3 comments

Comments

@cmacasae
Copy link

cmacasae commented Jun 3, 2022

Our environment requires double linux jumphost before we can reach the Cisco devices. Is there anything we can adjust in the script to successfully connect behind double jumphosts?
@jamiecaesar
Copy link
Owner

Unfortunately I don't think there is a way to handle that in the scripts - at least the multi-device ones. The single device ones you just need to get logged into the device and run the script you want, and it should work.

The multi-device scripts use the built-in feature of SecureCRT to connect through a SOCKS proxy host (They call it "Firewall" in the UI). So unless that feature allows you to chain together "Firewall" references, then it isn't something that the scripts can handle.

That does make me curious though, as I've never tried it. The standard way of dealing with the jump host is to set up a SecureCRT session for the jump box (with auto-login if you don't want to get prompted for each device), and then create a session for your end-device but under the "Firewall" drop-down you select your jump host session that was created first. Then SecureCRT will set up the Socks5 proxy session to whatever you selected under "Firewall" and then proxy the connection to the end device through it.

So I wonder if you can create a session for JumpHost1, then create one for JumpHost2, which references JumpHost1 in the Firewall field, and then finally create you final device session that references JumpHost2 as the firewall. If that doesn't work, then I'm guessing it cannot be done with SecureCRT. I'd love to hear your results, though.

@cmacasae
Copy link
Author

cmacasae commented Jun 7, 2022

This worked. It needed two open securecrt windows.

In the first securecrt window I have two connected sessions which are configured as ssh socks proxy chaining. This is for the two jumphosts.

https://www.vandyke.com/support/tips/socksproxy.html

Then I run m_inventory_report.py in the 2nd securecrt window. It needs to be run from a window with no connected session as the script checks it.

Awesome! Thanks.

@cmacasae
Copy link
Author

Update:

Was able to make m_cdp_to_csv working in dual ssh tunnel, by adding ",proxy=proxy)" in line 85 of m_cdp_to_csv.py

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jamiecaesar @cmacasae