Stepan Kucherenko writes: >Sometimes it does strange stuff with SSH internally though. Example: > >Let's say I do " show route table ?" at a router. > >Logs show: > >mgd[62935]: UI_CHILD_START: Starting child '/bin/sh' >mgd[68498]: UI_AUTH_EVENT: Authenticated user 'root' at permission level >'super-user' >mgd[68498]: UI_LOGIN_EVENT: User 'root' login, class 'super-user' [68498], >ssh-connectio >n '<my PC address> 60259 <router address> 22', client-mode 'cli' >mgd[68498]: UI_CMDLINE_READ_LINE: User 'root', command 'show route summary | >display xml > | grep table-name ' >mgd[68498]: UI_LOGOUT_EVENT: User 'root' logout >mgd[62935]: UI_CHILD_STATUS: Cleanup child '/bin/sh', PID 68494, status 0 > >Obviously I don't login under root, but somehow my CLI spawns a shell, then >sshes to its >elf under root (?) using my credentials (?) to do a single command. Then it >logs out. Ev >ery time I request something about route tables.
Looks like an implementation issue. Our UI infrastructure allows our programmers to define completion functions to list acceptable values. Some schmuck's coded the completion function as this "sh -c show route summary| ..." command. This is definitely not typical. More typically, we run something like "ifinfo -n" or look at internal MGD info. This completion for the "table" argument is just some suboptimal code. Note that the ssh-connection information being logged does not mean that we're invoking a new ssh session, just that we're reporting the current info. Thanks, Phil _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
