SSH Remote Command Execution for Config Files

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

SSH Remote Command Execution for Config Files

Not applicable

Hey Guys,

I was curious if there was a way to run a command remotely via SSH to the PAN Device to dump configs.

I was thinking of a way to dump the output of "pa2050-1> show config running" to a flat file that I can hopefully do version checking on.

However, when trying the following SSH command, it seems to not work and hangs the connection up:

$ ssh user@pa2050-1.test 'show config running'

Is there another way to do it?

Let me know if you guys have tried anything similar.

Thanks.

Brian

1 REPLY 1

L3 Networker

PAN-perl contains a pancli program which allows remote command execution using ssh:

$ pancli -h 172.29.9.121 'show config running'|head
config {
  shared {
    ssl-decrypt {
      ssl-exclude-cert ;
      trusted-root-CA ;
    }
    application ;
    application-group ;
    service ;
    service-group ;

PANCLI(1)             User Contributed Perl Documentation            PANCLI(1

NAME
       pancli - command line program for remote execution of commands on
       PAN-OS

SYNOPSIS
        pancli [options] command
           -l username:password
           -h hostname
           -D flag               debug flag
           -t tag                .panrc tagname
           -T seconds            Expect match pattern timeout
           command               operational mode command

DESCRIPTION
       pancli is used to remotely execute commands on a PAN-OS firewall and
       display command output.  It uses the PAN::CLI module to perform command
       execution.

       The commands are executed in operational mode; the
       PAN::CLI::CLI_operational_mode_exec() method is used to execute the
       commands.

  • 3875 Views
  • 1 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!