SSH Remote Command Execution for Config Files

Reply
Not applicable

SSH Remote Command Execution for Config Files

Hey Guys,

I was curious if there was a way to run a command remotely via SSH to the PAN Device to dump configs.

I was thinking of a way to dump the output of "pa2050-1> show config running" to a flat file that I can hopefully do version checking on.

However, when trying the following SSH command, it seems to not work and hangs the connection up:

$ ssh user@pa2050-1.test 'show config running'

Is there another way to do it?

Let me know if you guys have tried anything similar.

Thanks.

Brian

Highlighted
L3 Networker

Re: SSH Remote Command Execution for Config Files

PAN-perl contains a pancli program which allows remote command execution using ssh:

$ pancli -h 172.29.9.121 'show config running'|head
config {
  shared {
    ssl-decrypt {
      ssl-exclude-cert ;
      trusted-root-CA ;
    }
    application ;
    application-group ;
    service ;
    service-group ;

PANCLI(1)             User Contributed Perl Documentation            PANCLI(1

NAME
       pancli - command line program for remote execution of commands on
       PAN-OS

SYNOPSIS
        pancli [options] command
           -l username:password
           -h hostname
           -D flag               debug flag
           -t tag                .panrc tagname
           -T seconds            Expect match pattern timeout
           command               operational mode command

DESCRIPTION
       pancli is used to remotely execute commands on a PAN-OS firewall and
       display command output.  It uses the PAN::CLI module to perform command
       execution.

       The commands are executed in operational mode; the
       PAN::CLI::CLI_operational_mode_exec() method is used to execute the
       commands.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!