Python（pexpect和pxssh）通过MOTD Banner与Cisco ASA防火墙进行SSH

Question

我用Python编写脚本，我使用pxssh和pexpect来完成工作，问题是我无法成功发送任何命令而且我相信它已到期到MOTD的旗帜。下面是我到目前为止和下面的代码，这是横幅的样子：

import pexpect
import getpass
import pxssh
import sys

try:

    s = pxssh.pxssh()

    #this is for input file/lists - host, username, and password
    hostname = ('fw1.aff.tempe')
    username = ('tmarciniak')
    password = ('<password>')
    s.login(hostname, username, password, auto_prompt_reset=False)

    s.logfile = sys.stdout

    #s.expect('***.*') #matching the first characters of the MOTD banner for sending command
    s.sendline('enable') # run a command      
    s.prompt() # match the prompt                                           
    print(s.before)

    #s.prompt() # match the prompt
    # s.sendline('enable') # run a command
    #s.prompt() # match the prompt
    print(s.before) # print everything before the prompt
    s.logout()
except pxssh.ExceptionPxssh as e:
    print("pxssh failed on login.")
    print(e)

成功连接SSH后的MOTD Banner和输出：

***********************************************
*                                             *
* This Device is owned by Telesphere Networks *
*                                             *
* Unauthorized Access is Strictly Prohibited  *
*                                             *
*       Telesphere NOC: (800) 680-2203        *
*                                             *
***********************************************
************************************************************************
*
* Name: Amerifirst Financial - Tempe (36714)
*
* Hostname: fw1.aff.tempe
*
* Location: 2151 E Broadway Rd
*           Tempe, AZ 85282
*
* Notes:
*
************************************************************************
Type help or '?' for a list of available commands.
fw1-aff-tempe>

Answer 1

原来pxssh让你通过横幅，你只需要担心提示。对于那些好奇的人，我做了以下几点：

def ssh(hostname, username, password, enable_password):
ssh_session = pxssh.pxssh(maxread=32768, searchwindowsize=1024)

original_prompt = '%s>' % (hostname.replace('.', '-'),) #matching the first line with the prompt as exact as possible
enable_prompt = '%s#' % (hostname.replace('.', '-'),)
ssh_session.login(hostname, username, password, original_prompt=original_prompt, auto_prompt_reset=False)

ssh_session.sendline('enable') # run a command
ssh_session.expect_exact('Password:') #match the response as exact as possible
ssh_session.sendline(enable_password)

#print('%s#' % (hostname.replace('.','-'),))    #not sure what this part does
ssh_session.expect_exact(enable_prompt)

ssh_session.sendline('terminal pager 0')
ssh_session.expect_exact(enable_prompt)

我登录的是思科ASA防火墙，它不接受＆＃34;。＆＃34;字符作为主机名中的分隔符。我定义了一个替代＆＃34;的变量。＆＃34;使用＆＃34; - ＆＃34;，然后将其用作我的＆＃34; expact_exact＆＃34;对于发送电话后的预期。

在相关说明中（对Cisco设备）＆＃34;终端寻呼机0＆＃34;用于将该特定会话的寻呼缓冲区修改为0;这会导致所有输出全部显示出来。