3.2. Dealing with the Command Line Interface

3.2.1. Accessing the CLI via the serial console

The serial console of the Steelhead appliance can be used to access the CLI if the device does not have network connectivity yet. The serial console assumes that the screen size of the terminal is 80x25 characters. If the screen size of the terminal is different, then the output to the console will become garbled when the pager is used, for example during the display of the configuration with the commands show running and show log.

3.2.2. Accessing the CLI via SSH

The Command Line Interface of the Steelhead appliance can be accessed via a Secure Shell application, SSH. The best known SSH application for OS X, Unix and Linux hosts is OpenSSH, the best known for Microsoft Windows is PuTTY, available from www.chiark.greenend.org.uk/~sgtatham/putty/.

Figure 3.2. Setup of an SSH session to the CLI of the Steelhead appliance

$ ssh admin@10.0.1.5
The authenticity of host '10.0.1.5 (10.0.1.5)' can't be established.
ECDSA key fingerprint is 7f:e2:c5:18:db:17:08:91:2d:44:e9:7a:b4:97:f7:92.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '10.0.1.5' (ECDSA) to the list of known hosts.
Riverbed Steelhead
Password:
SH > en
SH # cli session auto-logout 0
SH # configure terminal
SH (config) #

After being logged in the CLI session is a limited command mode, identified by the '>' in the prompt. Use the command enable to elevate to the more powerful enable mode, identified by the '#' in the prompt. To be able to make changes in the configuration mode, use the command configure terminal and the prompt will have the string '(config)' in it. Use the command exit to go one level lower.

The first line complains that the SSH application hasn't seen the SSH fingerprint of this host before. This is normal for the first time an SSH connection is made to this host. If the device has been replaced via an RMA, then the replacement will have a different SSH fingerprint and SSH will complain about it:

Figure 3.3. Setup of an SSH session to the CLI of a replaced Steelhead appliance

$ ssh admin@10.0.1.5
Riverbed Steelhead
Password:
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
79:8f:b4:7e:4b:3c:4a:fb:ad:e6:f6:fe:56:c1:50:2c.
Please contact your system administrator.
Add correct host key in /usr/home/edwin/.ssh/known_hosts to get rid of this message.
Offending RSA key in /usr/home/edwin/.ssh/known_hosts:50
RSA host key for 10.0.1.5 has changed and you have requested strict checking.
Host key verification failed.

If this happens, confirm that the device was replaced.

To overcome this issue with OpenSSH, remove the line in the file mentioned. With PuTTY a dialog box will be shown with the option to replace the key.

3.2.3. Accessing the file system via SCP

Secure Copy, or SCP, is a file transfer layer on top of SSH. It can be used to upload RiOS software images, RSP images and RSP packages and to download system dumps, process dumps and tcpdump traces.

The OpenSSH software includes the scp binary. The PuTTY website distributes a SCP program called "pscp.exe".

The following limitations are implemented on the Steelhead appliance:

  • You can only upload to:

  • /images for RiOS images.

  • /rsp/images for RSP images.

  • /rsp/packages for RSP packages.

  • You can only download from:

  • /sysdumps for system dumps.

  • /snapshots for process dumps.

  • /tcpdumps for tcpdumps captures.

  • /log for log files.

Note that only SCP is permitted. SFTP is not supported, neither is FTP over SSL.

Figure 3.4. Download of a system dump via SCP

$ scp admin@10.0.1.5:/sysdumps/sysdump-CSH-20120612-123456.tgz .
Riverbed Steelhead
Password:
sysdump-CSH-2012-123456.tgz                        100% 34Mb   400KB/s  00:00

Figure 3.5. Attempt to access a non-permitted directory

$ scp admin@10.0.1.5:/var/opt/tms/image-history .
Riverbed Steelhead
Password:
Riverbed ssh: ssh remote command is not allowed.

3.2.4. Surviving the 'less' pager

The pager used on the Steelhead appliance to view multiple pages of output is based on the 'less' pager, known from Unix and Linux environments. If the last character on the screen is a ":" or "(END)" then you are in this pager.

Here is a list of keys and what their function is:

Table 3.1. The less pager cheat sheet

KeyFunctionality
qQuit the pager (very important)
Enter or j or arrow-downScroll one line down
k or y or arrow-upScroll one line up
SpaceScroll one page down
bScroll one page backwards
control-GShow information of the file, size and location
control-LRedraw the screen, in case it got garbled
/Search forward
?Search backward
nPerform the last search again, forwards or backwards
gScroll to the beginning of the file
GScroll to the end of the file

The search string is a regular expression, so some magic can be performed with it.

Normally, the less pager starts at the beginning of the text to display. However, when viewing a log files the less pager will start at the end. Use the 'b' key to go backwards!

3.2.5. Control keys on the CLI

The following combination of control keys are available to navigate on the CLI:

Table 3.2. Control characters on the CLI

^UDelete everything from the cursor to the beginning of the line
^WDelete the word left of the cursor
^HDelete the character in front of the cursor
^DDelete the character under the cursor. If no characters are left, exit the CLI session.
^YPaste the previously deleted string
^LClear the screen and write the current entered command at the top
^AGo to the beginning of the line
^EGo to the end of the line
^CAbort the current command
^P or arrow upShow the previous command executed
^N or arrow downShow the next command (if ^P has been used)
^SStop scrolling on the the CLI
^QContinue scrolling on the CLI
^VInterpret the next key literally

3.2.6. Backspace doesn't work

When the backspace is pressed and a ^? shows up, try control-H to delete the character.

When the backspace is pressed and a ^H shows up, try control-backspace to delete the character.