The serial console of the Steelhead appliance can be used to access
the CLI if the device does not have network connectivity yet. The
serial console assumes that the screen size of the terminal is
80x25 characters. If the screen size of the terminal is different,
then the output to the console will become garbled when the pager
is used, for example during the display of the configuration with
the commands
show running
and
show log
.
The Command Line Interface of the Steelhead appliance can be accessed via a Secure Shell application, SSH. The best known SSH application for OS X, Unix and Linux hosts is OpenSSH, the best known for Microsoft Windows is PuTTY, available from www.chiark.greenend.org.uk/~sgtatham/putty/.
Figure 3.2. Setup of an SSH session to the CLI of the Steelhead appliance
$ ssh admin@10.0.1.5 The authenticity of host '10.0.1.5 (10.0.1.5)' can't be established. ECDSA key fingerprint is 7f:e2:c5:18:db:17:08:91:2d:44:e9:7a:b4:97:f7:92. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '10.0.1.5' (ECDSA) to the list of known hosts. Riverbed Steelhead Password: SH > en SH # cli session auto-logout 0 SH # configure terminal SH (config) #
After being logged in the CLI session is a limited
command mode, identified by the '>' in the prompt.
Use the command
enable
to elevate to the more powerful enable mode,
identified by the '#' in the prompt. To be able to make changes in
the configuration mode, use the command
configure terminal
and the prompt will have the string '(config)' in it. Use the command
exit
to go one level lower.
The first line complains that the SSH application hasn't seen the SSH fingerprint of this host before. This is normal for the first time an SSH connection is made to this host. If the device has been replaced via an RMA, then the replacement will have a different SSH fingerprint and SSH will complain about it:
Figure 3.3. Setup of an SSH session to the CLI of a replaced Steelhead appliance
$ ssh admin@10.0.1.5 Riverbed Steelhead Password: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY! Someone could be eavesdropping on you right now (man-in-the-middle attack)! It is also possible that a host key has just been changed. The fingerprint for the RSA key sent by the remote host is 79:8f:b4:7e:4b:3c:4a:fb:ad:e6:f6:fe:56:c1:50:2c. Please contact your system administrator. Add correct host key in /usr/home/edwin/.ssh/known_hosts to get rid of this message. Offending RSA key in /usr/home/edwin/.ssh/known_hosts:50 RSA host key for 10.0.1.5 has changed and you have requested strict checking. Host key verification failed.
If this happens, confirm that the device was replaced.
To overcome this issue with OpenSSH, remove the line in the file mentioned. With PuTTY a dialog box will be shown with the option to replace the key.
Secure Copy, or SCP, is a file transfer layer on top of SSH. It can be used to upload RiOS software images, RSP images and RSP packages and to download system dumps, process dumps and tcpdump traces.
The OpenSSH software includes the scp binary. The PuTTY website distributes a SCP program called "pscp.exe".
The following limitations are implemented on the Steelhead appliance:
You can only upload to:
/images for RiOS images.
/rsp/images for RSP images.
/rsp/packages for RSP packages.
You can only download from:
/sysdumps for system dumps.
/snapshots for process dumps.
/tcpdumps for tcpdumps captures.
/log for log files.
Note that only SCP is permitted. SFTP is not supported, neither is FTP over SSL.
Figure 3.4. Download of a system dump via SCP
$ scp admin@10.0.1.5:/sysdumps/sysdump-CSH-20120612-123456.tgz . Riverbed Steelhead Password: sysdump-CSH-2012-123456.tgz 100% 34Mb 400KB/s 00:00
Figure 3.5. Attempt to access a non-permitted directory
$ scp admin@10.0.1.5:/var/opt/tms/image-history . Riverbed Steelhead Password: Riverbed ssh: ssh remote command is not allowed.
The pager used on the Steelhead appliance to view multiple pages
of output is based on the 'less' pager, known from Unix and Linux
environments. If the last character on the screen is a
":
"
or
"(END)
"
then you are in this pager.
Here is a list of keys and what their function is:
Table 3.1. The less pager cheat sheet
Key | Functionality |
q | Quit the pager (very important) |
Enter or j or arrow-down | Scroll one line down |
k or y or arrow-up | Scroll one line up |
Space | Scroll one page down |
b | Scroll one page backwards |
control-G | Show information of the file, size and location |
control-L | Redraw the screen, in case it got garbled |
/ | Search forward |
? | Search backward |
n | Perform the last search again, forwards or backwards |
g | Scroll to the beginning of the file |
G | Scroll to the end of the file |
The search string is a regular expression, so some magic can be performed with it.
Normally, the less pager starts at the beginning of the text to display. However, when viewing a log files the less pager will start at the end. Use the 'b' key to go backwards!
The following combination of control keys are available to navigate on the CLI:
Table 3.2. Control characters on the CLI
^U | Delete everything from the cursor to the beginning of the line |
^W | Delete the word left of the cursor |
^H | Delete the character in front of the cursor |
^D | Delete the character under the cursor. If no characters are left, exit the CLI session. |
^Y | Paste the previously deleted string |
^L | Clear the screen and write the current entered command at the top |
^A | Go to the beginning of the line |
^E | Go to the end of the line |
^C | Abort the current command |
^P or arrow up | Show the previous command executed |
^N or arrow down | Show the next command (if ^P has been used) |
^S | Stop scrolling on the the CLI |
^Q | Continue scrolling on the CLI |
^V | Interpret the next key literally |