MIMIC SSH Protocol Module Guide

  1. Table of Contents

  2. Overview

    The MIMIC SSH Protocol Module is an optional facility that enables a command line management interface to device simulations on top of the secure shell protocol (ssh). Either protocol versions 1.5 and 2.0 are supported in this bilingual server. This interface is used for Cisco IOS or JUNOS command simulation, and any other application requiring command-line interface (CLI) simulation.

    The following additional standards are followed: RFC 4253, RFC 4419, RFC 8268, RFC 9142. In particular, MIMIC supports deprecated "sha1" key exchanges to test backward compatibility access of SSH clients to older network equipment.

  3. Installation

    SSH server support is made available in MIMIC as an optional dynamically loadable module. Starting with MIMIC 10.00, you can use the Protocol Wizard to install the SSH module as part of the IOS Simulator. If you prefer to enable SSH by hand, you need to do the following:

    • Use File->Terminate to stop the any running MIMIC daemon.

    • First install the Telnet module on which the SSH module depends.

    • Copy the SSH shared library (ssh.dll on Windows, ssh.so on Unix) from "bin/dynamic/optional" to "bin/dynamic" in the install directory.

    • Install the license keys as detailed in the instructions e-mailed to you.

    • Restart MIMIC. You should see the following type of message in the MIMICLog that confirms that the SSH module was properly loaded :
      INFO  - Loaded protocol [SSH] from < path-to-DLL >
      

    Once SSH is loaded, any agent instance configured to support the SSH protocol will be able to act as a SSH server.

    NOTE: On Solaris 10, you need to install the optional OpenSSL software. We have tried the package at SunFreeware and it works.

    NOTE: SSH depends on openssl which uses RAND number generation device /dev/urandom and /dev/random. Older versions of Solaris don't carry these device by default.

    In that case SSH would show the below error.

    ERROR 06/24.10:57:32 ssh_threads.cc:166 - SSH [AGT=1]: cannot start server
          06/24.10:57:32 ssh_server.cc:54 - host key generation failed
          06/24.10:57:32 ssh_key.cc:42 - You need to read the OpenSSL FAQ,
    http://www.openssl.org/support/faq.html
    

    Excerpt from FAQ

    If you are using Solaris 8, you can add /dev/urandom and /dev/random devices
    by installing patch 112438 (Sparc) or 112439 (x86), which are available via
    the Patchfinder at http://sunsolve.sun.com (Solaris 9 includes these devices
    by default). For /dev/random support for earlier Solaris versions, search
    for "/dev/random" at SunSolve.
    
  4. Using SSH from MIMICView

    If the SSH module is enabled, then Agent->Add, Agent->Configure and Agent->Paste dialogs will display SSH as an additional checkbox in the Advanced pane along with the SNMP protocols. On selecting the checkbox a new SSH pane will appear.

    This SSH configuration pane lets the user configure the parameters for a SSH session:

    • Port

      This optional parameter specifies the port at which the server will be listening. The default is the standard port 22.

      NOTE: If you are running a SSH server on your MIMIC host, by default it will prevent starting simulated SSH servers on the standard port. You can either configure your simulated SSH servers on a different port, or instruct the host SSH server to only listen on a single IP address, eg. on Linux change the ListenAddress in /etc/ssh/sshd_config.

    • Version

      This optional parameter specifies the version supported. If set to 1.5, then only that version is accepted. If set to 2.0, then only that version is accepted. If set to the default 1.99, then either version is accepted.

    If the mandatory parameters are supplied, the agent will automatically execute a SSH server upon starting. A message in the log of the form

    INFO  11/28.09:53:42 - SSH server started for agent 2
    

    indicates that the SSH simulation is running.

  5. Using SSH from MIMICShell

    A few new commands and some enhanced old commands can be used from the MIMICShell to control the SSH functionality. Here is a synopsis:

    • mimic protocol msg SSH get args

      This command lets the user gather the self-defining list of arguments required and their particulars. The parameters are detailed above. A sample exchange for this command would be:

        mimicsh> mimic protocol msg SSH get args
        {{port} {Port} {integer} {} {optional} {22}}
        {{version} {Version} {string} {} {optional} {1.99}}
      
      

    • mimic agent get protocol

      This command lets the user look at the protocols currently configured on the agent. A sample exchange for this command would be:

        mimicsh> mimic agent get protocol
        snmpv1,snmpv2c,SSH
      

    • mimic agent set protocol

      This command lets the user change the protocol setting for an agent. A sample exchange for this command would be:

        mimicsh> mimic agent get protocol
        snmpv1
        mimicsh> mimic agent set protocol snmpv1,SSH
        mimicsh> mimic agent get protocol
        snmpv1,SSH
      

    • mimic agent protocol msg SSH get config

      This command lets the user get the current argument settings. A sample exchange for this command would be:

        mimicsh> mimic agent protocol msg SSH get config
        {port=22} {version=}
      

    • mimic agent protocol msg SSH set config [config]

      This command lets the user change the current argument settings of all SSH sessions for an agent. A sample exchange for this command would be:

        mimicsh> mimic agent protocol msg SSH get config
        {port=22} {version=}
      
        mimicsh> mimic agent protocol msg SSH set config {port=8122}
      
        mimicsh>  mimic agent protocol msg SSH get config
        {port=8122} {version=}
      

    • mimic protocol msg SSH get stats_hdr
      mimic agent protocol msg SSH get statistics

      Returns SSH statistics information:

      • a list of statistic headers, and
      • current statistics values for the specified server.

      In order, the statistic values are:

      • Total number of SSH connections.
      • Total number of SSH disconnects.
      • Total number of SSH packets sent.
      • Total number of SSH packets received.
      • Total number of SSH command requests. (this is obsoleted and always 0)
      • Total number of SSH command responses. (this is obsoleted and always 0)

      A sample exchange for these commands would be:

        mimicsh> mimic protocol msg SSH get stats_hdr
        {{connect} {Connect}} {{disconnect} {Disconnect}} {{pktSnt} {PktsSent}}
        {{pktRcvd} {PktsRcvd}} {{request} {CmdRequest}} {{response} {Response}}
      
        mimicsh> mimic agent protocol msg SSH get statistics
        2 1 0 14 0 0
      

    • mimic agent protocol msg SSH ipalias enable ipddress[,port]
      mimic agent protocol msg SSH ipalias disable ipddress[,port]

      By default, the MIMIC SSH server listens on all the IP addresses (aliases) that are configured for an agent before the SSH service is started. While the agent is running, SSH service can be enabled and disabled on an IP alias using the above commands.

    • mimic agent protocol msg SSH ipalias isenabled ipddress[,port]

      This command returns 1 if the IP alias is enabled, else 0.

    • mimic agent protocol msg SSH ipalias list

      This command returns the list of enabled IP aliases for this SSH server.

  6. Licensing Information

    This implementation is based on code from OpenSSH which contains the enclosed license.

    This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit with the following copyrights.