is there a what to have NCM use a jumphost server for SSH and telnet access to devices to download and upload configs?
We use HPNA(HP Network Automation) with a bastion host configuration to do it today but want to move to NCM to replace HPNA
Could you deploy Putty and configure to act as an SSH Tunnel solution to proxy your connections? Other SSH tunnelling options exist, but Putty is free and includes this functionality. Each device would just need a specific port assigned to determine which destination address is used to connect on to
I have a Linux server setup with ssh and telnet already. My problem is that the ACLs on all the network devices only allow ssh or telnet from the IP address of my Linux server. I am not able to make changes to the 6000+ devices that I need to add to NCM. My HPNA server is able to ssh to my Linux server then ssh to all my network devices to get the running and startup configs. I need to be able to do the same with NCM.
That is the suggestion I make; configure the SSH application to run as an SSH Tunnel (Proxy), which takes the connection from Orion NCM and tunnels it through to the end point. The following is one of many guides on line - How to Use SSH Tunneling to Access Restricted Servers and Browse Securely
We do this exact process using an NCM job that executes a script off of one of our jumphosts
1. We create a job that selects our jumphost specifically
2. NCM connects to the host and executes a shell script on the host (using a special user outside of normal NCM users so it can access certain files and execute scripts)
3. This shell script then runs through some parameters and fires off a python script
All of this is pretty easy considering Linux has all of the necessary capabilities installed by default
