Sending CISCO commands sent via SSH/Telnet

October 2016

General Information

  • Script Name: (publi(point)sh...publipSH.
  • Flexibility: Fullly customizable.
  • Constraints: requires that the password is the same for all the devices, or you will need to add a few lines of code ...
  • Risk level: High. Be very careful with the entries, a wrong manipulation may freeze your entire network.
  • Linux knowledge required: Open/edit a file (vi file_name) and save modifications (Esc then :wq <enter>?.Run a script using the ./Scriptname command from the target folder.

What is the script?

This script allows a network administrator to send Cisco commands on a number of selected remote devices (router, firewall, switch, Wireless Access Points ...), via SSH or Telnet (the script automatically handles both types of connection).
  • These command lines will initially be entered in a sequence, one command per line (as a batch or a configuration file), in a small file called commandes.txt (there is no size limit)
  • Enter all the IPs (or DNS alias) for the various devices on your network (there is no limit to the number of devices).
  • Finally, when running the script, you will be asked to enter a password, which in our case must be the same for all devices.

The script goes much further!
Indeed, it fully autonomous and can hangle connection errors, data entry and record changes in a log file. This script also identifies the equipment for which it is able to connect via SSH or Telnet and then it keeps an archive of the procedures generating critical errors (crash script, misinterpretation of a commanf by the equipment). The different types of errors are:
  • 1 - Connection timeout
  • 2 - Log-in error, wrong password
  • 3 - DNS Alias or IP non-existent
  • 4 - Crashes of the Expect script (create log file of the equipment)
  • 5 - Remote Connection disabled
  • 6 - Correct DNS alias but non-existent IP
  • 7 - Equipment not Cisco (HP Procurve)
  • 8 - Non-Cisco equipment (X1000)
  • 9 - Non-Cisco equipment (Alcatel)
  • 10 -Sent command not recognized by equipment
  • 11 - Error not listed above ($?=1)

You will be able to operate on all your equipment at the same time and gather valuable information on your network!

The content of subsidiary files


You will need to enter the commands ... The file must for any changes to the router configuration start with "conf t" and by "end". Modifications must be performed in a hierarchical manner and do not forget to save your changes! Small example:


conf t 
 router ospf 100 
  network area 0 
 interface fa0/0 
  ip ospf hello-interval 5 
  ip ospf dead-interval 20 
 area 0 authentication message-digest 

write mem


Enter the IP or DNS alias of all the equipment involved:

# liste.txt 


The sript does not take into account empty spaces.

The Script

The script will be captioned by small #[1], which will be discussed at the bottom of the script


echo "veuillez donner le mot de passe" 
stty -echo                                                                       #[1] 
read password 
stty echo 

export ssh='./'                                                            #[2] 
export telnet='./' 
export erreur='./rapport_erreurs.log' 
export temp='./tmp_routeur.log' 
export cmdcisco='./commandes.txt' 
export liste='./liste.txt' 
export password 
export routeur 
export commande 

rm -f $erreur                                                                    #[3] 
rm -f $ssh 
rm -f $telnet 

cat $liste | while read routeur; 
        if [ "$routeur" != "" ] 
                if[ ! -f $ssh ]                                                  #[4] 
                        echo 'expect 2>&1 << EOF'>> $ssh 
                        echo 'spawn ssh admin@$routeur' >> $ssh 
                        echo 'expect {' >> $ssh 
                        echo '"Password:" {send "$password\r"}' >> $ssh 
                        echo 'timeout {exit}' >> $ssh 
                        echo '        }' >> $ssh 
                        echo 'expect "#"' >> $ssh 

                        cat $cmdcisco | while read commande 
                                echo "send \"$commande\r\"" 
                                echo 'expect "#"' 
                        done >> $ssh 

                        echo 'send "exit\r"' >> $ssh 
                        echo 'expect "closed"' >> $ssh 
                        echo 'exit' >> $ssh 
                        echo 'EOF' >> $ssh 

                        chmod +x $ssh                                            #[5] 
                time -p $ssh > $temp 2>&1                                        #[6] 


                auth='cat $temp | grep -c "Password: "'                          #[7] 
                if [ "$auth" -gt "1" ] 
                        echo "Problème d'authentification sur $routeur !" 
                        echo "$routeur : wrong log-in/password" >> $erreur 

                temps='grep 'real ' $temp | sed 's/real /§/' | cut -d'§' -f2 | cut -d' ' -f1 | cut -d'.' -f1' 
                if [ $temps -ge 10 -a ! "'grep 'closed' $temp'" ]                #[8] 
                        echo "L'equipement $routeur ne réponds pas !"; 
                        echo "$routeur : connection timed out"  >> $erreur 

                if [ "$COD_RET" != "0" ]                                          #[9] 
                        #Erreur de connexion a l'équipement en SSH 
                        if [ ! -f $telnet ] 
                                echo 'expect 2>&1 << EOF'>> $telnet 
                                echo 'spawn telnet $routeur' >> $telnet 
                                echo 'send "admin\r"' >> $telnet 
                                echo 'expect "Password:"' >> $telnet 
                                echo 'send "$password\r"' >> $telnet 
                                echo 'expect "#"' >> $telnet 

                                cat $cmdcisco | while read commande 
                                        echo "send \"$commande\r\"" 
                                        echo 'expect "#"' 
                                done >> $telnet 

                                echo 'send "exit\r"' >> $telnet 
                                echo 'expect "closed"' >> $telnet 
                                echo 'exit' >> $telnet 
                                echo 'EOF' >> $telnet 

                                chmod +x $telnet 
                        $telnet > $temp 2>&1 

                auth='cat $temp | grep -c "Password: "'                          #[10] 
                if [ "$auth" -gt "1" ] 
                        echo "Problème d'authentification sur $routeur !" 
                        echo "$routeur : wrong log-in/password" >> $erreur 
                elif [ "'grep 'Host name lookup failure' $temp'"  ] 
                        echo "l'equipement $routeur n'existe pas !" 
                        echo "$routeur : does not exist"  >> $erreur 
                elif [ "'grep 'Unknown host' $temp'" ] 
                        echo "la saisie de l'ip ou du nom $routeur est incorrecte !" 
                        echo "$routeur : wrong spelling" >> $erreur 
                elif [ "'grep 'send: spawn id exp4 not open' $temp'" ] 
                        echo "/!\ ERREUR dans la procédure. Consultez le fichier log de $routeur !!!" 
                        echo "$routeur : Expect script execution failed !" >> $erreur 
                        cp $temp $routeur.error.log 
                elif [ "'grep 'Authentication failed' $temp'" ] 
                        echo "Mot de passe erroné pour $routeur !" 
                        echo "$routeur : wrong log-in/password" >> $erreur 
                elif [ "'grep 'Connection refused' $temp'" ] 
                        echo "Connexion à distance sur $routeur désactivé !" 
                        echo "$routeur : vty connection disabled" >> $erreur 
                elif [ "'grep 'No route to host' $temp'" ] 
                        echo "Alias DNS $routeur existant mais IP invalide !" 
                        echo "$routeur : No route to host" >> $erreur 
                elif [ "'grep 'ProCurve' $temp'" ] 
                        echo "routeur $routeur HP et non Cisco !" 
                        echo "$routeur : non Cisco router (HP ProCurve)" >> $erreur 
                elif [ "'grep 'Alcatel' $temp'" ] 
                        echo "routeur $routeur Alcatel et non Cisco !" 
                        echo "$routeur : non Cisco router (Alcatel)" >> $erreur 
                elif [ "'grep 'Welcome to X1000' $temp'" ] 
                        echo "routeur $routeur X1000 et non Cisco !" 
                        echo "$routeur : non Cisco equipement (X1000)" >> $erreur 
                elif [ "'grep '% Unknown command' $temp'" -o "'grep '% Invalid' $temp'" ] 
                        echo "/!\ Commandes Cisco non reconnues par l'equipement. Consultez le fichier log de $routeur !!!" 
                        echo "$routeur : Unrecognized commands found" >> $erreur 
                        cp $temp $routeur.error.log 
                elif [ "'grep 'Connected to ' $temp'" -o "'grep 'Connection closed by foreign host.' $temp'" ] 
                        echo "$routeur Telnet OK !" 
                elif [ "'grep 'Connexion enregistree sur le terminal' $temp'" -o "'grep 'Connection to ' $temp'" ] 
                        echo "$routeur SSH OK !" 
                elif [ "$COD_RET" != "0" ] 
                        echo "Problème de connexion a l'equipement $routeur !" 
                        echo "$routeur : connection problem" >> $erreur 
rm -f $temp                                                                      #[11] 


  • 1: Hide the password input
  • 2: All files are stored in variables (relative path) allow you to run the script from anywhere.
  • 3: Removes existing files generated if the script has already been executed.
  • 4: Create the Expect script
  • 5: Set permissions for the Expect script
  • 6: Execute the Expect script, aggregating the output error with standard output, calculating the execution time to handle the timeout.
  • 7: Check for authentication problems by counting the number of "Password" occurrences in the temp file.
  • 8: Check the execution time, and verify that it is not higher than 10 (the expected timeout value)
  • 9: For SSH connection error, repeat the procedure via Telnet.
  • 10: Check all the error cases generated by the script. (C.f. II).
  • 11: Delete the temp file.

Related :

This document entitled « Sending CISCO commands sent via SSH/Telnet » from CCM ( is made available under the Creative Commons license. You can copy, modify copies of this page, under the conditions stipulated by the license, as this note appears clearly.