Sending CISCO commands sent via SSH/Telnet
General Information
- Script Name: publip.sh (publi(point)sh...publipSH.
- Flexibility: Fullly customizable.
- Constraints: requires that the password is the same for all the devices, or you will need to add a few lines of code ...
- Risk level: High. Be very careful with the entries, a wrong manipulation may freeze your entire network.
- Linux knowledge required: Open/edit a file (vi file_name) and save modifications (Esc then :wq <enter>?.Run a script using the ./Scriptname command from the target folder.
What is the publip.sh script?
This script allows a network administrator to send Cisco commands on a number of selected remote devices (router, firewall, switch, Wireless Access Points ...), via SSH or Telnet (the script automatically handles both types of connection).
- These command lines will initially be entered in a sequence, one command per line (as a batch or a configuration file), in a small file called commandes.txt (there is no size limit)
- Enter all the IPs (or DNS alias) for the various devices on your network (there is no limit to the number of devices).
- Finally, when running the script, you will be asked to enter a password, which in our case must be the same for all devices.
The script goes much further!
Indeed, it fully autonomous and can hangle connection errors, data entry and record changes in a log file. This script also identifies the equipment for which it is able to connect via SSH or Telnet and then it keeps an archive of the procedures generating critical errors (crash script, misinterpretation of a commanf by the equipment). The different types of errors are:
- 1 - Connection timeout
- 2 - Log-in error, wrong password
- 3 - DNS Alias or IP non-existent
- 4 - Crashes of the Expect script (create log file of the equipment)
- 5 - Remote Connection disabled
- 6 - Correct DNS alias but non-existent IP
- 7 - Equipment not Cisco (HP Procurve)
- 8 - Non-Cisco equipment (X1000)
- 9 - Non-Cisco equipment (Alcatel)
- 10 -Sent command not recognized by equipment
- 11 - Error not listed above ($?=1)
You will be able to operate on all your equipment at the same time and gather valuable information on your network!
The content of subsidiary files
commandes.txt
You will need to enter the commands ... The file must for any changes to the router configuration start with "conf t" and by "end". Modifications must be performed in a hierarchical manner and do not forget to save your changes! Small example:
#commandes.txt conf t router ospf 100 network 50.50.100.0 0.0.0.255 area 0 exit interface fa0/0 ip ospf hello-interval 5 ip ospf dead-interval 20 exit area 0 authentication message-digest end
write mem
liste.txt
Enter the IP or DNS alias of all the equipment involved:
# liste.txt 10.25.85.46 routeur-marseille switch-assemblee-generale 80.54.136.105
The sript does not take into account empty spaces.
The Script
The script will be captioned by small #[1], which will be discussed at the bottom of the script
#!/bin/bash
#script.sh
echo "veuillez donner le mot de passe"
stty -echo #[1]
read password
stty echo
export ssh='./ssh.sh' #[2]
export telnet='./telnet.sh'
export erreur='./rapport_erreurs.log'
export temp='./tmp_routeur.log'
export cmdcisco='./commandes.txt'
export liste='./liste.txt'
export password
export routeur
export commande
rm -f $erreur #[3]
rm -f $ssh
rm -f $telnet
cat $liste | while read routeur;
do
if [ "$routeur" != "" ]
then
if[ ! -f $ssh ] #[4]
then
echo 'expect 2>&1 << EOF'>> $ssh
echo 'spawn ssh admin@$routeur' >> $ssh
echo 'expect {' >> $ssh
echo '"Password:" {send "$password\r"}' >> $ssh
echo 'timeout {exit}' >> $ssh
echo ' }' >> $ssh
echo 'expect "#"' >> $ssh
cat $cmdcisco | while read commande
do
echo "send \"$commande\r\""
echo 'expect "#"'
done >> $ssh
echo 'send "exit\r"' >> $ssh
echo 'expect "closed"' >> $ssh
echo 'exit' >> $ssh
echo 'EOF' >> $ssh
chmod +x $ssh #[5]
fi
time -p $ssh > $temp 2>&1 #[6]
COD_RET=$?
auth='cat $temp | grep -c "Password: "' #[7]
if [ "$auth" -gt "1" ]
then
echo "Problème d'authentification sur $routeur !"
echo "$routeur : wrong log-in/password" >> $erreur
continue
fi
temps='grep 'real ' $temp | sed 's/real /§/' | cut -d'§' -f2 | cut -d' ' -f1 | cut -d'.' -f1'
if [ $temps -ge 10 -a ! "'grep 'closed' $temp'" ] #[8]
then
echo "L'equipement $routeur ne réponds pas !";
echo "$routeur : connection timed out" >> $erreur
continue
fi
if [ "$COD_RET" != "0" ] #[9]
then
#Erreur de connexion a l'équipement en SSH
if [ ! -f $telnet ]
then
echo 'expect 2>&1 << EOF'>> $telnet
echo 'spawn telnet $routeur' >> $telnet
echo 'send "admin\r"' >> $telnet
echo 'expect "Password:"' >> $telnet
echo 'send "$password\r"' >> $telnet
echo 'expect "#"' >> $telnet
cat $cmdcisco | while read commande
do
echo "send \"$commande\r\""
echo 'expect "#"'
done >> $telnet
echo 'send "exit\r"' >> $telnet
echo 'expect "closed"' >> $telnet
echo 'exit' >> $telnet
echo 'EOF' >> $telnet
chmod +x $telnet
fi
$telnet > $temp 2>&1
fi
COD_RET=$?
auth='cat $temp | grep -c "Password: "' #[10]
if [ "$auth" -gt "1" ]
then
echo "Problème d'authentification sur $routeur !"
echo "$routeur : wrong log-in/password" >> $erreur
elif [ "'grep 'Host name lookup failure' $temp'" ]
then
echo "l'equipement $routeur n'existe pas !"
echo "$routeur : does not exist" >> $erreur
elif [ "'grep 'Unknown host' $temp'" ]
then
echo "la saisie de l'ip ou du nom $routeur est incorrecte !"
echo "$routeur : wrong spelling" >> $erreur
elif [ "'grep 'send: spawn id exp4 not open' $temp'" ]
then
echo "/!\ ERREUR dans la procédure. Consultez le fichier log de $routeur !!!"
echo "$routeur : Expect script execution failed !" >> $erreur
cp $temp $routeur.error.log
elif [ "'grep 'Authentication failed' $temp'" ]
then
echo "Mot de passe erroné pour $routeur !"
echo "$routeur : wrong log-in/password" >> $erreur
elif [ "'grep 'Connection refused' $temp'" ]
then
echo "Connexion à distance sur $routeur désactivé !"
echo "$routeur : vty connection disabled" >> $erreur
elif [ "'grep 'No route to host' $temp'" ]
then
echo "Alias DNS $routeur existant mais IP invalide !"
echo "$routeur : No route to host" >> $erreur
elif [ "'grep 'ProCurve' $temp'" ]
then
echo "routeur $routeur HP et non Cisco !"
echo "$routeur : non Cisco router (HP ProCurve)" >> $erreur
elif [ "'grep 'Alcatel' $temp'" ]
then
echo "routeur $routeur Alcatel et non Cisco !"
echo "$routeur : non Cisco router (Alcatel)" >> $erreur
elif [ "'grep 'Welcome to X1000' $temp'" ]
then
echo "routeur $routeur X1000 et non Cisco !"
echo "$routeur : non Cisco equipement (X1000)" >> $erreur
elif [ "'grep '% Unknown command' $temp'" -o "'grep '% Invalid' $temp'" ]
then
echo "/!\ Commandes Cisco non reconnues par l'equipement. Consultez le fichier log de $routeur !!!"
echo "$routeur : Unrecognized commands found" >> $erreur
cp $temp $routeur.error.log
elif [ "'grep 'Connected to ' $temp'" -o "'grep 'Connection closed by foreign host.' $temp'" ]
then
echo "$routeur Telnet OK !"
elif [ "'grep 'Connexion enregistree sur le terminal' $temp'" -o "'grep 'Connection to ' $temp'" ]
then
echo "$routeur SSH OK !"
elif [ "$COD_RET" != "0" ]
then
echo "Problème de connexion a l'equipement $routeur !"
echo "$routeur : connection problem" >> $erreur
fi
fi
done
rm -f $temp #[11]
exit
Comments
- 1: Hide the password input
- 2: All files are stored in variables (relative path) allow you to run the script from anywhere.
- 3: Removes existing files generated if the script has already been executed.
- 4: Create the Expect script
- 5: Set permissions for the Expect script
- 6: Execute the Expect script, aggregating the output error with standard output, calculating the execution time to handle the timeout.
- 7: Check for authentication problems by counting the number of "Password" occurrences in the temp file.
- 8: Check the execution time, and verify that it is not higher than 10 (the expected timeout value)
- 9: For SSH connection error, repeat the procedure via Telnet.
- 10: Check all the error cases generated by the script. (C.f. II).
- 11: Delete the temp file.
This document, titled « Sending CISCO commands sent via SSH/Telnet », is available under the Creative Commons license. Any copy, reuse, or modification of the content should be sufficiently credited to CCM (ccm.net).
0 Comments
-
Muslim Pro
-
Animal Crossing: Pocket Camp
-
Tacticool - 5v5 shooter
-
Resident Evil 3: Raccoon City Demo
-
Minecraft: Education Edition
-
Ukulele Tabs & Chords
-
Amigurumi
-
HEALTHLYNKED COVID-19 Tracker
-
COVID Symptom Tracker
-
Zoom
-
Houseparty