Friday, December 16, 2011

Automate Cisco ssh connections with plink in Windows

So, you are a hard working nerd and have a windows computer to manage
routers with. You also have a lot to do and would rather automate
some stuff with scripts. I can help you learn to use Plink to make
simple batch files to automate work!
*(unlike most of my other posts, this one is for the Windows universe
and does not cover use of plink or scripting in Linux)

Plink basics:

Plink is part of Putty and available at
http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html (don't
download it from other places, this is the official location). It is
the command line interface for Putty and can be used in scripts. Be
sure to download the installer or the zip with all the files as Putty
is a great tool if you ever SSH, SCP or connect to network hardware in
general. The "latest development snapshot" is what I used for this
post, as things might change in the future and bugs be introduced or
other issues that would alter the information in this post -- please
use the stable release if you are timid.

Plink.exe is simple to use, but I have had problems with it and Linux
machines ("server refused keyboard-interactive authentication" issue).
That is why this post is all about Cisco, I have not had problems
there. An example to connect to a Cisco device is: c:\putty\plink.exe
cisco@192.168.0.1 -pw P@55W0rD! where the user name is "cisco" with a
super secure password of "P@55W0rD!" connecting to a Cisco device with
an ip of 192.168.0.1. This command should get you a ">" prompt on the
device.

Scripting:

Wait! How to I script this? How do I get enable access? To do much
else you need to make a command file.

A command file is just a text file with the list of commands you want
to run, in the order you need to run them. Here is an example
(command.txt):

enable
3N@b73
show clock
show mem
show cpu
exit

If I were to run: c:\putty\plink.exe cisco@192.168.0.1 -pw P@55W0rD!
-m command.txt then I would get the memory and cpu statistics
displayed on the screen. If I were to redirect the output to a text
file with a "double waka" (>>), like this: c:\putty\plink.exe
cisco@192.168.0.1 -pw P@55W0rD! -m command.txt >>
router_utilization.txt then I could have a text file with the date
and time, memory and cpu statistics. If this command were in a batch
file that was scheduled to run periodically then it could keep a
running log of the device.

For extra credit, how might we get this script to run and check stats
on different devices? If we make a separate file called "devices.txt"
that contained the IP addresses of the devices we need to monitor like
this:

192.168.0.1
192.168.10.22
192.168.10.24

Then we could run this command (provided that the account name,
password and enable password were the same on each device):

for /f %i in (devices.txt) do c:\putty\plink.exe cisco@%i -pw
P@55W0rD! -m command.txt >> device_utilization.txt

(if you put this in a batch file, be sure to use "%%i" and not the
"%i" as the batch will strip the single percents)

Enjoy!

14 comments:

Hoover said...

Thanks for the blog, I have been trying to get this to work. I keep getting an automated error when I run it. Another issue I also get is when I have multiple commands, like show run and show version it doesn't get the full output. It looks like I need to also send a space or enter. Thanks again.

chris hillman said...

I am sorry to not have responded sooner.

If the output looks truncated then you need to send some extra characters. In the case of show ver or other commands that have paged output, I send a whole bunch of spaces. So the command file would have "show version" and the next line might be 12 spaces (I really should go in and count the number of spaces necessary to get through all the output of the command but you get the picture). The plink command will parse each character in the command file, a space is like you pressed space and a new line is like you pressed enter.

menhk said...

More Than one commands not works, Pls help me on this....

Ryan Reynold said...

Nice post.keep up the good work

webdevelopment

websitedesign

Michael Avanessian said...

I dont get it. Didn't the person who wrote this blog bother to test what he posted with multiple commands? There's a bug with plink.exe that doesnt allow multple command automation.

chris hillman said...

@Michael: Here is the deal. With a Cisco ASA you can use a standard MS-DOS Formatted text file for multiple commands. A router is much pickier and actually requires a Unix formatted Text file for multiple commands. You can write a VBS script to strip the CR+LF characters at the end of each line to replace them with just a LF character like the Unix format requires.

I have not had the time to write up a whole, giant post on the subject.

Michael Avanessian said...

@chris Thanks replying so quickly. I tried to just save a command.txt file with UNIX style "LF" line endings using my text editor (Sublime Text 3). However, plink.exe is still treating the UNIX formatted command.txt file the same way; giving an, "Line has invalid autocommand " error.

I'm not very experienced with VBS scripting, so I searched on google.. but couldn't any "working" examples. Could you please help? I've spent more time on this than I'd like to admit trying to get multi-commands to work with plink.

Thanks so much in advance!
Michael

Michael Avanessian said...
This comment has been removed by the author.
Michael Avanessian said...

EDIT: Okay, until I find a better working solution, I'm currently executing plink.exe via cygwin bash script. I only needed two dependency files in the same directory as plink.exe:

cygwin1.dll & bash.exe

Plink.exe then works correctly using multiple commnands!

start.bat (contains):
@echo off
bash.exe -c start.sh

plink.sh (contains):
plink.exe -ssh -l username -pw password ciscodevice <commands.txt


Hopefully, someone looking for a simple solution under Windows might find this helpful.

aparna john said...

Hi,This site utilizes a large image to bring in the reader’s attention. Also the monochromatic nature of the Web Design Cochin allows the limited use of blue to play a bigger role.Thanks....

mlan said...

@ Michael Avanessian

I was able to get this to work without cygwin/bash by using this syntax:

plink.exe user@x.x.x.x -pw [snip] < commands.txt >> output.log

As mentioned, commands.txt must be in Unix format (LF's only) for Cisco IOS devices.

shuasd sllehd said...

i am interested in running a script on mulpitle cisco switches like your example with devices.txt but i am unclear on how to call the ip addresses from the file. could you please clarify that for me?

chris hillman said...

@shuasd sllehd:

So with the command:

for /f %i in (devices.txt) do c:\putty\plink.exe cisco@%i -pw
P@55W0rD! -m command.txt >> device_utilization.txt

the "for /f" command loops through each line of the "devices.txt" file and assigns each line to the variable %i. So, if devices.txt had two lines, the first only having "10.10.1.25" and the second line only as "10.10.1.27"... the the command above would run twice. The first line would be:

c:\putty\plink.exe cisco@10.10.1.25 -pw P@55W0rD! -m command.txt >> device_utilization.txt

and the second would be

c:\putty\plink.exe cisco@10.10.1.27 -pw P@55W0rD! -m command.txt >> device_utilization.txt

The problem a lot of people have is that Cisco is not consistent in how the commands are interpreted as they are passed by plink with the "-m" option. Routers, it would seem, need to have Unix style line formats that end with the invisible LF character (line feed). ASA firewalls can apparently use DOS formatted text files with CR+LF (carriage return+line feed). I can't be sure about switches. So your mileage may vary as to how the command line operates for a given device. I'd be curious if a normal "made in notepad" txt file for commands would work on switches.

I regret not getting back into this an testing each option. There is only so much router/firewall/switch configuration a web developer gets into.

xx said...

This works for me using only powershell and plink and scripting to a cisco MDS switch:
PS V:\> $script=@()
PS V:\> $script+="terminal length 0"
PS V:\> $script+="show running-config"
PS V:\> $script+="exit"
PS V:\> $script
terminal length 0
show running-config
exit
PS V:\> [string]::Join( "`n", $script) | V:\WindowsPowershell\Modules\powerEMC\plink.exe admin@MDS01 -pw ****** -batch

Popular Posts