cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
49133
Views
0
Helpful
34
Replies

ssh (plink) to PIX/IOS with multiple command file works on PIX but not on IOS ?

nlariguet
Level 1
Level 1

I cannot run multiple commands on IOS from SSH batch file -it thinks my file is one command only,
however the same file works on the PIX; do they behave differently or am I missing something ?

eg: commands.ssh (DOS encoded) for PIX:
enable
something
show ntp associations
show ntp status
logout

plink -ssh -batch -m commands.ssh somebody@firewall.whatever.com -pw something

... works fine, but:

eg: commands.ssh (DOS encoded) for IOS:
show ntp associations
show ntp status
logout

plink -ssh -batch -m commands.ssh somebody@router.whatever.com -pw something

line has invalid autocommand "show ntp associations
show ntp status
logout
"

the latter works fine on IOS when only one command specified
same when I try different encodings; eg: UniCode, UTF-8
both users priv15

34 Replies 34

Jacob Zartmann
Level 1
Level 1

This is a rather old thread. Did you ever find a solution to this problem? I'm expieriencing the exact same issue

Thought plink was the way to go when uploading a router config through a script, but perhaps I should start to look for another solution.

Any suggestions?

My script is written in powershell.

Thanks,

/JZN

no, never did; and sadly this issue led me to write many of the most inefficient scripts I ever wrote

Since you use putty's plink I assume you are on Windows

 

Some interesting things can be done using perl and net-ssh2.

 

Post your examples here if you get it to do what you want it to do

 

Cheers

 

Michel

yep, you're right I am on Windows with PowerShell scripts doing nothing out-of-the-ordinary: long ago I made an script using plink.exe that logs on my Cisco devices and automatically retrieve configuration information (eg: current config, device status, file-system files, etc) which places all ouput on txt files which in turn are automatically consolidated on an asp page file allowing me to see at glance on a single place what's going on with all my devices; furthermore, every time I upgrade/fix something I can check all those txt files with my master (last saved) configurations with UltraEdit/UltraCompare highlighting any changes, thus I can check really fast when new (default) commands were added with newer IOS versions, things like that ...

I originally wanted this script to log once on each device and do all the stuff required; I can't, I have to keep logging for every command I want to run on IOS (on PIX it's OK, I can do a batch)

I implemented this functionality when learning IOS/PIX to keep track of unwanted commands and proved very useful over the time for dissecting and analyzing whole configurations.

For no particular reason I use plink.exe (along with pscp.exe), it seems is the most widespread command-line SSH app outthere for Windows. I use PowerShell for management scripts. All data files (device info log credentials etc) are xml. All my systems are W2008 R2's. An yes, I also use putty instead of HyperTerminal.

PS: another example: I have a PIX which doesn't support dual default-routes (eg: all coming thru in1 goes out1 and all coming in2 goes out2) and have dual ISP each on one dedicated router on the far side of the firewall; every time I want to change traffic to one particular provider I used to log on the PIX, make the changes manually and so on, now I run a simple command on powershell on my workstation which in turns calls a script and makes all the changes required transparently to me.

Great to see that this thread is somewhat alive and kicking!

Looks like you're doing some archive/auditing with your script. My purpose is to upload an initial config of the routers and plink was the only utility I could find for Windows (keeping things simple).

Although I bet you're trying to save money writing your own script to backup devices, have you heard of Cattools? I'm not a sales person, but this is a great utility for backing up your devices, pushing out configs and so on. Unfortunately there's no CLI version of the program.

I've also see other organizations use expect scripts - not on Windows though.

Have any of you gotten this to work?  I'm going to begin to administer quite a few UC500 devices and will need to run batch scripts.  It's still giving me the "Line has invalid autocommand" blablabla. Is there any other SSH program we can use to run batch scripts?

Thanks

-Renato

I found a solution. It' not pretty, but it works.  Based off the comments in this thread:


http://www.xpresslearn.com/cisco/general/automate-cisco-commands-from-windows


Since StdIn redirect (<) does not work in PowerShell you have to call cmd.exe to do the dirty work. My sample code looks like this:


# setting up the plink command in these two steps: 1. the cmd.exe call, 2. the command in cmd as an argument
$install_cmd = "cmd.exe"
$install_args = "/c `"$PlinkPath -ssh -2 -l $username -pw $password $SshHost -batch < $commandPath > $logPath`\$SshHost`.txt`""
#Run command and wait for exit
$PlinkCMD = [System.Diagnostics.Process]::Start("$install_cmd","$install_args")
$PlinkCMD.WaitForExit()

# grab the commnd output
$Output = get-content "$logPath`\$SshHost`.txt"


$PlinkPath is the full path to, and including, plink.exe.

$username and $password are the plain string info needed to logon via SSH.

$SshHost is the IP or hostname you are connecting to.

$commandPath is th full path to, and including, the file with the commands.

$logPath is the directory where the output goes.


Since a new and separate window is opened to perform the work you need to pipe, using >, Plink's output to a text file which can be read and parsed for validation and error correction purposes.


Like I said, not pretty, but it works. Could easily be turned into a function, too.


James Kehr

Looks good! But unfortunately I can't get this to work using telnet (no authentication) on port 4001 (reverse telnet session)

Has anyone tried this?

Got it to work with reverse telnet by commenting the:

#$PlinkCMD.WaitForExit()


You can't quit a reverse telnet session as you'll always have the console active - obviously!

/JZN

NO! I was too fast on this. Doesn't work yet. The cmd prompt does not close. Hmm...

Add an extra 'exit' or two at the end of your telnet script. Plink will not disconnect

properly when using reverse redirection unless your script exits all the way out.

Check the warning paragraph in my blog.

http://www.orcsweb.com/blog/james/fun-with-powershell-plink-cisco-ios-and-powershell/

James

First of all I would like to say that I really liked your blog post

I ran into som strange things with plink (or at least I think it is plink that causes the issue)... Here's an output file of commands enteres on my router (using the script and plink):


Router>
Router>enable
Router#
Router#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
Router(config)#
Router(config)#hostname rt-1.tiki
rt-1.tiki(config)#
rt-1.tiki(config)#interface tun1
rt-1.tiki(config-if)#
rt-1.tiki(config-if)#ip address 172.24.8.100 255.255.252.0
rt-1.tiki(config-if)#
rt-1.tiki(config-if)#router bgp 1

Notice the carriage return (CR) after every command I through at plink. Anyone can explain this?

It gets bad when sending banners to the router for example... Just a thought.

Thanks,

/JZN

Tak, Jacob. Det glade mig at du kunne lide mine blog. (sorry for the grammar, my Danish is rusty)

I think the extra carriage returns are part of the reverse redirection. I have noticed it but haven't dug into the issue becuase for my purposes it doesn't matter.

Are you generating the script files or hand writing them in something like Notepad?

You're quite welcome, James,

I've generating the config files from a template using search'n replace with a powershell script (looping through an array of parameters I'd like to change (e.g. IP addresses, hostname and other unique stuff).

Notepad++ is my favorite editor for all sorts of things (on Windows) - on Mac I use TextWrangler.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco