Python Script to Precheck Cisco FTDs over a Jump Server

dhr.tech1 · ‎02-14-2026

Hi All,

Tried and tested to run pre and post checks for Cisco FTD over Linux Jump servers.

Note: you would require 'ftd_prechecks.txt' with the CLI commands saved in the same folder as your code.

##############################################

from netmiko import ConnectHandler
from getpass import getpass
import time
import re

user_name = input("Please enter your username for Jump Server: ")
pass_word = getpass("Please enter your password for Jump Server: ")

jump = {
"device_type": "linux",
"host": "172.##",
"username": user_name,
"password": pass_word,
"timeout": 60,
"session_log": "netmiko_jump.log", # debug transcript
}

pass_word2 = getpass("Please enter your password for FTD: ")

FTD_IP = "##.##.###"
FTD_USER = "####"
FTD_PASS = pass_word2

ssh = ConnectHandler(**jump)
print("✅ Connected successfully to the Jump Server")

# Optional: clear any buffered output
ssh.clear_buffer()

print(f"➡ SSHing from jump server to {FTD_IP} ...")

# Kick off the nested SSH
ssh.write_channel(f"ssh {FTD_USER}@{FTD_IP}\n")
time.sleep(1)

# Read what came back
output = ssh.read_channel()
# Loop to handle interactive prompts (yes/no, password, etc.)
max_loops = 15
for _ in range(max_loops):
output += ssh.read_channel()

# Host key verification prompt
if re.search(r"are you sure you want to continue connecting", output, re.I):
ssh.write_channel("yes\n")
time.sleep(1)
output += ssh.read_channel()

# Password prompt
if re.search(r"[Pp]assword:", output):
ssh.write_channel(FTD_PASS + "\n")
time.sleep(2)
output += ssh.read_channel()
break

# If slow, nudge with Enter and wait
ssh.write_channel("\n")
time.sleep(1)

print("🔎 Login dialog output (trimmed):")
print(output[-800:]) # last part only

# At this point, you should be on the FTD shell/CLI.

output_file = open('ftd_pcheck_output.txt', 'a')
# Use timing-based command if prompt detection is uncertain:
with open('ftd_prechecks.txt') as file:
verif_commands = file.read().splitlines()
for command in verif_commands:
cmd_output = ssh.send_command_timing(command, strip_prompt=False, strip_command=False)
print(f"Output of '{command}':\n{cmd_output}\n")
output_file.write("\nThe below information is fetched from " + FTD_IP)
output_file.write("\n" + cmd_output + "\n")
output_file.close()

# When finished:
ssh.disconnect()

balaji.bandi · ‎02-16-2026

ftd_prechecks.txt - what kind of precheck should be here? It would be helpful if you could elaborate on the commands and risks involved when running this in a production environment.

Last time I had an issue with time, sleep, and sending commands unthinkingly without validation is a risk, I guess. also good to get each command how long it takes, what if the output is not able to get in time (exit plan and show errors)

Also, it is good to improve based on the output and the actions needed.

dhr.tech1 · ‎02-17-2026

I'm using following commands in ftd_prechecks.txt & the response time is typically 5 sec. It is far better than anisble.

show version
show interface ip brief
show memory
show route summary
show bgp summary
show cpu usage
show failover state
show cluster info

Python Script to Precheck Cisco FTDs over a Jump Server

AnyConnect Certificate Based Authentication.

Getting past intermittent/unexplained 802.1x problems on Windows 7

Insights About Multiple Vulnerabilities in Cisco Discovery Protocol Implementations (CDPwn)