As i promised in the last post i will share with you a Python script that can handle bulk configurations. This script is for people who needs to jump through a server to destination device. For example you need to configure a router or a switch but you do not have direct access to that device instead you need to ssh a secure server then jump your router from there. I will share with you guys the code and comments that i made. You can ask about the code in the comments section. You need to have Python 3 installed in order to run this script. What this script is capable of are:
- It can SSH ip addresses from a jump server one by one
- It can bypass new RSA key question
- It enables a Cisco router
- It does the configuration and saves
import paramiko
from paramiko_expect import SSHClientInteraction
def jumpToRouter(routerIp,device_user='username_for_end_device', device_pass='pass_for_end_device'):
with SSHClientInteraction(ssh_jump, timeout=10, display=True, buffer_size=65535, ) as router:
try:
router.expect(jump_prompt)
router.send('bash')
router.expect(jump_prompt)
router.send('ssh {}@{}'.format(device_user, routerIp))
# RSA key auto recognize and accept
router.expect([pass_prompt, rsa_prompt])
if router.last_match == rsa_prompt:
print('\nRSA Key is accepting...')
router.send('yes')
router.expect(pass_prompt, timeout=25)
router.send(device_pass)
elif router.last_match == pass_prompt:
router.send(device_pass)
else:
with open('device_ssh_fail.txt', mode='a+') as f:
f.write(' SSH fail to : {}\n'.format(
routerIp))
router.expect([root_prompt, enable_prompt])
# If router has enable pass try to enable
if router.last_match == enable_prompt:
router.send('enable')
router.expect(pass_prompt, timeout=10)
router.send(device_pass)
router.expect(root_prompt, timeout=10)
router.send('terminal length 0')
router.expect(root_prompt, timeout=5)
router.send('conf t')
router.expect(root_prompt,timeout=15)
router.send('int loopback 10')
router.expect(root_prompt, timeout=15)
router.send('ip address 192.168.10.5 255.255.255.255')
router.expect(root_prompt, timeout=15)
router.send('end')
router.expect(root_prompt,timeout=15)
router.send('write')
router.expect(root_prompt,timeout=20)
time.sleep(3)
except paramiko.ssh_exception.AuthenticationException as e:
except Exception as e:
return
if __name__ == "__main__":
ip_list = ['ip_1','ip_2','ip_3']
jump_ip = 'jump_host_ip'
jump_user = 'username'
jump_pass = 'password'
# jump check // this is for a linux jump host you can adapt it to your needs, its regex
jump_prompt = '.*\$ '
# root check
root_prompt = '.*#'
# Enable control
enable_prompt = '.*>'
# router access password rsa key and username check
pass_prompt = '.*assword: '
rsa_prompt = '.*RSA.*'
telnet_prompt = '.*sername: '
# reload prompt
reload_prompt = '.*in.*'
# JumpServer SSH object
ssh_jump = paramiko.SSHClient()
# RSA key known hosts
ssh_jump.load_system_host_keys()
ssh_jump.set_missing_host_key_policy(paramiko.AutoAddPolicy())
# JumpServer connection
ssh_jump.connect(hostname=jump_ip, username=jump_user, password=jump_pass)
print('Jump Server connection successful!')
for ip in ip_list:
# Connect to the client
jumpToRouter(ip)
ssh_jump.close()I edited one of my script to post it here but did not test it so it may have some little errors , let me know if you find any and i will correct them.
