IOS – Passing commands with ssh
Posted by Josh on Mon 6 Jul 2009Categories: Cisco , Cisco Routers , SSH - [9] Comments
Before getting started with this little tip, I just wanted to drop a short note to you all to let you know that James and I have not abandoned the blog. We have just taken an “unannounced” three month vacation. Or you could say that “life happened” to us both and three months slipped by.
I have been trying to find the time to put together something really impressive after being out for so long, but I have decided it is better to just get back to work. As a way of getting back into the swing of things, I thought I would do a small writeup on an IOS feature that I recently stumbled across. I have known for a while that it is possible to pass commands between Linux machines via ssh by simply adding a command to the end of the ssh command string. I recently tried it on a router and to my surprise … it worked. Cool!
For example, if you want to see a show version from another router, simply add “show version” to the end of the ssh client command.
From another router with the username of root
router#ssh -l root 10.10.10.1 “show version”
From a Linux or Cygwin terminal to a router with the username of root
[root@vmware1 ~]# ssh root@10.10.10.1 “show version”
If you want to retrieve the show version command from several routers. You can use a single line script in a Linux shell or Cygwin. The following command will loop through routers 10.10.10.21, 10.10.10.22 and 10.10.10.23 running the ‘show version’ command.
for ip in 10.10.10.21 10.10.10.22 10.10.10.23; do ssh root@$ip “show version”; done
There are lots of more interesting things to be done with scripts, but I thought I would keep it simple. If anyone finds a way to login automatically or make configuration changes with this trick, please let me know.
Josh
July 8th, 2009 at 9:33 am
Configuration changes? Simple … just write a Tclsh script and execute it with SSH
Automatic login: on a million wish lists, but not implemented.
July 9th, 2009 at 3:29 pm
Hey Josh,
Glad to see you back online and posting. I’ve been working on setting up my home lab and watching intently for the next post. I’m not sure about script based config management, but the next thing i wanted to tackle, was working with Rancid for managing cisco IOS config backups. Im nowhere there yet, but maybe this is something you are interested in…
Really Awesome New Cisco confIg Differ (RANCID)
http://homepage.mac.com/duling/halfdozen/RANCID-Howto.html
July 14th, 2009 at 5:44 am
#!/usr/bin/perl -w
use strict;
use Expect;
sub scp($$)
{
my ($from, $to) = @_;
my $cmd = “scp $login\@$host:/$from $path_input/$to”;
print $cmd.”\n”;
my $exp = Expect->spawn($cmd, ()) or die “Cannot spawn $cmd: $!\n”;
$exp->log_stdout($debug);
$exp->expect($timeout,
[ qr/assword:/ => sub { my $exp = shift; $exp->send("$password\n"); exp_continue; } ],
[ qr/yes\/no\)/ => sub { my $exp = shift; $exp->send("yes\n"); exp_continue; } ],
[ qr/.+/ => sub { exp_continue; } ],
[ 'eof' => sub { return; }],
);
my $retVal = $exp->exitstatus();
$exp->soft_close();
return $retVal;
}
July 15th, 2009 at 3:30 pm
As Pavel showed,’Expect’ should do the trick for automatic login. By the way, there are ports to other languages specifically python and Ruby for those like me who don’t code in Perl.
July 18th, 2009 at 5:43 pm
Thanks Ivan! I really need to get into TCL….especially after reading your blog and all the neat things that can be done with it.
Josh
August 16th, 2009 at 9:19 am
You always gave good trick !
August 19th, 2009 at 2:37 pm
Cmon’ guys don’t ignore the snake
import pexpect
import os
ssh = pexpect.spawn(“ssh user@router”)
ssh.expect(‘Password:’)
ssh.sendline(password)
ssh.expect(‘Router>’)
ssh.sendline(‘show ip bgp summary’)
ssh.expect(‘Router>’)
print ssh.before
ssh.close()
September 3rd, 2009 at 9:43 pm
I used to work in a network operations center, and I loved scripting for config changes. I used SecureCRTs fantastic scripting support, and wrote VBScripts, mostly for password changes or config backups or applying a command across all routers. Whats great is that the newer IOS images allow you to upgrade the IOS from the command line, which could easily be worked into a script. I believe its called auto-upgrade manager.
January 13th, 2010 at 1:32 am
Everyone,
Thanks for the tips.
Josh