Beautiful autologin on active network equipment
Good afternoon, dear Habraludi!
I want to share with you my way to simplify the life of the network administrator. I suggest a way to automatically enter the login and password for all equipment at once. I do not pretend to the novelty and freshness of the idea, but my own solution is much simpler, more transparent and somehow closer to the subject. Welcome under cat.
There is a provider network of managed equipment in the amount of hundreds of devices from different manufacturers (Cisco, D'link, Huawei, etc.). Each device has a canonical name, but there is no dns entry for it. There is a list of matching names to addresses. All (more precisely, almost all) devices offer authorization through TACACS + . That is, in the worst case, in order to fix the configuration of the piece of iron, it is necessary to find the device ip by name in the above list, start up, enter the login and password and do what is required.
I would like to automate the whole thing somehow, and, finally, not to grind this password thousands of times a day. It is necessary to get access to a piece of equipment by simply entering its name in the system's shell (cisco style)
')
To solve the problem we will use:
For pyhton, pexpect is used - the implementation of expect in the contest of this language.
First, you need to write a script that takes the ip of the piece of iron and sends us to its shell. I cite the script code with comments, so in my opinion it is easier, and there is no need to repeat.
Now, running the script and passing the piece of iron to the ip parameter, we fall directly into its shell without question. Now back to the task. It is necessary to simply access the canonical name. For this we will use bash alias .
For each piece of hardware, add a line to bashrc: "
Now, by simply entering the name of the piece of iron in the shell, we can access it without asking any questions.
I want to say a big thank you to the developers of the python language, thanks to which many, trivial and not so easy tasks are solved. Thank you for your attention, waiting for your criticism, I will be glad to know your opinion.
I want to share with you my way to simplify the life of the network administrator. I suggest a way to automatically enter the login and password for all equipment at once. I do not pretend to the novelty and freshness of the idea, but my own solution is much simpler, more transparent and somehow closer to the subject. Welcome under cat.
What is
There is a provider network of managed equipment in the amount of hundreds of devices from different manufacturers (Cisco, D'link, Huawei, etc.). Each device has a canonical name, but there is no dns entry for it. There is a list of matching names to addresses. All (more precisely, almost all) devices offer authorization through TACACS + . That is, in the worst case, in order to fix the configuration of the piece of iron, it is necessary to find the device ip by name in the above list, start up, enter the login and password and do what is required.
What do you want
I would like to automate the whole thing somehow, and, finally, not to grind this password thousands of times a day. It is necessary to get access to a piece of equipment by simply entering its name in the system's shell (cisco style)
')
Solve the problem
To solve the problem we will use:
- Of course, linux is also on the workhorse.
- Of course, python - it also solves all admin problems very quickly, simply and transparently.
- Of course, expect - what else will help us with autologin?
For pyhton, pexpect is used - the implementation of expect in the contest of this language.
First, you need to write a script that takes the ip of the piece of iron and sends us to its shell. I cite the script code with comments, so in my opinion it is easier, and there is no need to repeat.
#!/usr/bin/env python # -*- coding: utf-8 -*- ''' cisco, d'link, huawei ''' # import pexpect from sys import argv # ip p=pexpect.spawn('telnet %s' % argv[1]) # tacacs+ login='mylogin' password='mypassword' ''' - . , 'D-Link' . . ''' i = p.expect(['.D-Link.','login:','Username:']) if i == 0: print 'D-Link detected' p.expect(['login:','UserName:']) p.sendline(login) p.expect(['Password:','PassWord']) p.sendline(password) i = p.expect(['.4#', '.3#','.Fail.']) if i == 2: ''' - tacacs, '.Fail.' - . ''' print 'Wrong credentials! Trying default' p.expect(['login:','UserName:']) p.sendline('default') p.expect(['Password:','PassWord']) p.sendline('default') ''' - . #3 - , #4 - ''' elif i == 1: print 'enabling admin' p.sendline("enable admin") p.expect('Password:') p.sendline('admin_pass') else: pass p.interact() elif i == 1: ''' cisco - enable , ''' print 'Cisco detected' p.sendline(login) p.expect('Password:') p.sendline(password) p.interact() elif i == 2: ''' huawei , sys ''' print 'Huawei detected' p.sendline(login) p.expect('Password:') p.sendline(password) p.expect('.') print 'enabling sys' p.sendline('sys') p.interact() Now, running the script and passing the piece of iron to the ip parameter, we fall directly into its shell without question. Now back to the task. It is necessary to simply access the canonical name. For this we will use bash alias .
For each piece of hardware, add a line to bashrc: "
alias _="autologin ip_" ", and put the script in the bin directory (for example, / usr / bin / autologin).Now, by simply entering the name of the piece of iron in the shell, we can access it without asking any questions.
Instead of epilogue
I want to say a big thank you to the developers of the python language, thanks to which many, trivial and not so easy tasks are solved. Thank you for your attention, waiting for your criticism, I will be glad to know your opinion.
Source: https://habr.com/ru/post/127748/
All Articles