Python SSHv2 to Cisco routers for multiple commands
Andreux Fort
afort at choqolat.org
Tue Mar 10 16:34:45 UTC 2009
On Tue, Mar 10, 2009 at 9:24 AM, Sam Crooks <sam.a.crooks at gmail.com> wrote:
> Does anyone have any suggestions for SSHv2 to multiple Cisco devices and
> (this is the catch) running multiple commands?
>
> I've tried with Paramiko using the SSHClient(), then connect()'ing and
> issuing exec_command(), and it seems that the router closes the channel
> after the .exec_command('command here'). Subsequent write()'s on the stdin
> file object returned do not work, as shown on the examples I have seen:
> http://jessenoller.com/2009/02/05/ssh-programming-with-paramiko-completely-different/#more-465
Yes. The SSH session you're opening has a lifetime of one command.
If you want to do more than that, you have a couple of options:
1. Don't use exec_command(). Create the connection yourself, like
SSHClient does, and then run in SSH1.5 mode (details escape me now in
this airport, but I've done this).
2. On Juniper, I can do "show foo; show this; show that", which works
just fine with exec_command(). Does that work on a Crisco? (I'm
guessing no, since that's a single command that the juniper splits).
>
> I've tried various examples with twisted.conch.ssh and it seems Twisted is a
> bit more low-level than paramiko's SSHClient class.
>
Yes; however, the SSHClient class wraps up a few other things that you
could just do yourself, too. The code isn't that ugly, although it
will raise EOFError on most operations (or socket.timeout in paramiko
1.7), and the docstrings in SSHClient's methods don't say that, so be
aware.
>
> I'm trying to be able to issue a string of commands to routers which
> require a particular sequence;
>
> configure terminal
> hostname blahrouter1
> ip domain-name x.i.z
>
> ip tftp source-interface lo0
> end
>
>
> copy tftp:/x.y.z.w/my/path/file.txt flash:
>
So you're trying to bootstrap a new router?
You could use the Cisco TFTP/BOOTP/DHCP method of bootstrapping. I
don't think many people really use this, but you may be in luck (i.e.,
it may work on your routers).
For ongoing mainteance:
Put the actual commands in a file, and then just send "copy source
dest" on the router? This is how I do config pushes (it allows you to
copy to a local file on the router first and perform an MD5 checksum,
too. Which I'd recommend so your operators don't want to kill you
:-).
--
Andreux Fort (afort at choqolat.org)
More information about the Toolmakers
mailing list