ssh (plink) to PIX/IOS with multiple command file works on PIX but not on IOS ?

Unanswered Question
Dec 3rd, 2009

I cannot run multiple commands on IOS from SSH batch file -it thinks my file is one command only,
however the same file works on the PIX; do they behave differently or am I missing something ?

eg: commands.ssh (DOS encoded) for PIX:
show ntp associations
show ntp status

plink -ssh -batch -m commands.ssh [email protected] -pw something

... works fine, but:

eg: commands.ssh (DOS encoded) for IOS:
show ntp associations
show ntp status

plink -ssh -batch -m commands.ssh [email protected] -pw something

line has invalid autocommand "show ntp associations
show ntp status

the latter works fine on IOS when only one command specified
same when I try different encodings; eg: UniCode, UTF-8
both users priv15

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Jacob Zartmann Fri, 03/04/2011 - 01:52

This is a rather old thread. Did you ever find a solution to this problem? I'm expieriencing the exact same issue

Thought plink was the way to go when uploading a router config through a script, but perhaps I should start to look for another solution.

Any suggestions?

My script is written in powershell.



nlariguet Fri, 03/04/2011 - 07:02

no, never did; and sadly this issue led me to write many of the most inefficient scripts I ever wrote

Michel Hegeraat Tue, 08/05/2014 - 04:18

Since you use putty's plink I assume you are on Windows


Some interesting things can be done using perl and net-ssh2.


Post your examples here if you get it to do what you want it to do





nlariguet Fri, 03/04/2011 - 13:01

yep, you're right I am on Windows with PowerShell scripts doing nothing out-of-the-ordinary: long ago I made an script using plink.exe that logs on my Cisco devices and automatically retrieve configuration information (eg: current config, device status, file-system files, etc) which places all ouput on txt files which in turn are automatically consolidated on an asp page file allowing me to see at glance on a single place what's going on with all my devices; furthermore, every time I upgrade/fix something I can check all those txt files with my master (last saved) configurations with UltraEdit/UltraCompare highlighting any changes, thus I can check really fast when new (default) commands were added with newer IOS versions, things like that ...

I originally wanted this script to log once on each device and do all the stuff required; I can't, I have to keep logging for every command I want to run on IOS (on PIX it's OK, I can do a batch)

I implemented this functionality when learning IOS/PIX to keep track of unwanted commands and proved very useful over the time for dissecting and analyzing whole configurations.

For no particular reason I use plink.exe (along with pscp.exe), it seems is the most widespread command-line SSH app outthere for Windows. I use PowerShell for management scripts. All data files (device info log credentials etc) are xml. All my systems are W2008 R2's. An yes, I also use putty instead of HyperTerminal.

PS: another example: I have a PIX which doesn't support dual default-routes (eg: all coming thru in1 goes out1 and all coming in2 goes out2) and have dual ISP each on one dedicated router on the far side of the firewall; every time I want to change traffic to one particular provider I used to log on the PIX, make the changes manually and so on, now I run a simple command on powershell on my workstation which in turns calls a script and makes all the changes required transparently to me.

Jacob Zartmann Fri, 03/04/2011 - 22:45

Great to see that this thread is somewhat alive and kicking!

Looks like you're doing some archive/auditing with your script. My purpose is to upload an initial config of the routers and plink was the only utility I could find for Windows (keeping things simple).

Although I bet you're trying to save money writing your own script to backup devices, have you heard of Cattools? I'm not a sales person, but this is a great utility for backing up your devices, pushing out configs and so on. Unfortunately there's no CLI version of the program.

I've also see other organizations use expect scripts - not on Windows though.

renato.guimaraes Mon, 03/07/2011 - 07:01

Have any of you gotten this to work?  I'm going to begin to administer quite a few UC500 devices and will need to run batch scripts.  It's still giving me the "Line has invalid autocommand" blablabla. Is there any other SSH program we can use to run batch scripts?



JamesKehr Mon, 04/04/2011 - 11:09

I found a solution. It' not pretty, but it works.  Based off the comments in this thread:

Since StdIn redirect (<) does not work in PowerShell you have to call cmd.exe to do the dirty work. My sample code looks like this:

# setting up the plink command in these two steps: 1. the cmd.exe call, 2. the command in cmd as an argument
$install_cmd = "cmd.exe"
$install_args = "/c `"$PlinkPath -ssh -2 -l $username -pw $password $SshHost -batch < $commandPath > $logPath`\$SshHost`.txt`""
#Run command and wait for exit
$PlinkCMD = [System.Diagnostics.Process]::Start("$install_cmd","$install_args")

# grab the commnd output
$Output = get-content "$logPath`\$SshHost`.txt"

$PlinkPath is the full path to, and including, plink.exe.

$username and $password are the plain string info needed to logon via SSH.

$SshHost is the IP or hostname you are connecting to.

$commandPath is th full path to, and including, the file with the commands.

$logPath is the directory where the output goes.

Since a new and separate window is opened to perform the work you need to pipe, using >, Plink's output to a text file which can be read and parsed for validation and error correction purposes.

Like I said, not pretty, but it works. Could easily be turned into a function, too.

James Kehr

Jacob Zartmann Thu, 04/14/2011 - 03:44

Looks good! But unfortunately I can't get this to work using telnet (no authentication) on port 4001 (reverse telnet session)

Has anyone tried this?

Jacob Zartmann Thu, 04/14/2011 - 04:15

Got it to work with reverse telnet by commenting the:


You can't quit a reverse telnet session as you'll always have the console active - obviously!


Jacob Zartmann Thu, 04/14/2011 - 04:22

NO! I was too fast on this. Doesn't work yet. The cmd prompt does not close. Hmm...

Jacob Zartmann Fri, 04/15/2011 - 01:33

First of all I would like to say that I really liked your blog post

I ran into som strange things with plink (or at least I think it is plink that causes the issue)... Here's an output file of commands enteres on my router (using the script and plink):

Router#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
Router(config)#hostname rt-1.tiki
rt-1.tiki(config)#interface tun1
rt-1.tiki(config-if)#ip address
rt-1.tiki(config-if)#router bgp 1

Notice the carriage return (CR) after every command I through at plink. Anyone can explain this?

It gets bad when sending banners to the router for example... Just a thought.



JamesKehr Fri, 04/15/2011 - 05:27

Tak, Jacob. Det glade mig at du kunne lide mine blog. (sorry for the grammar, my Danish is rusty)

I think the extra carriage returns are part of the reverse redirection. I have noticed it but haven't dug into the issue becuase for my purposes it doesn't matter.

Are you generating the script files or hand writing them in something like Notepad?

Jacob Zartmann Fri, 04/15/2011 - 12:13

You're quite welcome, James,

I've generating the config files from a template using search'n replace with a powershell script (looping through an array of parameters I'd like to change (e.g. IP addresses, hostname and other unique stuff).

Notepad++ is my favorite editor for all sorts of things (on Windows) - on Mac I use TextWrangler.

Jacob Zartmann Wed, 04/20/2011 - 04:08

Hi James,

Did you ever get this to work with authentication on the router?

Say you have a brand new router you must access to enter some commands on... The new router will typically prompt you like this:

Cisco Configuration Professional (Cisco CP) is installed on this device.
This feature requires the one-time use of the username "cisco" with the
password "cisco". These default credentials have a privilege level of 15.


Here are the Cisco IOS commands.

username   privilege 15 secret 0
no username cisco

Replace and with the username and password you want
to use.


For more information about Cisco CP please follow the instructions in the
QUICK START GUIDE for your router or go to

User Access Verification


I can't get plink to access this router. I've tried using the cisco:[email protected]-ip with plink and i've tried supplying the commands via the configuration text file. Neither works for me.

Any suggestions?

This will be used for zero-touch bulk deployment of routers - all that must be done is connecting a console cable to an access server (reverse telnet) and maybe a lan cable for uploading a new IOS.



Jacob Zartmann Wed, 04/20/2011 - 04:09

Another feature that would be nice to have is sending BREAK to the router. But I don't see how this is possible using plink

for those that are stumbling across this down the road trying to get plink w/ IOS commands to work - like me. 

I just wrote a batch script where the individual commands are sent.  it's a bit more work but it at least makes plink workable for multiple line commands in IOS.  (we're using this to automate config backups so it'll work well for us.)


     plink -ssh [email protected] -pw "term len 0"

     plink -ssh [email protected] -pw "sh run" > config.txt

Mark Lancaster Mon, 11/04/2013 - 15:20

Replying to this old thread because I found a solution for Cisco IOS.  Although ASA/PIX will accept a multiple-commands file with MS-DOS formatted text, Cisco IOS seems to require a Unix-formatted text file with only line feed (LF's) for your return/end of line character.  This syntax now works for me:

plink.exe [email protected] -pw [snip] < commands.txt >> output.log

cer43tcent Wed, 11/20/2013 - 15:08


Could you share an example of how the commands.txt would look for using the following

terminal length 0

show run

show mac address-table

Mark Lancaster Wed, 11/20/2013 - 15:15

Hi cer42tcent,

The text file would look exactly like your example, but you need to save it in UNIX format.  If you are using Windows, you could use a text editor such as Notepad++ or UltraEdit to do this.  You will not be able to do this with notepad.exe or MS Word, for example.  The reason is that MS-DOS formatted text files use both a carriage-return (CR) and a line feed (LR) for the return/end of line characters.

cer43tcent Thu, 11/21/2013 - 15:17


I have the Notepad++ now but noticed on a XP system the text file in UNIX format looks like

terminal length 0[]show run[]show vtp status[]show ntp status

However, on a Windows 7 system the text file in UNIX format looks like

terminal length0show run show vtp statusshow ntp status

If I run the batch file calling the text file it logons okay but the output to a text file only shows


Not sure if its Windows 7 and how the text file saved or what.  Unfortunately, I can't connect the XP system to the network. 

Did you experience these issues?  Any ideas?

Mark Lancaster Thu, 11/21/2013 - 17:34


If I look at the UNIX text file in notepad on Win7, it looks like this:

terminal length 0show runshow vtp statusshow ntp statusexit

I did some additional testing with some routers on IOS 12.2/12.4/15.1, and I noticed that I had to specify the SSH version correctly for this to work:


plink.exe -1 [email protected] -pw [snip] < commands.txt >> output.log


plink.exe -2 [email protected] -pw [snip] < commands.txt >> output.log

Trying adding a -1 or -2 for your SSH version.

cer43tcent Tue, 12/03/2013 - 15:18


Thanks for all your suggestions.  But I couldn't get the plink to work how you mentioned on switches with IOS 15.0.  I ended up having to use Notepad++ and create three seperate text files (3 authentications) to accomplish all the commands I truly wanted. 

I figured I'd share to maybe help others trying to accomplish similar.  So..the commands I wanted to use were (term len 0, sh int status, sh switch detail, sh arp, sh version, sh ntp status, sh vtp status, show mac address-tab, sh run, and sh span vlan 1-999)  In my case first I had to have plink.exe and Putty.exe in the same folder.  Then I had to set my default Putty window to a large number for both rows and columns.  Next, I created the Unix format text files in Notepad ++.  Now to why I had three text files...

For some odd reason I could only run term len 0, show interface status, show switch detail, show arp, show ver, show ntp status, show vtp status, and show mac address on my first text file and the output be correct.  The second text file would only do show run and be correct.  My third text file only did show span vlan 1-999.  The catch seemed to be matching the end of line in Notepad ++ to what the output would be on the Putty terminal before and after each command.  However, this didn't work with commands that needed paging (ie show run, show span vlan 1-999) .  I attached a screenshot of my first text file in Notepad ++ if anyone cares to see.

Lastly, I'd also like to note that i don't think terminal length 0 actually does it function when using plink. 

cer43tcent Fri, 07/18/2014 - 11:16

I've come to a solution, but it isn't with plink.  Its using Putty through a batch file. The batch file is setup to run Putty and then capture multiple show commands without cutting off some of the output or ending like plink did.

The lines of the batch file look like:


putty.exe -load LANSW1 -pw P@$$word


Notice the LANSW1.  This is a saved session I created in Putty.  Now the settings in that saved session I modified were

Logging (where I want the file saved)

Window (increased lines of scrollback to a very high number)

Data (put my account in the Auto-login username field)

So when I run the batch file it starts the saved session and all I have to do is right-click inside the Putty window to paste the show commands I wanted to capture. 

Multiple saved sessions can be put in the batch file on a line of their own.  When run with multiple sessions, each session starts when the current one is closed.

This helped me save major time, whereas before I'd capture the config and other show output of 26 switch stacks with no application to use (took about 30 minutes or more).  Now it took 3 minutes!  Not completely automatic, but hopefully this will help someone.


ervenkateshs Fri, 05/23/2014 - 05:05
try using ' < ' insted of -m parameter The final command will look like this plink -ssh device_ip -l user_something -pw password_something < commands.txt > output.txt
7layerorg Thu, 02/18/2016 - 03:56

Hi All,

Just in case if someone still having trouble with this, I share what I got working on mine.

Win 7, works with plink fine.

As it was mentioned by other people I used the notepad++ to convert to unix type the end line feeds.

This is the commands file looks like:


term len 0

#show version

#show ip interface brief

configure terminal

interface gigabitEthernet2

descri Laz_mod3

ip address

no sh





Every line has the LF on it instead of the DOS type.

Also the link how I send the commands:

plink -ssh -2 -l USERNAME -pw PASSWORD < commands.txt >> putty.log [email protected]

Also I attached how looks like the commands txt file when the all view switched on.

I hope it helps you guys.

I needed this to implement sla on our front end routers. (still working on it)

mark.rohren Tue, 02/23/2016 - 10:10

Thank you for sharing this; I was just looking into this problem last week.  I was successful in getting this to work on my switches (Catalyst 3750 running IOS 12.2), but not on my routers (C2911 running IOS 15.1).  By adjusting the line feed spacing between commands, I was able to get it to randomly work on a router (4 times out of about 100, but not repeatable).  I tried your Plink command syntax and line feed spacing, no luck.  It appears to be a timing issue.

There are other solutions, but we're constrained to not loading new software on the workstations, and they have PuTTY / Plink.  Has anyone got this working on a Cisco router running IOS 15.x?

7layerorg Tue, 02/23/2016 - 12:03

No worries, I just checked mine and it's a CSR1000V with 15.5(2) IOS and it runs fine on this.
But the CSR runs on a VMware host. Looks like it depends on the HW and SW as well.


This Discussion

Related Content