I cannot run multiple commands on IOS from SSH batch file -it thinks my file is one command only,
however the same file works on the PIX; do they behave differently or am I missing something ?
eg: commands.ssh (DOS encoded) for PIX:
show ntp associations
show ntp status
plink -ssh -batch -m commands.ssh email@example.com -pw something
... works fine, but:
eg: commands.ssh (DOS encoded) for IOS:
show ntp associations
show ntp status
plink -ssh -batch -m commands.ssh firstname.lastname@example.org -pw something
line has invalid autocommand "show ntp associations
show ntp status
the latter works fine on IOS when only one command specified
same when I try different encodings; eg: UniCode, UTF-8
both users priv15
This is a rather old thread. Did you ever find a solution to this problem? I'm expieriencing the exact same issue
Thought plink was the way to go when uploading a router config through a script, but perhaps I should start to look for another solution.
My script is written in powershell.
no, never did; and sadly this issue led me to write many of the most inefficient scripts I ever wrote
Since you use putty's plink I assume you are on Windows
Some interesting things can be done using perl and net-ssh2.
Post your examples here if you get it to do what you want it to do
yep, you're right I am on Windows with PowerShell scripts doing nothing out-of-the-ordinary: long ago I made an script using plink.exe that logs on my Cisco devices and automatically retrieve configuration information (eg: current config, device status, file-system files, etc) which places all ouput on txt files which in turn are automatically consolidated on an asp page file allowing me to see at glance on a single place what's going on with all my devices; furthermore, every time I upgrade/fix something I can check all those txt files with my master (last saved) configurations with UltraEdit/UltraCompare highlighting any changes, thus I can check really fast when new (default) commands were added with newer IOS versions, things like that ...
I originally wanted this script to log once on each device and do all the stuff required; I can't, I have to keep logging for every command I want to run on IOS (on PIX it's OK, I can do a batch)
I implemented this functionality when learning IOS/PIX to keep track of unwanted commands and proved very useful over the time for dissecting and analyzing whole configurations.
For no particular reason I use plink.exe (along with pscp.exe), it seems is the most widespread command-line SSH app outthere for Windows. I use PowerShell for management scripts. All data files (device info log credentials etc) are xml. All my systems are W2008 R2's. An yes, I also use putty instead of HyperTerminal.
PS: another example: I have a PIX which doesn't support dual default-routes (eg: all coming thru in1 goes out1 and all coming in2 goes out2) and have dual ISP each on one dedicated router on the far side of the firewall; every time I want to change traffic to one particular provider I used to log on the PIX, make the changes manually and so on, now I run a simple command on powershell on my workstation which in turns calls a script and makes all the changes required transparently to me.
Great to see that this thread is somewhat alive and kicking!
Looks like you're doing some archive/auditing with your script. My purpose is to upload an initial config of the routers and plink was the only utility I could find for Windows (keeping things simple).
Although I bet you're trying to save money writing your own script to backup devices, have you heard of Cattools? I'm not a sales person, but this is a great utility for backing up your devices, pushing out configs and so on. Unfortunately there's no CLI version of the program.
I've also see other organizations use expect scripts - not on Windows though.
Have any of you gotten this to work? I'm going to begin to administer quite a few UC500 devices and will need to run batch scripts. It's still giving me the "Line has invalid autocommand" blablabla. Is there any other SSH program we can use to run batch scripts?
I found a solution. It' not pretty, but it works. Based off the comments in this thread:
Since StdIn redirect (<) does not work in PowerShell you have to call cmd.exe to do the dirty work. My sample code looks like this:
# setting up the plink command in these two steps: 1. the cmd.exe call, 2. the command in cmd as an argument
$install_cmd = "cmd.exe"
$install_args = "/c `"$PlinkPath -ssh -2 -l $username -pw $password $SshHost -batch < $commandPath > $logPath`\$SshHost`.txt`""
#Run command and wait for exit
$PlinkCMD = [System.Diagnostics.Process]::Start("$install_cmd","$install_args")
# grab the commnd output
$Output = get-content "$logPath`\$SshHost`.txt"
$PlinkPath is the full path to, and including, plink.exe.
$username and $password are the plain string info needed to logon via SSH.
$SshHost is the IP or hostname you are connecting to.
$commandPath is th full path to, and including, the file with the commands.
$logPath is the directory where the output goes.
Since a new and separate window is opened to perform the work you need to pipe, using >, Plink's output to a text file which can be read and parsed for validation and error correction purposes.
Like I said, not pretty, but it works. Could easily be turned into a function, too.
Looks good! But unfortunately I can't get this to work using telnet (no authentication) on port 4001 (reverse telnet session)
Has anyone tried this?
Got it to work with reverse telnet by commenting the:
You can't quit a reverse telnet session as you'll always have the console active - obviously!
Add an extra 'exit' or two at the end of your telnet script. Plink will not disconnect
properly when using reverse redirection unless your script exits all the way out.
Check the warning paragraph in my blog.
First of all I would like to say that I really liked your blog post
I ran into som strange things with plink (or at least I think it is plink that causes the issue)... Here's an output file of commands enteres on my router (using the script and plink):
Enter configuration commands, one per line. End with CNTL/Z.
rt-1.tiki(config-if)#ip address 172.24.8.100 255.255.252.0
rt-1.tiki(config-if)#router bgp 1
Notice the carriage return (CR) after every command I through at plink. Anyone can explain this?
It gets bad when sending banners to the router for example... Just a thought.
Tak, Jacob. Det glade mig at du kunne lide mine blog. (sorry for the grammar, my Danish is rusty)
I think the extra carriage returns are part of the reverse redirection. I have noticed it but haven't dug into the issue becuase for my purposes it doesn't matter.
Are you generating the script files or hand writing them in something like Notepad?
You're quite welcome, James,
I've generating the config files from a template using search'n replace with a powershell script (looping through an array of parameters I'd like to change (e.g. IP addresses, hostname and other unique stuff).
Notepad++ is my favorite editor for all sorts of things (on Windows) - on Mac I use TextWrangler.
Did you ever get this to work with authentication on the router?
Say you have a brand new router you must access to enter some commands on... The new router will typically prompt you like this:
Cisco Configuration Professional (Cisco CP) is installed on this device.
This feature requires the one-time use of the username "cisco" with the
password "cisco". These default credentials have a privilege level of 15.
YOU MUST USE CISCO CP or the CISCO IOS CLI TO CHANGE THESE
Here are the Cisco IOS commands.
no username cisco
IF YOU DO NOT CHANGE THE PUBLICLY-KNOWN CREDENTIALS, YOU WILL
NOT BE ABLE TO LOG INTO THE DEVICE AGAIN AFTER YOU HAVE LOGGED OFF.
For more information about Cisco CP please follow the instructions in the
QUICK START GUIDE for your router or go to http://www.cisco.com/go/ciscocp
User Access Verification
I can't get plink to access this router. I've tried using the cisco:cisco@router-ip with plink and i've tried supplying the commands via the configuration text file. Neither works for me.
This will be used for zero-touch bulk deployment of routers - all that must be done is connecting a console cable to an access server (reverse telnet) and maybe a lan cable for uploading a new IOS.
Another feature that would be nice to have is sending BREAK to the router. But I don't see how this is possible using plink
Perl seems to be the way to do this. Perhaps using this:
On my way to re-write my script and do more testing....
for those that are stumbling across this down the road trying to get plink w/ IOS commands to work - like me.
I just wrote a batch script where the individual commands are sent. it's a bit more work but it at least makes plink workable for multiple line commands in IOS. (we're using this to automate config backups so it'll work well for us.)
plink -ssh email@example.com -pw
plink -ssh firstname.lastname@example.org -pw
Replying to this old thread because I found a solution for Cisco IOS. Although ASA/PIX will accept a multiple-commands file with MS-DOS formatted text, Cisco IOS seems to require a Unix-formatted text file with only line feed (LF's) for your return/end of line character. This syntax now works for me:
plink.exe email@example.com -pw [snip] < commands.txt >> output.log
Could you share an example of how the commands.txt would look for using the following
terminal length 0
show mac address-table
The text file would look exactly like your example, but you need to save it in UNIX format. If you are using Windows, you could use a text editor such as Notepad++ or UltraEdit to do this. You will not be able to do this with notepad.exe or MS Word, for example. The reason is that MS-DOS formatted text files use both a carriage-return (CR) and a line feed (LR) for the return/end of line characters.
I have the Notepad++ now but noticed on a XP system the text file in UNIX format looks like
terminal length 0show runshow vtp statusshow ntp status
However, on a Windows 7 system the text file in UNIX format looks like
terminal length0show run show vtp statusshow ntp status
If I run the batch file calling the text file it logons okay but the output to a text file only shows
Not sure if its Windows 7 and how the text file saved or what. Unfortunately, I can't connect the XP system to the network.
Did you experience these issues? Any ideas?
If I look at the UNIX text file in notepad on Win7, it looks like this:
terminal length 0show runshow vtp statusshow ntp statusexit
I did some additional testing with some routers on IOS 12.2/12.4/15.1, and I noticed that I had to specify the SSH version correctly for this to work:
plink.exe -1 firstname.lastname@example.org -pw [snip] < commands.txt >> output.log
plink.exe -2 email@example.com -pw [snip] < commands.txt >> output.log
Trying adding a -1 or -2 for your SSH version.
Thanks for all your suggestions. But I couldn't get the plink to work how you mentioned on switches with IOS 15.0. I ended up having to use Notepad++ and create three seperate text files (3 authentications) to accomplish all the commands I truly wanted.
I figured I'd share to maybe help others trying to accomplish similar. So..the commands I wanted to use were (term len 0, sh int status, sh switch detail, sh arp, sh version, sh ntp status, sh vtp status, show mac address-tab, sh run, and sh span vlan 1-999) In my case first I had to have plink.exe and Putty.exe in the same folder. Then I had to set my default Putty window to a large number for both rows and columns. Next, I created the Unix format text files in Notepad ++. Now to why I had three text files...
For some odd reason I could only run term len 0, show interface status, show switch detail, show arp, show ver, show ntp status, show vtp status, and show mac address on my first text file and the output be correct. The second text file would only do show run and be correct. My third text file only did show span vlan 1-999. The catch seemed to be matching the end of line in Notepad ++ to what the output would be on the Putty terminal before and after each command. However, this didn't work with commands that needed paging (ie show run, show span vlan 1-999) . I attached a screenshot of my first text file in Notepad ++ if anyone cares to see.
Lastly, I'd also like to note that i don't think terminal length 0 actually does it function when using plink.
I've come to a solution, but it isn't with plink. Its using Putty through a batch file. The batch file is setup to run Putty and then capture multiple show commands without cutting off some of the output or ending like plink did.
The lines of the batch file look like:
putty.exe -load LANSW1 -pw P@$$word
Notice the LANSW1. This is a saved session I created in Putty. Now the settings in that saved session I modified were
Logging (where I want the file saved)
Window (increased lines of scrollback to a very high number)
Data (put my account in the Auto-login username field)
So when I run the batch file it starts the saved session and all I have to do is right-click inside the Putty window to paste the show commands I wanted to capture.
Multiple saved sessions can be put in the batch file on a line of their own. When run with multiple sessions, each session starts when the current one is closed.
This helped me save major time, whereas before I'd capture the config and other show output of 26 switch stacks with no application to use (took about 30 minutes or more). Now it took 3 minutes! Not completely automatic, but hopefully this will help someone.
For those still or newly looking, I found that adding the -1 switch and use the '<' syntax.
plink firstname.lastname@example.org -pw password -1 <"commands.csv" >>ConfigLog.csv
Tested from Win7 PC on both a CISCO1801/K9 & CISCO851W-G-A-K9, noting the CISCO851W-G-A-K9 works with and without the -2.
Just in case if someone still having trouble with this, I share what I got working on mine.
Win 7, works with plink fine.
As it was mentioned by other people I used the notepad++ to convert to unix type the end line feeds.
This is the commands file looks like:
term len 0
#show ip interface brief
ip address 192.168.30.100 255.255.255.0
Every line has the LF on it instead of the DOS type.
Also the link how I send the commands:
plink -ssh -2 -l USERNAME -pw PASSWORD < commands.txt >> putty.log USERNAME@192.168.50.221
Also I attached how looks like the commands txt file when the all view switched on.
I hope it helps you guys.
I needed this to implement sla on our front end routers. (still working on it)
Thank you for sharing this; I was just looking into this problem last week. I was successful in getting this to work on my switches (Catalyst 3750 running IOS 12.2), but not on my routers (C2911 running IOS 15.1). By adjusting the line feed spacing between commands, I was able to get it to randomly work on a router (4 times out of about 100, but not repeatable). I tried your Plink command syntax and line feed spacing, no luck. It appears to be a timing issue.
There are other solutions, but we're constrained to not loading new software on the workstations, and they have PuTTY / Plink. Has anyone got this working on a Cisco router running IOS 15.x?