(5 votes, average: 3.80 out of 5)
Loading ...
Print This Post
In the previous article, Running commands on a Cisco device from the Windows command line , I wrote on how to run commands from the Windows command line against a Cisco device. The article was based on using the Unix utility rsh aka Remote Shell. The biggest downfall of using rsh is the security issues around the protocol. How about another method of doing the same thing, but with using a more secure process?
Putty has a sister program that is called plink. Like putty, plink is a standalone executable that is capable of accessing remote devices using telnet or ssh. Plink is basically used in place of putty when you want the input/output of the program to use STDIN/STDOUT. So, for example you can open a command prompt, invoke plink and connect to a device. The interaction with the session will look just as if it would when using the telnet.exe from the XP/Vista command line. One of the features of plink is that it can share the saved sessions created in Putty. By default, putty will use the Windows registry to store saved connection information. However, the configuration can be changed to store the sessions in the local file system.
In this initial example, lets configure a router to accept an incoming ssh connection with a locally defined username/password combination. The basic IOS configuration to accomplish this task will look like the following:
R1(config)#int fa0/0 R1(config-if)#ip address 10.1.100.1 255.255.255.0 ! Define the hostname on the router - required for enabling ssh Router(config)#hostname R1 ! Define the domain name on the router - required for enabling ssh R1(config)#ip domain-name xpresslearn.com ! Generate encryption keys for use with ssh R1(config)#crypto key generate rsa general-keys The name for the keys will be: R1.xpresslearn.com Choose the size of the key modulus in the range of 360 to 2048 for your General Purpose Keys. Choosing a key modulus greater than 512 may take a few minutes. How many bits in the modulus [512]: % Generating 512 bit RSA keys, keys will be non-exportable...[OK] ! Use the latest version of ssh R1(config)#ip ssh version 2 ! Locally defined username on the router R1(config)#username xpresslearn privilege 15 secret pa55w0rd ! Enable aaa R1(config)#aaa new-model ! Set all logins by default to use the local username entries R1(config)#aaa authentication login default local ! Use the priviledge level defined in the local username statement R1(config)#aaa authorization exec default local
Now, from the command line, let’s use the plink.exe program to show the interfaces of the Cisco device. But first, lets take a look at the options available from the plink executable:
Command line options for plink.exe
As you can see, one of the options is a -m to run remote commands from a file. In order to automatically run commands without interaction, the commands you want to run need to be inserted into a text file.
Text file to use with plink.exe
Now, run the program with the proper command line options. Which in the following example is:
- Use ssh to connect
- Connect with the username xpresslearn
- The IP address of the device we are connecting is 10.1.100.1
- use the password pa55w0rd
- run the commands contained in the file called plink-commands.txt that resides in the current directory.
Running plink.exe in batch mode
As you can see, the output from the command is displayed as standard program output. This output can just as easily be piped to a text file. Next, let’s use this method to back up the configuration of the router. First, we will put the proper commands in the text file for batch processing.
Backup cisco configuration via plink.exe
Now, run plink.exe with the same command line options and add the pipe to end:
Router backup using plink.exe
So we ran plink with the commands in the text file and piped them to a file called R1.txt. In the above screen shot, you can see where we view the text file after the program has executed. The text file contains the complete configuration of the device, which was displayed using the show run command. FYI: the term length 0 command is used to prevent paging when showing the running configuration.
September 23rd, 2010 at 10:47 pm
Hi, were you really able to run a batch of commands via plink to a cisco IOS based device? I was able to do this with a PIX, but with an IOS device, I can only succeed at sending in single commands, never a batch. I believe the issue is related to how an IOS based device handles carriage returns.
Following your example, plink always returns this message:
Line has invalid autocommand “term len 0
show run
”
I tried with \r, \n, \r\n type carriage returns, but all produced the same errors…
If I use “!” as a separator, only the first command will be run.
Any ideas?
Regards,
James.
November 30th, 2010 at 1:37 am
I have the same error:
Line has invalid autocommand “term len 0
show run”
January 31st, 2011 at 3:36 am
Hi,
Thanks for the article. But i have a problem. I did what you said.
But how will i enter the “enable” password in cisco routers ?
Putty connects to router. Reads the script file. But it stucks in enable pass stage
January 31st, 2011 at 7:15 am
i have the same error
which is the command separator?
March 12th, 2011 at 12:07 pm
Dear sir ,
I want to install server tacacs + and what is required for that I hope to benefit.
Please accept my greetings and appreciation
March 28th, 2011 at 2:18 pm
Hey guys for simple commands that don’t require en drop the -m and pipe the lines in using <. This way requires that you add exit at the end of the command file.
plink -ssh -l user -pw password host < plink-commands.txt
The only way i was able to succeed with enable and providing a password in the command file was by using cygwin. there is something in the way windows is piping the lines that is probably passing a so the device is seeing as the password then the line feed is sent
using cygwin and plink i was able to run
./plink -ssh -l username -pw password host < command.txt
command.txt:
sh log
en
supersecretpassword
sh run
exit
hope this helps.
May 16th, 2011 at 7:42 pm
hi mike lalonde,
any other way to run multiple command from a single txt file?
is there any SSH that is able to run script?
June 16th, 2011 at 10:51 am
hi kyoichi83,
I would put all your shell commands in a bash script and test it out on your remote Linux/Unix host first. Copy this script to your windows and run plink with -m flag pointing to it.
e.g. C:\Program Files\PuTTY\plink.exe -ssh -4 userid@198.162.1.1 -pw myPasswd -m C:\tmp\myShellScript.sh > C:\tmp\myShellScript_Output.txt
Regards.
July 14th, 2011 at 3:04 pm
PuTTY Link: command-line connection utility
Release 0.60
Usage: plink [options] [user@]host [command]
command can be a list of semicolon seperated list in quotes, as below.
Try this.
plink -ssh userid@192.168.1.1 -pw myPasswd “ls;df -lh”
July 29th, 2011 at 2:44 pm
i tried with version 0.60 the command below on a cisco MDS switch
plink -ssh userid@192.168.1.1 -pw myPasswd “show version”
it worked fine. i then tried:
plink -ssh userid@192.168.1.1 -pw myPasswd “show version;show version”
just to see if it would work and it failed with:
Syntax error while parsing ‘show version,show version’
Cmd exec error.
i need to use plink in something i am developing and need to be able to issue multiple commands???
July 29th, 2011 at 3:13 pm
i figured it out
plink -ssh userid@192.168.1.1 -pw myPasswd “show version ; show users”
there has to be a space before and after the ; or it will throw a syntax error.
if i tried
plink -ssh userid@192.168.1.1 -pw myPasswd “show version;show users”
nope!!! syntax error every time.
July 29th, 2011 at 3:45 pm
Thanos,
Thanks for the follow up – good info for others with the same issue!
Scott
August 3rd, 2011 at 4:37 am
Hey guys!
How can I sent keyboard characters (letters, numbers) to a CISCO Switch? I managed connecting via SSH, but then when the switch responds, it actually expects me to input first User and Password, then Menu Choices…. What I actually want to do is run a script that can disable a given Ethernet port…are there some commands that can be used, or only via Menu?
Regards,
George
August 3rd, 2011 at 11:14 am
hi there, tried your command using the latest build of plink.exe
plink -ssh userid@192.168.1.1 -pw myPasswd “show version ; users” with space in between the semi-colon.
Only the first command runs and the rest is ignored for some reason?! Please help thanks!
September 2nd, 2011 at 1:12 pm
Dear all,
I enabled ssh ver2 in one of my remote router.I can access from putty.exe.But other person who is in another area cannot able to access.Previously he was acessed via telnet.
Now my question is shall we access the router(sshver-2) from the router which having sshver-1.5. Please send mail to my id: network428@gmail.com
September 26th, 2011 at 8:42 pm
i’m having issues now with plink connecting to a cisco C200 server. i can use plink as “plink.exe -ssh admin@10.10.1.1 -pw password” and it connects fine, then i can run “show version” then “exit” and it all nice and happy
.
but then if try to issue :
plink.exe -ssh admin@10.10.1.1 -pw password -m cmd.bat
or
plink.exe -ssh admin@10.10.1.1 -pw password < cmd.bat
or
plink.exe -ssh admin@10.10.1.1 -pw password show version
i get the error: "no entry for terminal type "dumb"; using dumb terminal setting"
any ideas anyone ??
October 3rd, 2011 at 3:48 am
Hi,
Thanks for the article. But i have a problem. I did what you said.
But how will i enter the “enable” password in cisco routers ?
Putty connects to router. Reads the script file. But it stucks in enable pass stage
October 4th, 2011 at 4:19 pm
give to the user privilege 15. it will logon with enable privileges.
October 18th, 2011 at 1:23 pm
I’ve had some trouble with some of the above methods of multiple output, but I did work out a little bat file for Cisco devices that works. I have saved Putty sessions configured with my username, ssh, etc, and Plink is in my windows\system32, so in notepad I wrote the below to stay on the screen and display the output of all the commands until I press the spacebar:
***************************************************************
plink -load myputtysavedsessionname -pw mypassword sho log
plink -load myputtysavedsessionname -pw mypassword sho ver
plink -load myputtysavedsessionname -pw mypassword sho int desc
plink -load myputtysavedsessionname -pw mypassword sho cdp neighbor
pause 5
exit
********************************************************************
The next one below I wrote to output to a .txt or .log file. Note the first line has a single > telling it to create the file or overwrite anything in it. The rest of the lines have 2 >> telling it to add their additional info to the file instead of overwriting it.
********************************************************************
plink -load nameofsavedputtysession -pw mypassword sho log > c:\switchname.txt
plink -load nameofsavedputtysession -pw mypassword sho int status >> c:\switchname.txt
plink -load nameofsavedputtysession -pw mypassword sho int desc >> c:\switchname.txt
plink -load nameofsavedputtysession -pw mypassword sho ver >> c:\switchname.txt
plink -load nameofsavedputtysession -pw mypassword sho cdp neighbor >> c:\switchname.txt
**********************************************************************
saved notepad as a .bat and away I go. Wow is it fast!
Now if I could just get enable to work…
October 28th, 2011 at 4:39 am
Hi,
I am keen to know that to add multiple IPs and commands in above script.
Regards,
Rakesh.T.H
December 22nd, 2011 at 9:24 am
i am trying to reboot a Call Manager using plink but i am unable to type or send “Yes” to the confirmation question like Do you really want to shutdown ? Enter Yes or NO ?
Please can anyone help me with this issue .