IOS Password changer
Netstudent
Member Posts: 1,693 ■■■□□□□□□□
in CCNP
I need a script or a program that will go out and change passwords on a lot of routers and switches.
I know they're out there, but I want a recommendation from someone who has already used one with success. I would hate to load up faulty code and lock myself out of my own network.
Thanks.
I know they're out there, but I want a recommendation from someone who has already used one with success. I would hate to load up faulty code and lock myself out of my own network.
Thanks.
There is no place like 127.0.0.1 BUT 209.62.5.3 is my 127.0.0.1 away from 127.0.0.1!
Comments
The Cisco Enhanced Dervice Interface Cisco E-DI allows you to manage a group of devices with the CLI as one entity.
Then through Cisco E-DI you can run a perl CLI script to modify the config on the group.
But I'm not sure if the Cisco E-DI is a requirement to run perl scripts in the CLI. Secondly I'm not sure how to get this EDI interface. As far as I know it is a client/server type connection from the EDI server to the IOS.
I did this for something once before. It goes out and actually logs in and enters commands to the CLI. so it would log on and do an 'enable secret <password>'
//you can probably also do it via snmp, which would be cleaner.
username fartknocker privilege 15 password smells ?
And do I get 24 hour tech support on that code?
I'm sure I could install a perl module if I had to.
As luck would have it, I have the one I used before here. Hop on AIM (Metsfan147) and tell me what method you need to use to get on it. I'll modify it accordingly and all you'll need to do is put the passwords into the file after I send it to you.
Although, I do suggest testing it on at least one thing first, just to make sure it's working as expected.
Actually, I would support my own code. If it breaks, I'll fix it for you. . . eventually
I'll post it when it's done as even though it might be too late for you to use it, others may find it useful.
Cheers.
If you have ldap set up already, I know you can have tacacs+ authenticate through PAM on a *nix machine and have PAM set up to use LDAP. I'm not sure if tacacs can directly talk to LDAP although I wouldn't be surprised if it could.
And that is why you purchase a license for CiscoWorks.
CCIE Studies: Written passed: Jan 21/12 Lab Prep: Hours reading: 385. Hours labbing: 110
Taking a time-out to add the CCVP. Capitalizing on a current IPT pilot project.
Depends on how you want to maintain your devices. Thats not the only thing Ciscoworks does.
Do you work for a small shop? I can understand if its just a small company...If you work for a large enterprise Ciscoworks is a necessity.
Using a central authentication server would eliminate the need to make password changes on the individual devices, that was my point.
//dtlokee replied while I was typing. TACAS+ is great. It's made life so much easier. When someone else needs access to the devices ( new person is hired, etc ) just give them an acconut on the tacacs+ server and go on about your business.
This whole automated telnet/ssh session started a year or two ago when I was trying to suck VLAN configs out of 3com 3300s. Those don't have the ability to copy their config to a tftp server, so I had to find a way to script a session.
I've since found the correct SNMP OIDs to do it via SNMP, but the thing was already implemented and working so I didn't bother to rewrite it.
Since then, I've used that option possibly too often, but you have to admit that it's kind of cool to sit there wataching automated sessions going.