Secure Cisco Access: Simplifying SSH Login Automation with Python Paramiko

Secure Cisco Access: Simplifying SSH Login Automation with Paramiko

Introduction:

In the realm of network automation, secure access to Cisco devices is paramount. In this post, we explore a Python script that leverages the Paramiko library to automate SSH login to Cisco routers. This script not only streamlines the login process but also demonstrates how to enter privileged mode, providing network administrators with efficient and secure remote access.

Script Breakdown:

The script begins by importing the Paramiko library for SSH communication and the time module for sleep functionality. It defines a function, cisco_login, which encapsulates the logic for SSH login to a Cisco router.

# Import the Paramiko library for SSH communication
import paramiko
# Import the time module for sleep functionality
import time

# Define a function for Cisco login
def cisco_login(hostname, username, password, enable_password):
    # Create an SSH client
    ssh = paramiko.SSHClient()

    # Automatically add the server's host key (this is insecure, see comments below)
    ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())

    try:
        # Connect to the router using provided credentials
        ssh.connect(hostname, username=username, password=password, allow_agent=False, look_for_keys=False)

        # Create a shell channel for interaction
        channel = ssh.invoke_shell()

        # Wait for the prompt after connecting
        time.sleep(1)
        # Receive and decode the initial output
        output = channel.recv(65535).decode('utf-8')
        print(output)

        # Check if login was successful by looking for '#' or '>'
        if '#' in output or '>' in output:
            # Send the 'enable' command to enter privileged mode
            channel.send("enable\n")
            time.sleep(1)

            # Send the enable password
            channel.send(enable_password + "\n")
            time.sleep(1)

            # Check if the prompt indicates successful enable mode
            enable_output = channel.recv(65535).decode('utf-8')
            print(enable_output)

            # Check if '#' is present in enable mode prompt
            if '#' in enable_output:
                print("Login successful! Entered privilege mode.")
            else:
                print("Enable mode failed!")
                print("Login failed!")

        else:
            print("Login failed!")

        # Close the SSH connection
        ssh.close()

    except Exception as e:
        # Handle exceptions and print an error message
        print(f"Error: {e}")
        print("Login failed!")

# Entry point of the script
if __name__ == "__main__":
    # Replace these values with your router's information
    router_hostname = "172.16.0.200"
    router_username = "cisco"
    router_password = "cisco@123"
    router_enable_password = "cisco@123"

    # Call the function to attempt login
    cisco_login(router_hostname, router_username, router_password, router_enable_password)

 

The script then replaces the traditional Telnet approach with the more secure SSH protocol for communication with the Cisco router. It uses the Paramiko library to establish a secure connection, entering privileged mode by providing the enable password.

Conclusion:

This script exemplifies the importance of secure and automated SSH login to Cisco routers, showcasing the capabilities of the Paramiko library. Enhance your network automation toolkit by incorporating this script for efficient and secure remote access to Cisco devices. Stay tuned for more insights into network automation, as we continue to explore ways to optimize and streamline your networking experience.

Here is the link you YouTube video:

 

 

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *