LinuxQuestions.org
Go Job Hunting at the LQ Job Marketplace
Go Back   LinuxQuestions.org > Forums > Non-*NIX Forums > Programming
User Name
Password
Programming This forum is for all programming questions.
The question does not have to be directly related to Linux and any language is fair game.

Notices

Reply
 
Search this Thread
Old 04-22-2010, 02:22 PM   #1
seefor
Member
 
Registered: Mar 2006
Posts: 34

Rep: Reputation: 15
Checking to see if SSH is enable on a Cisco Router/Switch


Greetings all.
I'm trying to figure out a simple script to go thought 500 Cisco devices to see if I can SSH to the device. Then display something like this:
10.0.0.1 Yes
10.0.0.2 No
10.0.0.3 No

I tried something like this:
Code:
ssh -q -o BatchMode=yes -o StrictHostKeyChecking=no user@10.0.0.1 "echo 2>&1" && echo "Yes" || echo "No"
When tested the above line it replied No, even if I tried it on a Switch that does not have SSH configure. I found that line of code some were on google.
 
Old 04-22-2010, 03:49 PM   #2
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,373

Rep: Reputation: 1962Reputation: 1962Reputation: 1962Reputation: 1962Reputation: 1962Reputation: 1962Reputation: 1962Reputation: 1962Reputation: 1962Reputation: 1962Reputation: 1962
Personally I'd use a simple Expect script to sift through them all. That's if you want to actually log into them, rather than just see if they are running ssh. If it's just a port check, then nmap can scan them fine.
 
1 members found this post helpful.
Old 04-22-2010, 04:36 PM   #3
seefor
Member
 
Registered: Mar 2006
Posts: 34

Original Poster
Rep: Reputation: 15
Thanks for the reply Acid, I don't need to log into the units, just verify that I can or can't ssh to the unit.

Cool nmap works:
Code:
# nmap -sT -p22 10.0.0.1

Starting nmap 3.48 ( http://www.insecure.org/nmap/ ) at 2010-04-22 15:27 MDT
Interesting ports on 10.0.0.1:
PORT   STATE SERVICE
22/tcp open  ssh
Code:
# nmap -sT -p22 10.0.0.2

Starting nmap 3.48 ( http://www.insecure.org/nmap/ ) at 2010-04-22 15:27 MDT
Interesting ports on 10.0.0.2:
PORT   STATE  SERVICE
22/tcp closed ssh
How can I take the results and change the out to something more like:
10.0.0.1 Yes
10.0.0.2 No

I will be looping thought each IP address from another file.

Thanks again for pointing me to nmap
 
Old 04-23-2010, 03:04 AM   #4
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,373

Rep: Reputation: 1962Reputation: 1962Reputation: 1962Reputation: 1962Reputation: 1962Reputation: 1962Reputation: 1962Reputation: 1962Reputation: 1962Reputation: 1962Reputation: 1962
well to start with you can use the -iL option to pass a list of IP's to nmap directly. -A will also (apparently) try to check the protocol and version of what it finds, should should actually confirm each port 22 IS a working ssh service, not just an open tcp port. As for the output format, the -oG option gives "greppable" output - http://nmap.org/book/output-formats-...le-output.html
 
1 members found this post helpful.
Old 04-23-2010, 08:32 AM   #5
seefor
Member
 
Registered: Mar 2006
Posts: 34

Original Poster
Rep: Reputation: 15
wow, acid that is great stuff, going to try this out soon as I make into the office Bad snow out there
 
Old 04-23-2010, 09:09 AM   #6
seefor
Member
 
Registered: Mar 2006
Posts: 34

Original Poster
Rep: Reputation: 15
Thanks again acid

So I got it work using the following :
Code:
nmap -oG - -T4 -p22 -v 10.0.0.1 | grep ssh
Host: 10.0.0.1  Ports: 22/open/tcp//ssh///
Code:
 nmap -oG - -T4 -p22 -v 10.0.0.7 | grep ssh
Host: 10.0.0.7       Ports: 22/closed/tcp//ssh///
This is going to save me a lot of time

Thanks again for you help, once I finish writing the script to loop thought all the IP address I will post it.
 
Old 04-23-2010, 10:10 AM   #7
seefor
Member
 
Registered: Mar 2006
Posts: 34

Original Poster
Rep: Reputation: 15
Code:
#!/bin/sh
# 
# Shell script utility to read a file line line.
# Then run a nmap command to check to see if SSH is open or close
#
# -----------------------------------------------
# Copyright (c) 2010 SeeFor <http://www.sifizm.com>
# This script is licensed under GNU GPL version 2.0 or above
# -------------------------------------------------------------------------
# This script is part of Sif Baksh ToolKit 
# -------------------------------------------------------------------------
rm -f ssh.log
#This will read ips.dat file and for evey line in ips.dat run nmap -oG - -T4 -p22 -v <ip address> | grep ssh
IPADDRESS=`cat ips.dat`
for ip in $IPADDRESS
        do
                nmap -oG - -T4 -p22 -v $ip | grep ssh >> ssh.log
        done
Thanks again acid

Last edited by seefor; 04-23-2010 at 10:10 AM. Reason: Thanking Acid
 
Old 04-23-2010, 11:04 AM   #8
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,373

Rep: Reputation: 1962Reputation: 1962Reputation: 1962Reputation: 1962Reputation: 1962Reputation: 1962Reputation: 1962Reputation: 1962Reputation: 1962Reputation: 1962Reputation: 1962
As above, the -iL option takes a file input, so there's no need for any script.
 
1 members found this post helpful.
Old 04-23-2010, 03:05 PM   #9
seefor
Member
 
Registered: Mar 2006
Posts: 34

Original Poster
Rep: Reputation: 15
Quote:
Originally Posted by acid_kewpie View Post
As above, the -iL option takes a file input, so there's no need for any script.
Sorry I missed that -iL. WOW a one liner to get all this freaking information is great man.
Code:
 nmap -oG - -T4 -p22 -v -iL ips2.dat | grep ssh >> ssh2.log
I need to start reading up more on Linux CLI tools.

Thanks again acid

Last edited by seefor; 04-23-2010 at 03:07 PM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
ARP sharing between Linux router and Cisco switch zal1en Linux - Networking 4 08-15-2009 05:41 AM
Cisco 831 Cisco Router and Cable Modem metallica1973 Linux - Networking 3 07-14-2008 08:00 PM
How can I change the enable password on a cisco 2960 switch? abefroman Linux - Networking 1 12-23-2007 08:30 AM
LXer: Will an open source router replace your Cisco router? LXer Syndicated Linux News 1 03-21-2007 09:04 AM
TACACS+, Cisco router/switch authentication sancho5 Linux - Networking 2 03-28-2003 03:22 AM


All times are GMT -5. The time now is 06:37 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration