Developer Guide¶
Crassh is supplied as a Python module which developers can include in their own scripts. Crassh is a Paramiko wrapper specifically designed for talking to Cisco IOS devices and routers.
Developers/Coders are reminded not to reinvent the wheel, crassh (as a standalone script) can already read commands from a file and execute them on either one device or many devices (i.e. read list of devices from a file), tasks such as backing up the network estate do not require any additional scripts/development.
Where crassh as a module is valuable is doing something other than executing commands and printing/storing the result.
An example of doing something is writing an auditing script; the following example is taken from my personal blog where crassh can be used in a script to look for the insecure SNMP community public
.
#!/usr/bin/env python
# coding=utf-8
import crassh
# Variables
routers = ["10.159.83.135", "10.159.83.136"]
username = "nick"
password = "nick"
# Loop
for device in routers:
try:
hostname = crassh.connect(device, username, password)
output = crassh.send_command("show run | inc snmp-server community", hostname)
crassh.disconnect()
# Split the output by spaces so we can search the response
words = output.split()
# Look for "public" in the output
for x in words:
if x == "public":
print("DANGER: Public SNMP Community set on %s [%s]" % (hostname, device))
except:
pass # If connect fails, move onto next router in the list.
C.R.A.SSH (crassh) autodoc¶
The autodoc automagically documents all of the functions from the source code.
- Python script to automate running commands on switches.
- Cisco Remote Automation via Secure Shell... or C.R.A.SSH for short!
-
crassh.
connect
(device='127.0.0.1', username='cisco', password='cisco', enable=False, enable_password='cisco', sysexit=False, timeout=10)¶ Connect and get Hostname of Cisco Device
This function wraps up
paramiko
and returns the hostname of the Cisco device. The function creates two global variablesremote_conn_pre
andremote_conn
which are the paramiko objects for direct manipulation if necessary.- Args:
device (str): IP Address or Fully Qualifed Domain Name of Device
username (str): Username for SSH Authentication
password (str): Password for SSH Authentication
enable (bool): Is enable going to be needed?
enable_password (str): The enable password
sysexit (bool): Should the connecton exit the script on failure?
- Returns:
- str. The hostname of the device
Example:
>>> hostname = connect("10.10.10.10", "nick", "cisco") >>> print(hostname) r1
-
crassh.
disconnect
()¶ Disconnect an SSH Session
Crassh wrapper for paramiko disconnect
No Argumanets, disconnects the current global variable
remote_conn_pre
-
crassh.
do_no_harm
(command)¶ Check Commands for dangerous things
- Args:
- command (str): The Command you wish to run on the device.
- Returns:
- Nothing
This function will
sys.exit()
if an evil command is found>>> crassh.do_no_harm("show ver") >>>
So, good commands just pass through with no response... maybe I should oneday make it a True/False kind of thing.
-
crassh.
isgroupreadable
(filepath)¶ Checks if a file is Group readable
- Args:
- filepath (str): Full path to file
- Returns:
- bool. True/False
Example:
>>> print(str(isgroupreadable("file.txt"))) True
REF: http://stackoverflow.com/questions/1861836/checking-file-permissions-in-linux-with-python
-
crassh.
isotherreadable
(filepath)¶ Checks if a file is Other readable
- Args:
- filepath (str): Full path to file
- Returns:
- bool. True/False
Example:
>>> print(str(isotherreadable("file.txt"))) True
-
crassh.
main
()¶ Main Code Block
This is the main script that Network Administrators will run.
No Argumanets. Input is used for missing CLI Switches.
-
crassh.
print_help
(exitcode=0)¶ Prints the Help for the CLI tool
- Args:
- exit (int): Exit Code
- Returns:
- None
When called this function will
sys.exit()
-
crassh.
readauthfile
(filepath)¶ Read C.R.A.SSH Authentication File
The file format is a simple, one entry per line, colon separated affair:
username: nick password: cisco
- Args:
- filepath (str): Full path to file
- Returns:
- tuple.
username
andpassword
Example:
>>> username, password = readauthfile("~/.crasshrc") >>> print(username) nick >>> print(password) cisco
-
crassh.
readtxtfile
(filepath)¶ Read lines of a text file into an array Each line is stripped of whitepace.
- Args:
- filepath (str): Full path to file
- Returns:
- array. Contents of file
Example:
>>> print(readtxtfile("./routers.txt")) 1.1.1.1 1.1.1.2 1.1.1.3
-
crassh.
send_command
(command='show ver', hostname='Switch', bail_timeout=60)¶ Sending commands to a switch, router, device, whatever!
- Args:
command (str): The Command you wish to run on the device.
hostname (str): The hostname of the device (expected in the
prompt
).bail_timeout (int): How long to wait for
command
to finish before giving up.- Returns:
- str. A text blob from the device, including line breaks.
REF: http://blog.timmattison.com/archives/2014/06/25/automating-cisco-switch-interactions/