Developer Guide

Crassh is supplied as a Python module which developers can include in their own scripts. Crassh is a Paramiko wrapper specifically designed for talking to Cisco IOS devices and routers.

Developers/Coders are reminded not to reinvent the wheel, crassh (as a standalone script) can already read commands from a file and execute them on either one device or many devices (i.e. read list of devices from a file), tasks such as backing up the network estate do not require any additional scripts/development.

Where crassh as a module is valuable is doing something other than executing commands and printing/storing the result.

An example of doing something is writing an auditing script; the following example is taken from my personal blog where crassh can be used in a script to look for the insecure SNMP community public.

#!/usr/bin/env python
# coding=utf-8

import crassh

# Variables
routers = ["10.159.83.135", "10.159.83.136"]
username = "nick"
password = "nick"

# Loop
for device in routers:

    try:
        hostname = crassh.connect(device, username, password)

        output = crassh.send_command("show run | inc snmp-server community", hostname)
        crassh.disconnect()

        # Split the output by spaces so we can search the response
        words = output.split()

        # Look for "public" in the output
        for x in words:
            if x == "public":
                print("DANGER: Public SNMP Community set on %s [%s]" % (hostname, device))
    except:
        pass # If connect fails, move onto next router in the list.

C.R.A.SSH (crassh) autodoc

The autodoc automagically documents all of the functions from the source code.

Python script to automate running commands on switches.

Cisco Remote Automation via Secure Shell... or C.R.A.SSH for short!

crassh.connect(device='127.0.0.1', username='cisco', password='cisco', enable=False, enable_password='cisco', sysexit=False, timeout=10)

Connect and get Hostname of Cisco Device

This function wraps up paramiko and returns the hostname of the Cisco device. The function creates two global variables remote_conn_pre and remote_conn which are the paramiko objects for direct manipulation if necessary.

Args:

device (str): IP Address or Fully Qualifed Domain Name of Device

username (str): Username for SSH Authentication

password (str): Password for SSH Authentication

enable (bool): Is enable going to be needed?

enable_password (str): The enable password

sysexit (bool): Should the connecton exit the script on failure?

Returns:

str. The hostname of the device

Example:

>>> hostname = connect("10.10.10.10", "nick", "cisco")
>>> print(hostname)
r1

REF:

• https://pynet.twb-tech.com/blog/python/paramiko-ssh-part1.html
• http://yenonn.blogspot.co.uk/2013/10/python-in-action-paramiko-handling-ssh.html

crassh.disconnect()

Disconnect an SSH Session

Crassh wrapper for paramiko disconnect

No Argumanets, disconnects the current global variable remote_conn_pre

crassh.do_no_harm(command)

Check Commands for dangerous things

Args:

command (str): The Command you wish to run on the device.

Returns:

Nothing

This function will sys.exit() if an evil command is found

>>> crassh.do_no_harm("show ver")
>>>

So, good commands just pass through with no response... maybe I should oneday make it a True/False kind of thing.

crassh.isgroupreadable(filepath)

Checks if a file is Group readable

Args:

filepath (str): Full path to file

Returns:

bool. True/False

Example:

>>> print(str(isgroupreadable("file.txt")))
True

REF: http://stackoverflow.com/questions/1861836/checking-file-permissions-in-linux-with-python

crassh.isotherreadable(filepath)

Checks if a file is Other readable

Args:

filepath (str): Full path to file

Returns:

bool. True/False

Example:

>>> print(str(isotherreadable("file.txt")))
True

crassh.main()

Main Code Block

This is the main script that Network Administrators will run.

No Argumanets. Input is used for missing CLI Switches.

crassh.print_help(exitcode=0)

Prints the Help for the CLI tool

Args:

exit (int): Exit Code

Returns:

None

When called this function will sys.exit()

crassh.readauthfile(filepath)

Read C.R.A.SSH Authentication File

The file format is a simple, one entry per line, colon separated affair:

username: nick
password: cisco

Args:

filepath (str): Full path to file

Returns:

tuple. username and password

Example:

>>> username, password = readauthfile("~/.crasshrc")
>>> print(username)
nick
>>> print(password)
cisco

crassh.readtxtfile(filepath)

Read lines of a text file into an array Each line is stripped of whitepace.

Args:

filepath (str): Full path to file

Returns:

array. Contents of file

Example:

>>> print(readtxtfile("./routers.txt"))
1.1.1.1
1.1.1.2
1.1.1.3

crassh.send_command(command='show ver', hostname='Switch', bail_timeout=60)

Sending commands to a switch, router, device, whatever!

Args:

command (str): The Command you wish to run on the device.

hostname (str): The hostname of the device (expected in the prompt).

bail_timeout (int): How long to wait for command to finish before giving up.

Returns:

str. A text blob from the device, including line breaks.

REF: http://blog.timmattison.com/archives/2014/06/25/automating-cisco-switch-interactions/