Tuesday, 26 August 2014

Linux: Remote Shutdown/WoL Window's with 802.1x enabled | Part 3 Automated Macro Scripts

Automated Macro Scripts

This script runs the macros which disables and re-enables dot1x on the switches interfaces.

 #!/usr/bin/expect -f

# Set variables
 set hostname [lindex $argv 0]

# Log results
 log_file -a ~/results.log

# Announce which device we are working on and at what time
 send_user "\n"
 send_user ">>>>>  Working on $hostname @ [exec date] <<<<<\n"
 send_user "\n"

 spawn ssh michael@192.168.1.252

# Allow this script to handle ssh connection issues
 expect {
 timeout { send_user "\nTimeout Exceeded - Check Host\n"; exit 1 }
 eof { send_user "\nSSH Connection To $hostname Failed\n"; exit 1 }
 "*#" {}
 "*assword:" {
 send "$password\n"
 }
 }

 send "macro apply nodot1x\n"
 expect "#"
 send "exit\n"
 expect "#"
 sleep 10
 send "macro apply dot1x\n"
 expect "#"
 exit


 Testing script



So what I've managed to do is get an automated WoL with Remote Shutdown incorporating 802.1x.

Sources;

http://docwiki.cisco.com/wiki/Remote_VTY_Command_Script
http://stackoverflow.com/questions/16385328/expect-scripting-tcl
http://docs.oracle.com/cd/E35328_01/E35336/html/vmcli-script.html
http://paulgporter.net/2012/12/08/30/
http://en.kioskea.net/faq/28828-sending-cisco-commands-sent-via-ssh-telnet

Linux: Remote Shutdown/WoL Window's with 802.1x enabled | Part 2 - Cronjobs

Cronjobs


Cronjobs can be used to automate the bash scripts that I had created.

  • Enter cronjob -e  to start or sudo crontab -e
 
 
What I would like to do next is automate the macro that I created on the switches, which disables and re-enables dot1x.

Sources;

http://www.thegeekstuff.com/2009/06/15-practical-crontab-examples/
http://www.linuxquestions.org/questions/linux-general-1/run-bash-commands-script-as-cron-542913/

Cisco 300 Switch: SSH Public Key Authentication

Generate SSH Keys


The following was completed on Ubuntu desktop.
  • Open 'Passwords and Keys'
  • Click add then 'Secure Shell Key'
  • Press 'Continue'
  • Give your key a description
  • Then click 'Just Create Key'

 
You will be prompted for a 'passphrase', you can leave it blank if you want.

You can also do this quickly from terminal with the following commands;




Configure Switch


Enter the following commands;

 

Additionally create an account with the 'username' command in global config.

Now setup the RSA key;

 

After entering 'key-string' press enter and put in the SSH key that you generated earlier.  Press enter twice when you've copied the key over, and it should show a 'Fingerprint' id

I had a problem with the number of retries allowed when logging in this way (As I created a SSH key for each device, instead of just using one for all of the devices). I cleared this up by removing some RSA keys that I no longer use. You can increase the number of SSH retries, but on the 300 switches the command does not appear.

If you do get a problem logging via ssh in try this;

  • ssh -o PubkeyAuthentication=no username@hostname.com


Sources;


http://superuser.com/questions/187779/too-many-authentication-failures-for-username
http://www.thegeekstuff.com/2008/11/3-steps-to-perform-ssh-login-without-password-using-ssh-keygen-ssh-copy-id/
http://blog.campodoro.org/?p=2243