Articles in this section

See more

Login script

Avatar
Stuart Hill
  • Updated
Follow

This example login script checks for the device vendor, identifies the authentication setup of the device, and responds automatically. It is intended as the first step in tasks that require logging into devices, and therefore sets the following:

  • parameters that are used by other steps that are subsequently called during the task, e.g. vendor, configPrompt, configIfPrompt.
  • diagnostic logging to on for all subsequent steps, unless one of the subsequent steps changes it.
  • tests that are performed before each expect interaction is processed (expectBefore).

1. expect.with
2. {
3. setDiagnosticLogging( true )
4. vendor = device.sysOid.split("\\.")[7]
5. if( vendor.equals("9") )
6. {
7. println "Starting Cisco login"
8. // look for first stage login, e.g. password, username, login
9. // should then receive first stage login prompt, i.e. # or >
10. expect( ~/(?i)(name:|login:|logon:|user:|username:)/ ,
11. { sendln param.username; CONTINUE },
12. ~/(?i)password:/ ,
13. { sendPassword();
14. sendln ''; CONTINUE } ,
15. ~/([a-zA-Z0-9\-_]+[#>]+)/, { } )
16. // extract prompt
17. prompt = getMatcher().group(0)
18. // check to see if the prompt ends with '>' if so, issue the enable command
19. String lastPromptCharacter = prompt.substring(prompt.length()-1)
20. if( lastPromptCharacter.equals( ">" ) )
21. {
22. sendln "enable"
23. expect( ~/(?i)password:/ ,
24. { sendPassword2() ; sendln ""; CONTINUE } ,
25. ~/([a-zA-Z0-9\-_]+[#>]+)/, { } )
26. prompt = getMatcher().group(0)
27. }
28. // verify logged in and prompt ends in '#'
29. lastPromptCharacter = prompt.substring(prompt.length()-1)
30. if( ! lastPromptCharacter.equals( "#" ) )
31. {
32. println "FAILED TO LOGIN"
33. throw new Exception("Failed to successfully login")
34. }
35. // create additional prompts for use in subsequent steps
36. configPrompt = prompt.replaceAll( "#", "(config)#" );
37. configIfPrompt = prompt.replaceAll( "#", "(config-if)#" );
38. // add error detection
39. expectBefore( ~/% Invalid / ,
40. { throw new Exception("Device returned an error") },
41. ~/Cannot find community / ,
42. { throw new Exception("Missing community string") } )
43. println "login complete"
44. }
45. else
46. {
47. println "NO VALID LOGIN"
48. throw new Exception("no valid login method for this device")
49. }
50. }

Overview of the login script structure:

  • Line 4. finds the seventh character of the sysOID to identify the device vendor.
  • Line 5. performs a check for the device vendor. This script concentrates on Cisco but you could extended it to use with devices from other vendors.
  • Lines 10. to 15. identify the login prompt, e.g. login, logon, and then sends the login value. They also identify the password prompt and send the password value. The script disregards login banners that the device may display when first accessed.

~/(?i) indicates the subsequent check is case insensitive.

  • Lines 16. to 19. extracts the prompt character returned after entering the user name and password. This is used to identify the current security mode of the device.
  • Lines 20. to 27. checks for the prompt. If it equals > then the script:
    • sends the enable command.
    • checks for the password prompt and sends the second password.
    • extracts the device hostname and prompt character returned after entering the user name and password.
  • Lines 28. to 34. check the prompt equals #, which would indicate a successful logon. If the login was unsuccessful the script raises an error message.

throw new Exception includes new as it ensures the device name is included in the raised error messages and therefore in the history log. If you do not include new the error would still be raised but would not include the device name.

  • Lines 35. to 44. set up values that can be used in subsequent scripts called by the task:
    • two variables to hold the device and interface configuration prompts.
    • expectBefore checks for patterns before any other pattern checking, in this case failure to login due to the device including invalid in its response or reporting a missing community string.
  • Lines 45. indicates the device vendor was not Cisco. The script raises an error message.
    If you extend the script to include devices from other vendors it is here that you include
    the next if test.

Related articles

Comments

0 comments

Please sign in to leave a comment.