Jump to content
Sign in to follow this  
support

Reset Cisco Host Password (by Click Studios)

Recommended Posts

Script Name

Reset Cisco Host Password

 

Description

Script to reset a password on a Cisco switch or router

 

System Requirements

  • SSH Access to the router or switch

 

Successfully Tested Against

  • Cisco Catalyst 2950 Switch with iOS Version 12.1(22)EA14 (C2950-I6K2L2Q4-M)
  • Cisco 877 Router with IOS V15.1(1)T (C870-ADVSECURITYK9-M)

 

Failed Testing Against

  • None reported 

 
PowerShell Script

<#
.SYNOPSIS
Connect to a Cisco networking host via SSH, and change the password for an account.
#>
#------------------------------------------------------------------------------------
# Define the Read and Write Stream functions for the script to be used
#------------------------------------------------------------------------------------
function ReadStream($reader)
{
	$line = $reader.ReadLine();
	while ($line -ne $null)
	{
		$line
		$line = $reader.ReadLine()
	}
}

function WriteStream($cmd, $writer, $stream)
{
	$writer.WriteLine($cmd)
	while ($stream.Length -eq 0)
	{
		start-sleep -milliseconds 500
	}
}


#------------------------------------------------------------------------------------
# Define Cmdlet to SSH to client and execute custom script to change account password
#------------------------------------------------------------------------------------
function Set-CiscoHostPassword
{
	[CmdletBinding()]
	param (
		[String]$HostName,
		[int]$Port,
		[String]$UserName,
		[String]$OldPassword,
		[String]$NewPassword,
		[String]$PrivilegedAccountPassword
	)
	
	#Script to be called once a SSH session has been established. Add one command per line, and `r for Carriage returns
	$Script = @"
	enable`r$PrivilegedAccountPassword`r
	config t
    username $UserName password $NewPassword
    exit
    wr mem
    exit
"@
	
	try
	{
		$errorActionPreference = "Stop"
		#Make a connection to the host
		Add-Type -Path "[PasswordstateBinFolderPath]\Renci.SshNet.dll" #Include SSH.NET Assembly
		
		$connectionInfo = New-Object Renci.SshNet.PasswordConnectionInfo($HostName, $Port, $UserName, $OldPassword)
		$connectionInfo.Timeout = New-TimeSpan -Seconds 30
		
		$sshclient = New-Object Renci.SshNet.SshClient($connectionInfo)
		$sshclient.Connect()
		$sshclient.SendKeepAlive()
		
		if ($sshclient.IsConnected)
		{
			#Now that we are connected, attempt to execute the script above
			$stream = $sshclient.CreateShellStream("ssh_stream", 80, 24, 800, 600, 1024)
			
			$reader = new-object System.IO.StreamReader($stream)
			$writer = new-object System.IO.StreamWriter($stream)
			$writer.AutoFlush = $true
			
			while ($stream.Length -eq 0)
			{
				start-sleep -milliseconds 500
			}
			ReadStream $reader | out-null #Suppress any output so we don't capture any login banners
			WriteStream $Script $writer $stream
			
			#Dispose of SSH Client
			$stream.Dispose()
			$sshclient.Disconnect()
			$sshclient.Dispose()
			
			#Use a Switch statement to build up a list of exceptions to capture as required. If there is no matching exception, it is assumed the execution of the script was a success
			$results = $reader.ReadToEnd()
			switch -wildcard ($results.ToString().ToLower())
			{
				"*Bad secrets*" { Write-Output "Failed to reset password for account '$UserName' on Host '$HostName' as the enable password appears to be incorrect. Please check the Privileged Account Credentials associated with the Password Reset script."; break }
				"*invalid input detected*" { Write-Output "Failed to execute script correctly against Host '$HostName' for the account '$UserName'. Error = " $results; break }
				#Add other wildcard matches here as required
				default { Write-Output "Success" }
			}
		}
		else
		{
			Write-Output "Failed to connect to the Host '$HostName' to reset the password for the account '$UserName'. Please check the Host is online, and accessible on the network."
		}
	}
	catch
	{
		switch -wildcard ($error[0].Exception.ToString().ToLower())
		{
			"*connection failed because connected host has failed to respond*" { Write-Output "Failed to connect to the Host '$HostName' to reset the password for the account '$UserName'. Please check the Host is online, and accessible on the network."; break }
			"*Permission denied (password)*" { Write-Output "Failed to connect to the Host '$HostName' to reset the password for the account '$UserName'. Please check the correct port is specified and username/password are correct. Error = 'Permission denied (password)'."; break }
			"*Cannot access a disposed object*" { break } # Caused by the Privileged Account Credentials being incorrect
			#Add other wildcard matches here as required
			default { Write-Output "Failed to reset password for account '$UserName' on Host '$HostName'. Error = " $error[0].Exception }
		}
	}
}

#Make a call to the Set-CiscoHostPassword function
Set-CiscoHostPassword -HostName '[HostName]' -Port '[RemoteConnectionPort]' -UserName '[UserName]' -OldPassword '[OldPassword]' -NewPassword '[NewPassword]' -PrivilegedAccountPassword '[PrivilegedAccountPassword]'

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×