SecureCRT Script for Mass Changing Cisco Switch/Router Passwords

Attached to this post is a simple script which connects over either Telnet or SSH to a list of devices and resets the enable password, local password for the vty lines, and the console password. The script will login either with a username/password pair or with just a password. The script is setup to work with Cisco IOS devices, but customizing it for CatOS or some other vendor would not be difficult.

SecureCRT has a handy automation API which lets you build on the protocol support in it to automate tasks over the protocols it supports. As a Windows user, I don’t have things like Perl or an Expect shell readily available, but, I do have SecureCRT and VBScript. I wasn’t able to find much in the way of samples for this particular SecureCRT feature aside from the manufacturer’s webpage, so I thought I would share one I made.

There are a series of constants at the top of the file where the applicable credentials should be specified. The devices.txt path is set to c:\scripts\devices.txt. You can modify this to your liking.

The syntax for each line in the devices.txt is:

Hostname;IPOrFQDN;Protocol

Hostname isn’t actually used, but it’s there if you want to add logging or something like that.

Protocol can be Telnet, SSH1, or SSH2.

The script and a sample devices.txt is attached in the zip below. The usual bit applies – it’s not my fault if something breaks. I’ve used this several times to mass change passwords and had it work every time, but I offer no guarantees. Enjoy.

Share this post: email it! | digg it! | bookmark it! | live it!

Leave a Reply

Your email address will not be published. Required fields are marked *