the script has dependencies of sshpass and expect. The list of switches is pulled from ./switches.txt and expects one address per line.
Use at your own risk.
- Code: Select all
#!/bin/bash
# Color codes for output
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
NC='\033[0m' # No Color
LOG_FILE="switch_password_change.log"
# Enable pipefail but disable -e to allow manual error handling
set -o pipefail
# Function to log messages with timestamp
log_message() {
local status="$1"
local message="$2"
echo "$(date '+%Y-%m-%d %H:%M:%S') [$status] $message" >> "$LOG_FILE"
}
# Function to change switch password using expect with login failure handling
change_switch_password() {
local switch="$1"
local current_password="$2"
local new_password="$3"
/usr/bin/expect <<EOF
set timeout 20
spawn ssh -o StrictHostKeyChecking=no admin@$switch
expect {
"*assword:" {
send "$current_password\r"
exp_continue
}
"Permission denied, please try again." {
exit 2
}
"#"
{
# Successful login prompt
}
timeout {
exit 1
}
eof {
exit 1
}
}
send "configure\r"
expect "#"
send "credentials password $new_password\r"
expect "#"
send "exit\r"
expect {
"Press ENTER to confirm" {
send "\r"
exp_continue
}
"#" {}
}
send "exit\r"
expect eof
EOF
local status=$?
if [ $status -eq 0 ]; then
return 0
elif [ $status -eq 2 ]; then
# Explicit login failure detected
return 1
else
return 1
fi
}
main() {
echo -e "${GREEN}Netonix Network Switch Password Change Script${NC}"
echo "============================================="
# Check dependencies: expect
if ! command -v expect >/dev/null 2>&1; then
echo -e "${RED}Expect is required but not installed. Please install expect and try again.${NC}"
exit 1
fi
# Prepare switches file
local switches_file="switches.txt"
if [ ! -f "$switches_file" ]; then
echo -e "${RED}Switches file '$switches_file' not found.${NC}"
exit 1
fi
mapfile -t switches < "$switches_file"
# Prompt for passwords
read -rsp "Enter current password: " current_password
echo
read -rsp "Enter new password: " new_password
echo
read -rsp "Confirm new password: " new_password_confirm
echo
if [ "$new_password" != "$new_password_confirm" ]; then
echo -e "${RED}New passwords do not match. Exiting.${NC}"
exit 1
fi
local success_count=0
local failure_count=0
# Disable exit on error to process all switches
set +e
for switch in "${switches[@]}"; do
echo
echo -e "${YELLOW}Processing $switch...${NC}"
if change_switch_password "$switch" "$current_password" "$new_password"; then
log_message "SUCCESS" "Password changed successfully on $switch"
((success_count++))
echo -e "${GREEN}✓ Success: $switch${NC}"
else
log_message "ERROR" "Failed to change password on $switch"
((failure_count++))
echo -e "${RED}✗ Failed: $switch${NC}"
fi
done
# Re-enable exit on error if desired
set -e
echo
echo "Summary:"
echo -e "${GREEN}Successes: $success_count${NC}"
echo -e "${RED}Failures: $failure_count${NC}"
if [ $failure_count -gt 0 ]; then
echo -e "${RED}Check the log file $LOG_FILE for details about failures.${NC}"
fi
}
main "$@"