Netonix Forums

I used an llm to crudely put together a bash script to update the passwords in a list of netonix switches. I know I have searched for this for a while and never found an easy way, so hopefully this is a benefit to others.

the script has dependencies of sshpass and expect. The list of switches is pulled from ./switches.txt and expects one address per line.

Use at your own risk.

Code: Select all

 #!/bin/bash

# Color codes for output
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
NC='\033[0m' # No Color

LOG_FILE="switch_password_change.log"

# Enable pipefail but disable -e to allow manual error handling
set -o pipefail

# Function to log messages with timestamp
log_message() {
 local status="$1"
 local message="$2"
 echo "$(date '+%Y-%m-%d %H:%M:%S') [$status] $message" >> "$LOG_FILE"
}

# Function to change switch password using expect with login failure handling
change_switch_password() {
 local switch="$1"
 local current_password="$2"
 local new_password="$3"

 /usr/bin/expect <<EOF
set timeout 20
spawn ssh -o StrictHostKeyChecking=no admin@$switch
expect {
 "*assword:" {
 send "$current_password\r"
 exp_continue
 }
 "Permission denied, please try again." {
 exit 2
 }
 "#"
 {
 # Successful login prompt
 }
 timeout {
 exit 1
 }
 eof {
 exit 1
 }
}

send "configure\r"
expect "#"
send "credentials password $new_password\r"
expect "#"
send "exit\r"
expect {
 "Press ENTER to confirm" {
 send "\r"
 exp_continue
 }
 "#" {}
}
send "exit\r"
expect eof
EOF

 local status=$?
 if [ $status -eq 0 ]; then
 return 0
 elif [ $status -eq 2 ]; then
 # Explicit login failure detected
 return 1
 else
 return 1
 fi
}

main() {
 echo -e "${GREEN}Netonix Network Switch Password Change Script${NC}"
 echo "============================================="

 # Check dependencies: expect
 if ! command -v expect >/dev/null 2>&1; then
 echo -e "${RED}Expect is required but not installed. Please install expect and try again.${NC}"
 exit 1
 fi

 # Prepare switches file
 local switches_file="switches.txt"
 if [ ! -f "$switches_file" ]; then
 echo -e "${RED}Switches file '$switches_file' not found.${NC}"
 exit 1
 fi

 mapfile -t switches < "$switches_file"

 # Prompt for passwords
 read -rsp "Enter current password: " current_password
 echo
 read -rsp "Enter new password: " new_password
 echo
 read -rsp "Confirm new password: " new_password_confirm
 echo

 if [ "$new_password" != "$new_password_confirm" ]; then
 echo -e "${RED}New passwords do not match. Exiting.${NC}"
 exit 1
 fi

 local success_count=0
 local failure_count=0

 # Disable exit on error to process all switches
 set +e

 for switch in "${switches[@]}"; do
 echo
 echo -e "${YELLOW}Processing $switch...${NC}"

 if change_switch_password "$switch" "$current_password" "$new_password"; then
 log_message "SUCCESS" "Password changed successfully on $switch"
 ((success_count++))
 echo -e "${GREEN}✓ Success: $switch${NC}"
 else
 log_message "ERROR" "Failed to change password on $switch"
 ((failure_count++))
 echo -e "${RED}✗ Failed: $switch${NC}"
 fi
 done

 # Re-enable exit on error if desired
 set -e

 echo
 echo "Summary:"
 echo -e "${GREEN}Successes: $success_count${NC}"
 echo -e "${RED}Failures: $failure_count${NC}"

 if [ $failure_count -gt 0 ]; then
 echo -e "${RED}Check the log file $LOG_FILE for details about failures.${NC}"
 fi
}

main "$@"