Network automation with expect

You need 3 files:

  • devices.txt (where you put IP addresses of your network devices)
  • config.sh (bash script)
  • exp-config.exp (expect script)

devices.txt would look like this:

192.168.0.100
192.168.0.101
192.168.0.102

config.sh would look like this:

!/bin/bash
Feed the expect script a device list & the collected passwords
for device in cat devices.txt; do
./exp-config.exp $device ;
done

exp-config.exp would look like this:

!/usr/bin/expect -f
############## First Segment
set hostname [lindex $argv 0]
set username “USERNAME”
set password “PASSWORD”
set Directory /home/user/log-directory
#Log results
#
#uncomment to use this to log every host separately
#log_file -a $Directory/session_$hostname.log
#
#uncomment to use all logs in one file
#log_file -a logfile.log
#
############## Second Segment
Announce which device we are working on and at what time
send_user “\n”
send_user “>>>>> Working on $hostname @ [exec dateo] <<<<<\n”
send_user “>>>>> Working on $hostname @ [exec dateo] <<<<<\n”
send_user “\n”
spawn telnet $hostname
expect {
timeout { send_user “\nTimeout Exceeded – Check Host\n”; exit 1 }
eof { send_user “\nTelnet Connection To $hostname Failed\n”; exit 1 }
ser” {
send “$username\n”
expect “assword:” { send “$password\n” expect “#”
}
}
}
############## Third Segment
#show command example
#uncomment to skip “press any key to continue” or “–More–“
#send “term len 0\n”
expect “#”
send “show ip route\n”
expect “#”
#
#
#configuration example
send “conf t\n”
expect “(config)#”
send “aaa authorization commands 1 default group tacacs+ local \n”
#
send “exit\n”
expect “:~\$”
exit

source1, source2

OpenSSL error while converting .p12 to .cer

openssl pkcs12 -nokeys -clcerts -in <filename.p12> -out <filename.cer>

Enter Import Password:
Error outputting keys and certificates
4087C8485B7F0000:error:0308010C:digital envelope routines:inner_evp_generic_fetch:unsupported:../crypto/evp/evp_fetch.c:349:Global default library context, Algorithm (RC2-40-CBC : 0), Properties ()

Try adding -legacy:

openssl pkcs12 -nokeys -clcerts -in <filename.p12> -out <filename.cer> -legacy