Error passing multiple commands to Cisco CLI via plink

Question

I've gotten some help with an earlier part of this batch file, but now I'm having trouble with the final component. I've tried a few things with no success. I tried changing the CRLF to LF which did nothing. I also tried rephrasing the commands a few ways but I am still not getting anywhere. The following is my main batch file.

@echo on

REM delete deauth command file
SET OutFile="C:\temp\Out2.txt"
IF EXIST "%OutFile%" DEL "%OutFile%"

plink -v -ssh *@x.x.x.x -pw PW -m "c:\temp\WirelessDump.txt" > "C:\temp\output.txt"

setlocal
for /f %%a in (C:\temp\output.txt) do >> "Out2.txt" echo wir cli mac-address %%a deauth forced

REM Use commands in out2 to deauth
plink -v -ssh *@x.x.x.x -pw PW -m "c:\temp\Out2.txt"
pause

Below this sentence is the command found in Out2 which I think is giving the actual trouble. The number of lines varies but they are all this particular command just with differing MACs.

wir cli mac-address xxxx.xxxx.xxxx deauth forced

If Out2 has only a single line it runs fine, no issues. But when there are multiple lines, it fails with an error stating that the Line has an invalid autocommand. It's almost as if it was reading it as one contiguous command. As I mentioned above I changed from CRLF to LF hoping IOS would like it better, but that failed. I've tried adding extra lines between the commands, and I've tried calling the login every time from that file.

I am hoping that there is a way to tailor the commands to pass all lines one at a time to keep this down to a minimum of files.

I had another thought but it is kinda/very clunky. If there was a way to output each of those MAC deauth commands to their own file in a saperate folder (out1, out2, out3), and have the BAT able to run all the randomly generated files in that folder so that each one is a separated plink session.

Let me know if I need to change/add/elaborate on anything. Thanks in advance for anything you guys are willing to help with. I appreciate it.

EDIT: Martin has pointed out what the limitation actually is. It appears to be a limitation on Cisco to accept blocks of commands through SSH. So I still have the same question really, I just need some help figuring a workaround to this issue. I'm thinking the multiple file solution I mentioned above may have some possibility. But I'm too much of a noob to know how to make that work. I'll update if I have any breakthroughs though. Thanks for any contributions!

Answer 1

It's actually a known limitation of Cisco, that it does not support multiple commands in an SSH "exec" channel command.

Quoting section 3.8.3.6 -m: read a remote command or script from a file of PuTTY/Plink manual:

With some servers (particularly Unix systems), you can even put multiple lines in this file and execute more than one command in sequence, or a whole shell script; but this is arguably an abuse, and cannot be expected to work on all servers. In particular, it is known not to work with certain ‘embedded’ servers, such as Cisco routers.

---

Though you can probably still feed multiple commands to Plink input:

(
  echo command 1
  echo command 2
  echo command 3
  echo exit
) | plink -v -ssh user@host -pw password > output.txt

Or you can simply use an input file:

plink -v -ssh user@host -pw password < input.txt > output.txt

---

Similar question: A way of typing multiple commands in cmd.txt file using PuTTY batch against Cisco

Answer 2

I ran into the same issue when trying to pull the full list of ACLs on an ASA via plink in powershell.

Essentially, due to the abuse issue referenced in the documentation: https://the.earth.li/~sgtatham/putty/0.72/htmldoc/Chapter3.html#using-cmdline-m, I was getting inconsistent results in pulling the ACLs. Sometimes I would get 0, sometimes only 1 or 2, and sometimes I would get all of them. (I personally, had about a 1 in 5 success rate).

As I would occasionally be successful I used a while loop that would catch the unsuccessful attempts and retry. Just be sure to put some timing on the while loop to prevent it from spamming ssh connections too much.

It is not a good solution, but it worked as a last resort.

Answer 3

This works without cmd.exe and using files:

 function Invoke-PlinkCommandsIOS { 
     param (
        [Parameter(Mandatory=$true)][string] $Host,
        [Parameter(Mandatory=$true)][System.Management.Automation.PSCredential] $Credential,
        [Parameter(Mandatory=$true)][string] $Commands,
        [Switch] $ConnectOnceToAcceptHostKey = $false
    )
     $PlinkPath="$PSScriptRoot\plink.exe"
    $commands | & "$PSScriptRoot\plink.exe" -ssh -2 -l $Credential.GetNetworkCredential().username -pw "$($Credential.GetNetworkCredential().password)" $Host -batch
 } 

Usage: dont forget your exit's and terminal length 0 or it will hang

PS C:\> $Command = "terminal lenght 0
>> show running-config
>> exit
>> "
>>
PS C:\> Invoke-PlinkCommandsIOS -Host ace-dc1 -Credential $cred -Commands $Command

....

Answer 4

Sounds like your file 'Out2.txt' has only LF at end of line. Simple way to convert that to CRLF is to use MORE command and redirect output to a new file and then use the new file.

more Out2.txt > Out2CRLF.txt