A request to reboot a Cisco ASA every week came in today. Under Cisco IOS there is a kron
which would accommodate us here, however there appears to be no such thing under the ASA OS (is it still called FOS?). The next best thing is to run a perl script which utilises the Net::SSH::Expect
module to negotiate the SSH login.
As we are using an ASA without any kind of AAA usernames we also need to get past uplifting our privileges using en
.
I’m on a FreeBSD server so i need to install the correct perl module via the ports first:
# cd /usr/ports/net/p5-Net-SSH-Expect/ # make install
Now we can write and test the script:
#! /usr/bin/perl -w use strict; use Net::SSH::Expect; my $host_ip = "1.1.1.1"; my $login_name = "xxxx"; my $login_password = "yyyy"; my $en_password = "zzzz"; my $ssh = Net::SSH::Expect->new ( host => $host_ip, password=> $login_password, user => $login_name, raw_pty => 1 ); my $login_output = $ssh->login(); if ($login_output !~ /Type help/) { die "Login has failed. Login output was $login_output"; } $ssh->send("en"); $ssh->waitfor('Password:', 1) or die "prompt 'Password:' not found after 1 second"; $ssh->send($en_password); $ssh->exec("reload noconfirm");
Add the script to the crontab and we’re away!