├── script
    ├── hosts
    ├── commands
    └── mikrotik-ssh.py
├── LICENSE
└── README.md


/script/hosts:
--------------------------------------------------------------------------------
1 | 192.168.10.2
2 | 10.25.17.4
3 | 10.25.17.6
4 | 10.25.17.43
5 | 


--------------------------------------------------------------------------------
/script/commands:
--------------------------------------------------------------------------------
1 | /ip firewall address-list add list=ACCESS address=192.168.200.0/24
2 | /ip firewall address-list add list=STOP-POOL address=172.16.16.0/24
3 | /ip firewall nat add chain=srcnat src-address-list=STOP-POOL dst-address-list=ACCESS action=masquerade
4 | /ip firewall address-list add list=proxy address=172.16.16.0/24
5 | /ip firewall mangle add action=mark-connection chain=prerouting connection-state=new disabled=no dst-address-list=!ACCESS dst-port=80 new-connection-mark=cancel passthrough=yes protocol=tcp src-address-list=STOP-POOL
6 | /ip firewall nat add action=redirect chain=dstnat connection-mark=cancel disabled=no dst-port=80 protocol=tcp src-address-list=STOP-POOL to-ports=8080
7 | /ip proxy access add action=deny disabled=no dst-port="" redirect-to="www.your-website.com/\?index.php?info-page" src-address=172.16.16.0/24 comment="redirect stop pool"
8 | 


--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
 1 | MIT License
 2 | 
 3 | Copyright (c) 2017 Čedomir Krsmanović
 4 | 
 5 | Permission is hereby granted, free of charge, to any person obtaining a copy
 6 | of this software and associated documentation files (the "Software"), to deal
 7 | in the Software without restriction, including without limitation the rights
 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
 9 | copies of the Software, and to permit persons to whom the Software is
10 | furnished to do so, subject to the following conditions:
11 | 
12 | The above copyright notice and this permission notice shall be included in all
13 | copies or substantial portions of the Software.
14 | 
15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
21 | SOFTWARE.
22 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
 1 | # MikroTik SSH script based on Python "paramiko" module
 2 | 
 3 | This is a tool for executing many MikroTik commands from external `commands` file to many MikroTik routers listed in `hosts` file. Using ssh keys method is strongly advised! Remember to remove all credentials left in clear text if you opt in for that type of connection!
 4 | 
 5 | Log files `error.log` or `success.log` are appended depending on the result of the script execution.
 6 | 
 7 | ## 1) Setup the inventory and commands
 8 | 
 9 | Populate the files `hosts` (inventory) and `commands` according to your task. Sample files are provided in `/scripts` folder together with the source code.
10 | 
11 | ## 2) Enter the credentials within the script
12 | 
13 | Edit the `mt_username` and `ssh_key` variables according to your environment.
14 | 
15 | It is strongly advised never to keep credentials in clear text and use ssh keys whenever possible! If you opted in for using clear text passowrd with `mt_password` variable, remember to remove it after you are finished with your work!
16 | 
17 | ## 3) Run the script
18 | 
19 | Start the script with
20 | ```
21 | python mikrotik-ssh.py
22 | ```
23 | 


--------------------------------------------------------------------------------
/script/mikrotik-ssh.py:
--------------------------------------------------------------------------------
  1 | #!usr/bin/python
  2 | 
  3 | import socket
  4 | import errno
  5 | import sys
  6 | import time
  7 | 
  8 | def time_stamp():
  9 |     t = time.strftime("%Y-%m-%d %H:%M:%S")
 10 |     return t
 11 | 
 12 | try:
 13 |     import paramiko
 14 |     
 15 | except ImportError:
 16 |     sys.tracebacklimit=0
 17 |     with open("error.log","a") as e:
 18 |         e.write(time_stamp() + " \"Paramiko\" module missing! Please visit http://www.paramiko.org/installing.html for more details.\n")
 19 |     e.close()
 20 |     raise ImportError("\rPlease install \"paramiko\" module! Visit http://www.paramiko.org/installing.html for more details.\r\n")
 21 | 
 22 | try:
 23 |     f = open("hosts","r")
 24 | except IOError:
 25 |     sys.tracebacklimit=0
 26 |     print("\nFile \"hosts\" does not exist or is not accessible.\n")
 27 |     quit()
 28 | 
 29 | nlines = 0
 30 | mt_username = "script_user"
 31 | ssh_key = paramiko.RSAKey.from_private_key_file("key.ppk")
 32 | # Using ssh keys is strongly advised!
 33 | # If you are unable to setup that method of connecting to your devices, you have the option of the clear text login as well.
 34 | # mt_password = "script_password"
 35 | timeout = 10
 36 | 
 37 | for line in f:
 38 | 
 39 |     try:
 40 |         k = open("commands","r")
 41 |     except IOError:
 42 |         sys.tracebacklimit=0
 43 |         print("\nFile \"commands\" does not exist or is not accessible.\n")
 44 |         quit()
 45 |     
 46 |     nlines += 1
 47 |     host = line.rstrip("\n")
 48 |     ssh = paramiko.SSHClient()
 49 |     
 50 |     ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())
 51 |     
 52 |     print("\r\n########################################## Connecting to " + str(nlines) + ". host: " + host + " ##########################################\r\n")
 53 | 
 54 |     try: 
 55 |         ssh.connect(host,username=mt_username,pkey=ssh_key,timeout=timeout)
 56 |         # Using ssh keys is strongly advised!
 57 |         # ssh.connect(host,username=mt_username,password=mt_password,timeout=timeout)
 58 |         
 59 |     except socket.timeout as e:
 60 |         print("Connection timeout. Log entry created.")
 61 |         with open("error.log","a") as e:
 62 |             e.write(time_stamp() + " " + host + " Timeout connecting to the device.\n")
 63 |         e.close()
 64 |         continue
 65 | 
 66 |     except paramiko.AuthenticationException:
 67 |         print("Wrong credentials. Log entry created.")
 68 |         with open("error.log","a") as e:
 69 |             e.write(time_stamp() + " " + host + " Wrong credentials.\n")
 70 |         e.close()
 71 |         continue
 72 | 
 73 |     except:
 74 |         print("Error connecting to the device. Log entry created.")
 75 |         with open("error.log","a") as e:
 76 |             e.write(time_stamp() + " " + host + " Unknown error while connecting to the device.\n")
 77 |         e.close()
 78 |         continue
 79 | 
 80 |     print("Succsessfully connected to the host. Executing commands from the external file:\r\n")
 81 | 
 82 |     for line in k:
 83 |         mt_command = line.rstrip("\n")
 84 |         # Adding 200ms delay between commands
 85 |         time.sleep(.2)
 86 |         stdin, stdout, stderr = ssh.exec_command(mt_command)
 87 |         print(mt_command)
 88 | 
 89 |     print("\nExternal commands are executed successfully.")
 90 |     with open("success.log","a") as s:
 91 |         s.write(time_stamp() + " " + host + " Successfully executed commands on the host.\n")
 92 |     s.close()
 93 |     k.close()
 94 |     ssh.get_transport().close()
 95 |     ssh.close()
 96 |         
 97 | if nlines == 0:
 98 |     print("\nList of hosts is empty.\n")
 99 | else:
100 |     print()
101 | f.close()
102 | quit()
103 | 


--------------------------------------------------------------------------------