Netios is a little tool aimed to help network administrators to administrate a large number of Cisco network devices.
Providing it with a list of equipments, it connects within SSH to remotly apply IOS commands.

It can automatically :

  • retrieve and export in a CSV file the list of local users
  • update the local user, the enable password
  • change NTP settings
  • execute a file of customed IOS commands
  • retrieve configuration files

It can read the targets from the command line or from a text file.

It makes use of multiprocessing so it can make the job quite quickly.

% netios
[12715:29137]    Current credentials to use:
 Username: phocean
 SSH password:
 Enable password:
[12715:29137]    Updated SSH password
 Type in:
[12715:29137]    Updated Enable password
 Type in:
[12715:29137]    Starting process
[29137:29141]    Changing passwords
[12715:29137]    ### All hosts parsed. Good Bye !


  • A *nix box with OpenSSH client
  • A Python compiler <= 2.6 with basic modules
  • Other Python modules : pexpect, datetime, getpass, multiprocessing

It has been tested so far on Linux (openSUSE 11.1 & 11.2, Debian 4.0) .

Feedbacks on other platforms (Unix, *BSD, MacOS and maybe Windows/Cygwin) are welcomed.


It is free and released as GNU GPL version 2.

Feel free to use or modify it as long as you respect the term of this license : refer to the COPYING file or to the GNU website for more information.

Beyond licensing considerations, feedbacks or open talks are warmly welcomed !


Still ALPHA release quality software !

It is still in its early stage of development, so use it accordingly.

There is no warranty that it will work in your environment, so test it carefuly before using it in production.
I decline any responsability in the use of this tool.

Especially, some functionalities may be marked as [EXPERIMENTAL] : it means that they are not finished or haven’t been tested enough. Avoid using them but for testing.

Set up

$ tar xvfz netios-{release}.tar.gz
$ cd netios-{release}
$ sudo python install

How to use

General use

Netios needs a list of SSH hosts to work on. It can be provided within the command line or from a simple text file (1 line = 1 host).
A host can be either an IP address or a FQDN.

netios [options] host1 host2 ... hostn

Or :

netios [options] -f FILE

Without any further option, Netios will default to changing password mode and start an interactive session.
For security reasons and to prevent any formating troubles, Netios works only interactively.

Options and parameters:

show program's version number and exit
-h, --help
show this help message and exit
-v, --verbose
Print verbose output.
-d, --debug
Debug mode : verbose and extra logs.

Logs are saved into a log folder, created in the working directory. They contain a complete dump of the SSH dialog, showing IOS commands, so debugging an issue is pretty easy.

CAUTION: Log files may show in CLEAR the SSH and IOS PASSWORDS, so use it carefully only when necessary and don’t forget to clear up the files after use.

-f FILE, --file=FILE
Remote hosts file.
The file must be a simple text file with every line matching a host (IP or FQDN).
-x PROC, --proc=PROC
Number of simultaneous processes. By default, it is determine according to the hardware (1 core = 1 process).
-t TIMEOUT, --timeout=PROC
Connection timeout as an integer in seconds. Default value is 3 (= 3 seconds). Increase this value if your network is slow. Lower values are not recommanded and will certainly fail in a WAN environment.


Changing password (default)

The default behavior of Netios is to parse each host given as a parameter and spawn a new process aimed to change the local passwords.
Note that the tool is aimed to keep only one working local account, so all other accounts will be deleted during th process.
We consider that during normal operations, one should have a working AAA server (Tacacs+ or Radius) and that a local account must be used only in case of emergency.

1)    It asks for an account to connect to all the provided hosts. This account must have the administrative rights to update the IOS accounts.
It is strongly recommended to use a TACACS or RADIUS account to update local accounts, so that you keep control whatever happens. Though, it can work flawlessly with a local account.

2)    It connects to the host and update the account.

3)    It looks for other local accounts and erease all of them, except the one we just update.


--no-check No proof check will be processed with this option. It will speed up the process, when you have enough trust with the Netios process.


$ netios
$ netios ./hostfile.txt
$ netios -a --tac

Command file

The script will read a file containing your custom IOS commands. It will execute the sequence in ‘configure terminal’ mode.

CAUTION: Beware of the syntax and the order of the commands, they won’t be checked by the tool !


-i FILE, --in=FILE
Read a command file. In this file, you can write any IOS command. The script will send them in configure terminal mode.


$ netios -i ./commands.txt

Retrieving an user list

Netios output the list of local account registered in the router.
The list is also recorded in an folder of the working directory, named “out”. The file is in CSV format.

It is recommended to use this mode as a test previously to changing password. It will give you a good idea of the connectivity, unavalaible hosts, etc.


-u, --showuser
Show user mode


$ netios -u
$ netios -u ./hostfile.txt

Showing running configuration

Netios will retrieve the running configuration of the router and save it into the “out” folder of the working directory.


-s, --shrun
Show running config mode


$ netios -s
$ netios -s ./hostfile.txt

Changing NTP server

Netios updates the ntp servers set in the router. Each NTP server must be given within the command line with -n. It can be an IP address or a FQDN.


-n NTP, --ntp=NTP
Change ntp servers


$ netios -n -n
$ netios -n -n ./hostfile.txt

That’s all folks ! Hopefully more features are coming !

Report a bug

If you find a bug (I bet you will), please don’t forget to report it to me.
For that, just send me a piece of e-mail describing what you were doing with a copy of your terminal output.


Most of the credits go to the Pexpect developper and the Python language, thanks to them it so easy  and fun to make such a tool.


netios-0.76.tar.gz (2010/07/13)

Older releases

netios-0.75.tar.gz (2010/04/24)
netios-0.74.tar.gz (2010/04/08)
netios-0.73.tar.gz (2010/02/10)
netios-0.72.tar.gz (2010/01/15)
netios-0.71.tar.gz (2009/12/20)
netios-0.60.tar.gz (2009/11/07 – no multiprocessing, does not require python 2.6)