On Mon, 2011-09-12 at 11:50 -0500, Alan Bryant wrote: > I've been looking at both the password changing scripts by Butch & > Cameron that were posted here a while back. I would like to adapt them > for my needs in not only password changing, but automating backups. > > My biggest problem is that i do not want to enable telnet on my > routers. I'm worried enough about having to use telnet to remotely > admin my switches, and don't want it enabled on my routers. > > I'm not real familiar with perl, but i would like to take a shot at > translating the Net::Telnet code into code for one of the many SSH > modules for perl. > > Does anyone have anything already, or prefer a specific SSH module > over the others?
I played with Net::SSH a while back and could not figure it out for what I needed to do. I'm not really much of a programmer, though. As for using telnet on the router, just do something like this: /user group add name=telnetonly policy=telnet,ftp,read,!local,!ssh,!reboot,!write,! policy,!test,!winbox,!password,!web,!sniff,!sensitive,!api /user add group=telnetonly name=telnetuser password=xxxxx address=y.y.y.y The above sets pretty restrictive limits on the telnet user such that he can connect via telnet, write the export file and that's about it. The address parameter on the user creation limits that user to logging in from y.y.y.y only, so it's one further limitation. Finally, you can do something like: /ip firewall filter add chain=input protocol=tcp dst-port=23 src-address=!y.y.y.y action=drop That filter further enforces the limits defined by the user creation entry above. There is no need to fear telnet...just be sure to use it appropriately. ;-) OH...don't use the same password as you do for your "real" users. -- ******************************************************************** * Butch Evans * Professional Network Consultation * * http://www.butchevans.com/ * Network Engineering * * http://store.wispgear.net/ * Wired or Wireless Networks * * http://blog.butchevans.com/ * ImageStream, Mikrotik and MORE! * * NOTE THE NEW PHONE NUMBER: 702-537-0979 * ******************************************************************** _______________________________________________ Mikrotik mailing list [email protected] http://www.butchevans.com/mailman/listinfo/mikrotik Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS
