Backup HP ProCurve Switches via SSH, TFTP and PowerShell
PowerShell Version: >4
Modules: Posh-SSH
So, this is a pretty specific one! I have been tasked to backup old and new ProCurve Switches and of course I am using PowerShell for this 😉 I found a script about doing this via SFTP where you enable ip ssh filetransfer on the switches and get the files from there but unfortunately two of the 2610’s in the environment do a reboot on every sftp connection…so…that is not an option here 😉 The only good alternative I came up with was to SSH on the client and use TFTP to copy the configs where you want them. The tftp client is enabled on the ProCurve’s by default so what you need to do this is PowerShell with Posh-SSH, and a TFTP Server:
#import posh-ssh Import-Module -name posh-ssh # globals $today = Get-Date -Format "ddMMyyy" $month = Get-Date -Format MMMM $year = Get-Date -Format "yyyy" $tftp_server = "IP OF YOUR TFTP SERVER" # create a folder for every year Get-Item "C:\switch_backup\$year\" -ErrorAction SilentlyContinue if (!$?) { New-Item "C:\switch_backup\$year\" -ItemType Directory } # create a folder for every month Get-Item "C:\switch_backup\$year\$month\" -ErrorAction SilentlyContinue if (!$?) { New-Item "C:\switch_backup\$year\$month\" -ItemType Directory } # create a folder for every day Get-Item "C:\switch_backup\$year\$month\$today\" -ErrorAction SilentlyContinue if (!$?) { New-Item "C:\switch_backup\$year\$month\$today\" -ItemType Directory } # simple credential handling $username = "manager" $pwfile = "C:\tmp\cred.txt" $Credentials=New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $username, (Get-Content $pwfile | ConvertTo-SecureString) # put all the devices in this array $switches_array = @() $switches_array = "SWITCHIP","SWITCHIP","SWITCHIP" foreach ($switch in $switches_array) { # create a folder for every device Get-Item "C:\switch_backup\$year\$month\$today\$switch" -ErrorAction SilentlyContinue if (!$?) { New-Item "C:\switch_backup\$year\$month\$today\$switch" -ItemType Directory } # start the SSH Session New-SSHSession -ComputerName $switch -Credential $Credentials -AcceptKey:$true $session = Get-SSHSession -Index 0 # usual SSH won't work, we need a shell stream for the procurve $stream = $session.Session.CreateShellStream("dumb", 0, 0, 0, 0, 1000) # send a "space" for the "Press any key to continue" and wait before you issue the next command $stream.Write("`n") Sleep 5 # copy startup-config and wait before you issue the next command $stream.Write("copy startup-config tftp $tftp_server \$year\$month\$today\$switch\startup-config`n") Sleep 10 # copy running-config and wait before you issue the next command $stream.Write("copy running-config tftp $tftp_server \$year\$month\$today\$switch\running-config`n") Sleep 10 # disconnect from host Remove-SSHSession -SessionId 0 # compare running and startup config and remove running-config if equal $running_config = Get-Content C:\switch_backup\$year\$month\$today\$switch\running-config -ErrorAction SilentlyContinue $startup_config = Get-Content C:\switch_backup\$year\$month\$today\$switch\startup-config -ErrorAction SilentlyContinue $comparison = Compare-Object -ReferenceObject $startup_config -DifferenceObject $running_config if (!$comparison) { Remove-Item C:\switch_backup\$year\$month\$today\$switch\running-config -Force } }
As for the creds I chose a password file as secure-string – not the safest but fairly easy to work with:
Read-Host "Enter Password:" | ConvertTo-SecureString -AsPlainText -Force | ConvertFrom-SecureString | Out-File "C:\tmp\cred.txt"