A script to change password in all stored sessions

[epaalx]

Hello experts,
as per changing passwords for specific username post, I'd like to be able to change password for all stored sessions for a specific user.

Is this even possible in SecureCRT's VBScript implementation?

As per above post's postscript, my sessions are stored in hierarchy on per-function not on per-username structure, so, the hyperlinked "Making Configuration Changes to Multiple Sessions" isn't possible. Unless.... it's somehow possible to organise sessions as virtual sessions (pointing to actual) and group those.
R's, Alex

[gregg]

The below code will iterate every session and (might*) update the password where username matches.

You must update the variable SESSION_ROOT with the location of your Sessions directory. Note: I couldn't find a crt.API call that would tell me the config path, so this hard-coded value is present.

The following line is commented out which does the actual updating, so code is currently read-only. (AKA, i recommend backing up your sessions before running where it updates)

Code:

# change_password(cfg, pw)

(might*) - I say this MIGHT update because secure CRT stores passwords encrypted. Using SetOption("Password", password) does not actually store encrypted. The docs say this:

Quote:

The following shows how to use a password in a script. The example uses Server1's password to connect to Server.

Note: When set, the Password parameter must be encoded. The Session Password Saved parameter must be set to true for the Password parameter to be used.
...
config.SetOption "Session Password Saved", 1

...and did not seem to do anything towards encrypting the password.

It's python, so indentation is very important to maintain.

Code:

# $language = "Python"
# $interface = "1.0"

import os

# Path to on-disk sessions in order to enumerate them
SESSION_ROOT = "c:\\wherever\\your\\VanDyke\\scrt\\config\\Sessions"

def ask_username():
    return crt.Dialog.Prompt("Username", "")

def ask_new_password():
    return crt.Dialog.Prompt("New password", "")

# update the secure crt session with new password
def change_password(sess_cfg, password):
    sess_cfg.SetOption("Session Password Saved", 1)
    sess_cfg.SetOption("Password", password)
    sess_cfg.Save()

# convert file system full\path\fname.ini to sCRT session\name
def build_session_name(path, fname):
    # get the relative path to the session name
    sess_path = path[len(SESSION_ROOT):].lstrip("\\")

    # strip ".ini"
    sess_name = fname[:-4]

    return sess_path + "\\" + sess_name

def main():
    un = ask_username()
    if not un:
        return

    pw = ask_new_password()
    if not pw:
        return

    total = 0
    changed_list = []
    for root, dirs, files in os.walk(SESSION_ROOT):
        for fname in files:
            if fname == "__FolderData__.ini":
                continue

            if not fname.endswith(".ini"):
                continue

            total += 1
            sess_name = build_session_name(root, fname)

            try:
                cfg = crt.OpenSessionConfiguration(sess_name)
            except Exception:
                # could not open session
                continue

            try:
                if cfg.GetOption("Username") == un:
                    # change_password(cfg, pw)
                    changed_list.append(sess_name)
            except Exception:
                # serial ports, etc don't have Username property
                continue

    # some stats
    message =  "Total sessions: %d\n" % total
    message += "Changed sessions: %d\n" % len(changed_list)
    message += "\n".join(changed_list)
    crt.Dialog.MessageBox(message, "Updated Sessions Stats")

main()

[gregg]

well, it will update the password field, but it will be unencrypted and I don't know if scrt will handle it ok.

Code:

S:"Password V2"=password

vs

Code:

S:"Password V2"=02:8438c3217d3f6643da23c64186cafa364a560fc4a6c7fb2501d1bf84018528cc6b868670f94beb4d6895bb9b715239849a23670a2fc8b347a8714c941fa3fe18

the "02:" in front might signal that it's encrypted and such the non "02:" string is interpreted correctly. (I don't have an immediate easy way to test)

[gregg]

Takeaways:

* It'd be nice if the API had a way to enumerate the sessions without resorting to examining the file system.

* Using the API to set the password should encrypt the same as the GUI does.

[epaalx]

Firstly, thank you for taking the time.

I'm ignorant of python language but it seems that SecureCRT isn't providing any special API, besides SetOption, method to facilitate changing (and encoding) of session password.

Quote:

Originally Posted by gregg

* It'd be nice if the API had a way to enumerate the sessions without resorting to examining the file system.
* Using the API to set the password should encrypt the same as the GUI does.

Reading above... It seems to me that the best method for changing en-masse/bulk passwords would be as an internal feature of SecureCRT. Is that a fair conclusion?

R's, Alex

[gregg]

Quote:

Originally Posted by epaalx

It seems to me that the best method for changing en-masse/bulk passwords would be as an internal feature of SecureCRT.

I would say it can already do this through the Connect Session Manager dialog. Either by selecting a top-level folder, or ctrl-clicking individual sessions and then right-click -> properties -> update password -> Ok.

[jpellegrini]

Greetings all,

Thanks for the feedback. I have entered a feature request to allow searching of sessions based on option values such as username, etc.

If/when this is ever implemented, we will post here to let you all know!