Blog | G5 Cyber Security

Router Password Auto-Change

G5 Cyber Security

TL;DR

Automatically change your router admin password regularly for better cyber security. This guide shows you how to use a script and task scheduler on Linux or Windows.

Step 1: Choose a New Password Generator

You’ll need a way to create strong, random passwords. Here are some options:

For this guide, we’ll use pwgen as it’s widely available on Linux systems.

Step 2: Create the Password Change Script (Linux Example)

This script will generate a new password and then update your router. Replace placeholders with your actual router details!

#!/bin/bash
# Replace with your router's IP address
ROUTER_IP="192.168.1.1"
# Replace with your current admin username
ADMIN_USERNAME="admin"
# Generate a new password
NEW_PASSWORD=$(pwgen -s 16 1)

# Log in to the router using SSH (replace 'your_router_ssh_command' if needed)
your_router_ssh_command "${ROUTER_IP}" << EOF
username ${ADMIN_USERNAME}
password your_current_password
enable
configure terminal
...
# Add commands here to change the password.  This varies *greatly* by router model.
# Example (likely incorrect for your router - adapt!):
interface vlan 1
ip address 192.168.1.1 255.255.255.0
username admin password ${NEW_PASSWORD}
exit
end
write memory
EOF

echo "Password changed to: ${NEW_PASSWORD}" >> /var/log/router_password_change.log

Important: The commands within the your_router_ssh_command block will be specific to your router’s firmware and interface. You’ll need to consult your router’s documentation or web interface for the correct commands.

Step 3: Make the Script Executable (Linux)

chmod +x /path/to/your/script.sh

Step 4: Test the Script (Linux)

Run the script manually to ensure it works correctly before scheduling it.

./path/to/your/script.sh

Check your router’s web interface or SSH connection to confirm the password has been changed.

Step 5: Schedule the Script (Linux – using cron)

Use cron to run the script automatically at regular intervals. Edit your crontab:

crontab -e

Add a line like this to run the script every month on the 1st day at 3:00 AM (adjust as needed):

0 3 1 * * /path/to/your/script.sh

Step 6: Create the Password Change Script (Windows Example – PowerShell)

This script will generate a new password and then update your router. Replace placeholders with your actual router details!

# Replace with your router's IP address
$RouterIP = "192.168.1.1"
# Replace with your current admin username
$AdminUsername = "admin"
# Generate a new password
$NewPassword = [System.Web.Security.Membership]::GeneratePassword(16, 0)

# Log in to the router using SSH (replace 'your_router_ssh_command' if needed).
# This is a placeholder - Windows SSH handling is more complex.
your_router_ssh_command "${RouterIP}" << EOF
username ${AdminUsername}
password your_current_password
enable
configure terminal
...
# Add commands here to change the password.  This varies *greatly* by router model.
# Example (likely incorrect for your router - adapt!):
interface vlan 1
ip address 192.168.1.1 255.255.255.0
username admin password ${NewPassword}
exit
end
write memory
EOF

Write-Host "Password changed to: $NewPassword" | Out-File -FilePath C:router_password_change.log -Append

Important: The commands within the your_router_ssh_command block will be specific to your router's firmware and interface. You’ll need to consult your router's documentation or web interface for the correct commands.

Step 7: Schedule the Script (Windows - using Task Scheduler)

  1. Open Task Scheduler (search for it in the Start Menu).
  2. Create Basic Task...
  3. Give the task a name and description.
  4. Set the trigger to Monthly, on the 1st day of each month at 3:00 AM (or your preferred schedule).
  5. Set the action to Start a program.
  6. Program/script: powershell.exe
  7. Add arguments: -File C:pathtoyourscript.ps1 (replace with the actual path to your script)
  8. Finish creating the task.

Important Considerations

Exit mobile version