From rancid at gheek.net  Mon Oct  2 21:54:15 2006
From: rancid at gheek.net (Lance Vermilion)
Date: Mon, 2 Oct 2006 14:54:15 -0700
Subject: [rancid]  wrancid/vpn3k additions
Message-ID: <20061002215415.GA82308@viol8tr.com>

All that are interested,

I made a few changes to vpn3k that Michael Stefaniuc posted a while back.

I basically made it run similar to the other rancid scripts, where it reads
in the Environment variables that come from "etc/rancid.conf". 

I also changed it so it would auto-yes all ssh questions, instead of failing 
when it was asked a question.

my $scp_session = Net::SCP::Expect->new(user=>"$backup_user",password=>"$backup_pass");
+my $scp_session = Net::SCP::Expect->new(user=>"$backup_user",password=>"$backup_pass",auto_yes=>'1');

my $line;
while ($line = <$tempfh>) {
+    if ($ENV{"FILTER_PWDS"} =~ /yes/i)
+    {
      if ($line =~ /^#/) 
      {
        next;
      }
+      elsif ($line =~ /^trapcomm.*/) 
+      {
+        my $line = "trapcomm=<removed>\n";
+        print($fh $line);
+      }
+      elsif ($line =~ /^password.*/) 
+      {
+        my $line = "password=<removed>\n";
+        print($fh $line);
+      }
+      else
+      {
      print($fh $line);
+      }
+    }
+    else
+    {
+      print($fh $line);
+    }
}


-- 

-Lance <rancid at gheek.net>



From rancid at gheek.net  Tue Oct  3 00:11:38 2006
From: rancid at gheek.net (Lance Vermilion)
Date: Mon, 2 Oct 2006 17:11:38 -0700
Subject: [rancid] Re: wrancid/vpn3k additions
In-Reply-To: <20061002215415.GA82308@viol8tr.com>
References: <20061002215415.GA82308@viol8tr.com>
Message-ID: <20061003001138.GA90552@viol8tr.com>

All,

I have made some changes to it again, but this time to allow it to read 
the cloginrc file. So here is the whole file.  I know it is ugly, but it works.

-- 

-Lance <rancid at gheek.net>



#!/usr/bin/perl -w
#
# vpn3k - SCP and SNMP Backup script for Cisco VPN 3K concentrators
#         to be used by the wrancid rancid wrapper
#
# WARNING: This is only PROOF OF CONCEPT code and will screw up your data
#          and eat babies!!!
#
# Copyright 2005 Michael Stefaniuc for Red Hat
#
# This script is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
# 
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
# 
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
#
#######################################################
# Modules
#######################################################

# Load any modules needed
use strict;
use Getopt::Std;
use Net::SCP::Expect;
use File::Temp;

#######################################################
# Variables
#######################################################

# Initialize variables used in this script

my $snmp_community = 'SOMECUMMUNITYHERE';
my $password_file = "$ENV{\"HOME\"}/.cloginrc";

my %options = ();
getopts('f:', \%options);
my $file = $options{'f'};
my $fh;
my $host = $ARGV[0];
(my $tempfh, my $tempfile) = mkstemp( "/tmp/tmpfileXXXXX" );
#close($tempfh);

#
# Parses cloginrc and gets the username/password for vpn3k 
# to work.
#
sub ParseCloginrc($)
{
  my @array = `cat $password_file`;
  my $host = shift;
  my $match = 0;
  my $hostregcount = 0;
  my $methodcount = 0;
  my $usernamecount = 0;
  my $passwordcount = 0;
  my $username;
  my $password;
  my $method;
  for my $line (@array)
  {
    next if $line =~ /^#/;
    next if $line !~ /[a-zA-Z0-9]/;
    $line =~ s/\*/\.\*/g;
    #$line =~ s/\@/\\@/g;
    #$line =~ s/\$/\\\$/g;
    $line =~ s/\{|\}//g;
    $line =~ s/\s+/,/g;
    my (undef, $func, $hostreg, $var) = split(/,/, $line);
 
    if ($host =~ /$hostreg/)
    { 
      $hostregcount++;
      if ($hostregcount eq 1)
      {
        #print "host: $hostregcount $hostreg\n";
      }
 
     if ($line =~ /^add.*method.*/i)
      {
        (undef, $func, $hostreg, $var) = split(/,/, $line);
        $methodcount++;
        if ($methodcount eq 1)
        {
          $method = $var;
          #print "meth: $methodcount $method\n";
        }
      }
      elsif ($line =~ /^add.*password.*/i)
      {
        (undef, $func, $hostreg, $var) = split(/,/, $line);
        $passwordcount++;
        if ($passwordcount eq 1)
        {
          $password = $var;
          #print "pass: $passwordcount $password\n";
        }
      }
      elsif ($line =~ /^add.*user.*/i)
      {
        (undef, $func, $hostreg, $var) = split(/,/, $line);
        $usernamecount++;
        if ($usernamecount eq 1)
        {
          $username = $var;
          #print "user: $usernamecount $username\n";
        }
      }
    }
  }
  if ($method eq 'scp')
  {
    return "$username,$password";
  }
  else
  {
    print "No SCP method was located for $host in $password_file\n";
  }
}

my $results = ParseCloginrc($host);

my ($backup_user, $backup_pass) = split(/,/, $results);
if (!$backup_user && !$backup_pass)
{
  print "No username/password found\n";
  exit;
}

# Open the output file.
open($fh, ">", $file) or die "Cannot open output file\n";
print($fh "#RANCID-CONTENT-TYPE: wrapper.vpn3k\n#\n");

# Get some infos from snmp
my $snmp_command = "snmpget -v2c -c $snmp_community -On $host .1.3.6.1.2.1.1.1.0";
my $result = `$snmp_command`;
chomp($result);
if ($result =~ /VPN 3000 Concentrator Version (\S+) built by (\S+) on (.+)$/i) {
    my $version = $1;
    my $compiled = "$3 by $2";
    print($fh "#Chassis Type: VPN 3000\n#\n");
    $snmp_command = "snmpget -v2c -c $snmp_community -On $host .1.3.6.1.2.1.47.1.1.1.1.11.1";
    $result = `$snmp_command`;
    chomp($result);
    if ($result =~ /"([^"]+)"/) {
        print($fh "#Serial Number: $1\n#\n");
    }
    print($fh "#Image: Version: $version\n");
    print($fh "#Image: Compiled: $compiled\n#\n");
}

# Call scp and download the running config.
my $scp_session = Net::SCP::Expect->new(user=>"$backup_user",password=>"$backup_pass",auto_yes=>'1');
# the connection sometimes terminates incorrectly but we fully transfered
# the file
eval { $scp_session->scp("$host:config", $tempfile); };

# Copy the config file over removing the comment at the beginning
open($tempfh, "<", $tempfile) or die "Scp seems to have failed\n";

my $line;
while ($line = <$tempfh>) {
    if ($ENV{"FILTER_PWDS"} =~ /yes/i)
    {
      if ($line =~ /^#/) 
      {
        next;
      }
      elsif ($line =~ /^trapcomm.*/) 
      {
        my $line = "trapcomm=<removed>\n";
        print($fh $line);
      }
      elsif ($line =~ /^password.*/) 
      {
        my $line = "password=<removed>\n";
        print($fh $line);
      }
      else
      {
      print($fh $line);
      }
    }
    else
    {
      print($fh $line);
    }
}

#######
# End #
#######
close($fh);
close($tempfh);
unlink($tempfile);


On Mon, Oct 02, 2006 at 02:54:15PM -0700, Lance Vermilion wrote:
> All that are interested,
> 
> I made a few changes to vpn3k that Michael Stefaniuc posted a while back.
> 
> I basically made it run similar to the other rancid scripts, where it reads
> in the Environment variables that come from "etc/rancid.conf". 
> 
> I also changed it so it would auto-yes all ssh questions, instead of failing 
> when it was asked a question.
> 
> my $scp_session = Net::SCP::Expect->new(user=>"$backup_user",password=>"$backup_pass");
> +my $scp_session = Net::SCP::Expect->new(user=>"$backup_user",password=>"$backup_pass",auto_yes=>'1');
> 
> my $line;
> while ($line = <$tempfh>) {
> +    if ($ENV{"FILTER_PWDS"} =~ /yes/i)
> +    {
>       if ($line =~ /^#/) 
>       {
>         next;
>       }
> +      elsif ($line =~ /^trapcomm.*/) 
> +      {
> +        my $line = "trapcomm=<removed>\n";
> +        print($fh $line);
> +      }
> +      elsif ($line =~ /^password.*/) 
> +      {
> +        my $line = "password=<removed>\n";
> +        print($fh $line);
> +      }
> +      else
> +      {
>       print($fh $line);
> +      }
> +    }
> +    else
> +    {
> +      print($fh $line);
> +    }
> }
> 
> 
> -- 
> 
> -Lance <rancid at gheek.net>
> 
> _______________________________________________
> Rancid-discuss mailing list
> Rancid-discuss at shrubbery.net
> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss




From eravin at panix.com  Tue Oct  3 01:33:10 2006
From: eravin at panix.com (Ed Ravin)
Date: Mon, 2 Oct 2006 21:33:10 -0400
Subject: [rancid] Re: wrancid/vpn3k additions
In-Reply-To: <20061003001138.GA90552@viol8tr.com>
References: <20061002215415.GA82308@viol8tr.com>
	<20061003001138.GA90552@viol8tr.com>
Message-ID: <20061003013310.GE22027@panix.com>

On Mon, Oct 02, 2006 at 05:11:38PM -0700, Lance Vermilion wrote:
> I have made some changes to it again, but this time to allow it to read 
> the cloginrc file. So here is the whole file.  I know it is ugly, but it works.

Well, it works for what you tested it with, but can you promise that
your parsing of cloginrc will match exactly how the regular clogin
and friends scripts parse it?

I highly recommend that you use my method for Perl scripts to parse
cloginrc - it uses Expect code stolen from clogin to print out the
parsed contents of the cloginrc file in Perl syntax, which then gets
eval'd into a Perl hash.  It's much more likely to be accurate, and
much more maintainable.  Also, if there are every any changes to the
way cloginrc is parsed, it will be much easier to port the changes
into this method.

-------------- next part --------------
#! /usr/local/bin/expect --

# usage: cloginrc2pl.exp <cloginrc-name>

# convert RANCID cloginrc database to perl
# called by a Perl program that wants to parse cloginrc
# output is Perl commands to be eval'd into calling Perl program

# turn each set of "add directive_name hostglob value0 value1 ..." lines
# into a single Perl array of arrays, which is stored into a hash
# for lookup by 'directive_name'

# perl structure:
#  $_cloginrc_data{$directive}= [ [hostglob, value0, value1, ...],
#                                 [hostglob, value, ...],
#                                 ...
#                               ]

proc dump {var} {
    upvar int_$var list
	puts -nonewline "\$Rancid::ParseConfig::_cloginrc_data{'$var'}= \[ "
	foreach inputline $list {
		set hostglob [lindex $inputline 0]
		set valuelist [lreplace $inputline 0 0 ]
		puts -nonewline "\[ '$hostglob', "
		foreach thing $valuelist {
			# Perl single quotes support \\ and \' escapes
			regsub -all {\\} $thing {\\\\} thing
			regsub -all {'} $thing {\\'} thing
			puts -nonewline "'$thing',"
		}
		puts -nonewline "], "
	}
	puts "\];"
}

# code below stolen from clogin, with slight modification

# This is a helper function to make the password file easier to
# maintain.  Using this the password file has the form:
# add password sl*	pete cow
# add password at*	steve
# add password *	hanky-pie

proc add {var args} {
	global int_$var
	global addlist
	lappend int_$var $args
	lappend addlist $var
}
proc include {args} {
    global env
    regsub -all "(^{|}$)" $args {} args
    if { [ regexp "^/" $args ignore ] == 0 } {
	set args $env(HOME)/$args
    }
    source_password_file $args
}

proc find {var router} {
    upvar int_$var list
    if { [info exists list] } {
	foreach line $list {
	    if { [string match [lindex $line 0] $router ] } {
		return [lrange $line 1 end]
	    }
	}
    }
    return {}
}

# Loads the password file.  Note that as this file is tcl, and that
# it is sourced, the user better know what to put in there, as it
# could install more than just password info...  I will assume however,
# that a "bad guy" could just as easy put such code in the clogin
# script, so I will leave .cloginrc as just an extention of that script
proc source_password_file { password_file } {
    global env
    if { ! [file exists $password_file] } {
	puts "die 'Error: password file ($password_file) does not exist';"
	exit 1
    }
    file stat $password_file fileinfo
    if { [expr ($fileinfo(mode) & 007)] != 0000 } {
	puts "die 'Error: $password_file must not be world readable/writable';"
	exit 1
    }
    if [ catch {source $password_file} reason ] {
	puts "die 'Error: $reason';"
	exit 1
    }
}

# main - get the filename from the command line, source it, dump it

set arg [lindex $argv 0]
source_password_file $arg

foreach var [lsort -unique $addlist] {
 	dump $var
}
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ParseConfig.pm
Type: application/x-perl
Size: 3619 bytes
Desc: not available
Url : http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20061002/c799bf24/attachment.bin 

From Anton.Schweitzer at o2.com  Wed Oct  4 11:23:02 2006
From: Anton.Schweitzer at o2.com (Anton.Schweitzer at o2.com)
Date: Wed, 4 Oct 2006 13:23:02 +0200
Subject: [rancid]  RANCID does not fetch config without showing problems
In-Reply-To: <20061003013310.GE22027@panix.com>
Message-ID: <OFC98A76D8.B1DC2F1E-ONC12571FD.003DBBBA-C12571FD.003E8B2F@o2.com>

Hi,

i just discoverd that RANCID did not updated the config changes for some 
of my devices in the last  4 Month.
So i did a manual 

rancid-run -r  routername

Then i saw a log entry  "updates - courtousy of RANCID-Switche" on the 
viewcvs webfrontend and the config had changed.
I can not see why the normal rancid run we do every night did not get 
these changes which were made weeks ago.

Did anybody expierenced simular behaviors ?


Cheers

Anton


Anton Schweitzer
CNO IP Backoffice
o2 (Germany) GmbH & Co.OHG
Georg Brauchle-Ring 23-25, D-80992 M?nchen
Tel      +49(0)89-2442-5794
Mobil +49(0)176-23407715
Fax      +49(0)89-2442-5632
anton.schweitzer at o2.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20061004/d141a872/attachment.html 

From rancid at gheek.net  Wed Oct  4 18:05:58 2006
From: rancid at gheek.net (Lance Vermilion)
Date: Wed, 4 Oct 2006 11:05:58 -0700
Subject: [rancid] clogin needs this line to support exit error on Cisco CSS
Message-ID: <20061004180558.GA90815@viol8tr.com>

All,
    
Please add this to clogin so it will support the prompt that the CSS spits out when a config is changed and you
+attempt to exit.
    
        -re "Configuration changes have occurred*" {               
                                                  send "n\r"
                                                  exp_continue
                                                }                      
   
   
   
It should look like this when updated.
   
    expect {
        -re "^\[^\n\r *]*$reprompt"             {
                                                  # the Cisco CE and Jnx ERX
                                                  # return to non-enabled mode
                                                  # on exit in enabled mode.
                                                  send "exit\r"
                                                  exp_continue;
                                                }
        -re "Configuration changes have occurred*" {
                                                  send "n\r"
                                                  exp_continue
                                                }
        "Do you wish to save your configuration changes" {
                                                  send "n\r"
                                                  exp_continue
                                                }
        -re "\[\n\r]+"                          { exp_continue }
        timeout                                 { return 0 }
        eof                                     { return 0 }
    }


--

-Lance <rancid at gheek.net>


From heas at shrubbery.net  Thu Oct  5 02:15:42 2006
From: heas at shrubbery.net (john heasley)
Date: Wed, 4 Oct 2006 19:15:42 -0700
Subject: [rancid] Re: When SSHing to devices end is not recognized on some
	devices
In-Reply-To: <20060926223707.GA67409@viol8tr.com>
References: <20060926223707.GA67409@viol8tr.com>
Message-ID: <20061005021542.GD18098@shrubbery.net>

Tue, Sep 26, 2006 at 03:37:07PM -0700, Lance Vermilion:
> Hey All,
> 
> I know I have seen some threads on this but can't seem to find them.
> 
> When I am SSHing to some switches via rancid the end of the config is
> not found although I see it clearly in the .raw file. The connection 
> eventually times out and thus that device fails. If I use telnet I 
> have no problem exiting properly. 
> 
> What is the fix to this? 
> Patch SSH?
> Patch Expect?

What kind of device?  different devices have different ways of detecting a
complete collection.


From rob at techniumcast.com  Fri Oct  6 10:24:11 2006
From: rob at techniumcast.com (Rob Shepherd)
Date: Fri, 06 Oct 2006 11:24:11 +0100
Subject: [rancid]  rancid hang
Message-ID: <45262ECB.6030104@techniumcast.com>

Dear Rancid people,

I'm in the process of setting up Rancid and looking forward to what it 
offers. Thanks for this development effort. :)

However,

clogin <my device>

hangs at the prompt. I can't type anything in. The session subsequently 
times out or I hit CTRL-C to get back to shell.

Obligatory info....

Solaris 10 x64
expect 5.42.1
perl 5.8.8
tcl/tk 8.4.10
Cisco 3750 switch
Radius shell:priv-lvl=2 attribute for user, which logs in already enabled.
prompt = cast-tec-ps-13-asw1#
banner has loads of * in it but no other special char.

I can ssh to my device fine.  What commands are executed on the device. 
Which ones do I need to place in priviledge level 2?

Could this be the expect bug mentioned in the FAQ?

How do I go about debugging and diagnosing this issue.

Thanks

Rob

-- 
Rob Shepherd Beng PhD | Computer and Network Engineer | TechniumCAST
rob get mail at techniumcast.com | 01248 675024 | 077988 72480


From rob at techniumcast.com  Fri Oct  6 12:12:06 2006
From: rob at techniumcast.com (Rob Shepherd)
Date: Fri, 06 Oct 2006 13:12:06 +0100
Subject: [rancid] Re: rancid hang
In-Reply-To: <45262ECB.6030104@techniumcast.com>
References: <45262ECB.6030104@techniumcast.com>
Message-ID: <45264816.1060307@techniumcast.com>

Rob Shepherd wrote:
> Dear Rancid people,
> 
> I'm in the process of setting up Rancid and looking forward to what it 
> offers. Thanks for this development effort. :)
> 
> However,
> 
> clogin <my device>
> 
> hangs at the prompt. I can't type anything in. The session subsequently 
> times out or I hit CTRL-C to get back to shell.
> 
> Obligatory info....
> 
> Solaris 10 x64
> expect 5.42.1
> perl 5.8.8
> tcl/tk 8.4.10
> Cisco 3750 switch
> Radius shell:priv-lvl=2 attribute for user, which logs in already enabled.
> prompt = cast-tec-ps-13-asw1#
> banner has loads of * in it but no other special char.
> 
> I can ssh to my device fine.  What commands are executed on the device. 
> Which ones do I need to place in priviledge level 2?
> 
> Could this be the expect bug mentioned in the FAQ?
> 
> How do I go about debugging and diagnosing this issue.
> 
> Thanks
> 
> Rob
> 

To further this issue.

I've installed the patched versions of expect and tcl from the shrubbery 
FTP site.

I am sure the correct versions are being picked up, despite the 
non-standard locations.

rob at solaris> head -n4 clogin
#! /usr/local/expect-5.40-rancid/bin//expect --
##
## $Id: clogin.in,v 1.99 2006/08/10 07:00:30 heas Exp $
##

rob at solaris> ldd expect | grep tcl
libtcl8.3.so =>  /usr/local/tcl-8.3.4-rancid/lib//libtcl8.3.so

So the script is using the patched expect and the patched except is 
linked to the patched tcl (I have no LD_LIBRARY_PATH btw)

Any further pointers would be appreciated.

Cheers

Rob

-- 
Rob Shepherd, PhD | Computer and Network Engineer | TechniumCAST
rob at techniumcast.com | 01248 675024 | 077988 72480


From rob at techniumcast.com  Fri Oct  6 12:40:08 2006
From: rob at techniumcast.com (Rob Shepherd)
Date: Fri, 06 Oct 2006 13:40:08 +0100
Subject: [rancid] Re: rancid hang
In-Reply-To: <45264816.1060307@techniumcast.com>
References: <45262ECB.6030104@techniumcast.com>
	<45264816.1060307@techniumcast.com>
Message-ID: <45264EA8.5060101@techniumcast.com>

Rob Shepherd wrote:
> To further this issue. 

And again...

> 
> I've installed the patched versions of expect and tcl from the shrubbery 
> FTP site.


I've realised that this version is patched with the linux patch to set 
the blocking factor on the file descriptors.

I'm solaris.  I de-patched expect 5.40 from the linux-hack and the 
applied the solaris-hack.

Still no joy. No response from Cisco device.

Again, any pointers would be great.

Cheers

Rob

-- 
Rob Shepherd, PhD | Computer and Network Engineer | TechniumCAST
rob at techniumcast.com | 01248 675024 | 077988 72480


From jsherrill at currentcomm.net  Fri Oct  6 13:36:40 2006
From: jsherrill at currentcomm.net (Sherrill, Justin)
Date: Fri, 6 Oct 2006 09:36:40 -0400
Subject: [rancid] Re: rancid hang
Message-ID: <7D3405B5488C0648B39948C26AE91A9B028ACA44@rocexch01.currentcomm.com>

Do you have:

add autoenable  name-or-ip-of-device     1

in your ~/.cloginrc, since you are automatically enabling?

-----------------------------------------
Justin C. Sherrill - CURRENT Communications
220 Kenneth Drive
Rochester, New York 14623
P: 585.486.0549 F: 585.486.0030

-----Original Message-----
From: rancid-discuss-bounces at shrubbery.net
[mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Rob Shepherd
Sent: Friday, October 06, 2006 6:24 AM
To: rancid-discuss at shrubbery.net
Subject: [rancid] rancid hang

Dear Rancid people,

I'm in the process of setting up Rancid and looking forward to what it 
offers. Thanks for this development effort. :)

However,

clogin <my device>

hangs at the prompt. I can't type anything in. The session subsequently 
times out or I hit CTRL-C to get back to shell.

Obligatory info....

Solaris 10 x64
expect 5.42.1
perl 5.8.8
tcl/tk 8.4.10
Cisco 3750 switch
Radius shell:priv-lvl=2 attribute for user, which logs in already
enabled.
prompt = cast-tec-ps-13-asw1#
banner has loads of * in it but no other special char.

I can ssh to my device fine.  What commands are executed on the device. 
Which ones do I need to place in priviledge level 2?

Could this be the expect bug mentioned in the FAQ?

How do I go about debugging and diagnosing this issue.

Thanks

Rob

-- 
Rob Shepherd Beng PhD | Computer and Network Engineer | TechniumCAST
rob get mail at techniumcast.com | 01248 675024 | 077988 72480
_______________________________________________
Rancid-discuss mailing list
Rancid-discuss at shrubbery.net
http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss


***CONFIDENTIALITY NOTICE***
The information in this email may be confidential and/or privileged. This email is intended to be reviewed by only the individual or organization named above. If you are not the intended recipient or an authorized representative of the intended recipient, you are hereby notified that any review, dissemination or copying of this email and its attachments, if any, or the information contained herein is prohibited. If you have received this email in error, please immediately notify the sender by return email and delete this message from your system. 



From rob at techniumcast.com  Fri Oct  6 13:54:53 2006
From: rob at techniumcast.com (Rob Shepherd)
Date: Fri, 06 Oct 2006 14:54:53 +0100
Subject: [rancid] Re: rancid hang
In-Reply-To: <7D3405B5488C0648B39948C26AE91A9B028ACA44@rocexch01.currentcomm.com>
References: <7D3405B5488C0648B39948C26AE91A9B028ACA44@rocexch01.currentcomm.com>
Message-ID: <4526602D.1050308@techniumcast.com>

Sherrill, Justin wrote:
> Do you have:
> 
> add autoenable  name-or-ip-of-device     1
> 
> in your ~/.cloginrc, since you are automatically enabling?
> 
> -----------------------------------------
> Justin C. Sherrill - CURRENT Communications
> 220 Kenneth Drive
> Rochester, New York 14623
> P: 585.486.0549 F: 585.486.0030
> 


Great thanks Justin,

I had

add autoenable *

now this line reads

add autoenable * {1}

Good stuff, seems to work, for now :)

Thanks guys.

Rob

-- 
Rob Shepherd, PhD | Computer and Network Engineer | TechniumCAST
rob at techniumcast.com | 01248 675024 | 077988 72480



From austin.james at redmond.k12.or.us  Mon Oct  2 15:21:31 2006
From: austin.james at redmond.k12.or.us (Austin James)
Date: Mon, 2 Oct 2006 08:21:31 -0700
Subject: [rancid]    temperature changes cause diffs to be sent out
Message-ID: <4872A33F9E66834D9E0F3D9668663C5E04220749@mx01.RSD.2J>

Hey,

I am having the exact same issue.  The number of emails generated is
incredible.  Did you ever find a resolution to this issue?

Austin


From cstave at gmail.com  Fri Oct  6 19:55:23 2006
From: cstave at gmail.com (Chris Stave)
Date: Fri, 6 Oct 2006 15:55:23 -0400
Subject: [rancid] Re: temperature changes cause diffs to be sent out
In-Reply-To: <4872A33F9E66834D9E0F3D9668663C5E04220749@mx01.RSD.2J>
References: <4872A33F9E66834D9E0F3D9668663C5E04220749@mx01.RSD.2J>
Message-ID: <5471c93d0610061255o5ad17078i7aa2379155fc6287@mail.gmail.com>

For things with frequent changes (size of log files, in my case), I just
went into RANCID itself and added to the return if type statement for the
command section that was causing problems:
look for something like this:

 return(1) if ($type =~ /^(12[40]|7|3|6)/);

Maybe not the best solution, as I now don't get the output of that command,
but it sure beats getting notified about changes constantly.

Chris

On 10/2/06, Austin James <austin.james at redmond.k12.or.us> wrote:
>
> Hey,
>
> I am having the exact same issue.  The number of emails generated is
> incredible.  Did you ever find a resolution to this issue?
>
> Austin
> _______________________________________________
> Rancid-discuss mailing list
> Rancid-discuss at shrubbery.net
> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20061006/baceec52/attachment.html 

From asp at partan.com  Fri Oct  6 20:05:25 2006
From: asp at partan.com (Andrew Partan)
Date: Fri, 6 Oct 2006 16:05:25 -0400
Subject: [rancid] Re: temperature changes cause diffs to be sent out
In-Reply-To: <4872A33F9E66834D9E0F3D9668663C5E04220749@mx01.RSD.2J>
References: <4872A33F9E66834D9E0F3D9668663C5E04220749@mx01.RSD.2J>
Message-ID: <20061006200525.GA37507@partan.com>

On Mon, Oct 02, 2006 at 08:21:31AM -0700, Austin James wrote:
> I am having the exact same issue.  The number of emails generated is
> incredible.  Did you ever find a resolution to this issue?

We attempt to delete all of the temperature stuff so that rancid
does not sent out erroneous diffs, but as the vendors keep on
changing their ui output and don't tell us, we don't catch everything.

See, for example, lines like this in jrancid:
	/ backplane temperature/ && next;
	/(\s*Power supply.*), temperature/ &&
		ProcessHistory("","","","# $1\n") && next;

Tell us what type of router you have and send us sample output
showing the temperature stuff & we can attempt to fix it.  The
easiest way is sending us a .raw file so we can test the changes;
see the NOPIPE setting in rancid.conf.
	--asp at partan.com (Andrew Partan)


From austin.james at redmond.k12.or.us  Fri Oct  6 22:43:47 2006
From: austin.james at redmond.k12.or.us (Austin James)
Date: Fri, 6 Oct 2006 15:43:47 -0700
Subject: [rancid]    temperature changes cause diffs to be sent out
Message-ID: <4872A33F9E66834D9E0F3D9668663C5E04220778@mx01.RSD.2J>


We implemented our own fix for this... This is an excerpt from the
francid routine... I forget which command, I think it was the Show
Chassis command...  The code is between the asterisk lines below...  I
added the lines that begin with the plus (+). This works great..

Austin


--- /usr/local/rancid/bin/francid.bak   Mon Oct  2 08:13:12 2006

+++ /usr/local/rancid/bin/francid       Mon Oct  2 08:16:17 2006

@@ -185,6 +185,8 @@


**************************************

        last if (/^$prompt/);

        next if (/ from /);

        next if (/current temperature/i);

+       next if (/Slot .+ Temperature/);

+       next if (/CARDS THERMAL PLANE.+deg-C/);

 

        if (/^---/) { # next section reached

            $skip = 0;

*****************************************


From deviousz at gmail.com  Mon Oct  9 22:03:12 2006
From: deviousz at gmail.com (Dustin)
Date: Mon, 9 Oct 2006 15:03:12 -0700
Subject: [rancid]  Logging into HP ProLian BL C-BbE2/Nortel Switch
Message-ID: <844950720610091503h23b50021p21932cb9d99aff8f@mail.gmail.com>

Hello,

We are successfully using rancid with our Cisco devices but want to
add our enclosure switch devices as well.  These "HP ProLiant BL
p-Class C-GbE2 Interconnect Switch" are actually designed by Nortel so
I am unsure which device type to use in my router.db file.

But first when testing rancid is unable to login completely to the
device, here is an excerpt from the process:

-bash-3.00$ bin/blogin enclosureswitch1
enclosureswitch1
spawn ssh -c 3des -x -l rancid enclosureswitch1
rancid at enclosureswitch1's password:

HP ProLiant BL p-Class C-GbE2 Interconnect Switch B.

Copyright(C)2003 Hewlett-Packard Development Company, L.P.


Enter tacacs username:


As you can see the switch prompts for a password which rancid gets by
successfully but then prompts for the tacacs info (username then
password).  I'm guessing that a tweak to .cloginrc will do it but can
someone point me in the right direction as to what specifically I need
to add?

TIA,

d


From rob at techniumcast.com  Tue Oct 10 17:57:02 2006
From: rob at techniumcast.com (Rob Shepherd)
Date: Tue, 10 Oct 2006 18:57:02 +0100
Subject: [rancid]  cisco or cat5
Message-ID: <452BDEEE.9070402@techniumcast.com>

Dear rancidees,

I am unsure which "vendor" attribute to use for each of the cisco 
devices I have. I think I have a choice of 'cisco' or 'cat5'.

I have

6509 switches
3750 switches
FSWMs

Looking at the commands present in each of 'cisco' or 'cat5' It seems I 
can benefit from using cisco on the 6509, to get "show vlan" etc.

Or am I safe to use "cisco" on all my cisco kit... even catalysts?

I'm going to have to hack rancid anyway, because i'd rather not make my 
rancid user enable_15, So I'm dropping 'show config' to a lower priv, to 
workaround the "show run" issue. I'd rather not hack it into some 
hideous creature, as my perl is not great^H^H^H^H^Hin existence...

Also, has anybody come across a smart way of backing up FSWM config AND 
FSWM context configs using something like rancid.

Cheers

Rob
-- 
Rob Shepherd, PhD | Computer and Network Engineer | TechniumCAST
rob gets mail at techniumcast.com


From cstave at gmail.com  Tue Oct 10 18:10:54 2006
From: cstave at gmail.com (Chris Stave)
Date: Tue, 10 Oct 2006 14:10:54 -0400
Subject: [rancid] Re: cisco or cat5
In-Reply-To: <452BDEEE.9070402@techniumcast.com>
References: <452BDEEE.9070402@techniumcast.com>
Message-ID: <5471c93d0610101110r7f595b45h5e2fa4d219d2e372@mail.gmail.com>

It depends on the OS you're running, on the 3750 you should definately be
using cisco, for the 6509 it depends on if you are running IOS or CatOS...

Generally, unless you're running CatOS, which you can't do on most devices,
you'll want cisco as the device type.

Chris

On 10/10/06, Rob Shepherd <rob at techniumcast.com> wrote:
>
> Dear rancidees,
>
> I am unsure which "vendor" attribute to use for each of the cisco
> devices I have. I think I have a choice of 'cisco' or 'cat5'.
>
> I have
>
> 6509 switches
> 3750 switches
> FSWMs
>
> Looking at the commands present in each of 'cisco' or 'cat5' It seems I
> can benefit from using cisco on the 6509, to get "show vlan" etc.
>
> Or am I safe to use "cisco" on all my cisco kit... even catalysts?
>
> I'm going to have to hack rancid anyway, because i'd rather not make my
> rancid user enable_15, So I'm dropping 'show config' to a lower priv, to
> workaround the "show run" issue. I'd rather not hack it into some
> hideous creature, as my perl is not great^H^H^H^H^Hin existence...
>
> Also, has anybody come across a smart way of backing up FSWM config AND
> FSWM context configs using something like rancid.
>
> Cheers
>
> Rob
> --
> Rob Shepherd, PhD | Computer and Network Engineer | TechniumCAST
> rob gets mail at techniumcast.com
> _______________________________________________
> Rancid-discuss mailing list
> Rancid-discuss at shrubbery.net
> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20061010/d3bcd241/attachment.html 

From rob at techniumcast.com  Tue Oct 10 18:15:44 2006
From: rob at techniumcast.com (Rob Shepherd)
Date: Tue, 10 Oct 2006 19:15:44 +0100
Subject: [rancid] Re: cisco or cat5
In-Reply-To: <5471c93d0610101110r7f595b45h5e2fa4d219d2e372@mail.gmail.com>
References: <452BDEEE.9070402@techniumcast.com>
	<5471c93d0610101110r7f595b45h5e2fa4d219d2e372@mail.gmail.com>
Message-ID: <452BE350.8010203@techniumcast.com>

Chris Stave wrote:
> It depends on the OS you're running, on the 3750 you should definately 
> be using cisco, for the 6509 it depends on if you are running IOS or 
> CatOS... 
> 
> Generally, unless you're running CatOS, which you can't do on most 
> devices, you'll want cisco as the device type.
> 
> Chris
> 

I see, thanks Chris.

IOS on all, so 'cisco' it is.

Cheers

Rob


-- 
Rob Shepherd, PhD | Computer and Network Engineer | TechniumCAST
rob gets mail at techniumcast.com


From eravin at panix.com  Tue Oct 10 21:37:02 2006
From: eravin at panix.com (Ed Ravin)
Date: Tue, 10 Oct 2006 17:37:02 -0400
Subject: [rancid]  Anyone using RANCID with the HP 2800 series?
Message-ID: <20061010213702.GA12841@panix.com>

I'm trying to get an HP2824 with the latest firmware working with
RANCID.  It has a CISCO-like interface, except it needs "no page"
instead of "terminal length 0" and the logout dialogue is slightly
different than expected.  Neither clogin nor hlogin seem to work
without modification.  Has anyone else set this up yet?

Thanks,

  -- Ed


From heas at shrubbery.net  Sun Oct 15 02:04:08 2006
From: heas at shrubbery.net (john heasley)
Date: Sat, 14 Oct 2006 19:04:08 -0700
Subject: [rancid] Re: Anyone using RANCID with the HP 2800 series?
In-Reply-To: <20061010213702.GA12841@panix.com>
References: <20061010213702.GA12841@panix.com>
Message-ID: <20061015020408.GH27968@shrubbery.net>

Tue, Oct 10, 2006 at 05:37:02PM -0400, Ed Ravin:
> I'm trying to get an HP2824 with the latest firmware working with
> RANCID.  It has a CISCO-like interface, except it needs "no page"
> instead of "terminal length 0" and the logout dialogue is slightly
> different than expected.  Neither clogin nor hlogin seem to work
> without modification.  Has anyone else set this up yet?

hlogin does send "no page".  where is stopping?


From eravin at panix.com  Sun Oct 15 23:03:19 2006
From: eravin at panix.com (Ed Ravin)
Date: Sun, 15 Oct 2006 19:03:19 -0400
Subject: [rancid] Re: Anyone using RANCID with the HP 2800 series?
In-Reply-To: <20061015020408.GH27968@shrubbery.net>
References: <20061010213702.GA12841@panix.com>
	<20061015020408.GH27968@shrubbery.net>
Message-ID: <20061015230319.GA5210@panix.com>

On Sat, Oct 14, 2006 at 07:04:08PM -0700, john heasley wrote:
> Tue, Oct 10, 2006 at 05:37:02PM -0400, Ed Ravin:
> > I'm trying to get an HP2824 with the latest firmware working with
> > RANCID.  It has a CISCO-like interface, except it needs "no page"
> > instead of "terminal length 0" and the logout dialogue is slightly
> > different than expected.  Neither clogin nor hlogin seem to work
> > without modification.  Has anyone else set this up yet?
> 
> hlogin does send "no page".  where is stopping?

Nowhere, I had made some other mistake in the setup - hrancid and hlogin
work properly with the 2824.


From sawall at gmail.com  Mon Oct 16 20:02:02 2006
From: sawall at gmail.com (sawall)
Date: Mon, 16 Oct 2006 15:02:02 -0500
Subject: [rancid]  clogin works - rancid-run is failing
Message-ID: <870bf9090610161302m76188dfaqf88eb678ce76d4fb@mail.gmail.com>

I've got RANCID 2.3.1 installed on SuSE 10.1.  I will be using this script
to backup my PIX firewalls (around 70 sets).  I believe I have all of the
confguration parameters correct.  I have the users set up on the PIX
firewalls so that they can only run specific commands.  To go with my
configured enable level, I changed line 462 of bin/clogin from "send
"enable\r" to send "enable 5\r".

If I manually run clogin, it works fine (bin/clogin firewallname).  It logs
in, goes to enable 5 and gets to a prompt.  If I send it a command, it works
(bin/clogin -c 'sh ver' firewallname).  It logs in, goes to enable 5 and
successfully does a show version.

However, running the rancid-run command appears to fail, for every firewall
I'm testing against.   For some of the firewalls, I'm not sure how to tell
what is wrong.  I am seeing this line in the log file:

firewallname clogin error: Error: Check your passwd for firewallname

But if the password was incorrect, how is it working when I manually run
clogin?  Any help or thoughts would be appreciated.

Thanks,
Chris
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20061016/012e7809/attachment.html 

From lllorente at amadeus.com  Tue Oct 17 13:58:54 2006
From: lllorente at amadeus.com (Lourdes Llorente)
Date: Tue, 17 Oct 2006 15:58:54 +0200
Subject: [rancid]  does clogin work for Cisco FWSM ?
Message-ID: <OF65DD7BA9.1CE4A9E8-ONC125720A.004C5AD0-C125720A.004CCDBD@amadeus.com>

Hello !

Has anyone tried to setup Rancid to work with FWSM from Cisco ?
I am having some trouble with it as I am not managing to set up properly 
.cloginrc , for example it does not find the password for the fw and the 
userprompt is also not correct, on the format "user at fw's password:" 


Another special thing is that defining in router.db the fw as juniper 
device, it logs in but it does not manage to download the configuration.

Thanks in advance for your help,
Cheers
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20061017/036c2fab/attachment.html 

From david_laporte at harvard.edu  Tue Oct 17 14:08:51 2006
From: david_laporte at harvard.edu (David LaPorte)
Date: Tue, 17 Oct 2006 10:08:51 -0400
Subject: [rancid] Re: does clogin work for Cisco FWSM ?
In-Reply-To: <OF65DD7BA9.1CE4A9E8-ONC125720A.004C5AD0-C125720A.004CCDBD@amadeus.com>
References: <OF65DD7BA9.1CE4A9E8-ONC125720A.004C5AD0-C125720A.004CCDBD@amadeus.com>
Message-ID: <4534E3F3.7010201@harvard.edu>

We're using it with 15 FWSMs and it works well.  I tag them as "cisco"
and I don't believe I needed to hack any code to make things work.

Dave

Lourdes Llorente wrote:
> 
> Hello !
> 
> Has anyone tried to setup Rancid to work with FWSM from Cisco ?
> I am having some trouble with it as I am not managing to set up properly
> .cloginrc , for example it does not find the password for the fw and the
> userprompt is also not correct, on the format "user at fw's password:"
> 
> 
> Another special thing is that defining in router.db the fw as juniper
> device, it logs in but it does not manage to download the configuration.
> 
> Thanks in advance for your help,
> Cheers
> 
> 
> ------------------------------------------------------------------------
> 
> _______________________________________________
> Rancid-discuss mailing list
> Rancid-discuss at shrubbery.net
> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss


From david_laporte at harvard.edu  Tue Oct 17 15:07:07 2006
From: david_laporte at harvard.edu (David LaPorte)
Date: Tue, 17 Oct 2006 11:07:07 -0400
Subject: [rancid] Re: does clogin work for Cisco FWSM ?
In-Reply-To: <200610170926.39390.jeremy.guthrie@berbee.com>
References: <OF65DD7BA9.1CE4A9E8-ONC125720A.004C5AD0-C125720A.004CCDBD@amadeus.com>
	<4534E3F3.7010201@harvard.edu>
	<200610170926.39390.jeremy.guthrie@berbee.com>
Message-ID: <4534F19B.7060408@harvard.edu>

We don't use multi-context mode, so I can't say for certain.  You might
try prepending:

"changto system\n;" to the clogin command-line

Dave

Jeremy M. Guthrie wrote:
> * PGP Signed by an unknown key: 10/17/06 at 10:26:39
> Is there a way for rancid to collect the config from the system context?
> 
> On Tuesday 17 October 2006 09:08, David LaPorte wrote:
>> We're using it with 15 FWSMs and it works well.  I tag them as "cisco"
>> and I don't believe I needed to hack any code to make things work.
>>
>> Dave
>>
>> Lourdes Llorente wrote:
>>> Hello !
>>>
>>> Has anyone tried to setup Rancid to work with FWSM from Cisco ?
>>> I am having some trouble with it as I am not managing to set up properly
>>> .cloginrc , for example it does not find the password for the fw and the
>>> userprompt is also not correct, on the format "user at fw's password:"
>>>
>>>
>>> Another special thing is that defining in router.db the fw as juniper
>>> device, it logs in but it does not manage to download the configuration.
>>>
>>> Thanks in advance for your help,
>>> Cheers
>>>
>>>
>>> ------------------------------------------------------------------------
>>>
>>> _______________________________________________
>>> Rancid-discuss mailing list
>>> Rancid-discuss at shrubbery.net
>>> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
>> _______________________________________________
>> Rancid-discuss mailing list
>> Rancid-discuss at shrubbery.net
>> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
> 


From willay at gmail.com  Tue Oct 17 16:13:29 2006
From: willay at gmail.com (William)
Date: Tue, 17 Oct 2006 17:13:29 +0100
Subject: [rancid]  distributed RANCID setup
Message-ID: <a24358fb0610170913j32ee0345s6c0887e427773336@mail.gmail.com>

Hi list,

Has anyone implemented RANCID where the collectors are distributed?

We currently have FreeBSD boxes dotted around sites for management
purposes, with a central server that sits in our office and can
communicate with each stub server. Currently our central server does
all the RANCID/CVS work, however, there are some devices that we
cannot reach for reasons out of my control.

What I would like to do is have each stub server access the devices
within its reach, keeping its own repository then sync with the
central whenever possible, meaning we can check our local (central)
server to us to check configs but also not miss that critical config
change when our links are down to our various stub servers.

Setups/configs/comments/papers/man pages/clues are all appreciated,

Thank you for your time.

Regards,

Will


From jadams at eline.com  Tue Oct 17 19:24:24 2006
From: jadams at eline.com (John Adams)
Date: Tue, 17 Oct 2006 12:24:24 -0700
Subject: [rancid] Re: distributed RANCID setup
In-Reply-To: <a24358fb0610170913j32ee0345s6c0887e427773336@mail.gmail.com>
Message-ID: <C15A7BF8.21D3A%jadams@eline.com>

You should be able to implement this pretty easily if you can get all of
your remote sites to access the CVS server. Instead of checking in the cvs
tree locally, you set CVSROOT To be the remote CVS server, and checkin/out
from there.

You can also run CVS over ssh with shared keys for additional security.

Read here for details on using CVS over SSH.

http://cvs.ecoinformatics.org/HOWTO-cvs-over-ssh.html

If you can't do this and you have to resync all of the repositories with the
master one by hand, it's going to involve quite a bit of scripting and work.

-john

On 10/17/06 9:13 AM, "William" <willay at gmail.com> wrote:

> Hi list,
> 
> Has anyone implemented RANCID where the collectors are distributed?
> 
> We currently have FreeBSD boxes dotted around sites for management
> purposes, with a central server that sits in our office and can
> communicate with each stub server. Currently our central server does
> all the RANCID/CVS work, however, there are some devices that we
> cannot reach for reasons out of my control.
> 
> What I would like to do is have each stub server access the devices
> within its reach, keeping its own repository then sync with the
> central whenever possible, meaning we can check our local (central)
> server to us to check configs but also not miss that critical config
> change when our links are down to our various stub servers.
> 
> Setups/configs/comments/papers/man pages/clues are all appreciated,
> 
> Thank you for your time.
> 
> Regards,
> 
> Will
> _______________________________________________
> Rancid-discuss mailing list
> Rancid-discuss at shrubbery.net
> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss

-- 
John Adams                         eLine
Sr. Network Engineer
jadams at eline.com                   537 Stevenson St
415-865-5139                       Suite 200
415-425-3551 (cell)                San Francisco, CA 94103






From lllorente at amadeus.com  Wed Oct 18 12:28:14 2006
From: lllorente at amadeus.com (Lourdes Llorente)
Date: Wed, 18 Oct 2006 14:28:14 +0200
Subject: [rancid] Re: does clogin work for Cisco FWSM ?
In-Reply-To: <4534FB67.1090000@harvard.edu>
Message-ID: <OF360846BE.47DC39C9-ONC125720B.0043F526-C125720B.0044804D@amadeus.com>

Hi Dave,
at the end I managed...
What I have done in : 
add password mucfwt10  {pw} {enable-pw}

is to set up, instead of the enable-pw locally installed in the fw, I have 
put the Tacacs password for the user rancid... and it works.,
Now I have to trigger a little bit the scripts because for the fws is not 
valid anymore the command "terminal length 0", if not the command 
"terminal monitor 0"
The rest, (regarding at least the show config )looks the same..
 

Best regards

Lourdes







David LaPorte <david_laporte at harvard.edu>
Please respond to david_laporte at harvard.edu
10/17/06 05:48 PM

To
Lourdes Llorente <lllorente at amadeus.com>
cc



Subject
Re: [rancid]  does clogin work for Cisco FWSM ?






My authentication is also done through TACACS.  You've tried it with the
"add password" line and it still fails?


Dave

Lourdes Llorente wrote:
> 
> Hi David!
> 
> Stil does not work... :o( , still does not find the password. The
> authentication is done through Tacacs this is why it looks a little bit
> different..
> 
> Look at my config in .cloginrc
> 
> add method fwt10  {ssh}
> add user fwt10 {rancid}
> add userpassword fwt10 {password}
> 
> Thanks a lot for your help..
> Cheers
> 
> 
> 
> 
> *David LaPorte <david_laporte at harvard.edu>*
> Please respond to david_laporte at harvard.edu
> 
> 10/17/06 05:29 PM
> 
> 
> To
>                Lourdes Llorente <lllorente at amadeus.com>
> cc
> 
> 
> Subject
>                Re: [rancid]  does clogin work for Cisco FWSM ?
> 
> 
> 
> 
> 
> 
> 
> 
> here's what my .cloginrc looks like for that particular element:
> 
> add method oxfw1 {ssh}
> add user * rancid
> add password * {rancid_pass} {enable_pass}
> 
> I don't believe "enauser" and "userpassword" are necessary.
> 
> Dave
> 
> Lourdes Llorente wrote:
>>
>> Hello !
>>
>> clogin fwt10
>> fwt10
>>
>> Error: no password for fwt10 in /export/home/guest/.cloginrc.
>>
>> Cheers,
>> Lourdes
>>
>>
>>
>>
>>
>> *David LaPorte <david_laporte at harvard.edu>*
>> Please respond to david_laporte at harvard.edu
>>
>> 10/17/06 05:08 PM
>>
>> 
>> To
>>                  Lourdes Llorente <lllorente at amadeus.com>
>> cc
>> 
>> 
>> Subject
>>                  Re: [rancid]  does clogin work for Cisco FWSM ?
>>
>>
>> 
>>
>>
>>
>>
>>
>> This is what a clogin transcript logging into one of my FWSMs looks 
like:
>>
>> -bash-2.05b$ ./clogin oxfw1
>> oxfw1
>> spawn ssh -c 3des -x -l rancid oxfw1
>> rancid at oxfw1's password:
>>
>> ********************* W A R N I N G *********************
>>
>> This system is for authorized users at Harvard University.
>>                No other use is permitted.
>>
>> ***** Harvard University Network Operations Center *******
>> ********************* (617) 496-4736 *********************
>>
>> Type help or '?' for a list of available commands.
>> oxfw1>
>> oxfw1> enable
>> Password: *********
>> oxfw1#
>>
>>
>>
>> Can you send me what yours looks like?
>>
>> thanks,
>> Dave
>>
>> Lourdes Llorente wrote:
>>>
>>> Thanks for your answer !
>>> But do you have a special prompt ?
>>> For some reason when typing "clogin fwt10", it does not find the pw 
for
>>> the fw10.
>>>
>>> And my .cloginrc looks like this:
>>> add user fwt10  {rancid}
>>> add userpassword fwt10  {password}
>>> add method fwt10  {ssh}
>>> add enauser fwt10 {password}
>>> add enableprompt {"fw*+/pri/act>"}
>>>
>>> Cheers,
>>>
>>>
>>>
>>>
>>>
>>>
>>> *David LaPorte <david_laporte at harvard.edu>*
>>> Please respond to david_laporte at harvard.edu
>>>
>>> 10/17/06 04:08 PM
>>>
>>> 
>>> To
>>>                  Lourdes Llorente <lllorente at amadeus.com>
>>> cc
>>>                  rancid-discuss at shrubbery.net
>>> 
>>> Subject
>>>                  Re: [rancid]  does clogin work for Cisco FWSM ?
>>>
>>>
>>> 
>>>
>>>
>>>
>>>
>>>
>>> We're using it with 15 FWSMs and it works well.  I tag them as "cisco"
>>> and I don't believe I needed to hack any code to make things work.
>>>
>>> Dave
>>>
>>> Lourdes Llorente wrote:
>>>>
>>>> Hello !
>>>>
>>>> Has anyone tried to setup Rancid to work with FWSM from Cisco ?
>>>> I am having some trouble with it as I am not managing to set up 
properly
>>>> .cloginrc , for example it does not find the password for the fw and 
the
>>>> userprompt is also not correct, on the format "user at fw's password:"
>>>>
>>>>
>>>> Another special thing is that defining in router.db the fw as juniper
>>>> device, it logs in but it does not manage to download the 
configuration.
>>>>
>>>> Thanks in advance for your help,
>>>> Cheers
>>>>
>>>>
>>>> 
------------------------------------------------------------------------
>>>>
>>>> _______________________________________________
>>>> Rancid-discuss mailing list
>>>> Rancid-discuss at shrubbery.net
>>>> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
>>>
>>
>> --
>> David LaPorte, CISSP, CCNP
>> Security Manager, Network and Server Systems
>> Harvard University Information Systems
>> -----------------------------------------------
>> Email: david_laporte at harvard.edu
>>  PGP: 0x4DC3E508
>>       4A1F058DB2B32FEF10A14F6BD370A6AD4DC3E508
>>
>>
> 
> -- 
> David LaPorte, CISSP, CCNP
> Security Manager, Network and Server Systems
> Harvard University Information Systems
> -----------------------------------------------
> Email: david_laporte at harvard.edu
>  PGP: 0x4DC3E508
>       4A1F058DB2B32FEF10A14F6BD370A6AD4DC3E508
> 
> 

-- 
David LaPorte, CISSP, CCNP
Security Manager, Network and Server Systems
Harvard University Information Systems
-----------------------------------------------
Email: david_laporte at harvard.edu
  PGP: 0x4DC3E508
       4A1F058DB2B32FEF10A14F6BD370A6AD4DC3E508


-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20061018/5789aeb3/attachment.html 

From lllorente at amadeus.com  Wed Oct 18 13:08:37 2006
From: lllorente at amadeus.com (Lourdes Llorente)
Date: Wed, 18 Oct 2006 15:08:37 +0200
Subject: [rancid] Re: does clogin work for Cisco FWSM ?
In-Reply-To: <OF360846BE.47DC39C9-ONC125720B.0043F526-C125720B.0044804D@LocalDomain>
Message-ID: <OF87654C8F.A1B6286A-ONC125720B.0047EB80-C125720B.0048328B@amadeus.com>

Just for trying, I tried to run rancid for the fws and it downloads the 
configs, although the commands for routers terminal length 0 and for the 
fws terminal monitor 0 are different..
So it works anyway !
I will have to look inside the script "rancid" to find it why...
But I am happy so rancid can manage also the FWs modules..
Thanks for your time !

Cheers, 
Lourdes







Lourdes Llorente/MUC/AMADEUS
10/18/06 02:28 PM

To
david_laporte at harvard.edu
cc
rancid-discuss at shrubbery.net
Subject
Re: [rancid]  does clogin work for Cisco FWSM ?





Hi Dave,
at the end I managed...
What I have done in : 
add password mucfwt10  {pw} {enable-pw}

is to set up, instead of the enable-pw locally installed in the fw, I have 
put the Tacacs password for the user rancid... and it works.,
Now I have to trigger a little bit the scripts because for the fws is not 
valid anymore the command "terminal length 0", if not the command 
"terminal monitor 0"
The rest, (regarding at least the show config )looks the same..
 

Best regards

Lourdes







David LaPorte <david_laporte at harvard.edu>
Please respond to david_laporte at harvard.edu
10/17/06 05:48 PM

To
Lourdes Llorente <lllorente at amadeus.com>
cc



Subject
Re: [rancid]  does clogin work for Cisco FWSM ?






My authentication is also done through TACACS.  You've tried it with the
"add password" line and it still fails?


Dave

Lourdes Llorente wrote:
> 
> Hi David!
> 
> Stil does not work... :o( , still does not find the password. The
> authentication is done through Tacacs this is why it looks a little bit
> different..
> 
> Look at my config in .cloginrc
> 
> add method fwt10  {ssh}
> add user fwt10 {rancid}
> add userpassword fwt10 {password}
> 
> Thanks a lot for your help..
> Cheers
> 
> 
> 
> 
> *David LaPorte <david_laporte at harvard.edu>*
> Please respond to david_laporte at harvard.edu
> 
> 10/17/06 05:29 PM
> 
> 
> To
>                Lourdes Llorente <lllorente at amadeus.com>
> cc
> 
> 
> Subject
>                Re: [rancid]  does clogin work for Cisco FWSM ?
> 
> 
> 
> 
> 
> 
> 
> 
> here's what my .cloginrc looks like for that particular element:
> 
> add method oxfw1 {ssh}
> add user * rancid
> add password * {rancid_pass} {enable_pass}
> 
> I don't believe "enauser" and "userpassword" are necessary.
> 
> Dave
> 
> Lourdes Llorente wrote:
>>
>> Hello !
>>
>> clogin fwt10
>> fwt10
>>
>> Error: no password for fwt10 in /export/home/guest/.cloginrc.
>>
>> Cheers,
>> Lourdes
>>
>>
>>
>>
>>
>> *David LaPorte <david_laporte at harvard.edu>*
>> Please respond to david_laporte at harvard.edu
>>
>> 10/17/06 05:08 PM
>>
>> 
>> To
>>                  Lourdes Llorente <lllorente at amadeus.com>
>> cc
>> 
>> 
>> Subject
>>                  Re: [rancid]  does clogin work for Cisco FWSM ?
>>
>>
>> 
>>
>>
>>
>>
>>
>> This is what a clogin transcript logging into one of my FWSMs looks 
like:
>>
>> -bash-2.05b$ ./clogin oxfw1
>> oxfw1
>> spawn ssh -c 3des -x -l rancid oxfw1
>> rancid at oxfw1's password:
>>
>> ********************* W A R N I N G *********************
>>
>> This system is for authorized users at Harvard University.
>>                No other use is permitted.
>>
>> ***** Harvard University Network Operations Center *******
>> ********************* (617) 496-4736 *********************
>>
>> Type help or '?' for a list of available commands.
>> oxfw1>
>> oxfw1> enable
>> Password: *********
>> oxfw1#
>>
>>
>>
>> Can you send me what yours looks like?
>>
>> thanks,
>> Dave
>>
>> Lourdes Llorente wrote:
>>>
>>> Thanks for your answer !
>>> But do you have a special prompt ?
>>> For some reason when typing "clogin fwt10", it does not find the pw 
for
>>> the fw10.
>>>
>>> And my .cloginrc looks like this:
>>> add user fwt10  {rancid}
>>> add userpassword fwt10  {password}
>>> add method fwt10  {ssh}
>>> add enauser fwt10 {password}
>>> add enableprompt {"fw*+/pri/act>"}
>>>
>>> Cheers,
>>>
>>>
>>>
>>>
>>>
>>>
>>> *David LaPorte <david_laporte at harvard.edu>*
>>> Please respond to david_laporte at harvard.edu
>>>
>>> 10/17/06 04:08 PM
>>>
>>> 
>>> To
>>>                  Lourdes Llorente <lllorente at amadeus.com>
>>> cc
>>>                  rancid-discuss at shrubbery.net
>>> 
>>> Subject
>>>                  Re: [rancid]  does clogin work for Cisco FWSM ?
>>>
>>>
>>> 
>>>
>>>
>>>
>>>
>>>
>>> We're using it with 15 FWSMs and it works well.  I tag them as "cisco"
>>> and I don't believe I needed to hack any code to make things work.
>>>
>>> Dave
>>>
>>> Lourdes Llorente wrote:
>>>>
>>>> Hello !
>>>>
>>>> Has anyone tried to setup Rancid to work with FWSM from Cisco ?
>>>> I am having some trouble with it as I am not managing to set up 
properly
>>>> .cloginrc , for example it does not find the password for the fw and 
the
>>>> userprompt is also not correct, on the format "user at fw's password:"
>>>>
>>>>
>>>> Another special thing is that defining in router.db the fw as juniper
>>>> device, it logs in but it does not manage to download the 
configuration.
>>>>
>>>> Thanks in advance for your help,
>>>> Cheers
>>>>
>>>>
>>>> 
------------------------------------------------------------------------
>>>>
>>>> _______________________________________________
>>>> Rancid-discuss mailing list
>>>> Rancid-discuss at shrubbery.net
>>>> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
>>>
>>
>> --
>> David LaPorte, CISSP, CCNP
>> Security Manager, Network and Server Systems
>> Harvard University Information Systems
>> -----------------------------------------------
>> Email: david_laporte at harvard.edu
>>  PGP: 0x4DC3E508
>>       4A1F058DB2B32FEF10A14F6BD370A6AD4DC3E508
>>
>>
> 
> -- 
> David LaPorte, CISSP, CCNP
> Security Manager, Network and Server Systems
> Harvard University Information Systems
> -----------------------------------------------
> Email: david_laporte at harvard.edu
>  PGP: 0x4DC3E508
>       4A1F058DB2B32FEF10A14F6BD370A6AD4DC3E508
> 
> 

-- 
David LaPorte, CISSP, CCNP
Security Manager, Network and Server Systems
Harvard University Information Systems
-----------------------------------------------
Email: david_laporte at harvard.edu
  PGP: 0x4DC3E508
       4A1F058DB2B32FEF10A14F6BD370A6AD4DC3E508



-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20061018/f55bc358/attachment.html 

From willay at gmail.com  Wed Oct 18 18:12:46 2006
From: willay at gmail.com (William)
Date: Wed, 18 Oct 2006 19:12:46 +0100
Subject: [rancid] Re: distributed RANCID setup
In-Reply-To: <C15A7BF8.21D3A%jadams@eline.com>
References: <a24358fb0610170913j32ee0345s6c0887e427773336@mail.gmail.com>
	<C15A7BF8.21D3A%jadams@eline.com>
Message-ID: <a24358fb0610181112n578c33f3x5e1817076ca7bf4f@mail.gmail.com>

Hi John,

Thanks for your input, but still doesnt solve my problem when the link
to the central server is down.. I think anyway.

Regards,

Will

On 17/10/06, John Adams <jadams at eline.com> wrote:
> You should be able to implement this pretty easily if you can get all of
> your remote sites to access the CVS server. Instead of checking in the cvs
> tree locally, you set CVSROOT To be the remote CVS server, and checkin/out
> from there.
>
> You can also run CVS over ssh with shared keys for additional security.
>
> Read here for details on using CVS over SSH.
>
> http://cvs.ecoinformatics.org/HOWTO-cvs-over-ssh.html
>
> If you can't do this and you have to resync all of the repositories with the
> master one by hand, it's going to involve quite a bit of scripting and work.
>
> -john
>
> On 10/17/06 9:13 AM, "William" <willay at gmail.com> wrote:
>
> > Hi list,
> >
> > Has anyone implemented RANCID where the collectors are distributed?
> >
> > We currently have FreeBSD boxes dotted around sites for management
> > purposes, with a central server that sits in our office and can
> > communicate with each stub server. Currently our central server does
> > all the RANCID/CVS work, however, there are some devices that we
> > cannot reach for reasons out of my control.
> >
> > What I would like to do is have each stub server access the devices
> > within its reach, keeping its own repository then sync with the
> > central whenever possible, meaning we can check our local (central)
> > server to us to check configs but also not miss that critical config
> > change when our links are down to our various stub servers.
> >
> > Setups/configs/comments/papers/man pages/clues are all appreciated,
> >
> > Thank you for your time.
> >
> > Regards,
> >
> > Will
> > _______________________________________________
> > Rancid-discuss mailing list
> > Rancid-discuss at shrubbery.net
> > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
>
> --
> John Adams                         eLine
> Sr. Network Engineer
> jadams at eline.com                   537 Stevenson St
> 415-865-5139                       Suite 200
> 415-425-3551 (cell)                San Francisco, CA 94103
>
>
>
>
>


From silvia at silvia.priv.at  Wed Oct 18 15:09:40 2006
From: silvia at silvia.priv.at (Silvia Schuckert)
Date: Wed, 18 Oct 2006 17:09:40 +0200
Subject: [rancid]  rancid for checkpoint edge firewalls?
Message-ID: <45ab1ebd0610180809t499bae58u5d22fffb2121e46@mail.gmail.com>

Hi,

I have tried to use rancid to get frequent downloads of checkpoint firewalls.
Clogin with ssh admin at ip works.
But unfortunatly - I do not find a device in the router.db that I can configure.

Has anyone made experiences with that?
Any help would be warmly welcomed!
Thanks a lot!

Silvia


From johan.bergstrom at tietoenator.com  Thu Oct 19 07:56:45 2006
From: johan.bergstrom at tietoenator.com (Johan =?ISO-8859-1?Q?Bergstr=F6m?=)
Date: Thu, 19 Oct 2006 09:56:45 +0200
Subject: [rancid] Re: rancid for checkpoint edge firewalls?
In-Reply-To: <45ab1ebd0610180809t499bae58u5d22fffb2121e46@mail.gmail.com>
References: <45ab1ebd0610180809t499bae58u5d22fffb2121e46@mail.gmail.com>
Message-ID: <1161244605.6288.5.camel@satyr.eu.tieto.com>

Unless there's some native support for checkpoint, you can probably use
the wrapper (wrancid) code that was posted here as a proof of concept by
Michael Stefaniuc (mstefani at redhat.com) a while ago. Altho, you probably
need to make your own checkpoint module for it, as the code posted only
supports vpn concentrators.

I'm running the wrapper for my vpn3k and have been since it was posted,
it's working out great.

Johan

On Wed, 2006-10-18 at 17:09 +0200, Silvia Schuckert wrote:
> Hi,
> 
> I have tried to use rancid to get frequent downloads of checkpoint firewalls.
> Clogin with ssh admin at ip works.
> But unfortunatly - I do not find a device in the router.db that I can configure.
> 
> Has anyone made experiences with that?
> Any help would be warmly welcomed!
> Thanks a lot!
> 
> Silvia
> _______________________________________________
> Rancid-discuss mailing list
> Rancid-discuss at shrubbery.net
> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss



From ahamino at gmail.com  Thu Oct 19 09:46:58 2006
From: ahamino at gmail.com (Abdelrahman)
Date: Thu, 19 Oct 2006 11:46:58 +0200
Subject: [rancid]  Edit Comments in CVS
Message-ID: <4537499b.11e063fb.44e5.2f92@mx.google.com>

Hi all,

 

Is there a way, I could edit the comments on each revision in CVS. I am
using chora as a CVS browser.

 

Regards,

Abdelrahman

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20061019/e7e78903/attachment.html 

From asp at partan.com  Thu Oct 19 13:28:00 2006
From: asp at partan.com (Andrew Partan)
Date: Thu, 19 Oct 2006 09:28:00 -0400
Subject: [rancid] Re: Edit Comments in CVS
In-Reply-To: <4537499b.11e063fb.44e5.2f92@mx.google.com>
References: <4537499b.11e063fb.44e5.2f92@mx.google.com>
Message-ID: <20061019132800.GA82327@partan.com>

On Thu, Oct 19, 2006 at 11:46:58AM +0200, Abdelrahman wrote:
> Is there a way, I could edit the comments on each revision in CVS. I am
> using chora as a CVS browser.

This is a cvs or chora question, not a rancid question, but I think
you can do this with cvs:

	cvs admin -m1.36:"this is a new comment" backbone/configs/router45

to change the comment on revision 1.36 of router45 in the backbone
group, but you should check your cvs documentation and whatever
documentation came with chora to make sure.
	--asp


From faron.hopper at capgemini.com  Thu Oct 19 14:51:31 2006
From: faron.hopper at capgemini.com (Hopper, Faron  W.)
Date: Thu, 19 Oct 2006 10:51:31 -0400
Subject: [rancid] Re: does clogin work for Cisco FWSM ?
Message-ID: <0D9EF3454D8EFC4B8BFFD2B8629416810136F957@caonmastxm03.na.capgemini.com>


Did you get it to download the system context?

 

Thank you,
Faron Hopper / Capgemini / Kansas City
Network Engineer / Outsourcing Services
Office: 1 816 459 5139 / Mobile: 1 816 863 1234
Alternate Phone Number: 1 866 207 3344 option 1, ext 5139
www.us.capgemini.com 
Fax: 1 816 459 6767 
3315 N Oak Trafficway, Kansas City, MO, 64116
Email: faron.hopper at capgemini.com
Join <mailto:faron.hopper at capgemini.comJoin>  the Collaborative Business
Experience                                     

________________________________

From: rancid-discuss-bounces at shrubbery.net
[mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Lourdes
Llorente
Sent: Wednesday, October 18, 2006 8:09 AM
To: david_laporte at harvard.edu
Cc: rancid-discuss at shrubbery.net
Subject: [rancid] Re: does clogin work for Cisco FWSM ?

 


Just for trying, I tried to run rancid for the fws and it downloads the
configs, although the commands for routers terminal length 0 and for the
fws terminal monitor 0 are different.. 
So it works anyway ! 
I will have to look inside the script "rancid" to find it why... 
But I am happy so rancid can manage also the FWs modules.. 
Thanks for your time ! 

Cheers, 
Lourdes 







Lourdes Llorente/MUC/AMADEUS 

10/18/06 02:28 PM 

To

david_laporte at harvard.edu 

cc

rancid-discuss at shrubbery.net 

Subject

Re: [rancid]  does clogin work for Cisco FWSM ?Link
<Notes:///412568A50046F9EF/64CB56C0D0B2D2124125686400327369/C57569E93202
B3ACC125720A00579728> 

 

 

 



Hi Dave, 
at the end I managed... 
What I have done in : 
add password mucfwt10  {pw} {enable-pw} 

is to set up, instead of the enable-pw locally installed in the fw, I
have put the Tacacs password for the user rancid... and it works., 
Now I have to trigger a little bit the scripts because for the fws is
not valid anymore the command "terminal length 0", if not the command
"terminal monitor 0" 
The rest, (regarding at least the show config )looks the same.. 
  

Best regards 

Lourdes 



 

David LaPorte <david_laporte at harvard.edu> 

Please respond to david_laporte at harvard.edu

10/17/06 05:48 PM 

To

Lourdes Llorente <lllorente at amadeus.com> 

cc

 

 

 

Subject

Re: [rancid]  does clogin work for Cisco FWSM ?

 

 

 




My authentication is also done through TACACS.  You've tried it with the
"add password" line and it still fails?


Dave

Lourdes Llorente wrote:
> 
> Hi David!
> 
> Stil does not work... :o( , still does not find the password. The
> authentication is done through Tacacs this is why it looks a little
bit
> different..
> 
> Look at my config in .cloginrc
> 
> add method fwt10  {ssh}
> add user fwt10 {rancid}
> add userpassword fwt10 {password}
> 
> Thanks a lot for your help..
> Cheers
> 
> 
> 
> 
> *David LaPorte <david_laporte at harvard.edu>*
> Please respond to david_laporte at harvard.edu
> 
> 10/17/06 05:29 PM
> 
>                  
> To
>                  Lourdes Llorente <lllorente at amadeus.com>
> cc
>                  
>                  
> Subject
>                  Re: [rancid]  does clogin work for Cisco FWSM ?
> 
> 
>                  
> 
> 
> 
> 
> 
> here's what my .cloginrc looks like for that particular element:
> 
> add method oxfw1 {ssh}
> add user * rancid
> add password * {rancid_pass} {enable_pass}
> 
> I don't believe "enauser" and "userpassword" are necessary.
> 
> Dave
> 
> Lourdes Llorente wrote:
>>
>> Hello !
>>
>> clogin fwt10
>> fwt10
>>
>> Error: no password for fwt10 in /export/home/guest/.cloginrc.
>>
>> Cheers,
>> Lourdes
>>
>>
>>
>>
>>
>> *David LaPorte <david_laporte at harvard.edu>*
>> Please respond to david_laporte at harvard.edu
>>
>> 10/17/06 05:08 PM
>>
>>                  
>> To
>>                  Lourdes Llorente <lllorente at amadeus.com>
>> cc
>>                  
>>                  
>> Subject
>>                  Re: [rancid]  does clogin work for Cisco FWSM ?
>>
>>
>>                  
>>
>>
>>
>>
>>
>> This is what a clogin transcript logging into one of my FWSMs looks
like:
>>
>> -bash-2.05b$ ./clogin oxfw1
>> oxfw1
>> spawn ssh -c 3des -x -l rancid oxfw1
>> rancid at oxfw1's password:
>>
>> ********************* W A R N I N G *********************
>>
>> This system is for authorized users at Harvard University.
>>                No other use is permitted.
>>
>> ***** Harvard University Network Operations Center *******
>> ********************* (617) 496-4736 *********************
>>
>> Type help or '?' for a list of available commands.
>> oxfw1>
>> oxfw1> enable
>> Password: *********
>> oxfw1#
>>
>>
>>
>> Can you send me what yours looks like?
>>
>> thanks,
>> Dave
>>
>> Lourdes Llorente wrote:
>>>
>>> Thanks for your answer !
>>> But do you have a special prompt ?
>>> For some reason when typing "clogin fwt10", it does not find the pw
for
>>> the fw10.
>>>
>>> And my .cloginrc looks like this:
>>> add user fwt10  {rancid}
>>> add userpassword fwt10  {password}
>>> add method fwt10  {ssh}
>>> add enauser fwt10 {password}
>>> add enableprompt {"fw*+/pri/act>"}
>>>
>>> Cheers,
>>>
>>>
>>>
>>>
>>>
>>>
>>> *David LaPorte <david_laporte at harvard.edu>*
>>> Please respond to david_laporte at harvard.edu
>>>
>>> 10/17/06 04:08 PM
>>>
>>>                  
>>> To
>>>                  Lourdes Llorente <lllorente at amadeus.com>
>>> cc
>>>                  rancid-discuss at shrubbery.net
>>>                  
>>> Subject
>>>                  Re: [rancid]  does clogin work for Cisco FWSM ?
>>>
>>>
>>>                  
>>>
>>>
>>>
>>>
>>>
>>> We're using it with 15 FWSMs and it works well.  I tag them as
"cisco"
>>> and I don't believe I needed to hack any code to make things work.
>>>
>>> Dave
>>>
>>> Lourdes Llorente wrote:
>>>>
>>>> Hello !
>>>>
>>>> Has anyone tried to setup Rancid to work with FWSM from Cisco ?
>>>> I am having some trouble with it as I am not managing to set up
properly
>>>> .cloginrc , for example it does not find the password for the fw
and the
>>>> userprompt is also not correct, on the format "user at fw's password:"
>>>>
>>>>
>>>> Another special thing is that defining in router.db the fw as
juniper
>>>> device, it logs in but it does not manage to download the
configuration.
>>>>
>>>> Thanks in advance for your help,
>>>> Cheers
>>>>
>>>>
>>>>
------------------------------------------------------------------------
>>>>
>>>> _______________________________________________
>>>> Rancid-discuss mailing list
>>>> Rancid-discuss at shrubbery.net
>>>> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
>>>
>>
>> --
>> David LaPorte, CISSP, CCNP
>> Security Manager, Network and Server Systems
>> Harvard University Information Systems
>> -----------------------------------------------
>> Email: david_laporte at harvard.edu
>>  PGP: 0x4DC3E508
>>       4A1F058DB2B32FEF10A14F6BD370A6AD4DC3E508
>>
>>
> 
> -- 
> David LaPorte, CISSP, CCNP
> Security Manager, Network and Server Systems
> Harvard University Information Systems
> -----------------------------------------------
> Email: david_laporte at harvard.edu
>  PGP: 0x4DC3E508
>       4A1F058DB2B32FEF10A14F6BD370A6AD4DC3E508
> 
> 

-- 
David LaPorte, CISSP, CCNP
Security Manager, Network and Server Systems
Harvard University Information Systems
-----------------------------------------------
Email: david_laporte at harvard.edu
 PGP: 0x4DC3E508
      4A1F058DB2B32FEF10A14F6BD370A6AD4DC3E508






This message contains information that may be privileged or confidential and is the property of the Capgemini Group. It is intended only for the person to whom it is addressed. If you are not the intended recipient,  you are not authorized to read, print, retain, copy, disseminate,  distribute, or use this message or any part thereof. If you receive this  message in error, please notify the sender immediately and delete all  copies of this message.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20061019/31b1e271/attachment.html 

From shlomo at dubrowin.org  Mon Oct 23 17:47:16 2006
From: shlomo at dubrowin.org (Shlomo Dubrowin)
Date: Mon, 23 Oct 2006 19:47:16 +0200
Subject: [rancid]  problems with DIFFSUPPRESSOPT
Message-ID: <ad95cd9f0610231047s5ffd1d6ah5ef084e64aebec4d@mail.gmail.com>

I've been trying to get DIFFSUPPRESSOPT to work properly.  I have
applied the patches, but the emails are still coming in with the
pieces I wanted to eliminate.  After some experimenting, I think the
problem is either with my version of diff ((GNU diffutils) 2.8.1) or
my Regular Expressions.

I'd like to block the following items:
!Flash:
set spantree port
VLAN

My ~/etc/rancid.conf has the following line:

DIFFSUPPRESSOPTS="-b -I '^\!Flash:' -I '^set spantree port' -I '^VLAN'"

Any ideas where my problem could be?

  Shlomo

-- 
-----------------------------------------------------------------------
  ,-~~-.___.    ._.
 / |  '     \   | |"""""""""|           Shlomo Dubrowin
(  )         0  | |         |             (Sheldon)
 \_/-, ,----'   | |         |
    ====        !_!--v---v--"
    /  \-'~;      |""""""""|            shlomo at dubrowin.org
   /  __/~| ._-""||        |          http://www.dubrowin.org
 =(  _____|_|____||________|
-----------------------------------------------------------------------


From blais at ots.utsystem.edu  Mon Oct 23 19:44:28 2006
From: blais at ots.utsystem.edu (Donald Blais)
Date: Mon, 23 Oct 2006 14:44:28 -0500 (CDT)
Subject: [rancid]  RANCID scripts for Tiara Tasman Network device type?
Message-ID: <20061023143210.F55866@mojo.ots.utsystem.edu>

Does anyone have the expect login and perl rancid scripts for use of
RANCID with the Tiara Networks or Tasman Networks 6300 device type?

--Donald




From scott at telesphereltd.com  Mon Oct 23 21:52:46 2006
From: scott at telesphereltd.com (Scott Stoddard)
Date: Mon, 23 Oct 2006 14:52:46 -0700
Subject: [rancid]  missed cmd(s): write term
Message-ID: <20061024004000.71D6086563@guelah.shrubbery.net>

Hi all! I suddenly started getting certain devices in my network not
updating in rancid. Only 5% of my routers fail but they all fail with the
same error "missed cmd(s): write term".

 

Anyone have any ideas why this would just start happening? Below is my
rancid debug test run on one device that fails, thanks.

 

--Scott

 

 

[rancid at ns4 rancid]$ /usr/local/rancid/bin/rancid -d border1.phx1

 

executing clogin -t 90 -c"admin show version;show version;show = redundancy
secondary;show idprom backplane;show install active;admin show env =
all;show env all;show rsp chassis-info;show gsr chassis;show diag =
chassis-info;show boot;show bootvar;admin show variables boot;show variables
boot;show flash;dir /all nvram:;dir /all bootflash:;dir /all slot0:;dir /all
disk0:;dir /all slot1:;dir /all disk1:;dir /all slot2:;dir /all = disk2:;dir
/all harddisk:;dir /all harddiska:;dir /all harddiskb:;dir /all
sup-bootflash:;dir /all sup-microcode:;dir /all slavenvram:;dir /all
slavebootflash:;dir /all slaveslot0:;dir /all slavedisk0:;dir /all
slaveslot1:;dir /all slavedisk1:;dir /all slaveslot2:;dir /all
slavedisk2:;dir /all slavesup-bootflash:;dir /all sec-nvram:;dir /all
sec-bootflash:;dir /all sec-slot0:;dir /all sec-disk0:;dir /all
sec-slot1:;dir /all sec-disk1:;dir /all sec-slot2:;dir /all =
sec-disk2:;show controllers;show controllers cbus;show diagbus;admin show
diag;show diag;show module;show spe version;show c7200;show inventory
raw;show vtp status;show vlan;show vlan-switch;show debug;show
running-config;write = term"

border1.phx1

 

PROMPT MATCH: border1.phx1#

 

HIT COMMAND:border1.phx1#admin show version

 

    In ShowVersion: border1.phx1#admin show version

 

HIT COMMAND:border1.phx1#show version

 

    In ShowVersion: border1.phx1#show version

 

TYPE =3D 7200

 

HIT COMMAND:border1.phx1#show redundancy secondary

 

    In ShowRedundancy: border1.phx1#show redundancy secondary

 

HIT COMMAND:border1.phx1#show idprom backplane

 

    In ShowIDprom: border1.phx1#show idprom backplane

 

HIT COMMAND:border1.phx1#show install active

 

    In ShowInstallActive: border1.phx1#show install active

 

HIT COMMAND:border1.phx1#admin show env all

 

    In ShowEnv: border1.phx1#admin show env all

 

HIT COMMAND:border1.phx1#show env all

 

    In ShowEnv: border1.phx1#show env all

 

HIT COMMAND:border1.phx1#show rsp chassis-info

 

    In ShowRSP: border1.phx1#show rsp chassis-info

 

HIT COMMAND:border1.phx1#show gsr chassis

 

    In ShowGSR: border1.phx1#show gsr chassis

 

HIT COMMAND:border1.phx1#show diag chassis-info

 

    In ShowGSR: border1.phx1#show diag chassis-info

 

HIT COMMAND:border1.phx1#show boot

 

    In ShowBoot: border1.phx1#show boot

 

HIT COMMAND:border1.phx1#show bootvar

 

    In ShowBoot: border1.phx1#show bootvar

 

HIT COMMAND:border1.phx1#admin show variables boot

 

    In ShowBoot: border1.phx1#admin show variables boot

 

HIT COMMAND:border1.phx1#show variables boot

 

    In ShowBoot: border1.phx1#show variables boot

 

HIT COMMAND:border1.phx1#show flash

 

    In ShowFlash: border1.phx1#show flash

 

HIT COMMAND:border1.phx1#dir /all nvram:

 

    In DirSlotN: border1.phx1#dir /all nvram:

 

HIT COMMAND:border1.phx1#dir /all bootflash:

 

    In DirSlotN: border1.phx1#dir /all bootflash:

 

HIT COMMAND:border1.phx1#dir /all slot0:

 

    In DirSlotN: border1.phx1#dir /all slot0:

 

HIT COMMAND:border1.phx1#dir /all disk0:

 

    In DirSlotN: border1.phx1#dir /all disk0:

 

HIT COMMAND:border1.phx1#dir /all slot1:

 

    In DirSlotN: border1.phx1#dir /all slot1:

 

HIT COMMAND:border1.phx1#dir /all disk1:

 

    In DirSlotN: border1.phx1#dir /all disk1:

 

HIT COMMAND:border1.phx1#dir /all slot2:

 

    In DirSlotN: border1.phx1#dir /all slot2:

 

HIT COMMAND:border1.phx1#dir /all disk2:

 

    In DirSlotN: border1.phx1#dir /all disk2:

 

HIT COMMAND:border1.phx1#dir /all harddisk:

 

    In DirSlotN: border1.phx1#dir /all harddisk:

 

HIT COMMAND:border1.phx1#dir /all harddiska:

 

    In DirSlotN: border1.phx1#dir /all harddiska:

 

HIT COMMAND:border1.phx1#dir /all harddiskb:

 

    In DirSlotN: border1.phx1#dir /all harddiskb:

 

HIT COMMAND:border1.phx1#dir /all sup-bootflash:

 

    In DirSlotN: border1.phx1#dir /all sup-bootflash:

 

HIT COMMAND:border1.phx1#dir /all sup-microcode:

 

    In DirSlotN: border1.phx1#dir /all sup-microcode:

 

HIT COMMAND:border1.phx1#dir /all slavenvram:

 

    In DirSlotN: border1.phx1#dir /all slavenvram:

 

HIT COMMAND:border1.phx1#dir /all slavebootflash:

 

    In DirSlotN: border1.phx1#dir /all slavebootflash:

 

HIT COMMAND:border1.phx1#dir /all slaveslot0:

 

    In DirSlotN: border1.phx1#dir /all slaveslot0:

 

HIT COMMAND:border1.phx1#dir /all slavedisk0:

 

    In DirSlotN: border1.phx1#dir /all slavedisk0:

 

HIT COMMAND:border1.phx1#dir /all slaveslot1:

 

    In DirSlotN: border1.phx1#dir /all slaveslot1:

 

HIT COMMAND:border1.phx1#dir /all slavedisk1:

 

    In DirSlotN: border1.phx1#dir /all slavedisk1:

 

HIT COMMAND:border1.phx1#dir /all slaveslot2:

 

    In DirSlotN: border1.phx1#dir /all slaveslot2:

 

HIT COMMAND:border1.phx1#dir /all slavedisk2:

 

    In DirSlotN: border1.phx1#dir /all slavedisk2:

 

HIT COMMAND:border1.phx1#dir /all slavesup-bootflash:

 

    In DirSlotN: border1.phx1#dir /all slavesup-bootflash:

 

HIT COMMAND:border1.phx1#dir /all sec-nvram:

 

    In DirSlotN: border1.phx1#dir /all sec-nvram:

 

HIT COMMAND:border1.phx1#dir /all sec-bootflash:

 

    In DirSlotN: border1.phx1#dir /all sec-bootflash:

 

HIT COMMAND:border1.phx1#dir /all sec-slot0:

 

    In DirSlotN: border1.phx1#dir /all sec-slot0:

 

HIT COMMAND:border1.phx1#dir /all sec-disk0:

 

    In DirSlotN: border1.phx1#dir /all sec-disk0:

 

HIT COMMAND:border1.phx1#dir /all sec-slot1:

 

    In DirSlotN: border1.phx1#dir /all sec-slot1:

 

HIT COMMAND:border1.phx1#dir /all sec-disk1:

 

    In DirSlotN: border1.phx1#dir /all sec-disk1:

 

HIT COMMAND:border1.phx1#dir /all sec-slot2:

 

    In DirSlotN: border1.phx1#dir /all sec-slot2:

 

HIT COMMAND:border1.phx1#dir /all sec-disk2:

 

    In DirSlotN: border1.phx1#dir /all sec-disk2:

 

HIT COMMAND:border1.phx1#show controllers

 

    In ShowContAll: border1.phx1#show controllers

 

HIT COMMAND:border1.phx1#show controllers cbus

 

    In ShowContCbus: border1.phx1#show controllers cbus

 

HIT COMMAND:border1.phx1#show diagbus

 

    In ShowDiagbus: border1.phx1#show diagbus

 

HIT COMMAND:border1.phx1#admin show diag

 

    In ShowDiag: border1.phx1#admin show diag

 

HIT COMMAND:border1.phx1#show diag

 

    In ShowDiag: border1.phx1#show diag

 

HIT COMMAND:border1.phx1#show module

 

    In ShowModule: border1.phx1#show module

 

HIT COMMAND:border1.phx1#show spe version

 

    In ShowSpeVersion: border1.phx1#show spe version

 

HIT COMMAND:border1.phx1#show c7200

 

    In ShowC7200: border1.phx1#show c7200

 

HIT COMMAND:border1.phx1#show inventory raw

 

    In ShowInventory: border1.phx1#show inventory raw

 

HIT COMMAND:border1.phx1#show vtp status

 

    In ShowVTP: border1.phx1#show vtp status

 

HIT COMMAND:border1.phx1#show vlan

 

    In ShowVLAN: border1.phx1#show vlan

 

HIT COMMAND:border1.phx1#show vlan-switch

 

    In ShowVLAN: border1.phx1#show vlan-switch

 

HIT COMMAND:border1.phx1#show debug

 

    In ShowDebug: border1.phx1#show debug

 

HIT COMMAND:border1.phx1#show running-config

 

    In WriteTerm: border1.phx1#show running-config

 

border1.phx1: missed cmd(s): write term

 

border1.phx1: missed cmd(s): write term

 

 

 


--
No virus found in this outgoing message.
Checked by AVG Free Edition.
Version: 7.0.408 / Virus Database: 268.13.4/476 - Release Date: 10/14/2006


-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20061023/c7937bcc/attachment.html 

From ian-list at insourced.us  Tue Oct 24 18:53:55 2006
From: ian-list at insourced.us (Ian Lists)
Date: Tue, 24 Oct 2006 14:53:55 -0400 (EDT)
Subject: [rancid]  SSH Proto 1
Message-ID: <23651654.61161716035539.JavaMail.root@postal.insourcedsecurity.com>

I have seen some postings online to use the "add sshcmd" line in my .cloginrc file to enable ssh protocol 1 for a device.  I don't see this as one of the avaliable options in the sample .cloginrc file and it didn't seem to work for me anyway.  Could someone give me some tips on getting the ssh "-1" flag to work?

Thanks,
Ian


From eravin at panix.com  Tue Oct 24 20:06:05 2006
From: eravin at panix.com (Ed Ravin)
Date: Tue, 24 Oct 2006 16:06:05 -0400
Subject: [rancid] Re: SSH Proto 1
In-Reply-To: <23651654.61161716035539.JavaMail.root@postal.insourcedsecurity.com>
References: <23651654.61161716035539.JavaMail.root@postal.insourcedsecurity.com>
Message-ID: <20061024200605.GA17635@panix.com>

On Tue, Oct 24, 2006 at 02:53:55PM -0400, Ian Lists wrote:
> I have seen some postings online to use the "add sshcmd" line in
> my .cloginrc file to enable ssh protocol 1 for a device.  I don't
> see this as one of the avaliable options in the sample .cloginrc
> file and it didn't seem to work for me anyway.  Could someone give
> me some tips on getting the ssh "-1" flag to work?

You'll need to edit clogin, add yet another option.  Or try the patches
I posted a few months ago on using arbitrary connection methods - it lets you
define the complete command line that's used to connect to the device:

   http://www.shrubbery.net/pipermail/rancid-discuss/2006-May/001490.html


From ian-list at insourced.us  Tue Oct 24 20:18:14 2006
From: ian-list at insourced.us (Ian Lists)
Date: Tue, 24 Oct 2006 16:18:14 -0400 (EDT)
Subject: [rancid] Re: SSH Proto 1
In-Reply-To: <20061024200605.GA17635@panix.com>
Message-ID: <20309889.91161721094552.JavaMail.root@postal.insourcedsecurity.com>

Is this patch need for rancid-2.3.2a5?


----- Original Message -----
From: Ed Ravin <eravin at panix.com>
To: Ian Lists <ian-list at insourced.us>
Cc: rancid-discuss at shrubbery.net
Sent: Tuesday, October 24, 2006 4:06:05 PM GMT-0500 US/Eastern
Subject: Re: [rancid]  SSH Proto 1

On Tue, Oct 24, 2006 at 02:53:55PM -0400, Ian Lists wrote:
> I have seen some postings online to use the "add sshcmd" line in
> my .cloginrc file to enable ssh protocol 1 for a device.  I don't
> see this as one of the avaliable options in the sample .cloginrc
> file and it didn't seem to work for me anyway.  Could someone give
> me some tips on getting the ssh "-1" flag to work?

You'll need to edit clogin, add yet another option.  Or try the patches
I posted a few months ago on using arbitrary connection methods - it lets you
define the complete command line that's used to connect to the device:

   http://www.shrubbery.net/pipermail/rancid-discuss/2006-May/001490.html



From eravin at panix.com  Tue Oct 24 20:44:34 2006
From: eravin at panix.com (Ed Ravin)
Date: Tue, 24 Oct 2006 16:44:34 -0400
Subject: [rancid] Re: SSH Proto 1
In-Reply-To: <20309889.91161721094552.JavaMail.root@postal.insourcedsecurity.com>
References: <20061024200605.GA17635@panix.com>
	<20309889.91161721094552.JavaMail.root@postal.insourcedsecurity.com>
Message-ID: <20061024204434.GA28044@panix.com>

On Tue, Oct 24, 2006 at 04:18:14PM -0400, Ian Lists wrote:
> Is this patch need for rancid-2.3.2a5?

Alas, hardly any of the nifty new features that I've contributed to RANCID
have made it into the official release yet.  However, looking at 2.3.2a5,
I see that hunk#3 in my patch was integrated, since that portion was
a fix to an obscure bug.

So the answer is yes, if you want the feature for defining arbitray
connection methods.  If you have any problems applying or using
the patch, please contact me off-list.


> ----- Original Message -----
> From: Ed Ravin <eravin at panix.com>
> To: Ian Lists <ian-list at insourced.us>
> Cc: rancid-discuss at shrubbery.net
> Sent: Tuesday, October 24, 2006 4:06:05 PM GMT-0500 US/Eastern
> Subject: Re: [rancid]  SSH Proto 1
> 
> On Tue, Oct 24, 2006 at 02:53:55PM -0400, Ian Lists wrote:
> > I have seen some postings online to use the "add sshcmd" line in
> > my .cloginrc file to enable ssh protocol 1 for a device.  I don't
> > see this as one of the avaliable options in the sample .cloginrc
> > file and it didn't seem to work for me anyway.  Could someone give
> > me some tips on getting the ssh "-1" flag to work?
> 
> You'll need to edit clogin, add yet another option.  Or try the patches
> I posted a few months ago on using arbitrary connection methods - it lets you
> define the complete command line that's used to connect to the device:
> 
>    http://www.shrubbery.net/pipermail/rancid-discuss/2006-May/001490.html
> 


From faron.hopper at capgemini.com  Tue Oct 24 18:57:49 2006
From: faron.hopper at capgemini.com (Hopper, Faron  W.)
Date: Tue, 24 Oct 2006 14:57:49 -0400
Subject: [rancid] Re: SSH Proto 1
Message-ID: <0D9EF3454D8EFC4B8BFFD2B862941681013701FE@caonmastxm03.na.capgemini.com>


I have added this to my .ssh/config file in the directory of the user
that runs rancid on my backup server

netcfgbak at net-stager:~$ cat .ssh/config
host router01?
protocol 1
netcfgbak at net-stager:~$




Thank you,
Faron Hopper / Capgemini / Kansas City
Network Engineer / Outsourcing Services
Office: 1 816 459 5139 / Mobile: 1 816 863 1234
Alternate Phone Number: 1 866 207 3344 option 1, ext 5139
www.us.capgemini.com 
Fax: 1 816 459 6767 
3315 N Oak Trafficway, Kansas City, MO, 64116
Email: faron.hopper at capgemini.com
Join the Collaborative Business Experience


-----Original Message-----
From: rancid-discuss-bounces at shrubbery.net
[mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Ian Lists
Sent: Tuesday, October 24, 2006 1:54 PM
To: rancid-discuss at shrubbery.net
Subject: [rancid] SSH Proto 1

I have seen some postings online to use the "add sshcmd" line in my
..cloginrc file to enable ssh protocol 1 for a device.  I don't see this
as one of the avaliable options in the sample .cloginrc file and it
didn't seem to work for me anyway.  Could someone give me some tips on
getting the ssh "-1" flag to work?

Thanks,
Ian
_______________________________________________
Rancid-discuss mailing list
Rancid-discuss at shrubbery.net
http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss

This message contains information that may be privileged or confidential and is the property of the Capgemini Group. It is intended only for the person to whom it is addressed. If you are not the intended recipient,  you are not authorized to read, print, retain, copy, disseminate,  distribute, or use this message or any part thereof. If you receive this  message in error, please notify the sender immediately and delete all  copies of this message.



From ian-list at insourced.us  Wed Oct 25 15:17:46 2006
From: ian-list at insourced.us (Ian Lists)
Date: Wed, 25 Oct 2006 11:17:46 -0400 (EDT)
Subject: [rancid] Re: SSH Proto 1
In-Reply-To: <0D9EF3454D8EFC4B8BFFD2B862941681013701FE@caonmastxm03.na.capgemini.com>
Message-ID: <10616151.121161789466208.JavaMail.root@postal.insourcedsecurity.com>

Thanks, that seems to have worked but once I get logged in, all commands time out.

Cloginrc entry
add password my-switch MYPASSWORD 
add user my-switch rancid
add method my-switch ssh
add noenable my-switch 1



Command via rancid
[rancid]$ bin/clogin my-switch
my-switch
spawn ssh -c 3des -x -l rancid my-switch
rancid at my-switch's password: 

my-switch#sh clock

Error: TIMEOUT reached


Command Manually
ssh rancid at my-switch
rancid at my-switch's password: 

my-switch#sh clock
11:14:59.927 UTC Wed Oct 25 2006


Thanks,
Ian

----- Original Message -----
From: Faron W. Hopper <faron.hopper at capgemini.com>
To: Ian Lists <ian-list at insourced.us>, rancid-discuss at shrubbery.net
Sent: Tuesday, October 24, 2006 2:57:49 PM GMT-0500 US/Eastern
Subject: RE: [rancid]  SSH Proto 1


I have added this to my .ssh/config file in the directory of the user
that runs rancid on my backup server

netcfgbak at net-stager:~$ cat .ssh/config
host router01?
protocol 1
netcfgbak at net-stager:~$




Thank you,
Faron Hopper / Capgemini / Kansas City
Network Engineer / Outsourcing Services
Office: 1 816 459 5139 / Mobile: 1 816 863 1234
Alternate Phone Number: 1 866 207 3344 option 1, ext 5139
www.us.capgemini.com 
Fax: 1 816 459 6767 
3315 N Oak Trafficway, Kansas City, MO, 64116
Email: faron.hopper at capgemini.com
Join the Collaborative Business Experience


-----Original Message-----
From: rancid-discuss-bounces at shrubbery.net
[mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Ian Lists
Sent: Tuesday, October 24, 2006 1:54 PM
To: rancid-discuss at shrubbery.net
Subject: [rancid] SSH Proto 1

I have seen some postings online to use the "add sshcmd" line in my
..cloginrc file to enable ssh protocol 1 for a device.  I don't see this
as one of the avaliable options in the sample .cloginrc file and it
didn't seem to work for me anyway.  Could someone give me some tips on
getting the ssh "-1" flag to work?

Thanks,
Ian
_______________________________________________
Rancid-discuss mailing list
Rancid-discuss at shrubbery.net
http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss

This message contains information that may be privileged or confidential and is the property of the Capgemini Group. It is intended only for the person to whom it is addressed. If you are not the intended recipient,  you are not authorized to read, print, retain, copy, disseminate,  distribute, or use this message or any part thereof. If you receive this  message in error, please notify the sender immediately and delete all  copies of this message.




From faron.hopper at capgemini.com  Wed Oct 25 21:26:49 2006
From: faron.hopper at capgemini.com (Hopper, Faron  W.)
Date: Wed, 25 Oct 2006 17:26:49 -0400
Subject: [rancid] Re: SSH Proto 1
Message-ID: <0D9EF3454D8EFC4B8BFFD2B862941681013AA620@caonmastxm03.na.capgemini.com>


First set
	
	add autoenable my-switch 0

then do a 

	clogin -c "show clock" my-router

and see if that helps

Thank you,
Faron Hopper / Capgemini / Kansas City
Network Engineer / Outsourcing Services
Office: 1 816 459 5139 / Mobile: 1 816 863 1234
Alternate Phone Number: 1 866 207 3344 option 1, ext 5139
www.us.capgemini.com 
Fax: 1 816 459 6767 
3315 N Oak Trafficway, Kansas City, MO, 64116
Email: faron.hopper at capgemini.com
Join the Collaborative Business Experience



-----Original Message-----
From: Ian Lists [mailto:ian-list at insourced.us] 
Sent: Wednesday, October 25, 2006 10:18 AM
To: rancid-discuss at shrubbery.net
Cc: Hopper, Faron W.
Subject: Re: [rancid] SSH Proto 1

Thanks, that seems to have worked but once I get logged in, all commands
time out.

Cloginrc entry
add password my-switch MYPASSWORD 
add user my-switch rancid
add method my-switch ssh
add noenable my-switch 1



Command via rancid
[rancid]$ bin/clogin my-switch
my-switch
spawn ssh -c 3des -x -l rancid my-switch
rancid at my-switch's password: 

my-switch#sh clock

Error: TIMEOUT reached


Command Manually
ssh rancid at my-switch
rancid at my-switch's password: 

my-switch#sh clock
11:14:59.927 UTC Wed Oct 25 2006


Thanks,
Ian

----- Original Message -----
From: Faron W. Hopper <faron.hopper at capgemini.com>
To: Ian Lists <ian-list at insourced.us>, rancid-discuss at shrubbery.net
Sent: Tuesday, October 24, 2006 2:57:49 PM GMT-0500 US/Eastern
Subject: RE: [rancid]  SSH Proto 1


I have added this to my .ssh/config file in the directory of the user
that runs rancid on my backup server

netcfgbak at net-stager:~$ cat .ssh/config
host router01?
protocol 1
netcfgbak at net-stager:~$




Thank you,
Faron Hopper / Capgemini / Kansas City
Network Engineer / Outsourcing Services
Office: 1 816 459 5139 / Mobile: 1 816 863 1234
Alternate Phone Number: 1 866 207 3344 option 1, ext 5139
www.us.capgemini.com 
Fax: 1 816 459 6767 
3315 N Oak Trafficway, Kansas City, MO, 64116
Email: faron.hopper at capgemini.com
Join the Collaborative Business Experience


-----Original Message-----
From: rancid-discuss-bounces at shrubbery.net
[mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Ian Lists
Sent: Tuesday, October 24, 2006 1:54 PM
To: rancid-discuss at shrubbery.net
Subject: [rancid] SSH Proto 1

I have seen some postings online to use the "add sshcmd" line in my
...cloginrc file to enable ssh protocol 1 for a device.  I don't see this
as one of the avaliable options in the sample .cloginrc file and it
didn't seem to work for me anyway.  Could someone give me some tips on
getting the ssh "-1" flag to work?

Thanks,
Ian
_______________________________________________
Rancid-discuss mailing list
Rancid-discuss at shrubbery.net
http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss

This message contains information that may be privileged or confidential
and is the property of the Capgemini Group. It is intended only for the
person to whom it is addressed. If you are not the intended recipient,
you are not authorized to read, print, retain, copy, disseminate,
distribute, or use this message or any part thereof. If you receive this
message in error, please notify the sender immediately and delete all
copies of this message.



This message contains information that may be privileged or confidential and is the property of the Capgemini Group. It is intended only for the person to whom it is addressed. If you are not the intended recipient,  you are not authorized to read, print, retain, copy, disseminate,  distribute, or use this message or any part thereof. If you receive this  message in error, please notify the sender immediately and delete all  copies of this message.



From ian-list at insourced.us  Thu Oct 26 18:26:16 2006
From: ian-list at insourced.us (Ian Lists)
Date: Thu, 26 Oct 2006 14:26:16 -0400 (EDT)
Subject: [rancid] Re: SSH Proto 1
In-Reply-To: <0D9EF3454D8EFC4B8BFFD2B862941681013AA620@caonmastxm03.na.capgemini.com>
Message-ID: <3492169.01161887176028.JavaMail.root@postal.insourcedsecurity.com>

Thanks for the suggestion but I'm still getting the same error.  Any other ideas what I should look into?


bin/clogin -c "show clock" my-switch
my-switch
spawn ssh -c des -x -l rancid my-switch
Warning: use of DES is strongly discouraged due to cryptographic weaknesses
rancid at my-switch's password: 

my-switch#
Error: TIMEOUT reached



Cloginrc
add password my-switch MYPASSWORD 
add user my-switch rancid
add method my-switch ssh
add cyphertype my-switch des
add noenable my-switch 1
add autoenable my-switch 0 



Thanks,
Ian


----- Original Message -----
From: Faron W. Hopper <faron.hopper at capgemini.com>
To: Ian Lists <ian-list at insourced.us>, rancid-discuss at shrubbery.net
Sent: Wednesday, October 25, 2006 5:26:49 PM GMT-0500 US/Eastern
Subject: RE: [rancid]  SSH Proto 1


First set
	
	add autoenable my-switch 0

then do a 

	clogin -c "show clock" my-router

and see if that helps

Thank you,
Faron Hopper / Capgemini / Kansas City
Network Engineer / Outsourcing Services
Office: 1 816 459 5139 / Mobile: 1 816 863 1234
Alternate Phone Number: 1 866 207 3344 option 1, ext 5139
www.us.capgemini.com 
Fax: 1 816 459 6767 
3315 N Oak Trafficway, Kansas City, MO, 64116
Email: faron.hopper at capgemini.com
Join the Collaborative Business Experience



-----Original Message-----
From: Ian Lists [mailto:ian-list at insourced.us] 
Sent: Wednesday, October 25, 2006 10:18 AM
To: rancid-discuss at shrubbery.net
Cc: Hopper, Faron W.
Subject: Re: [rancid] SSH Proto 1

Thanks, that seems to have worked but once I get logged in, all commands
time out.

Cloginrc entry
add password my-switch MYPASSWORD 
add user my-switch rancid
add method my-switch ssh
add noenable my-switch 1



Command via rancid
[rancid]$ bin/clogin my-switch
my-switch
spawn ssh -c 3des -x -l rancid my-switch
rancid at my-switch's password: 

my-switch#sh clock

Error: TIMEOUT reached


Command Manually
ssh rancid at my-switch
rancid at my-switch's password: 

my-switch#sh clock
11:14:59.927 UTC Wed Oct 25 2006


Thanks,
Ian

----- Original Message -----
From: Faron W. Hopper <faron.hopper at capgemini.com>
To: Ian Lists <ian-list at insourced.us>, rancid-discuss at shrubbery.net
Sent: Tuesday, October 24, 2006 2:57:49 PM GMT-0500 US/Eastern
Subject: RE: [rancid]  SSH Proto 1


I have added this to my .ssh/config file in the directory of the user
that runs rancid on my backup server

netcfgbak at net-stager:~$ cat .ssh/config
host router01?
protocol 1
netcfgbak at net-stager:~$




Thank you,
Faron Hopper / Capgemini / Kansas City
Network Engineer / Outsourcing Services
Office: 1 816 459 5139 / Mobile: 1 816 863 1234
Alternate Phone Number: 1 866 207 3344 option 1, ext 5139
www.us.capgemini.com 
Fax: 1 816 459 6767 
3315 N Oak Trafficway, Kansas City, MO, 64116
Email: faron.hopper at capgemini.com
Join the Collaborative Business Experience


-----Original Message-----
From: rancid-discuss-bounces at shrubbery.net
[mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Ian Lists
Sent: Tuesday, October 24, 2006 1:54 PM
To: rancid-discuss at shrubbery.net
Subject: [rancid] SSH Proto 1

I have seen some postings online to use the "add sshcmd" line in my
...cloginrc file to enable ssh protocol 1 for a device.  I don't see this
as one of the avaliable options in the sample .cloginrc file and it
didn't seem to work for me anyway.  Could someone give me some tips on
getting the ssh "-1" flag to work?

Thanks,
Ian
_______________________________________________
Rancid-discuss mailing list
Rancid-discuss at shrubbery.net
http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss

This message contains information that may be privileged or confidential
and is the property of the Capgemini Group. It is intended only for the
person to whom it is addressed. If you are not the intended recipient,
you are not authorized to read, print, retain, copy, disseminate,
distribute, or use this message or any part thereof. If you receive this
message in error, please notify the sender immediately and delete all
copies of this message.



This message contains information that may be privileged or confidential and is the property of the Capgemini Group. It is intended only for the person to whom it is addressed. If you are not the intended recipient,  you are not authorized to read, print, retain, copy, disseminate,  distribute, or use this message or any part thereof. If you receive this  message in error, please notify the sender immediately and delete all  copies of this message.




From faron.hopper at capgemini.com  Thu Oct 26 18:45:09 2006
From: faron.hopper at capgemini.com (Hopper, Faron  W.)
Date: Thu, 26 Oct 2006 14:45:09 -0400
Subject: [rancid] Re: SSH Proto 1
Message-ID: <0D9EF3454D8EFC4B8BFFD2B862941681013AA7D9@caonmastxm03.na.capgemini.com>


Sorry I missed the part that you are logging in with privileges...set

	add autoenable my-switch 0
to

	add autoenable my-switch 1

Thank you,
Faron Hopper / Capgemini / Kansas City
Network Engineer / Outsourcing Services
Office: 1 816 459 5139 / Mobile: 1 816 863 1234
Alternate Phone Number: 1 866 207 3344 option 1, ext 5139
www.us.capgemini.com 
Fax: 1 816 459 6767 
3315 N Oak Trafficway, Kansas City, MO, 64116
Email: faron.hopper at capgemini.com
Join the Collaborative Business Experience


-----Original Message-----
From: Ian Lists [mailto:ian-list at insourced.us] 
Sent: Thursday, October 26, 2006 1:26 PM
To: Hopper, Faron W.
Cc: rancid-discuss at shrubbery.net
Subject: Re: [rancid] SSH Proto 1

Thanks for the suggestion but I'm still getting the same error.  Any
other ideas what I should look into?


bin/clogin -c "show clock" my-switch
my-switch
spawn ssh -c des -x -l rancid my-switch
Warning: use of DES is strongly discouraged due to cryptographic
weaknesses
rancid at my-switch's password: 

my-switch#
Error: TIMEOUT reached



Cloginrc
add password my-switch MYPASSWORD 
add user my-switch rancid
add method my-switch ssh
add cyphertype my-switch des
add noenable my-switch 1
add autoenable my-switch 0 



Thanks,
Ian


----- Original Message -----
From: Faron W. Hopper <faron.hopper at capgemini.com>
To: Ian Lists <ian-list at insourced.us>, rancid-discuss at shrubbery.net
Sent: Wednesday, October 25, 2006 5:26:49 PM GMT-0500 US/Eastern
Subject: RE: [rancid]  SSH Proto 1


First set
	
	add autoenable my-switch 0

then do a 

	clogin -c "show clock" my-router

and see if that helps

Thank you,
Faron Hopper / Capgemini / Kansas City
Network Engineer / Outsourcing Services
Office: 1 816 459 5139 / Mobile: 1 816 863 1234
Alternate Phone Number: 1 866 207 3344 option 1, ext 5139
www.us.capgemini.com 
Fax: 1 816 459 6767 
3315 N Oak Trafficway, Kansas City, MO, 64116
Email: faron.hopper at capgemini.com
Join the Collaborative Business Experience



-----Original Message-----
From: Ian Lists [mailto:ian-list at insourced.us] 
Sent: Wednesday, October 25, 2006 10:18 AM
To: rancid-discuss at shrubbery.net
Cc: Hopper, Faron W.
Subject: Re: [rancid] SSH Proto 1

Thanks, that seems to have worked but once I get logged in, all commands
time out.

Cloginrc entry
add password my-switch MYPASSWORD 
add user my-switch rancid
add method my-switch ssh
add noenable my-switch 1



Command via rancid
[rancid]$ bin/clogin my-switch
my-switch
spawn ssh -c 3des -x -l rancid my-switch
rancid at my-switch's password: 

my-switch#sh clock

Error: TIMEOUT reached


Command Manually
ssh rancid at my-switch
rancid at my-switch's password: 

my-switch#sh clock
11:14:59.927 UTC Wed Oct 25 2006


Thanks,
Ian

----- Original Message -----
From: Faron W. Hopper <faron.hopper at capgemini.com>
To: Ian Lists <ian-list at insourced.us>, rancid-discuss at shrubbery.net
Sent: Tuesday, October 24, 2006 2:57:49 PM GMT-0500 US/Eastern
Subject: RE: [rancid]  SSH Proto 1


I have added this to my .ssh/config file in the directory of the user
that runs rancid on my backup server

netcfgbak at net-stager:~$ cat .ssh/config
host router01?
protocol 1
netcfgbak at net-stager:~$




Thank you,
Faron Hopper / Capgemini / Kansas City
Network Engineer / Outsourcing Services
Office: 1 816 459 5139 / Mobile: 1 816 863 1234
Alternate Phone Number: 1 866 207 3344 option 1, ext 5139
www.us.capgemini.com 
Fax: 1 816 459 6767 
3315 N Oak Trafficway, Kansas City, MO, 64116
Email: faron.hopper at capgemini.com
Join the Collaborative Business Experience


-----Original Message-----
From: rancid-discuss-bounces at shrubbery.net
[mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Ian Lists
Sent: Tuesday, October 24, 2006 1:54 PM
To: rancid-discuss at shrubbery.net
Subject: [rancid] SSH Proto 1

I have seen some postings online to use the "add sshcmd" line in my
....cloginrc file to enable ssh protocol 1 for a device.  I don't see
this
as one of the avaliable options in the sample .cloginrc file and it
didn't seem to work for me anyway.  Could someone give me some tips on
getting the ssh "-1" flag to work?

Thanks,
Ian
_______________________________________________
Rancid-discuss mailing list
Rancid-discuss at shrubbery.net
http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss

This message contains information that may be privileged or confidential
and is the property of the Capgemini Group. It is intended only for the
person to whom it is addressed. If you are not the intended recipient,
you are not authorized to read, print, retain, copy, disseminate,
distribute, or use this message or any part thereof. If you receive this
message in error, please notify the sender immediately and delete all
copies of this message.



This message contains information that may be privileged or confidential
and is the property of the Capgemini Group. It is intended only for the
person to whom it is addressed. If you are not the intended recipient,
you are not authorized to read, print, retain, copy, disseminate,
distribute, or use this message or any part thereof. If you receive this
message in error, please notify the sender immediately and delete all
copies of this message.



This message contains information that may be privileged or confidential and is the property of the Capgemini Group. It is intended only for the person to whom it is addressed. If you are not the intended recipient,  you are not authorized to read, print, retain, copy, disseminate,  distribute, or use this message or any part thereof. If you receive this  message in error, please notify the sender immediately and delete all  copies of this message.



From johnd at get.topica.com  Thu Oct 26 21:28:54 2006
From: johnd at get.topica.com (John Dworske)
Date: Thu, 26 Oct 2006 14:28:54 -0700
Subject: [rancid]  unencrypted passwords in .cloginrc ...
Message-ID: <45412896.4030207@get.topica.com>



Rancid Folks,

Is there any way getting around using unencrypted passwords in the 
.cloginrc file ?  My co-workers will not let me use rancid unless we can 
come up with something more secure ?

Thanks,
John Dworske


From arnold at nipper.de  Thu Oct 26 21:42:12 2006
From: arnold at nipper.de (Arnold Nipper)
Date: Thu, 26 Oct 2006 23:42:12 +0200
Subject: [rancid] Re: unencrypted passwords in .cloginrc ...
In-Reply-To: <45412896.4030207@get.topica.com>
References: <45412896.4030207@get.topica.com>
Message-ID: <45412BB4.80706@nipper.de>

On 26.10.2006 23:28 John Dworske wrote

> 
> Rancid Folks,
> 
> Is there any way getting around using unencrypted passwords in the 
> .cloginrc file ?  My co-workers will not let me use rancid unless we can 
> come up with something more secure ?
> 

"chmod 600 .cloginrc" is not secure enough?

-- 
Arnold, AN45


From tex at off.org  Thu Oct 26 22:09:02 2006
From: tex at off.org (Austin Schutz)
Date: Thu, 26 Oct 2006 15:09:02 -0700
Subject: [rancid] Re: unencrypted passwords in .cloginrc ...
In-Reply-To: <45412896.4030207@get.topica.com>
References: <45412896.4030207@get.topica.com>
Message-ID: <20061026220902.GM2891@gblx.net>

On Thu, Oct 26, 2006 at 02:28:54PM -0700, John Dworske wrote:
> 
> 
> Rancid Folks,
> 
> Is there any way getting around using unencrypted passwords in the 
> .cloginrc file ?  My co-workers will not let me use rancid unless we can 
> come up with something more secure ?
> 

	If your poller is not secure it doesn't matter what authentication
method you use. So while you could for some platforms set up .shosts or RSA
authorized keys, it doesn't really accomplish anything.

	How is it you do your snmp polling without the snmp poller having
the unencrypted community string? Answer: you don't. This really isn't any
different. Use strict ACLs to make sure the number of hosts allowed access
it small. Use ssh and not telnet for polling. Be very strict about poller
security.

	Austin


From JJackson at aninetworks.com  Thu Oct 26 23:26:54 2006
From: JJackson at aninetworks.com (Joseph Jackson)
Date: Thu, 26 Oct 2006 16:26:54 -0700
Subject: [rancid] Re: unencrypted passwords in .cloginrc ...
Message-ID: <B9843A4B77B5AD46AF1C1756FB565E2C02B0CFB5@mcmail01.ad.local>

 

> -----Original Message-----
> From: rancid-discuss-bounces at shrubbery.net 
> [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of 
> Austin Schutz
> Sent: Thursday, October 26, 2006 3:09 PM
> To: John Dworske
> Cc: rancid-discuss at shrubbery.net
> Subject: [rancid] Re: unencrypted passwords in .cloginrc ...
> 
> On Thu, Oct 26, 2006 at 02:28:54PM -0700, John Dworske wrote:
> > 
> > 
> > Rancid Folks,
> > 
> > Is there any way getting around using unencrypted passwords in the 
> > .cloginrc file ?  My co-workers will not let me use rancid 
> unless we 
> > can come up with something more secure ?
> > 
> 
> 	If your poller is not secure it doesn't matter what 
> authentication method you use. So while you could for some 
> platforms set up .shosts or RSA authorized keys, it doesn't 
> really accomplish anything.
> 
> 	How is it you do your snmp polling without the snmp 
> poller having the unencrypted community string? Answer: you 
> don't. This really isn't any different. Use strict ACLs to 
> make sure the number of hosts allowed access it small. Use 
> ssh and not telnet for polling. Be very strict about poller security.
> 
> 	Austin
> _______________________________________________
> Rancid-discuss mailing list
> Rancid-discuss at shrubbery.net
> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
>

I got around this issue by using TACACS+ and setting what commands the
rancid user can run on the routers/switches.  That's really the best
solution in my book... :)

 


From eravin at panix.com  Fri Oct 27 01:47:32 2006
From: eravin at panix.com (Ed Ravin)
Date: Thu, 26 Oct 2006 21:47:32 -0400
Subject: [rancid] Re: unencrypted passwords in .cloginrc ...
In-Reply-To: <45412896.4030207@get.topica.com>
References: <45412896.4030207@get.topica.com>
Message-ID: <20061027014732.GA8957@panix.com>

On Thu, Oct 26, 2006 at 02:28:54PM -0700, John Dworske wrote:
> Is there any way getting around using unencrypted passwords in the 
> .cloginrc file ?  My co-workers will not let me use rancid unless we can 
> come up with something more secure ?

If something automated is going to log into a router, it needs an
authentication credential.  That's going to have to be stored somewhere.
If you store it encrypted, then you're going to need to store the
decryption key somewhere.  All that does is rearrange the exposure,
not solve it.  If your co-workers can elaborate on what they think
is "more secure", perhaps we can discuss it further.  It would also
help if your co-workers could describe what threat they're worried
about.  Are there hostile users on the RANCID host that might try to
discover your router passwords?  Is the RANCID host easy to break
into from the Internet or your local network?

If you trust your network and your RANCID host enough to use IP address
alone for authentication, you could use rsh.  (clogin has an rsh mode which
may work for you - it didn't for me, so I wrote a Perl script called
"rsh.clogin", posted to this list in June 2005, that should work reliably.)
Since rsh is unencrypted, and vulnerable to tcp spoofing if your network
isn't properly protected, some people might say that using rsh is less secure
than using passwords.

If you use a TACACS server for authentication, then you could do some
interesting things to make the passwords RANCID uses less useful to
outsiders - for example, the TACACS server could only allow the RANCID
username to be used from the RANCID host, or during certain times of day,
or only allow it to execute a limited subset of commands.


From Todd at equivoice.com  Mon Oct 30 17:32:22 2006
From: Todd at equivoice.com (Todd Heide)
Date: Mon, 30 Oct 2006 11:32:22 -0600
Subject: [rancid]  Rancid & MySQL
Message-ID: <082FEA82DC985B4F8A6B412D5AC4E22040A104@exchange.Equivoice.local>

Is there a way for Rancid to use Mysql for the list of nodes and logins
per device? As a management standpoint, not everyone here knows how to
use Linux, so if someone installs a new customer, it would be nice if
they could add the device via a webfront to the database and Rancid then
will see it and pull the config on its next poll. I use Tac_plus with a
similar setup and everyone here likes it. 

 

 

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20061030/a8c5c417/attachment.html 

From heas at shrubbery.net  Mon Oct 30 20:32:59 2006
From: heas at shrubbery.net (john heasley)
Date: Mon, 30 Oct 2006 12:32:59 -0800
Subject: [rancid] Re: Rancid & MySQL
In-Reply-To: <082FEA82DC985B4F8A6B412D5AC4E22040A104@exchange.Equivoice.local>
References: <082FEA82DC985B4F8A6B412D5AC4E22040A104@exchange.Equivoice.local>
Message-ID: <20061030203259.GA12625@shrubbery.net>

I do this, but with a script that periodically exports the list.

Mon, Oct 30, 2006 at 11:32:22AM -0600, Todd Heide:
> Is there a way for Rancid to use Mysql for the list of nodes and logins
> per device? As a management standpoint, not everyone here knows how to
> use Linux, so if someone installs a new customer, it would be nice if
> they could add the device via a webfront to the database and Rancid then
> will see it and pull the config on its next poll. I use Tac_plus with a
> similar setup and everyone here likes it. 
> 
>  
> 
>  
> 
>  
> 

> _______________________________________________
> Rancid-discuss mailing list
> Rancid-discuss at shrubbery.net
> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss


From ceidem at jafonet.com  Tue Oct 31 20:08:14 2006
From: ceidem at jafonet.com (Chris Eidem)
Date: Tue, 31 Oct 2006 14:08:14 -0600
Subject: [rancid]  Timeout problems with Cisco CSS's
Message-ID: <4547AD2E.3040106@jafonet.com>

I've installed rancid 2.3.2a5 and I have successfully copied the configs 
from my routers and switches (all Cisco,) but I'm having problems with 
my Cisco CSS's (CSS-11152s-AC).  When I connect (successfully) using 
clogin, I get the following:

$ clogin veri-stg-dmz-css-1.net
veri-stg-dmz-css-1.net
spawn telnet veri-stg-dmz-css-1.net
Trying WWW.XXX.YYY.ZZZ...
Connected to veri-stg-dmz-css-1.net.
Escape character is '^]'.

User Access Verification

Username:admin
Password:
v-stg-dmz-css-1#
Error: TIMEOUT reached
$

I am unable to enter any commands, and my scripts also timeout.  This is 
not true when connecting to the routers and switches.  Any clues as to 
where I should begin troubleshooting this?  What other information can I 
provide?

$ uname -a
OpenBSD xnetmon1 3.9 GENERIC.MP#598 i386
$ expect -v
expect version 5.43.0

Thanks in advance,
  - chris