The weird thing, I think, is that I don't have autoenable set in my cloginrc file and it's working great with all of my firewalls. not that todd shouldn't try it. i'm just confused....<br><br>chris<br><br>
<br><div><span class="gmail_quote">On 3/9/07, <b class="gmail_sendername">Todd Heide</b> <<a href="mailto:Todd@equivoice.com">Todd@equivoice.com</a>> wrote:</span><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
DOH Helps to read the instructions. I added autoenable, but didn't put<br>the ip of the device in. It is working from bin.clogin now. Lets see if<br>it pulss the config this time. Thanks for everyone who helped!<br><br>
Thanks<br>Todd Heide<br>Equivoice Inc.<br><br>CCNA CWLSS CS-CISecS<br>847-235-3308<br><br>Nothing ever goes as planned, Its a hell of a notion,<br>Even pharaohs turn to sand, Like a drop in the ocean<br><br>-----Original Message-----
<br>From: Mike Ashcraft [mailto:<a href="mailto:mashcraft@omniture.com">mashcraft@omniture.com</a>]<br>Sent: Friday, March 09, 2007 12:49 PM<br>To: Todd Heide<br>Cc: <a href="mailto:Rancid-discuss@shrubbery.net">Rancid-discuss@shrubbery.net
</a><br>Subject: RE: [rancid] Re: PIX authentication<br><br>Todd,<br><br>clogin IPADDRESS is 'hanging' because it is waiting for the pix to<br>return an enabled prompt. While you can type at the user prompt, the<br>
clogin program is still in control and will not pass your keystrokes on<br>to the PIX. Notice that after the timeout, your 'en' is entered at the<br>shell prompt. Setting autoenable to 0 will tell clogin that it will
<br>have to use the enable command to get the enabled prompt.<br><br>Unlike other Cisco devices, the PIX will not allow a tacacs+<br>authenticated user to go straight to enable mode.<br><br>Mike<br><br>-----Original Message-----
<br>From: <a href="mailto:rancid-discuss-bounces@shrubbery.net">rancid-discuss-bounces@shrubbery.net</a><br>[mailto:<a href="mailto:rancid-discuss-bounces@shrubbery.net">rancid-discuss-bounces@shrubbery.net</a>] On Behalf Of Todd Heide
<br>Sent: Friday, March 09, 2007 10:33 AM<br>To: Manuel Noriega<br>Cc: <a href="mailto:Rancid-discuss@shrubbery.net">Rancid-discuss@shrubbery.net</a><br>Subject: [rancid] Re: PIX authentication<br><br>OK, I didn't have the autoenable in there, I will see if that helps, but
<br>I am still puzzled as to why it is hanging when I try clogin IPADDRESS<br>to the pix'<br><br>Thanks<br>Todd Heide<br>Equivoice Inc.<br><br>CCNA CWLSS CS-CISecS<br>847-235-3308<br><br>Nothing ever goes as planned, Its a hell of a notion, Even pharaohs turn
<br>to sand, Like a drop in the ocean<br><br>-----Original Message-----<br>From: Manuel Noriega [mailto:<a href="mailto:mnoriega@amnetcorp.com">mnoriega@amnetcorp.com</a>]<br>Sent: Friday, March 09, 2007 11:19 AM<br>To: Todd Heide
<br>Cc: sawall; <a href="mailto:Rancid-discuss@shrubbery.net">Rancid-discuss@shrubbery.net</a><br>Subject: Re: [rancid] Re: PIX authentication<br><br>Are you using autoenable? I had troule at the beginning. This is what I
<br>have in my .clogonrc file.<br><br>add autoenable pix* 0<br>add method pixsps ssh<br>add cyphertype pixsps des<br>add user pixsps pix<br>add password pixsps vtypassword enablepassword
<br><br><br><br>Regards,<br><br>Manuel<br><br>On Mar 9, 2007, at 10:45 AM, Todd Heide wrote:<br><br>> Yep, the logs indicate basically the same thing that running clogin<br>> does, error: TIMEOUT reached. It is hanging when trying to get to
<br>> privileged exec mode on the PIX. All the routers work fine with ssh,<br>> so I am not sure what the problem is, and why it hangs, but I can ssh<br>> to the pix from the command prompt and get all the way in.
<br>><br>><br>><br>><br>><br>> Nothing ever goes as planned, Its a hell of a notion,<br>><br>> Even pharaohs turn to sand, Like a drop in the ocean<br>><br>> From: sawall [mailto:<a href="mailto:sawall@gmail.com">
sawall@gmail.com</a>]<br>> Sent: Friday, March 09, 2007 10:25 AM<br>> To: Todd Heide<br>> Subject: Re: [rancid] Re: PIX authentication<br>><br>><br>><br>> sorry. i'm not the greatest rancid guy. i modified my bin/rancid and
<br><br>> bin/clogin files slightly. and i'm not having any issues.<br>><br>> what if you run "bin/rancid -d {fw ip addr}"<br>><br>> should show some debug.<br>><br>><br>><br>> On 3/9/07, Todd Heide <
<a href="mailto:Todd@equivoice.com">Todd@equivoice.com</a>> wrote:<br>><br>><br>><br>> add user 67.1x.x.x rancid<br>> add password 67.1x.x.x {********} {*********}<br>> add method
67.1x.x.x ssh<br>><br>><br>> This login setup works fine on a router, all our routers use Tacacs<br>> + as<br>> well.<br>> ________________________________________<br>> From: sawall [mailto:<a href="mailto:sawall@gmail.com">
sawall@gmail.com</a>]<br>> Sent: Friday, March 09, 2007 10:10 AM<br>> To: Todd Heide<br>> Subject: Re: [rancid] Re: PIX authentication<br>><br>> what does your cloginrc file look like?<br>><br>><br>> On 3/9/07, Todd Heide <
<a href="mailto:Todd@equivoice.com">Todd@equivoice.com</a>> wrote:<br>> I get the same issue whether it is a pix or an ASA, version 6.3 or 7.x<br>><br>> ________________________________________<br>> From: sawall [mailto:
<a href="mailto:sawall@gmail.com">sawall@gmail.com</a>]<br>> Sent: Friday, March 09, 2007 9:50 AM<br>> To: Todd Heide<br>> Subject: Re: [rancid] Re: PIX authentication<br>><br>> what version of pix? does the user "rancid" have rights to call
<br>> enable?<br>><br>> just trying to figure out your issue....<br>><br>><br>> On 3/9/07, Todd Heide < <a href="mailto:Todd@equivoice.com">Todd@equivoice.com</a> > wrote:<br>> [rancid@server ~]$ bin/clogin
67.1x.x.x 67.1x.x.x spawn ssh -c 3des -x<br><br>> -l rancid 67.1x.x.x <a href="mailto:rancid@67.1x.x.x">rancid@67.1x.x.x</a> 's password:<br>> Type help or '?' for a list of available commands.<br>> pixfirewall>
<br>> pixfirewall> en<br>><br>> Error: TIMEOUT reached<br>> [rancid@server ~]$ en<br>><br>> Thanks<br>> Toddc.<br>><br>><br>> CCNA CWLSS CS-CISecS<br>><br>> Nothing ever goes as planned, Its a hell of a notion, Even pharaohs
<br>> turn to sand, Like a drop in the ocean<br>> ________________________________________<br>> From: sawall [mailto:<a href="mailto:sawall@gmail.com">sawall@gmail.com</a> ]<br>> Sent: Friday, March 09, 2007 9:39 AM
<br>> To: Todd Heide<br>> Subject: Re: [rancid] Re: PIX authentication<br>><br>> what does the output look like when you try it manually. below is what<br><br>> i have for version 6.3 and 7.2. (i changed the enable to enable 5 so i
<br><br>> could limit the commands that could run for this user).<br>><br>> # su - rancid<br>><br>> > clogin pixver63<br>> pixver63<br>> spawn ssh -c 3des -x -l pixbkup pixver63 pixbkup@pixver63's password:
<br>> Type help or '?' for a list of available commands.<br>> pixver63><br>> pixver63> enable 5<br>> Password: *******<br>> pixver63#<br>> pixver63# exit<br>><br>> Logoff<br>><br>> Connection to pixver63 closed.
<br>><br>><br>> > clogin pixver72<br>> pixver72<br>> spawn ssh -c 3des -x -l pixbkup pixver72<br>> pixbkup@pixver72 's password:<br>> Type help or '?' for a list of available commands.<br>
> pixcof01p> enable 5<br>> Password: *******<br>> pixcof01p#<br>> pixcof01p# exit<br>><br>> Logoff<br>><br>> Connection to pixver72 closed.<br>><br>> On 3/9/07, Todd Heide < <a href="mailto:Todd@equivoice.com">
Todd@equivoice.com</a>> wrote:<br>> Running it manually is when I found the problem. It hangs when I enter<br><br>> enable, then times out.<br>><br>> Thanks<br>> Todd Heide<br>> Equivoice Inc.<br>>
<br>><br>> CCNA CWLSS CS-CISecS<br>> 847-235-3308<br>><br>> Nothing ever goes as planned, Its a hell of a notion, Even pharaohs<br>> turn to sand, Like a drop in the ocean<br>> ________________________________________
<br>> From: sawall [mailto: <a href="mailto:sawall@gmail.com">sawall@gmail.com</a>]<br>> Sent: Friday, March 09, 2007 9:01 AM<br>> To: Todd Heide<br>> Cc: <a href="mailto:Rancid-discuss@shrubbery.net">Rancid-discuss@shrubbery.net
</a><br>> Subject: Re: [rancid] Re: PIX authentication<br>><br>> are you using the default clogin files? i am backing up 60+ pix<br>> firewalls. 515s and 525s. version 6.3 - 7.2. i'm not having any<br>> problems at all.
<br>><br>> have you run clogin manually to see how it's connecting to the pix and<br><br>> to see if that works.<br>><br>> chris<br>> On 3/9/07, Todd Heide < <a href="mailto:Todd@equivoice.com">Todd@equivoice.com
</a>> wrote:<br>> I found a second issue, another pix I log into, if I type enable it<br>> hangs!<br>><br>> Thanks<br>> Todd Heide<br>> Equivoice Inc.<br>><br>> CCNA CWLSS CS-CISecS<br>> 847-235-3308
<br>><br>> Nothing ever goes as planned, Its a hell of a notion, Even pharaohs<br>> turn to sand, Like a drop in the ocean -----Original Message-----<br>> From: <a href="mailto:rancid-discuss-bounces@shrubbery.net">
rancid-discuss-bounces@shrubbery.net</a> [mailto:<br>> <a href="mailto:rancid-discuss-bounces@shrubbery.net">rancid-discuss-bounces@shrubbery.net</a>] On Behalf Of Todd Heide<br>> Sent: Friday, March 09, 2007 8:49 AM
<br>> To: <a href="mailto:Rancid-discuss@shrubbery.net">Rancid-discuss@shrubbery.net</a><br>> Subject: [rancid] PIX authentication<br>><br>> I have been wondering why I never get an update when trying to get<br>
> rancid to pull a config from a PIX and discovered that when Rancid<br>> logs in, it doesn't put in enable and password, so the device times<br>> out.<br>> Where can I fix that?<br>><br>> Thanks<br>
> Todd<br>><br>><br>> CCNA CWLSS CS-CISecS<br>><br>><br>> Nothing ever goes as planned, Its a hell of a notion, Even pharaohs<br>> turn to sand, Like a drop in the ocean<br>><br>> _______________________________________________
<br>> Rancid-discuss mailing list<br>> <a href="mailto:Rancid-discuss@shrubbery.net">Rancid-discuss@shrubbery.net</a><br>> <a href="http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss">http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
</a><br>> _______________________________________________<br>> Rancid-discuss mailing list<br>> <a href="mailto:Rancid-discuss@shrubbery.net">Rancid-discuss@shrubbery.net</a><br>> <a href="http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss">
http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss</a><br>><br>><br>><br>><br>> _______________________________________________<br>> Rancid-discuss mailing list<br>> <a href="mailto:Rancid-discuss@shrubbery.net">
Rancid-discuss@shrubbery.net</a><br>> <a href="http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss">http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss</a><br><br>_______________________________________________
<br>Rancid-discuss mailing list<br><a href="mailto:Rancid-discuss@shrubbery.net">Rancid-discuss@shrubbery.net</a><br><a href="http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss">http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
</a><br>_______________________________________________<br>Rancid-discuss mailing list<br><a href="mailto:Rancid-discuss@shrubbery.net">Rancid-discuss@shrubbery.net</a><br><a href="http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss">
http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss</a><br></blockquote></div><br>