clogin(1) General Commands Manual clogin(1)
NAME
clogin - Cisco login script
SYNOPSIS
clogin [-autoenable] [-noenable] [-dhiSV] [-m|M] [-c command] [-E
var=x] [-e enable-password] [-f cloginrc-file] [-p user-password]
[-s script-file] [-t timeout] [-u username] [-v vty-password] [-w
enable-username] [-x command-file] [-y ssh_cypher_type] router
[router...]
DESCRIPTION
clogin is an expect(1) script to automate the process of logging into a
Cisco router, Catalyst switch, Arista switch, Extreme switch, Juniper
ERX/E-series, or Redback router. There are complementary scripts for
A10, Alteon, Avocent (Cyclades), Bay Networks (nortel), Brocade, Cisco
Small Business devices, ADC-kentrox EZ-T3 mux, Fortinet firewalls,
Foundry, Cisco Firepower, HP Procurve switches and Cisco AGMs, Hitachi
routers, Juniper Networks, MRV optical switch, Mikrotik routers,
Netscreen firewalls, Nokia (Alcatel-Lucent), Netscaler, Riverbed
Steelhead, Riverstone, Netopia, Cisco WLCs, Extreme devices and Xirrus
arrays or Arrcus routers, named a10login, alogin, avologin, blogin,
brlogin, csblogin, elogin, flogin, fnlogin, fxlogin, hlogin, htlogin,
jlogin, mrvlogin, mtlogin, nlogin, noklogin, nslogin, rblogin,
rivlogin, tlogin, wlogin, xlogin, and xilogin, respectively. Lastly,
plogin is a poly-login script using the router.db(5) files of rancid
groups and the rancid.types.base(5) and rancid.types.conf(5) files to
determine which login script to execute for the device type of the
given device.
clogin reads the .cloginrc file for its configuration, then connects
and logs into each of the routers specified on the command line in the
order listed. Command-line options exist to override some of the
directives found in the .cloginrc configuration file.
The command-line options are as follows:
-S Save the configuration on exit, if the device prompts at logout
time. This only has affect when used with -c.
-V Prints package name and version strings.
-c Command to be run on each router list on the command-line.
Multiple commands maybe listed by separating them with semi-
colons (;). The argument should be quoted to avoid shell
expansion.
-d Enable expect debugging.
-E Specifies a variable to pass through to scripts (-s). For
example, the command-line option -Efoo=bar will produce a global
variable by the name Efoo with the initial value "bar".
-e Specify a password to be supplied when gaining enable privileges
on the router(s). Also see the password directive of the
.cloginrc file.
-f Specifies an alternate configuration file. The default is
$HOME/.cloginrc.
-h Display usage line and exit.
-i Enter interactive mode after processing -[cx] options.
-[mM] Display .cloginrc information for matching lines; either the
first match (-m) or all matches (-M), then exit. The display
format is:
look-up variable:filename:line number: glob
-p Specifies a password associated with the user specified by the
-u option, user directive of the .cloginrc file, or the Unix
username of the user.
-s The filename of an expect(1) script which will be sourced after
the login is successful and is expected to return control to
clogin, with the connection to the router intact, when it is
done. Note that clogin disables log_user of expect(1)when -s is
used. Example script(s) can be found in share/rancid/*.exp.
-t Alters the timeout interval; the period that clogin waits for an
individual command to return a prompt or the login process to
produce a prompt or failure. The argument is in seconds.
-u Specifies the username used when prompted. The command-line
option overrides any user directive found in .cloginrc. The
default is the current Unix username.
-v Specifies a vty password, that which is prompted for upon
connection to the router. This overrides the vty password of
the .cloginrc file's password directive.
-w Specifies the username used if prompted when gaining enable
privileges. The command-line option overrides any user or
enauser directives found in .cloginrc. The default is the
current Unix username.
-x Similar to the -c option; -x specifies a file with commands to
run on each of the routers. The commands must not expect
additional input, such as 'copy rcp startup-config' does. For
example:
show version
show logging
-y Specifies the encryption algorithm for use with the ssh(1) -c
option. The default encryption type is often not supported.
See the ssh(1) man page for details. The default is 3des.
RETURNS
If the login script fails for any of the devices on the command-line,
the exit value of the script will be non-zero and the value will be the
number of failures.
ENVIRONMENT
clogin recognizes the following environment variables.
CISCO_USER
Overrides the user directive found in the .cloginrc file, but
may be overridden by the -u option.
CLOGIN clogin will not change the banner on your xterm window if this
includes the character 'x'.
CLOGINRC
Specifies an alternative location for the .cloginrc file, like
the -f option.
HOME Normally set by login(1) to the user's home directory, HOME is
used by clogin to locate the .cloginrc configuration file.
FILES
$HOME/.cloginrc Configuration file.
SEE ALSO
cloginrc(5), expect(1)
CAVEATS
clogin expects CatOS devices to have a prompt which includes a '>',
such as "router> (enable)". It uses this to determine, for example,
whether the command to disable the pager is "set length 0" or "term
length 0".
The HP Procurve switches that are Foundry OEMs use flogin, not hlogin.
The -S option is a recent addition, it may not be supported in all of
the login scripts or for every target device.
BUGS
Do not use greater than (>) or pound sign (#) in device banners or
hostnames or prompts. These are the normal terminating characters of
device prompts and the login scripts need to locate the initial prompt.
Afterward, the full prompt is collected and makes a more precise match
so that the scripts know when the device is ready for the next command.
All these login scripts for separate devices should be rolled into one.
This goal is exceedingly difficult.
The HP Procurve switch, Motorola BSR, and Cisco AGM CLIs rely heavily
upon terminal escape codes for cursor/screen manipulation and assumes a
vt100 terminal type. They do not provide a way to set a different
terminal type or adjust this behavior. The resulting escape codes make
automating interaction with these devices very difficult or impossible.
Thus bin/hpuifilter, which must be found in the user's PATH, is used by
hlogin to filter these escape sequences. While this works for rancid's
collection, there are side effects for interactive logins via hlogin;
most of which are formatting annoyances that may be remedied by typing
CTRL-R to reprint the current line.
WARNING: repeated ssh login failures to HP Procurves cause the switch's
management interface to lock-up (this includes snmp, ping) and
sometimes it will crash. This is with the latest firmware; 5.33 at the
time of this writing.
5 May 2020 clogin(1)
Man(1) output converted with
man2html