RANCID's fantastic!

john heasley heas at shrubbery.net
Sat Dec 6 18:52:21 UTC 2003 

What if there were a "pre-login" (and perhaps post-disconnect) script (akin
to clogin -s), specified/identified by cloginrc?  for example,

add loginscript	router*		{/usr/local/share/cisco-cons.exp}
add logoutscript	router*		{/usr/local/share/cisco-cons-disco.exp}

cisco-cons.exp might contain the bits necessary to perform the connection,
after which *login will expect to have a direct connection; thus
"connectscript" may be more apropos (the names are irrelevant).  And,
-disco would take care of the disconnect in the same manner.

Those could accompanied by "post-{login,logout}" scripts.

I suspect that both (any) of these would have to meet some expectations of
*login.  I'm not sure exactly what those might be, just a nagging thought
in the back of the brain.

I believe what afort referred to in his mail was the idea of having a
"pre-login" command directive in cloginrc.  An idea which would be replaced
by this.

That is very rough, completely ignoring how this affects detection of the
disconnect/exit from the device CLI.  But, the idea is to allow it to be
adapted however _you_, the user, need.

Thoughts?

Sat, Dec 06, 2003 at 08:17:14AM +1000, Andrew Pollock:
> Hi,
> 
> I stumbled upon RANCID the other day, and boy is it the bees knees. I've
> written something functionally similar (I haven't looked at RANCID's innards
> yet) but this looks pretty spiffy. We use what I've written to drag configs
> out of Cisco routers, switches and PIXes, and check them into CVS.
> 
> One thing that we do is not allow telnet access to our switches. They're all
> connected to Cyclades console access servers, and my script SSHes to the
> Cyclades to get onto the console of the switch. Any thoughts on including
> the ability to connect to a device via an intermediate device?
> 
> To my knowledge, you can't setup RSA/DSA key access to a port on a Cyclades,
> which is a bit of a bummer, and to work around the issues with trying to
> authenticate to the Cyclades and then authenticate to the device on the
> Cyclades' port, I've just disabled authentication on the port, so if you SSH
> to the port, you land immediately on the console of the switch, and are
> asked to authenticate to it. In an ideal world, it would be good to have
> port-based authentication switched on...
> 
> regards
> 
> Andrew

More information about the Rancid-discuss mailing list