Using rancid to hop from router to router

Krzysztof Adamski kadamski at
Thu Oct 14 18:05:15 UTC 2004

I started hacking the code a bit, but stopped when I run out of knowledge of tcl

Here is what I did for the auth part to the .clogin:

add method
add user testuser
add password testpass enablepass
add hoppassword 2ndenablepass

and in clogin (this code will login to router:
        } elseif [string match "dssh*" $prog] {
                send_user "\ntrying dssh method $hoppassword\n"
            regexp {dssh(:([^[:space:]]+))*} $prog command suffix hophost
            if {"$hophost" == ""} {
###             set retval [ catch {spawn telnet $router} reason ]
            } else {
                set retval [ catch {spawn $sshcmd -c $cyphertype -x -l $user $hophost} reason ]
            if { $retval } {
                send_user "\nError: dssh failed: $reason\n"
                exit 1

This is where my knowledge of tcl stopped me from getting any further.


On Thu, 14 Oct 2004, Tony Tauber wrote:

> On Wed, 13 Oct 2004, Krzysztof Adamski wrote:
> > I need to collect the config from routers that are not directly
> > reachable by the host that rancid runs on. I can ssh to the first
> > router, then telnet to the ones that I need the config from. Since
> > my knowledge of expect and TCL is nonexistent and before I try to
> > reinvent the wheel I was wondering if anybody has modified
> > the clogin script to to this extra hop?
> >
> > K
> I have a similar need.  In some cases CLI access to the routers is
> only available via term server and in some cases routers beyond the
> ones that are connected to the term server can be reached via telnet
> or SSH from that first router.
> >From reviewing the archives, some similar threads have come up over
> the years related to the term server case and your case seems pretty
> related.  I started hacking away but never finished.
> The problem seems to me to be that the __login scripts are responsible
> for the connection *and* the authentication.  Furthermore, the
> hostname passed to __rancid and thus to __login is taken as the DNS
> name of the thing you want to connect to.  This results in ambiguity
> down the line if, say, you want to telnet to a device and then telnet
> to different down-stream devices or connect via different async ports
> on a term server.
> I think what needs to happen is to allow an override of the
> devicename/connection linkage by passing a switch with this info.
> As it is, the devicename is overloaded.  Also, it'd be nice/necessary
> to allow one to run the authentication bits separately from the
> connection bits so one could pass different username/password for
> these different devices.
> That's the general idea as I see it.  If people want to discuss or try
> and flesh out further the change, it'd be welcome since it does seem
> to be useful functionality to add.
> Tony

More information about the Rancid-discuss mailing list