Using rancid to hop from router to router
Krzysztof Adamski
kadamski at netsurf.net
Thu Oct 14 18:05:15 UTC 2004
I started hacking the code a bit, but stopped when I run out of knowledge of tcl
:-)
Here is what I did for the auth part to the .clogin:
add method 128.1.253.33 dssh:abc.example.com
add user 128.1.253.33 testuser
add password 128.1.253.33 testpass enablepass
add hoppassword 128.1.253.33 2ndenablepass
and in clogin (this code will login to abc.example.com router:
} elseif [string match "dssh*" $prog] {
send_user "\ntrying dssh method $hoppassword\n"
regexp {dssh(:([^[:space:]]+))*} $prog command suffix hophost
if {"$hophost" == ""} {
### set retval [ catch {spawn telnet $router} reason ]
} else {
set retval [ catch {spawn $sshcmd -c $cyphertype -x -l $user $hophost} reason ]
}
if { $retval } {
send_user "\nError: dssh failed: $reason\n"
exit 1
}
This is where my knowledge of tcl stopped me from getting any further.
K
On Thu, 14 Oct 2004, Tony Tauber wrote:
> On Wed, 13 Oct 2004, Krzysztof Adamski wrote:
>
> > I need to collect the config from routers that are not directly
> > reachable by the host that rancid runs on. I can ssh to the first
> > router, then telnet to the ones that I need the config from. Since
> > my knowledge of expect and TCL is nonexistent and before I try to
> > reinvent the wheel I was wondering if anybody has modified
> > the clogin script to to this extra hop?
> >
> > K
>
> I have a similar need. In some cases CLI access to the routers is
> only available via term server and in some cases routers beyond the
> ones that are connected to the term server can be reached via telnet
> or SSH from that first router.
>
> >From reviewing the archives, some similar threads have come up over
> the years related to the term server case and your case seems pretty
> related. I started hacking away but never finished.
>
> The problem seems to me to be that the __login scripts are responsible
> for the connection *and* the authentication. Furthermore, the
> hostname passed to __rancid and thus to __login is taken as the DNS
> name of the thing you want to connect to. This results in ambiguity
> down the line if, say, you want to telnet to a device and then telnet
> to different down-stream devices or connect via different async ports
> on a term server.
>
> I think what needs to happen is to allow an override of the
> devicename/connection linkage by passing a switch with this info.
> As it is, the devicename is overloaded. Also, it'd be nice/necessary
> to allow one to run the authentication bits separately from the
> connection bits so one could pass different username/password for
> these different devices.
>
> That's the general idea as I see it. If people want to discuss or try
> and flesh out further the change, it'd be welcome since it does seem
> to be useful functionality to add.
>
> Tony
>
More information about the Rancid-discuss
mailing list