[rancid] Rancid and cisco 'autocommand' users?

Phil Stoneman phil.stoneman at uksolutions.co.uk
Wed Apr 25 13:19:04 UTC 2007


Hi folks,

We're currently involved in a deployment of rancid for some cisco 
equipment that we manage. We're fairly uncomfortable with storing 
full-privilege passwords in plaintext anywhere.

One solution to this might be for us to configure a user with an 
autocommand:

username auditor password 0 mypassword
username auditor privilege 15 autocommand show running-config

When the user 'auditor' logs in, the configuration is dumped (with any 
--More-- bits in between), and the connection is then closed.

This presents me with a problem, though. It seems that clogin and the 
other bits of rancid are written to require a valid login to the cisco 
router. A connection that dumps the configuration and then instantly 
closes does not seem to work nicely.


My skills with 'expect' and perl aren't strong enough for me to solve 
this by myself - can anyone give me any hints as to how I can make 
rancid save this type of configuration gracefully?

Alternatively, can anyone suggest another way of achieving the same 
goal, i.e. not having full-access passwords saved anywhere?


Thanks

Phil



More information about the Rancid-discuss mailing list