[rancid] Rancid and cisco 'autocommand' users?
Phil Stoneman
phil.stoneman at uksolutions.co.uk
Wed Apr 25 13:19:04 UTC 2007
Hi folks,
We're currently involved in a deployment of rancid for some cisco
equipment that we manage. We're fairly uncomfortable with storing
full-privilege passwords in plaintext anywhere.
One solution to this might be for us to configure a user with an
autocommand:
username auditor password 0 mypassword
username auditor privilege 15 autocommand show running-config
When the user 'auditor' logs in, the configuration is dumped (with any
--More-- bits in between), and the connection is then closed.
This presents me with a problem, though. It seems that clogin and the
other bits of rancid are written to require a valid login to the cisco
router. A connection that dumps the configuration and then instantly
closes does not seem to work nicely.
My skills with 'expect' and perl aren't strong enough for me to solve
this by myself - can anyone give me any hints as to how I can make
rancid save this type of configuration gracefully?
Alternatively, can anyone suggest another way of achieving the same
goal, i.e. not having full-access passwords saved anywhere?
Thanks
Phil
More information about the Rancid-discuss
mailing list