[rancid] Re: PIX authentication

Todd Heide Todd at equivoice.com
Fri Mar 9 16:45:32 UTC 2007 

Yep, the logs indicate basically the same thing that running clogin
does, error: TIMEOUT reached. It is hanging when trying to get to
privileged exec mode on the PIX. All the routers work fine with ssh, so
I am not sure what the problem is, and why it hangs, but I can ssh to
the pix from the command prompt and get all the way in. 

 

 

Nothing ever goes as planned, Its a hell of a notion, 

Even pharaohs turn to sand, Like a drop in the ocean

________________________________

From: sawall [mailto:sawall at gmail.com] 
Sent: Friday, March 09, 2007 10:25 AM
To: Todd Heide
Subject: Re: [rancid] Re: PIX authentication

 

sorry.  i'm not the greatest rancid guy.  i modified my bin/rancid and
bin/clogin files slightly.  and i'm not having any issues.

what if you run "bin/rancid -d {fw ip addr}"

should show some debug. 




On 3/9/07, Todd Heide <Todd at equivoice.com> wrote:



add user 67.1x.x.x           rancid
add password 67.1x.x.x       {********}          {*********}
add method 67.1x.x.x        ssh


This login setup works fine on a router, all our routers use Tacacs+ as 
well.
________________________________________
From: sawall [mailto:sawall at gmail.com]
Sent: Friday, March 09, 2007 10:10 AM
To: Todd Heide
Subject: Re: [rancid] Re: PIX authentication 

what does your cloginrc file look like?


On 3/9/07, Todd Heide <Todd at equivoice.com> wrote:
I get the same issue whether it is a pix or an ASA, version 6.3 or 7.x

________________________________________
From: sawall [mailto:sawall at gmail.com]
Sent: Friday, March 09, 2007 9:50 AM
To: Todd Heide
Subject: Re: [rancid] Re: PIX authentication 

what version of pix? does the user "rancid" have rights to call enable?

just trying to figure out your issue....


On 3/9/07, Todd Heide < Todd at equivoice.com > wrote:
[rancid at server ~]$ bin/clogin 67.1x.x.x
67.1x.x.x
spawn ssh -c 3des -x -l rancid 67.1x.x.x
rancid at 67.1x.x.x 's password:
Type help or '?' for a list of available commands. 
pixfirewall>
pixfirewall> en

Error: TIMEOUT reached
[rancid at server ~]$ en

Thanks
Toddc.


CCNA CWLSS CS-CISecS

Nothing ever goes as planned, Its a hell of a notion,
Even pharaohs turn to sand, Like a drop in the ocean 
________________________________________
From: sawall [mailto:sawall at gmail.com ]
Sent: Friday, March 09, 2007 9:39 AM
To: Todd Heide
Subject: Re: [rancid] Re: PIX authentication 

what does the output look like when you try it manually. below is what i
have for version 6.3 and 7.2. (i changed the enable to enable 5 so i
could limit the commands that could run for this user).

# su - rancid 

> clogin pixver63
pixver63
spawn ssh -c 3des -x -l pixbkup pixver63
pixbkup at pixver63's password:
Type help or '?' for a list of available commands.
pixver63>
pixver63> enable 5 
Password: *******
pixver63#
pixver63# exit

Logoff

Connection to pixver63 closed.


> clogin pixver72
pixver72
spawn ssh -c 3des -x -l pixbkup pixver72
pixbkup at pixver72 's password: 
Type help or '?' for a list of available commands.
pixcof01p> enable 5
Password: *******
pixcof01p#
pixcof01p# exit

Logoff

Connection to pixver72 closed.

On 3/9/07, Todd Heide < Todd at equivoice.com> wrote:
Running it manually is when I found the problem. It hangs when I enter
enable, then times out.

Thanks
Todd Heide
Equivoice Inc.


CCNA CWLSS CS-CISecS
847-235-3308

Nothing ever goes as planned, Its a hell of a notion,
Even pharaohs turn to sand, Like a drop in the ocean
________________________________________
From: sawall [mailto: sawall at gmail.com]
Sent: Friday, March 09, 2007 9:01 AM
To: Todd Heide
Cc: Rancid-discuss at shrubbery.net
Subject: Re: [rancid] Re: PIX authentication 

are you using the default clogin files? i am backing up 60+ pix
firewalls. 515s and 525s. version 6.3 - 7.2. i'm not having any problems
at all.

have you run clogin manually to see how it's connecting to the pix and 
to see if that works.

chris
On 3/9/07, Todd Heide < Todd at equivoice.com> wrote:
I found a second issue, another pix I log into, if I type enable it
hangs!

Thanks
Todd Heide
Equivoice Inc.

CCNA CWLSS CS-CISecS
847-235-3308

Nothing ever goes as planned, Its a hell of a notion,
Even pharaohs turn to sand, Like a drop in the ocean
-----Original Message----- 
From: rancid-discuss-bounces at shrubbery.net [mailto:
rancid-discuss-bounces at shrubbery.net] On Behalf Of Todd Heide 
Sent: Friday, March 09, 2007 8:49 AM
To: Rancid-discuss at shrubbery.net
Subject: [rancid] PIX authentication

I have been wondering why I never get an update when trying to get 
rancid to pull a config from a PIX and discovered that when Rancid logs
in, it doesn't put in enable and password, so the device times out.
Where can I fix that?

Thanks
Todd


CCNA CWLSS CS-CISecS 


Nothing ever goes as planned, Its a hell of a notion,
Even pharaohs turn to sand, Like a drop in the ocean

_______________________________________________
Rancid-discuss mailing list
Rancid-discuss at shrubbery.net
http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
_______________________________________________ 
Rancid-discuss mailing list
Rancid-discuss at shrubbery.net
http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss 



 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20070309/4545622b/attachment.html

More information about the Rancid-discuss mailing list