[rancid] Re: PIX authentication

Todd Heide Todd at equivoice.com
Fri Mar 9 17:33:12 UTC 2007


OK, I didn't have the autoenable in there, I will see if that helps, but
I am still puzzled as to why it is hanging when I try clogin IPADDRESS
to the pix' 

Thanks
Todd Heide
Equivoice Inc.

CCNA CWLSS CS-CISecS
847-235-3308
 
Nothing ever goes as planned, Its a hell of a notion, 
Even pharaohs turn to sand, Like a drop in the ocean

-----Original Message-----
From: Manuel Noriega [mailto:mnoriega at amnetcorp.com] 
Sent: Friday, March 09, 2007 11:19 AM
To: Todd Heide
Cc: sawall; Rancid-discuss at shrubbery.net
Subject: Re: [rancid] Re: PIX authentication

Are you using autoenable? I had troule at the beginning. This is what  
I have in my .clogonrc file.

add autoenable  pix*     0
add method      pixsps  ssh
add cyphertype  pixsps   des
add user        pixsps   pix
add password    pixsps   vtypassword        enablepassword



Regards,

Manuel

On Mar 9, 2007, at 10:45 AM, Todd Heide wrote:

> Yep, the logs indicate basically the same thing that running clogin  
> does, error: TIMEOUT reached. It is hanging when trying to get to  
> privileged exec mode on the PIX. All the routers work fine with  
> ssh, so I am not sure what the problem is, and why it hangs, but I  
> can ssh to the pix from the command prompt and get all the way in.
>
>
>
>
>
> Nothing ever goes as planned, Its a hell of a notion,
>
> Even pharaohs turn to sand, Like a drop in the ocean
>
> From: sawall [mailto:sawall at gmail.com]
> Sent: Friday, March 09, 2007 10:25 AM
> To: Todd Heide
> Subject: Re: [rancid] Re: PIX authentication
>
>
>
> sorry.  i'm not the greatest rancid guy.  i modified my bin/rancid  
> and bin/clogin files slightly.  and i'm not having any issues.
>
> what if you run "bin/rancid -d {fw ip addr}"
>
> should show some debug.
>
>
>
> On 3/9/07, Todd Heide <Todd at equivoice.com> wrote:
>
>
>
> add user 67.1x.x.x           rancid
> add password 67.1x.x.x       {********}          {*********}
> add method 67.1x.x.x        ssh
>
>
> This login setup works fine on a router, all our routers use Tacacs 
> + as
> well.
> ________________________________________
> From: sawall [mailto:sawall at gmail.com]
> Sent: Friday, March 09, 2007 10:10 AM
> To: Todd Heide
> Subject: Re: [rancid] Re: PIX authentication
>
> what does your cloginrc file look like?
>
>
> On 3/9/07, Todd Heide <Todd at equivoice.com> wrote:
> I get the same issue whether it is a pix or an ASA, version 6.3 or 7.x
>
> ________________________________________
> From: sawall [mailto:sawall at gmail.com]
> Sent: Friday, March 09, 2007 9:50 AM
> To: Todd Heide
> Subject: Re: [rancid] Re: PIX authentication
>
> what version of pix? does the user "rancid" have rights to call  
> enable?
>
> just trying to figure out your issue....
>
>
> On 3/9/07, Todd Heide < Todd at equivoice.com > wrote:
> [rancid at server ~]$ bin/clogin 67.1x.x.x
> 67.1x.x.x
> spawn ssh -c 3des -x -l rancid 67.1x.x.x
> rancid at 67.1x.x.x 's password:
> Type help or '?' for a list of available commands.
> pixfirewall>
> pixfirewall> en
>
> Error: TIMEOUT reached
> [rancid at server ~]$ en
>
> Thanks
> Toddc.
>
>
> CCNA CWLSS CS-CISecS
>
> Nothing ever goes as planned, Its a hell of a notion,
> Even pharaohs turn to sand, Like a drop in the ocean
> ________________________________________
> From: sawall [mailto:sawall at gmail.com ]
> Sent: Friday, March 09, 2007 9:39 AM
> To: Todd Heide
> Subject: Re: [rancid] Re: PIX authentication
>
> what does the output look like when you try it manually. below is  
> what i
> have for version 6.3 and 7.2. (i changed the enable to enable 5 so i
> could limit the commands that could run for this user).
>
> # su - rancid
>
> > clogin pixver63
> pixver63
> spawn ssh -c 3des -x -l pixbkup pixver63
> pixbkup at pixver63's password:
> Type help or '?' for a list of available commands.
> pixver63>
> pixver63> enable 5
> Password: *******
> pixver63#
> pixver63# exit
>
> Logoff
>
> Connection to pixver63 closed.
>
>
> > clogin pixver72
> pixver72
> spawn ssh -c 3des -x -l pixbkup pixver72
> pixbkup at pixver72 's password:
> Type help or '?' for a list of available commands.
> pixcof01p> enable 5
> Password: *******
> pixcof01p#
> pixcof01p# exit
>
> Logoff
>
> Connection to pixver72 closed.
>
> On 3/9/07, Todd Heide < Todd at equivoice.com> wrote:
> Running it manually is when I found the problem. It hangs when I enter
> enable, then times out.
>
> Thanks
> Todd Heide
> Equivoice Inc.
>
>
> CCNA CWLSS CS-CISecS
> 847-235-3308
>
> Nothing ever goes as planned, Its a hell of a notion,
> Even pharaohs turn to sand, Like a drop in the ocean
> ________________________________________
> From: sawall [mailto: sawall at gmail.com]
> Sent: Friday, March 09, 2007 9:01 AM
> To: Todd Heide
> Cc: Rancid-discuss at shrubbery.net
> Subject: Re: [rancid] Re: PIX authentication
>
> are you using the default clogin files? i am backing up 60+ pix
> firewalls. 515s and 525s. version 6.3 - 7.2. i'm not having any  
> problems
> at all.
>
> have you run clogin manually to see how it's connecting to the pix and
> to see if that works.
>
> chris
> On 3/9/07, Todd Heide < Todd at equivoice.com> wrote:
> I found a second issue, another pix I log into, if I type enable it
> hangs!
>
> Thanks
> Todd Heide
> Equivoice Inc.
>
> CCNA CWLSS CS-CISecS
> 847-235-3308
>
> Nothing ever goes as planned, Its a hell of a notion,
> Even pharaohs turn to sand, Like a drop in the ocean
> -----Original Message-----
> From: rancid-discuss-bounces at shrubbery.net [mailto:
> rancid-discuss-bounces at shrubbery.net] On Behalf Of Todd Heide
> Sent: Friday, March 09, 2007 8:49 AM
> To: Rancid-discuss at shrubbery.net
> Subject: [rancid] PIX authentication
>
> I have been wondering why I never get an update when trying to get
> rancid to pull a config from a PIX and discovered that when Rancid  
> logs
> in, it doesn't put in enable and password, so the device times out.
> Where can I fix that?
>
> Thanks
> Todd
>
>
> CCNA CWLSS CS-CISecS
>
>
> Nothing ever goes as planned, Its a hell of a notion,
> Even pharaohs turn to sand, Like a drop in the ocean
>
> _______________________________________________
> Rancid-discuss mailing list
> Rancid-discuss at shrubbery.net
> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
> _______________________________________________
> Rancid-discuss mailing list
> Rancid-discuss at shrubbery.net
> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
>
>
>
>
> _______________________________________________
> Rancid-discuss mailing list
> Rancid-discuss at shrubbery.net
> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss




More information about the Rancid-discuss mailing list