[rancid] Re: clogin on extreme X450

john heasley heas at shrubbery.net
Thu Nov 15 18:39:35 UTC 2007


Thu, Nov 15, 2007 at 10:20:07AM +0100, Joachim Jerberg Jensen:
> >From: john heasley [mailto:heas at shrubbery.net]
> >
> > I do not see why clogin would not have worked, unless you have a rogue
> > userpassword else where in your cloginrc.  you can add "exp_internal 1"
> > just before the main loop to see what it is doing.
> 
> You are absolutely right.. So I started the expect script in debug mode..
> And it seems like it does not match the first "login:" prompt, even though the regexp. should match.!?
> 
> 3. time it tries to login, it matches, if I add a "sleep 1" timer just before.

I see the problem.  It prompts for the username, the username is sent, THEN
it sends the vt code to clear the line, re-prints the username prompt [and
echos part of the username], the username is sent again (since it sent the
prompt again), then it echos the rest of the username and prompts for the
password....but too late.

ie: when the username is sent a second time, the switch consumes it as
the password...hrm, how to hack this?  one way would be to change the
login prompt regex to "$u_prompt[^a-zA-Z0-9]" and the default u_prompt to
"(Username|Login|login|user name): ?", which assumes that usernames begin
with those characters and still is not fool proof since it relies upon
timing/luck.  Another way would be to test for (without consuming) more
data from the telnet after matching the login.  I'm not sure how to do
that in expect...and it too is reliant upon timing/luck.  Blech!

I hate these extremes.  you should open a customer support ticket about
what a PITA it is to automate configuration on their switches....or stick
a knife in their trachea.

> I also had to change the xrancid script, because the $found_end never becomes set.

damn it.  is there any reliable end-of-config marker on these crappy-CLI
switches?  It used to be that all those comments were in the config,
regardless of whether the subsystem was in use.

>         if (/^# Module vrrp configuration./i) {
>             printf STDERR "    End WriteTerm: $_" if ($debug);
>             $found_end = 1;
>             return(0);
>         }
> 
> Fortunately I don't use vrrp :-)
> 
> Br
> Joachim Jerberg Jensen
> 
> This is the debug output:
> 
> [rancid at ns1 bin]$ cat scriptfile.txt
> Script started on Fri 09 Nov 2007 02:19:30 PM CET
> [rancid at ns1 bin]$ clogin 10.2.0.31
> expect version 5.43.0
> argv[0] = /usr/bin/expect  argv[1] = -d  argv[2] = /home/rancid/rancid/bin/clogin  argv[3] = 10.2.0.31
> set argc 1
> set argv0 "/home/rancid/rancid/bin/clogin"
> set argv "10.2.0.31"
> executing commands from command file /home/rancid/rancid/bin/clogin
> 10.2.0.31
> spawn telnet 10.2.0.31 23
> parent: waiting for sync byte
> parent: telling child to go ahead
> parent: now unsynchronized from child
> spawn: returns {17811}
> 
> expect: does "" (spawn_id exp6) match regular expression "(Connection refused|Secure connection [^\n\r]+ refused)"? no
> "(Connection closed by|Connection to [^\n\r]+ closed)"? no
> 
> expect: does "" (spawn_id exp6) match glob pattern "unknown host\r"? no
> 
> expect: does "" (spawn_id exp6) match glob pattern "Host is unreachable"? no
> "No address associated with name"? no
> "(Host key not found |The authenticity of host .* be established).*(yes/no)?"? no
> "HOST IDENTIFICATION HAS CHANGED.* (yes/no)?"? no
> "Offending key for .* (yes/no)?"? no
> "(denied|Sorry)"? no
> "Login failed"? no
> "% (Bad passwords|Authentication failed)"? no
> "Press any key to continue."? no
> "Enter Selection: "? no
> "Last login:"? no
> "@[^\r\n]+ password:"? no
> "(Username|Login|login|user name):"? no
> "password:"? no
> "(#| \(enable\))"? no
> "Login invalid"? no
> Trying 10.2.0.31...
> Connected to BRY_X450_01.MYNETWORK.ftth (10.2.0.31).
> Escape character is '^]'.
> 
> expect: does "Trying 10.2.0.31...\r\r\nConnected to BRY_X450_01.MYNETWORK.ftth (10.2.0.31).\r\r\nEscape character is '^]'.\r\r\n" (spawn_id exp6) match regular expression "(Connection refused|Secure connection [^\n\r]+ refused)"? no
> "(Connection closed by|Connection to [^\n\r]+ closed)"? no
> 
> expect: does "Trying 10.2.0.31...\r\r\nConnected to BRY_X450_01.MYNETWORK.ftth (10.2.0.31).\r\r\nEscape character is '^]'.\r\r\n" (spawn_id exp6) match glob pattern "unknown host\r"? no
> 
> expect: does "Trying 10.2.0.31...\r\r\nConnected to BRY_X450_01.MYNETWORK.ftth (10.2.0.31).\r\r\nEscape character is '^]'.\r\r\n" (spawn_id exp6) match glob pattern "Host is unreachable"? no
> "No address associated with name"? no
> "(Host key not found |The authenticity of host .* be established).*(yes/no)?"? no
> "HOST IDENTIFICATION HAS CHANGED.* (yes/no)?"? no
> "Offending key for .* (yes/no)?"? no
> "(denied|Sorry)"? no
> "Login failed"? no
> "% (Bad passwords|Authentication failed)"? no
> "Press any key to continue."? no
> "Enter Selection: "? no
> "Last login:"? no
> "@[^\r\n]+ password:"? no
> "(Username|Login|login|user name):"? no
> "password:"? no
> "(#| \(enable\))"? no
> "Login invalid"? no
> 
> telnet session telnet0 on /dev/ptyb0
> 
> login:
> expect: does "Trying 10.2.0.31...\r\r\nConnected to BRY_X450_01.MYNETWORK.ftth (10.2.0.31).\r\r\nEscape character is '^]'.\r\r\n\r\ntelnet session telnet0 on /dev/ptyb0\r\n\r\nlogin: " (spawn_id exp6) match regular expression "(Connection refused|Secure connection [^\n\r]+ refused)"? no
> "(Connection closed by|Connection to [^\n\r]+ closed)"? no
> 
> expect: does "Trying 10.2.0.31...\r\r\nConnected to BRY_X450_01.MYNETWORK.ftth (10.2.0.31).\r\r\nEscape character is '^]'.\r\r\n\r\ntelnet session telnet0 on /dev/ptyb0\r\n\r\nlogin: " (spawn_id exp6) match glob pattern "unknown host\r"? no
> 
> expect: does "Trying 10.2.0.31...\r\r\nConnected to BRY_X450_01.MYNETWORK.ftth (10.2.0.31).\r\r\nEscape character is '^]'.\r\r\n\r\ntelnet session telnet0 on /dev/ptyb0\r\n\r\nlogin: " (spawn_id exp6) match glob pattern "Host is unreachable"? no
> "No address associated with name"? no
> "(Host key not found |The authenticity of host .* be established).*(yes/no)?"? no
> "HOST IDENTIFICATION HAS CHANGED.* (yes/no)?"? no
> "Offending key for .* (yes/no)?"? no
> "(denied|Sorry)"? no
> "Login failed"? no
> "% (Bad passwords|Authentication failed)"? no
> "Press any key to continue."? no
> "Enter Selection: "? no
> "Last login:"? no
> "@[^\r\n]+ password:"? no
> "(Username|Login|login|user name):"? yes
> expect: set expect_out(0,string) "login:"
> expect: set expect_out(1,string) "login"
> expect: set expect_out(spawn_id) "exp6"
> expect: set expect_out(buffer) "Trying 10.2.0.31...\r\r\nConnected to BRY_X450_01.MYNETWORK.ftth (10.2.0.31).\r\r\nEscape character is '^]'.\r\r\n\r\ntelnet session telnet0 on /dev/ptyb0\r\n\r\nlogin:"
> send: sending "rancid\r" to { exp6 }
> expect: continuing expect
> 
> expect: does " " (spawn_id exp6) match regular expression "(Connection refused|Secure connection [^\n\r]+ refused)"? no
> "(Connection closed by|Connection to [^\n\r]+ closed)"? no
> 
> expect: does " " (spawn_id exp6) match glob pattern "unknown host\r"? no
> 
> expect: does " " (spawn_id exp6) match glob pattern "Host is unreachable"? no
> "No address associated with name"? no
> "(Host key not found |The authenticity of host .* be established).*(yes/no)?"? no
> "HOST IDENTIFICATION HAS CHANGED.* (yes/no)?"? no
> "Offending key for .* (yes/no)?"? no
> "(denied|Sorry)"? no
> "Login failed"? no
> "% (Bad passwords|Authentication failed)"? no
> "Press any key to continue."? no
> "Enter Selection: "? no
> "Last login:"? no
> "@[^\r\n]+ password:"? no
> "(Username|Login|login|user name):"? no
> "password:"? no
> "(#| \(enable\))"? no
> "Login invalid"? no
> login: r
> expect: does " \r\u001b[Klogin: r" (spawn_id exp6) match regular expression "(Connection refused|Secure connection [^\n\r]+ refused)"? no
> "(Connection closed by|Connection to [^\n\r]+ closed)"? no
> 
> expect: does " \r\u001b[Klogin: r" (spawn_id exp6) match glob pattern "unknown host\r"? no
> 
> expect: does " \r\u001b[Klogin: r" (spawn_id exp6) match glob pattern "Host is unreachable"? no
> "No address associated with name"? no
> "(Host key not found |The authenticity of host .* be established).*(yes/no)?"? no
> "HOST IDENTIFICATION HAS CHANGED.* (yes/no)?"? no
> "Offending key for .* (yes/no)?"? no
> "(denied|Sorry)"? no
> "Login failed"? no
> "% (Bad passwords|Authentication failed)"? no
> "Press any key to continue."? no
> "Enter Selection: "? no
> "Last login:"? no
> "@[^\r\n]+ password:"? no
> "(Username|Login|login|user name):"? yes
> expect: set expect_out(0,string) "login:"
> expect: set expect_out(1,string) "login"
> expect: set expect_out(spawn_id) "exp6"
> expect: set expect_out(buffer) " \r\u001b[Klogin:"
> send: sending "rancid\r" to { exp6 }
> expect: continuing expect
> 
> expect: does " r" (spawn_id exp6) match regular expression "(Connection refused|Secure connection [^\n\r]+ refused)"? no
> "(Connection closed by|Connection to [^\n\r]+ closed)"? no
> 
> expect: does " r" (spawn_id exp6) match glob pattern "unknown host\r"? no
> 
> expect: does " r" (spawn_id exp6) match glob pattern "Host is unreachable"? no
> "No address associated with name"? no
> "(Host key not found |The authenticity of host .* be established).*(yes/no)?"? no
> "HOST IDENTIFICATION HAS CHANGED.* (yes/no)?"? no
> "Offending key for .* (yes/no)?"? no
> "(denied|Sorry)"? no
> "Login failed"? no
> "% (Bad passwords|Authentication failed)"? no
> "Press any key to continue."? no
> "Enter Selection: "? no
> "Last login:"? no
> "@[^\r\n]+ password:"? no
> "(Username|Login|login|user name):"? no
> "password:"? no
> "(#| \(enable\))"? no
> "Login invalid"? no
> ancid
> password:
> expect: does " rancid\r\n\rpassword: " (spawn_id exp6) match regular expression "(Connection refused|Secure connection [^\n\r]+ refused)"? no
> "(Connection closed by|Connection to [^\n\r]+ closed)"? no
> 
> expect: does " rancid\r\n\rpassword: " (spawn_id exp6) match glob pattern "unknown host\r"? no
> 
> expect: does " rancid\r\n\rpassword: " (spawn_id exp6) match glob pattern "Host is unreachable"? no
> "No address associated with name"? no
> "(Host key not found |The authenticity of host .* be established).*(yes/no)?"? no
> "HOST IDENTIFICATION HAS CHANGED.* (yes/no)?"? no
> "Offending key for .* (yes/no)?"? no
> "(denied|Sorry)"? no
> "Login failed"? no
> "% (Bad passwords|Authentication failed)"? no
> "Press any key to continue."? no
> "Enter Selection: "? no
> "Last login:"? no
> "@[^\r\n]+ password:"? no
> "(Username|Login|login|user name):"? no
> "password:"? yes
> expect: set expect_out(0,string) "password:"
> expect: set expect_out(spawn_id) "exp6"
> expect: set expect_out(buffer) " rancid\r\n\rpassword:"
> send: sending "MYPASSWORD\r" to { exp6 }
> expect: continuing expect
> 
> expect: does " " (spawn_id exp6) match regular expression "(Connection refused|Secure connection [^\n\r]+ refused)"? no
> "(Connection closed by|Connection to [^\n\r]+ closed)"? no
> 
> expect: does " " (spawn_id exp6) match glob pattern "unknown host\r"? no
> 
> expect: does " " (spawn_id exp6) match glob pattern "Host is unreachable"? no
> "No address associated with name"? no
> "(Host key not found |The authenticity of host .* be established).*(yes/no)?"? no
> "HOST IDENTIFICATION HAS CHANGED.* (yes/no)?"? no
> "Offending key for .* (yes/no)?"? no
> "(denied|Sorry)"? no
> "Login failed"? no
> "% (Bad passwords|Authentication failed)"? no
> "Press any key to continue."? no
> "Enter Selection: "? no
> "Last login:"? no
> "@[^\r\n]+ password:"? no
> "(Username|Login|login|user name):"? no
> "password:"? no
> "(#| \(enable\))"? no
> "Login invalid"? no
> 
> 
> Login incorrect
> login: MYPASSWORD
> 
> expect: does " \r\n\r\r\n\rLogin incorrect\r\nlogin: MYPASSWORD\r\n\r" (spawn_id exp6) match regular expression "(Connection refused|Secure connection [^\n\r]+ refused)"? no
> "(Connection closed by|Connection to [^\n\r]+ closed)"? no
> 
> expect: does " \r\n\r\r\n\rLogin incorrect\r\nlogin: MYPASSWORD\r\n\r" (spawn_id exp6) match glob pattern "unknown host\r"? no
> 
> expect: does " \r\n\r\r\n\rLogin incorrect\r\nlogin: MYPASSWORD\r\n\r" (spawn_id exp6) match glob pattern "Host is unreachable"? no
> "No address associated with name"? no
> "(Host key not found |The authenticity of host .* be established).*(yes/no)?"? no
> "HOST IDENTIFICATION HAS CHANGED.* (yes/no)?"? no
> "Offending key for .* (yes/no)?"? no
> "(denied|Sorry)"? no
> "Login failed"? no
> "% (Bad passwords|Authentication failed)"? no
> "Press any key to continue."? no
> "Enter Selection: "? no
> "Last login:"? no
> "@[^\r\n]+ password:"? no
> "(Username|Login|login|user name):"? yes
> expect: set expect_out(0,string) "login:"
> expect: set expect_out(1,string) "login"
> expect: set expect_out(spawn_id) "exp6"
> expect: set expect_out(buffer) " \r\n\r\r\n\rLogin incorrect\r\nlogin:"
> send: sending "rancid\r" to { exp6 }
> expect: continuing expect
> 
> expect: does " MYPASSWORD\r\n\r" (spawn_id exp6) match regular expression "(Connection refused|Secure connection [^\n\r]+ refused)"? no
> "(Connection closed by|Connection to [^\n\r]+ closed)"? no
> 
> expect: does " MYPASSWORD\r\n\r" (spawn_id exp6) match glob pattern "unknown host\r"? no
> 
> expect: does " MYPASSWORD\r\n\r" (spawn_id exp6) match glob pattern "Host is unreachable"? no
> "No address associated with name"? no
> "(Host key not found |The authenticity of host .* be established).*(yes/no)?"? no
> "HOST IDENTIFICATION HAS CHANGED.* (yes/no)?"? no
> "Offending key for .* (yes/no)?"? no
> "(denied|Sorry)"? no
> "Login failed"? no
> "% (Bad passwords|Authentication failed)"? no
> "Press any key to continue."? no
> "Enter Selection: "? no
> "Last login:"? no
> "@[^\r\n]+ password:"? no
> "(Username|Login|login|user name):"? no
> "password:"? no
> "(#| \(enable\))"? no
> "Login invalid"? no
> password:
> expect: does " MYPASSWORD\r\n\rpassword: " (spawn_id exp6) match regular expression "(Connection refused|Secure connection [^\n\r]+ refused)"? no
> "(Connection closed by|Connection to [^\n\r]+ closed)"? no
> 
> expect: does " MYPASSWORD\r\n\rpassword: " (spawn_id exp6) match glob pattern "unknown host\r"? no
> 
> expect: does " MYPASSWORD\r\n\rpassword: " (spawn_id exp6) match glob pattern "Host is unreachable"? no
> "No address associated with name"? no
> "(Host key not found |The authenticity of host .* be established).*(yes/no)?"? no
> "HOST IDENTIFICATION HAS CHANGED.* (yes/no)?"? no
> "Offending key for .* (yes/no)?"? no
> "(denied|Sorry)"? no
> "Login failed"? no
> "% (Bad passwords|Authentication failed)"? no
> "Press any key to continue."? no
> "Enter Selection: "? no
> "Last login:"? no
> "@[^\r\n]+ password:"? no
> "(Username|Login|login|user name):"? no
> "password:"? yes
> expect: set expect_out(0,string) "password:"
> expect: set expect_out(spawn_id) "exp6"
> expect: set expect_out(buffer) " MYPASSWORD\r\n\rpassword:"
> send: sending "MYPASSWORD\r" to { exp6 }
> expect: continuing expect
> 
> expect: does " " (spawn_id exp6) match regular expression "(Connection refused|Secure connection [^\n\r]+ refused)"? no
> "(Connection closed by|Connection to [^\n\r]+ closed)"? no
> 
> expect: does " " (spawn_id exp6) match glob pattern "unknown host\r"? no
> 
> expect: does " " (spawn_id exp6) match glob pattern "Host is unreachable"? no
> "No address associated with name"? no
> "(Host key not found |The authenticity of host .* be established).*(yes/no)?"? no
> "HOST IDENTIFICATION HAS CHANGED.* (yes/no)?"? no
> "Offending key for .* (yes/no)?"? no
> "(denied|Sorry)"? no
> "Login failed"? no
> "% (Bad passwords|Authentication failed)"? no
> "Press any key to continue."? no
> "Enter Selection: "? no
> "Last login:"? no
> "@[^\r\n]+ password:"? no
> "(Username|Login|login|user name):"? no
> "password:"? no
> "(#| \(enable\))"? no
> "Login invalid"? no
> 
> 
> Login incorrect
> login:
> expect: does " \r\n\r\r\n\rLogin incorrect\r\nlogin: " (spawn_id exp6) match regular expression "(Connection refused|Secure connection [^\n\r]+ refused)"? no
> "(Connection closed by|Connection to [^\n\r]+ closed)"? no
> 
> expect: does " \r\n\r\r\n\rLogin incorrect\r\nlogin: " (spawn_id exp6) match glob pattern "unknown host\r"? no
> 
> expect: does " \r\n\r\r\n\rLogin incorrect\r\nlogin: " (spawn_id exp6) match glob pattern "Host is unreachable"? no
> "No address associated with name"? no
> "(Host key not found |The authenticity of host .* be established).*(yes/no)?"? no
> "HOST IDENTIFICATION HAS CHANGED.* (yes/no)?"? no
> "Offending key for .* (yes/no)?"? no
> "(denied|Sorry)"? no
> "Login failed"? no
> "% (Bad passwords|Authentication failed)"? no
> "Press any key to continue."? no
> "Enter Selection: "? no
> "Last login:"? no
> "@[^\r\n]+ password:"? no
> "(Username|Login|login|user name):"? yes
> expect: set expect_out(0,string) "login:"
> expect: set expect_out(1,string) "login"
> expect: set expect_out(spawn_id) "exp6"
> expect: set expect_out(buffer) " \r\n\r\r\n\rLogin incorrect\r\nlogin:"
> send: sending "rancid\r" to { exp6 }
> expect: continuing expect
> 
> expect: does " " (spawn_id exp6) match regular expression "(Connection refused|Secure connection [^\n\r]+ refused)"? no
> "(Connection closed by|Connection to [^\n\r]+ closed)"? no
> 
> expect: does " " (spawn_id exp6) match glob pattern "unknown host\r"? no
> 
> expect: does " " (spawn_id exp6) match glob pattern "Host is unreachable"? no
> "No address associated with name"? no
> "(Host key not found |The authenticity of host .* be established).*(yes/no)?"? no
> "HOST IDENTIFICATION HAS CHANGED.* (yes/no)?"? no
> "Offending key for .* (yes/no)?"? no
> "(denied|Sorry)"? no
> "Login failed"? no
> "% (Bad passwords|Authentication failed)"? no
> "Press any key to continue."? no
> "Enter Selection: "? no
> "Last login:"? no
> "@[^\r\n]+ password:"? no
> "(Username|Login|login|user name):"? no
> "password:"? no
> "(#| \(enable\))"? no
> "Login invalid"? no
> MYPASSWORD
> password:
> expect: does " MYPASSWORD\r\n\rpassword: " (spawn_id exp6) match regular expression "(Connection refused|Secure connection [^\n\r]+ refused)"? no
> "(Connection closed by|Connection to [^\n\r]+ closed)"? no
> 
> expect: does " MYPASSWORD\r\n\rpassword: " (spawn_id exp6) match glob pattern "unknown host\r"? no
> 
> expect: does " MYPASSWORD\r\n\rpassword: " (spawn_id exp6) match glob pattern "Host is unreachable"? no
> "No address associated with name"? no
> "(Host key not found |The authenticity of host .* be established).*(yes/no)?"? no
> "HOST IDENTIFICATION HAS CHANGED.* (yes/no)?"? no
> "Offending key for .* (yes/no)?"? no
> "(denied|Sorry)"?
> 
> 
> 
> 
> 
> Fri, Nov 09, 2007 at 11:45:44AM +0100, Joachim Jerberg Jensen:
> > Hey,
> >
> > With a hint from a friend on the list, I made it work.
> > Jlogin works like a charm :)
> >
> > /Joachim Jerberg Jensen
> >
> >
> > -----Original Message-----
> > From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Joachim Jerberg Jensen
> > Sent: Friday, November 09, 2007 10:47 AM
> > To: rancid-discuss at shrubbery.net
> > Subject: [rancid] clogin on extreme X450
> >
> > Hi,
> >
> > I have problems with doing clogin into extreme X450 switches doing  TACACS authentication. ExtremeXOS version 11.6.3.5
> >
> > When I login it get following:
> >
> > [rancid at ns1 ~]$ clogin 10.2.0.31
> > 10.2.0.31
> > spawn telnet 10.2.0.31
> > Trying 10.2.0.31...
> > Connected to 10.2.0.31
> > Escape character is '^]'.
> >
> > telnet session telnet0 on /dev/ptyb0
> >
> > login: rancid
> > password:
> >
> > Login incorrect
> > login: mypassword
> > password:
> >
> > Login incorrect
> > login: mypassword
> > password:
> >
> > Login incorrect
> > Maximum number of login attempts reached!
> > Connection closed by foreign host.
> >
> > My .cloginrc file:
> >
> > ##############
> > add autoenable * {1}
> > add user * {rancid}
> > add password * {mypassword}
> >
> > #add userprompt * {"login:"}
> > #add passprompt * {"password:"}
> > ##############
> >
> > It seems like it doesn't apply the password after the login, but applies the password as username instead..
> > I have tried rancid-2.3.1 and rancid-2.3.2a7, same problem...
> >
> > I can login manually with login and password with no problem.
> >
> > Anyone have a hint?
> >
> > Best regards
> > Joachim Jerberg Jensen
> >
> > _______________________________________________
> > Rancid-discuss mailing list
> > Rancid-discuss at shrubbery.net
> > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
> > _______________________________________________
> > Rancid-discuss mailing list
> > Rancid-discuss at shrubbery.net
> > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss


More information about the Rancid-discuss mailing list