[rancid] Re: Does the clogin -x flag work if ssh is the transport?

Chris Gauthier cgauthier at mapscu.com
Tue Dec 30 00:48:15 UTC 2008 

It is probably failing because the ASA/PIX series always logs you in at
a non-privileged exec mode.  To get to the privileged exec mode, you
have to enter your login password a second time.  Here is how my working
.cloginrc is configured:

# Firewalls (before global settings)
#
add method PIX_firewall.example.com ssh
add autoenable PIX_firewall.example.com 0
add user PIX_firewall.example.com rancid
add password PIX_firewall.example.com e7eet.Pa55w0rd e7eet.Pa55w0rd
(I had to obfuscate the password in a fun way <grin> )

Good luck!

Chris

-----Original Message-----
From: rancid-discuss-bounces at shrubbery.net
[mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Chris Knight
Sent: Monday, December 29, 2008 4:03 PM
To: Rancid-discuss at shrubbery.net
Subject: [rancid] Does the clogin -x flag work if ssh is the transport?

Howdy,

  I am new to rancid, and I apologize if this is considered a newbie
question.  I am trying to use rancid to send a set of canned commands
to a Cisco ASA.  I have installed rancid 2.3.2a7 onto a RHEL5.2 box
running a 2.6.18-92.1.22.el5 kernel.  I have configured .cloginrc and
tested that I can log into the ASA using clogin.

  After verifying that I could log into the ASA via clogin, I
constructed a very simple command file, that contains only two
commands "show ver" and "show run".  I invoke this command file with
this command line:

  ./bin/clogin asa-office -x test.cmd

  What appears to happen is that clogin does in fact log into the ASA,
and then it stalls.  If I let it sit for five minutes, nothing
happens.  So, I type 'exit'.  Now clogin appears to be invoking
telnet, and if I let that sit for a few minutes it times out:

[rancid at zack ~]$ ./bin/clogin asa-office -x test.cmd
asa-office
spawn ssh -c 3des -x -l proxyit asa-office
proxyit at asa-office's password:
Type help or '?' for a list of available commands.
hq> enable
Password: *************
hq#
hq# exit

Logoff

Connection to asa-office closed by remote host.
Connection to asa-office closed.
-x
spawn telnet -x
telnet> enable
?Invalid command
telnet>
Error: TIMEOUT reached
can not find channel named "exp6"
    while executing
"send "\r""
    ("foreach" body line 129)
    invoked from within
"foreach router [lrange $argv $i end] {
    set router [string tolower $router]
    # attempt at platform switching.
    set platform ""
    send_user ..."
    (file "./bin/clogin" line 712)
[rancid at zack ~]$


  Is there a trick to being able to use the -x flag to invoke a list
of commands when using ssh instead of telnet?

-Chris
_______________________________________________
Rancid-discuss mailing list
Rancid-discuss at shrubbery.net
http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss

More information about the Rancid-discuss mailing list