[rancid] Re: Using RANCID with an SSH tunnel

Matt Hope matt.hope at nicta.com.au
Wed Jan 23 11:23:51 UTC 2008


John Phelps wrote:
> Hello,
> 
> I am trying to find a way to retrieve a config from a router that is on a network that our RANCID box does not have a route to.  Unfortunately, in this situation, I can't add a route to allow the networks to talk to each other.  The only way that the 2 networks have access to each other is through a dual-homed server that has a NIC on each network.  Below is a simple diagram of the network:
> 
> RANCID server--------------------Dual-homed server-----------------------Router
> 10.0.0.1                       10.0.0.2   192.168.0.2                   192.168.0.1
> 
> Both servers in question are running RHEL.  Now I am no Linux expert, but I have been playing around with SSH port forwarding and I am thinking the best way to accomplish this is to create a shell script to open a tunnel to the 192.168.0.0 network before the RANCID job executes.  A coworker suggested creating a perl script that RANCID would call to open the tunnel then grab the config, but I am not familiar with perl and having trouble finding examples of how to integrate a perl script into RANCID.
> 
> If anyone has a better idea of how to pull this off or can point me towards examples of perl scripts for RANCID I'd appreciate it!
> 
> Thanks,
> 


I'd suggest setting up your SSH client so that you can type 'ssh
192.168.0.1' from rancid server, and that way rancid will just work [tm].

The easiest way I've found to achieve this is to do something like the
following:

- create a ~rancid/.ssh/config file

- drop something like the following into it:

-----8<-------
host 192.168.0.1
  proxycommand ssh 10.0.0.2 /bin/nc -q 0 %h %p
-----8<-------

- install 'nc' (netcat) onto your dual-homed server, and setup ssh keys
or similar so rancid can log into it without a password.

After you do this, you should be able to type "ssh 192.168.0.1" when
logged into rancid and get a prompt for 192.168.0.1's password.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 252 bytes
Desc: OpenPGP digital signature
Url : http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20080123/5416122c/attachment.bin 


More information about the Rancid-discuss mailing list