[rancid] Re: Using RANCID with an SSH tunnel

Matt Hope matt.hope at nicta.com.au
Wed Jan 23 11:23:51 UTC 2008

John Phelps wrote:
> Hello,
> I am trying to find a way to retrieve a config from a router that is on a network that our RANCID box does not have a route to.  Unfortunately, in this situation, I can't add a route to allow the networks to talk to each other.  The only way that the 2 networks have access to each other is through a dual-homed server that has a NIC on each network.  Below is a simple diagram of the network:
> RANCID server--------------------Dual-homed server-----------------------Router
> Both servers in question are running RHEL.  Now I am no Linux expert, but I have been playing around with SSH port forwarding and I am thinking the best way to accomplish this is to create a shell script to open a tunnel to the network before the RANCID job executes.  A coworker suggested creating a perl script that RANCID would call to open the tunnel then grab the config, but I am not familiar with perl and having trouble finding examples of how to integrate a perl script into RANCID.
> If anyone has a better idea of how to pull this off or can point me towards examples of perl scripts for RANCID I'd appreciate it!
> Thanks,

I'd suggest setting up your SSH client so that you can type 'ssh' from rancid server, and that way rancid will just work [tm].

The easiest way I've found to achieve this is to do something like the

- create a ~rancid/.ssh/config file

- drop something like the following into it:

  proxycommand ssh /bin/nc -q 0 %h %p

- install 'nc' (netcat) onto your dual-homed server, and setup ssh keys
or similar so rancid can log into it without a password.

After you do this, you should be able to type "ssh" when
logged into rancid and get a prompt for's password.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 252 bytes
Desc: OpenPGP digital signature
Url : http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20080123/5416122c/attachment.bin 

More information about the Rancid-discuss mailing list