[rancid] Re: Timeouts on Cisco ASA

JP Viljoen froztbyte at froztbyte.net
Tue Apr 21 13:02:10 UTC 2009


On Tuesday 21 April 2009 14:43:30 Deny IP Any Any wrote:
> It sounds like your setup is expecting it to drop directly to enabled
> mode, which is why it is timing out (it's likely looking for a # in
> the prompt). double-check your .cloginrc file to make sure there isn't
> an autoenable setting that would be applying to your device.
>
> RANCID against an ASA works for me here:
>
> rancid at wh-mon06:~/bin$ ./clogin 192.168.121.11
> 192.168.121.11
> spawn ssh -c 3des -x -l rancid 192.168.121.11
> rancid at 192.168.121.11's password:
> Type help or '?' for a list of available commands.
> P10-JAX-ASA> enable
> Password: ************
> P10-JAX-ASA#
> P10-JAX-ASA# sh ver
>
> Cisco Adaptive Security Appliance Software Version 8.0(4)
> Device Manager Version 6.1(5)57

Speaking to a friend of mine earlier after he saw my post to the list, I did 
try debugging with noenable and other parameters and even adjusting the 
expected enable prompt to specifically match "Password:" (even though the 
default should do this) as well as ensuring it doesn't try to autoenable, all 
unsuccessfully.

Running in debug mode I get the following output near the end (sorry if some 
of it is unnecessary, I'm still busy learning the flow of RANCID and getting to 
know what's important where):

expect: does " \r\nType help or '?' for a list of available commands.
\r\n\rciscoasa> " (spawn_id exp6) match glob pattern "unknown host\r"? no

expect: does " \r\nType help or '?' for a list of available commands.
\r\n\rciscoasa> " (spawn_id exp6) match glob pattern "Host is unreachable"? no
"No address associated with name"? no
"(Host key not found |The authenticity of host .* be established).*(yes/no)?"? 
no
"HOST IDENTIFICATION HAS CHANGED.* (yes/no)?"? no
"Offending key for .* (yes/no)?"? no
"(denied|Sorry)"? no
"Login failed"? no
"% (Bad passwords|Authentication failed)"? no
"Press any key to continue"? no
"Enter Selection: "? no
"Last login:"? no
"@[^\r\n]+ ([Pp]assword|passwd):"? no
"(Username|Login|login|user name|User):"? no
"([Pp]assword|passwd):"? no
"(#| \(enable\))"? no
"Login invalid"? no
expect: timed out

Error: TIMEOUT reached
write() failed to write anything - will sleep(1) and retry...
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20090421/846dbcdf/attachment.html 


More information about the Rancid-discuss mailing list