[rancid] Re: Rancid with Fortigate Devices?

Jeff Moorse jmoorse at gmail.com
Tue Apr 28 19:07:42 UTC 2009


For an admin account the prompt is (sans quotes):

"FGT[model][s/n] # "

Please note the trailing space

For a read only account it is the same but with a $ instead of a #

-Jeff Moorse

On Tue, Apr 28, 2009 at 12:04 PM, john heasley <heas at shrubbery.net> wrote:

> Thu, Apr 23, 2009 at 11:19:03AM -0400, Mina Eskander:
> > I changed the -> in the nlogin script to ~ $ and it still does not work,
> here is the output I get
>
> Would someone who knows the fortigate well please confirm the prompt
> format?
> I was told '-> ', but reading through the manual that I found online, it
> seems that the prompt is '$ ' and gives no indication that it changes with
> elevated permissions.  But, the manual for their CLI seems poorly written.
>
> > [rancid at pwcolocacti bin]$ nlogin -d -t 90 -c"get system status;get conf"
> pwcolofgt100c
> > pwcolofgt100c
> > spawn ssh -c 3des -x -l meskander pwcolofgt100c
> > parent: waiting for sync byte
> > parent: telling child to go ahead
> > parent: now unsynchronized from child
> > spawn: returns {16963}
> >
> > expect: does "" (spawn_id exp6) match glob pattern "Connection refused"?
> no
> > "Unknown host\r\n"? no
> > "Host is unreachable"? no
> > "No address associated with name"? no
> > "Are you sure you want to continue connecting .*"? no
> > "Host key not found .* (yes/no)?"? no
> > "HOST IDENTIFICATION HAS CHANGED.* (yes/no)?"? no
> > "Offending key for .* (yes/no)?"? no
> > "denied"? no
> > " ### Login failed"? no
> > "(login:)"? no
> > "@[^\r\n]+[Pp]assword:"? no
> > "[Pp]assword:"? no
> > "~ $ "? no
> > meskander at pwcolofgt100c's password:
> > expect: does "meskander at pwcolofgt100c's password: " (spawn_id exp6)
> match glob pattern "Connection refused"? no
> > "Unknown host\r\n"? no
> > "Host is unreachable"? no
> > "No address associated with name"? no
> > "Are you sure you want to continue connecting .*"? no
> > "Host key not found .* (yes/no)?"? no
> > "HOST IDENTIFICATION HAS CHANGED.* (yes/no)?"? no
> > "Offending key for .* (yes/no)?"? no
> > "denied"? no
> > " ### Login failed"? no
> > "(login:)"? no
> > "@[^\r\n]+[Pp]assword:"? yes
> > expect: set expect_out(0,string) "@pwcolofgt100c's password:"
> > expect: set expect_out(spawn_id) "exp6"
> > expect: set expect_out(buffer) "meskander at pwcolofgt100c's password:"
> > send: sending "G0ds at v3s\r" to { exp6 }
> > expect: continuing expect
> >
> > expect: does " " (spawn_id exp6) match glob pattern "Connection refused"?
> no
> > "Unknown host\r\n"? no
> > "Host is unreachable"? no
> > "No address associated with name"? no
> > "Are you sure you want to continue connecting .*"? no
> > "Host key not found .* (yes/no)?"? no
> > "HOST IDENTIFICATION HAS CHANGED.* (yes/no)?"? no
> > "Offending key for .* (yes/no)?"? no
> > "denied"? no
> > " ### Login failed"? no
> > "(login:)"? no
> > "@[^\r\n]+[Pp]assword:"? no
> > "[Pp]assword:"? no
> > "~ $ "? no
> >
> >
> > expect: does " \r\n" (spawn_id exp6) match glob pattern "Connection
> refused"? no
> > "Unknown host\r\n"? no
> > "Host is unreachable"? no
> > "No address associated with name"? no
> > "Are you sure you want to continue connecting .*"? no
> > "Host key not found .* (yes/no)?"? no
> > "HOST IDENTIFICATION HAS CHANGED.* (yes/no)?"? no
> > "Offending key for .* (yes/no)?"? no
> > "denied"? no
> > " ### Login failed"? no
> > "(login:)"? no
> > "@[^\r\n]+[Pp]assword:"? no
> > "[Pp]assword:"? no
> > "~ $ "? no
> > FGT100C3G0860259~ $
> > expect: does " \r\nFGT100C3G0860259~ $ " (spawn_id exp6) match glob
> pattern "Connection refused"? no
> > "Unknown host\r\n"? no
> > "Host is unreachable"? no
> > "No address associated with name"? no
> > "Are you sure you want to continue connecting .*"? no
> > "Host key not found .* (yes/no)?"? no
> > "HOST IDENTIFICATION HAS CHANGED.* (yes/no)?"? no
> > "Offending key for .* (yes/no)?"? no
> > "denied"? no
> > " ### Login failed"? no
> > "(login:)"? no
> > "@[^\r\n]+[Pp]assword:"? no
> > "[Pp]assword:"? no
> > "~ $ "? yes
> > expect: set expect_out(0,string) "~ $ "
> > expect: set expect_out(spawn_id) "exp6"
> > expect: set expect_out(buffer) " \r\nFGT100C3G0860259~ $ "
> > send: sending "\r" to { exp6 }
> >
> > expect: does "" (spawn_id exp6) match regular expression "[\r\n]+"? no
> > "^(.+~ $ )"? no
> >
> >
> > expect: does "\r\r\n" (spawn_id exp6) match regular expression "[\r\n]+"?
> yes
> > expect: set expect_out(0,string) "\r\r\n"
> > expect: set expect_out(spawn_id) "exp6"
> > expect: set expect_out(buffer) "\r\r\n"
> > expect: continuing expect
> >
> > expect: does "" (spawn_id exp6) match regular expression "[\r\n]+"? no
> > "^(.+~ $ )"? no
> > FGT100C3G0860259~ $
> > expect: does "FGT100C3G0860259~ $ " (spawn_id exp6) match regular
> expression "[\r\n]+"? no
> > "^(.+~ $ )"? no
> > expect: timed out
> >
> > Error: TIMEOUT reached
> > write() failed to write anything - will sleep(1) and retry...
> > [rancid at pwcolocacti bin]$
> >
> > From: rancid-discuss-bounces at shrubbery.net [mailto:
> rancid-discuss-bounces at shrubbery.net] On Behalf Of Jeff Moorse
> > Sent: Monday, April 20, 2009 11:06 PM
> > To: rancid-discuss at shrubbery.net
> > Subject: [rancid] Re: Rancid with Fortigate Devices?
> >
> > Anyone know what the correct syntax for the expect script would be to
> match prompt (assuming the string of #'s following FGT is variable)?
> >
> > I have experienced similar problems
> >
> > Thanks
> > On Mon, Apr 20, 2009 at 10:45 AM, john heasley <heas at shrubbery.net
> <mailto:heas at shrubbery.net>> wrote:
> > yep, your prompt is nFGT100C3G0860259~ $
> > but the script expects ->
> >
> > _______________________________________________
> > Rancid-discuss mailing list
> > Rancid-discuss at shrubbery.net<mailto:Rancid-discuss at shrubbery.net>
> > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
> >
> >
> >
> > --
> > -- Jeff Moorse --
>
> > _______________________________________________
> > Rancid-discuss mailing list
> > Rancid-discuss at shrubbery.net
> > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
>



-- 
-- Jeff Moorse --
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20090428/fde1427b/attachment.html 


More information about the Rancid-discuss mailing list