[rancid] Re: Rancid with Fortigate Devices?

Mina Eskander meskander at perimeterwatch.com
Fri May 29 19:34:28 UTC 2009


Thanks for your replay and sorry for such a late response.
Does it make a difference what prompt it is? As long as what I have matches the prompt in the script? I don't know if I can get privileges on this box so I can get the # prompt.

The weird thing is the following:
FGT100A_VPN $
expect: does " \r\nFGT100A_VPN $ " (spawn_id exp6) match glob pattern "Connection refused"? no
"Unknown host\r\n"? no
"Host is unreachable"? no
"No address associated with name"? no
"Are you sure you want to continue connecting .*"? no
"Host key not found .* (yes/no)?"? no
"HOST IDENTIFICATION HAS CHANGED.* (yes/no)?"? no
"Offending key for .* (yes/no)?"? no
"denied"? no
" ### Login failed"? no
"(login:)"? no
"@[^\r\n]+[Pp]assword:"? no
"[Pp]assword:"? no
" $ "? yes
expect: set expect_out(0,string) " $ "
expect: set expect_out(spawn_id) "exp6"
expect: set expect_out(buffer) " \r\nFGT100A_VPN $ "
send: sending "\r" to { exp6 }

expect: does "" (spawn_id exp6) match regular expression "[\r\n]+"? no
"^(.+ $ )"? no

FGT100A_VPN $
expect: does "\r\r\nFGT100A_VPN $ " (spawn_id exp6) match regular expression "[\r\n]+"? yes
expect: set expect_out(0,string) "\r\r\n"
expect: set expect_out(spawn_id) "exp6"
expect: set expect_out(buffer) "\r\r\n"
expect: continuing expect

expect: does "FGT100A_VPN $ " (spawn_id exp6) match regular expression "[\r\n]+"? no
"^(.+ $ )"? no
expect: timed out

Error: TIMEOUT reached
write() failed to write anything - will sleep(1) and retry...

so it matches the modified prompt I made but then it fails after when it tries to match it with [\r\n]+

any ideas?

Mina Eskander
Perimeterwatch Technologies
Direct:   +1 (347) 448-2845
Mobile:   +1 (347) 510-4102
meskander at perimeterwatch.com<mailto:meskander at perimeterwatch.com>

Network Security | Disaster Recovery | Business Continuity | IT Projects | Application Development
_____________________________________________________________________
New York: (347) 448-2845 - 34-12 36th Street - 2nd Floor - Astoria, NY 11106

From: Jeff Moorse [mailto:jmoorse at gmail.com]
Sent: Tuesday, April 28, 2009 3:08 PM
To: john heasley
Cc: Mina Eskander; rancid-discuss at shrubbery.net
Subject: Re: [rancid] Re: Rancid with Fortigate Devices?

For an admin account the prompt is (sans quotes):

"FGT[model][s/n] # "

Please note the trailing space

For a read only account it is the same but with a $ instead of a #

-Jeff Moorse
On Tue, Apr 28, 2009 at 12:04 PM, john heasley <heas at shrubbery.net<mailto:heas at shrubbery.net>> wrote:
Thu, Apr 23, 2009 at 11:19:03AM -0400, Mina Eskander:
> I changed the -> in the nlogin script to ~ $ and it still does not work, here is the output I get

Would someone who knows the fortigate well please confirm the prompt format?
I was told '-> ', but reading through the manual that I found online, it
seems that the prompt is '$ ' and gives no indication that it changes with
elevated permissions.  But, the manual for their CLI seems poorly written.

> [rancid at pwcolocacti bin]$ nlogin -d -t 90 -c"get system status;get conf" pwcolofgt100c
> pwcolofgt100c
> spawn ssh -c 3des -x -l meskander pwcolofgt100c
> parent: waiting for sync byte
> parent: telling child to go ahead
> parent: now unsynchronized from child
> spawn: returns {16963}
>
> expect: does "" (spawn_id exp6) match glob pattern "Connection refused"? no
> "Unknown host\r\n"? no
> "Host is unreachable"? no
> "No address associated with name"? no
> "Are you sure you want to continue connecting .*"? no
> "Host key not found .* (yes/no)?"? no
> "HOST IDENTIFICATION HAS CHANGED.* (yes/no)?"? no
> "Offending key for .* (yes/no)?"? no
> "denied"? no
> " ### Login failed"? no
> "(login:)"? no
> "@[^\r\n]+[Pp]assword:"? no
> "[Pp]assword:"? no
> "~ $ "? no
> meskander at pwcolofgt100c's password:
> expect: does "meskander at pwcolofgt100c's password: " (spawn_id exp6) match glob pattern "Connection refused"? no
> "Unknown host\r\n"? no
> "Host is unreachable"? no
> "No address associated with name"? no
> "Are you sure you want to continue connecting .*"? no
> "Host key not found .* (yes/no)?"? no
> "HOST IDENTIFICATION HAS CHANGED.* (yes/no)?"? no
> "Offending key for .* (yes/no)?"? no
> "denied"? no
> " ### Login failed"? no
> "(login:)"? no
> "@[^\r\n]+[Pp]assword:"? yes
> expect: set expect_out(0,string) "@pwcolofgt100c's password:"
> expect: set expect_out(spawn_id) "exp6"
> expect: set expect_out(buffer) "meskander at pwcolofgt100c's password:"
> send: sending "G0ds at v3s\r" to { exp6 }
> expect: continuing expect
>
> expect: does " " (spawn_id exp6) match glob pattern "Connection refused"? no
> "Unknown host\r\n"? no
> "Host is unreachable"? no
> "No address associated with name"? no
> "Are you sure you want to continue connecting .*"? no
> "Host key not found .* (yes/no)?"? no
> "HOST IDENTIFICATION HAS CHANGED.* (yes/no)?"? no
> "Offending key for .* (yes/no)?"? no
> "denied"? no
> " ### Login failed"? no
> "(login:)"? no
> "@[^\r\n]+[Pp]assword:"? no
> "[Pp]assword:"? no
> "~ $ "? no
>
>
> expect: does " \r\n" (spawn_id exp6) match glob pattern "Connection refused"? no
> "Unknown host\r\n"? no
> "Host is unreachable"? no
> "No address associated with name"? no
> "Are you sure you want to continue connecting .*"? no
> "Host key not found .* (yes/no)?"? no
> "HOST IDENTIFICATION HAS CHANGED.* (yes/no)?"? no
> "Offending key for .* (yes/no)?"? no
> "denied"? no
> " ### Login failed"? no
> "(login:)"? no
> "@[^\r\n]+[Pp]assword:"? no
> "[Pp]assword:"? no
> "~ $ "? no
> FGT100C3G0860259~ $
> expect: does " \r\nFGT100C3G0860259~ $ " (spawn_id exp6) match glob pattern "Connection refused"? no
> "Unknown host\r\n"? no
> "Host is unreachable"? no
> "No address associated with name"? no
> "Are you sure you want to continue connecting .*"? no
> "Host key not found .* (yes/no)?"? no
> "HOST IDENTIFICATION HAS CHANGED.* (yes/no)?"? no
> "Offending key for .* (yes/no)?"? no
> "denied"? no
> " ### Login failed"? no
> "(login:)"? no
> "@[^\r\n]+[Pp]assword:"? no
> "[Pp]assword:"? no
> "~ $ "? yes
> expect: set expect_out(0,string) "~ $ "
> expect: set expect_out(spawn_id) "exp6"
> expect: set expect_out(buffer) " \r\nFGT100C3G0860259~ $ "
> send: sending "\r" to { exp6 }
>
> expect: does "" (spawn_id exp6) match regular expression "[\r\n]+"? no
> "^(.+~ $ )"? no
>
>
> expect: does "\r\r\n" (spawn_id exp6) match regular expression "[\r\n]+"? yes
> expect: set expect_out(0,string) "\r\r\n"
> expect: set expect_out(spawn_id) "exp6"
> expect: set expect_out(buffer) "\r\r\n"
> expect: continuing expect
>
> expect: does "" (spawn_id exp6) match regular expression "[\r\n]+"? no
> "^(.+~ $ )"? no
> FGT100C3G0860259~ $
> expect: does "FGT100C3G0860259~ $ " (spawn_id exp6) match regular expression "[\r\n]+"? no
> "^(.+~ $ )"? no
> expect: timed out
>
> Error: TIMEOUT reached
> write() failed to write anything - will sleep(1) and retry...
> [rancid at pwcolocacti bin]$
>
> From: rancid-discuss-bounces at shrubbery.net<mailto:rancid-discuss-bounces at shrubbery.net> [mailto:rancid-discuss-bounces at shrubbery.net<mailto:rancid-discuss-bounces at shrubbery.net>] On Behalf Of Jeff Moorse
> Sent: Monday, April 20, 2009 11:06 PM
> To: rancid-discuss at shrubbery.net<mailto:rancid-discuss at shrubbery.net>
> Subject: [rancid] Re: Rancid with Fortigate Devices?
>
> Anyone know what the correct syntax for the expect script would be to match prompt (assuming the string of #'s following FGT is variable)?
>
> I have experienced similar problems
>
> Thanks
> On Mon, Apr 20, 2009 at 10:45 AM, john heasley <heas at shrubbery.net<mailto:heas at shrubbery.net><mailto:heas at shrubbery.net<mailto:heas at shrubbery.net>>> wrote:
> yep, your prompt is nFGT100C3G0860259~ $
> but the script expects ->
>
> _______________________________________________
> Rancid-discuss mailing list
> Rancid-discuss at shrubbery.net<mailto:Rancid-discuss at shrubbery.net><mailto:Rancid-discuss at shrubbery.net<mailto:Rancid-discuss at shrubbery.net>>
> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
>
>
>
> --
> -- Jeff Moorse --

> _______________________________________________
> Rancid-discuss mailing list
> Rancid-discuss at shrubbery.net<mailto:Rancid-discuss at shrubbery.net>
> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss



--
-- Jeff Moorse --

________________________________
---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
The information contained in this email is confidential and may also contain privileged information. Sender does not waive confidentiality or legal
privilege. If you are not one of the intended recipients, please notify the sender immediately and destroy this e-mail; you must not copy,
distribute or take any action in reliance on the information contained within.
Internet communications are not secure or error free and the sender does not accept any liability for the content of the email. Although emails are
routinely screened for viruses, the sender does not accept responsibility for any damage caused. Replies to this email may be monitored.
---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20090529/2f8ff717/attachment.html 


More information about the Rancid-discuss mailing list