From bgranholm at corp.crocker.com Fri Apr 2 14:07:11 2010 From: bgranholm at corp.crocker.com (Ben Granholm) Date: Fri, 2 Apr 2010 10:07:11 -0400 (EDT) Subject: [rancid] Hello All & a little help? Message-ID: <852056741.11411.1270217231627.JavaMail.root@zimbra1.crocker.com> Greetings everyone! I am new to the list as well as new to Rancid. I am a linux novice and got Rancid easily set up on CentOS 5.4, I think due to the fact that it is awesomely user friendly. However, I really need it to both be web viewable as well as set to log router changes as they happen. With CentOS there doesn't seem to be a package to view CVS, which I installed it with. Anyone out there have any experience with this? I could write pages manually using perl and apache but would rather not re-invent the wheel if at all possible. Also, currently it is set to poll in cron every hour. I can obviously shorten that time interval but is there some way to set traps up on the router to trigger a polling on the Rancid machine? Anyone out there doing anything like this? Any help you can offer would be appreciated. Thanks, Ben Granholm System Administrator Crocker Communications Inc. E-Mail: bgranholm at corp.crocker.com From cgauthier at mapscu.com Fri Apr 2 15:11:51 2010 From: cgauthier at mapscu.com (Chris Gauthier) Date: Fri, 2 Apr 2010 08:11:51 -0700 Subject: [rancid] Re: Hello All & a little help? In-Reply-To: <852056741.11411.1270217231627.JavaMail.root@zimbra1.crocker.com> References: <852056741.11411.1270217231627.JavaMail.root@zimbra1.crocker.com> Message-ID: Good morning, Here is exactly the link you should read. It talks about your CVS desires specifically. http://www.linux.com/archive/feed/55873 Chris Gauthier Network Administrator MaPS Credit Union v: 503.375.2445 f: 503.779.1083 http://www.mapscu.com "For once you have tasted flight you will walk the earth with your eyes turned skywards, for there you have been and there you will long to return." -Leonardo da Vinci -----Original Message----- From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Ben Granholm Sent: Friday, April 02, 2010 7:07 AM To: Rancid Discussion List Subject: [rancid] Hello All & a little help? Greetings everyone! I am new to the list as well as new to Rancid. I am a linux novice and got Rancid easily set up on CentOS 5.4, I think due to the fact that it is awesomely user friendly. However, I really need it to both be web viewable as well as set to log router changes as they happen. With CentOS there doesn't seem to be a package to view CVS, which I installed it with. Anyone out there have any experience with this? I could write pages manually using perl and apache but would rather not re-invent the wheel if at all possible. Also, currently it is set to poll in cron every hour. I can obviously shorten that time interval but is there some way to set traps up on the router to trigger a polling on the Rancid machine? Anyone out there doing anything like this? Any help you can offer would be appreciated. Thanks, Ben Granholm System Administrator Crocker Communications Inc. E-Mail: bgranholm at corp.crocker.com _______________________________________________ Rancid-discuss mailing list Rancid-discuss at shrubbery.net http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss From cgauthier at mapscu.com Fri Apr 2 15:27:47 2010 From: cgauthier at mapscu.com (Chris Gauthier) Date: Fri, 2 Apr 2010 08:27:47 -0700 Subject: [rancid] Re: Hello All & a little help? In-Reply-To: References: <852056741.11411.1270217231627.JavaMail.root@zimbra1.crocker.com> Message-ID: I spoke a little soon. That article (which I could only half-read because I hadn't had my coffee yet) only mentioned a manual install of RANCID. But, to be sure, there is a package of CVS for CentOS 5. Just look here: http://www.unix.com/unix-dummies-questions-answers/111875-installing-cvs-centos-5-3-a.html Chris Gauthier -----Original Message----- From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Chris Gauthier Sent: Friday, April 02, 2010 8:12 AM To: Ben Granholm; Rancid Discussion List Subject: [rancid] Re: Hello All & a little help? Good morning, Here is exactly the link you should read. It talks about your CVS desires specifically. http://www.linux.com/archive/feed/55873 Chris Gauthier Network Administrator MaPS Credit Union v: 503.375.2445 f: 503.779.1083 http://www.mapscu.com "For once you have tasted flight you will walk the earth with your eyes turned skywards, for there you have been and there you will long to return." -Leonardo da Vinci -----Original Message----- From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Ben Granholm Sent: Friday, April 02, 2010 7:07 AM To: Rancid Discussion List Subject: [rancid] Hello All & a little help? Greetings everyone! I am new to the list as well as new to Rancid. I am a linux novice and got Rancid easily set up on CentOS 5.4, I think due to the fact that it is awesomely user friendly. However, I really need it to both be web viewable as well as set to log router changes as they happen. With CentOS there doesn't seem to be a package to view CVS, which I installed it with. Anyone out there have any experience with this? I could write pages manually using perl and apache but would rather not re-invent the wheel if at all possible. Also, currently it is set to poll in cron every hour. I can obviously shorten that time interval but is there some way to set traps up on the router to trigger a polling on the Rancid machine? Anyone out there doing anything like this? Any help you can offer would be appreciated. Thanks, Ben Granholm System Administrator Crocker Communications Inc. E-Mail: bgranholm at corp.crocker.com _______________________________________________ Rancid-discuss mailing list Rancid-discuss at shrubbery.net http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss _______________________________________________ Rancid-discuss mailing list Rancid-discuss at shrubbery.net http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss From heas at shrubbery.net Fri Apr 2 15:33:11 2010 From: heas at shrubbery.net (john heasley) Date: Fri, 2 Apr 2010 08:33:11 -0700 Subject: [rancid] Re: Hello All & a little help? In-Reply-To: References: <852056741.11411.1270217231627.JavaMail.root@zimbra1.crocker.com> Message-ID: <20100402153311.GC17168@shrubbery.net> Fri, Apr 02, 2010 at 08:27:47AM -0700, Chris Gauthier: > I spoke a little soon. That article (which I could only half-read because I hadn't had my coffee yet) only mentioned a manual install of RANCID. But, to be sure, there is a package of CVS for CentOS 5. > > Just look here: http://www.unix.com/unix-dummies-questions-answers/111875-installing-cvs-centos-5-3-a.html > both of the questions are answered in the RANCID FAQ. From bgranholm at corp.crocker.com Fri Apr 2 15:51:04 2010 From: bgranholm at corp.crocker.com (Ben Granholm) Date: Fri, 2 Apr 2010 11:51:04 -0400 (EDT) Subject: [rancid] Re: Hello All & a little help? In-Reply-To: <297020545.13120.1270223390965.JavaMail.root@zimbra1.crocker.com> Message-ID: <899933903.13126.1270223464349.JavaMail.root@zimbra1.crocker.com> I have CVS for CentOS. The problem I am running into is making that available via a web interface with an RPM like ViewVC or cvsweb, which I cannot find for CentOS. The FAQ for Rancid points to cvsweb for FreeBSD. I am a linux newbie so I don't think I could compile the source from scratch. I was hoping I wasn't the only one out there running CentOS, Rancid and CVS who was using a web solution. Anyone have something? Ben Granholm System Administrator Crocker Communications Inc. E-Mail: bgranholm at corp.crocker.com ----- Original Message ----- From: "Chris Gauthier" To: "Rancid Discussion List" Sent: Friday, April 2, 2010 11:27:47 AM Subject: [rancid] Re: Hello All & a little help? I spoke a little soon. That article (which I could only half-read because I hadn't had my coffee yet) only mentioned a manual install of RANCID. But, to be sure, there is a package of CVS for CentOS 5. Just look here: http://www.unix.com/unix-dummies-questions-answers/111875-installing-cvs-centos-5-3-a.html Chris Gauthier -----Original Message----- From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Chris Gauthier Sent: Friday, April 02, 2010 8:12 AM To: Ben Granholm; Rancid Discussion List Subject: [rancid] Re: Hello All & a little help? Good morning, Here is exactly the link you should read. It talks about your CVS desires specifically. http://www.linux.com/archive/feed/55873 Chris Gauthier Network Administrator MaPS Credit Union v: 503.375.2445 f: 503.779.1083 http://www.mapscu.com "For once you have tasted flight you will walk the earth with your eyes turned skywards, for there you have been and there you will long to return." -Leonardo da Vinci -----Original Message----- From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Ben Granholm Sent: Friday, April 02, 2010 7:07 AM To: Rancid Discussion List Subject: [rancid] Hello All & a little help? Greetings everyone! I am new to the list as well as new to Rancid. I am a linux novice and got Rancid easily set up on CentOS 5.4, I think due to the fact that it is awesomely user friendly. However, I really need it to both be web viewable as well as set to log router changes as they happen. With CentOS there doesn't seem to be a package to view CVS, which I installed it with. Anyone out there have any experience with this? I could write pages manually using perl and apache but would rather not re-invent the wheel if at all possible. Also, currently it is set to poll in cron every hour. I can obviously shorten that time interval but is there some way to set traps up on the router to trigger a polling on the Rancid machine? Anyone out there doing anything like this? Any help you can offer would be appreciated. Thanks, Ben Granholm System Administrator Crocker Communications Inc. E-Mail: bgranholm at corp.crocker.com _______________________________________________ Rancid-discuss mailing list Rancid-discuss at shrubbery.net http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss _______________________________________________ Rancid-discuss mailing list Rancid-discuss at shrubbery.net http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss _______________________________________________ Rancid-discuss mailing list Rancid-discuss at shrubbery.net http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss From steti at monmouth.com Fri Apr 2 16:00:56 2010 From: steti at monmouth.com (Steve Teti) Date: Fri, 02 Apr 2010 12:00:56 -0400 Subject: [rancid] Re: Hello All & a little help? In-Reply-To: <852056741.11411.1270217231627.JavaMail.root@zimbra1.crocker.com> References: <852056741.11411.1270217231627.JavaMail.root@zimbra1.crocker.com> Message-ID: <4BB614B8.3010305@monmouth.com> Hi Ben, On 4/2/2010 10:07 AM, Ben Granholm wrote: > However, I really need it to both be web viewable Check out ViewVC (http://viewvc.org/), it works great for us. WebSVN (http://websvn.tigris.org/) is somewhat prettier if you're using an SVN backend. > Is there some way to set traps up on the router to trigger a polling on the Rancid machine? I'm not sure about triggering config backups when changes are made. You may be able to do this with an EEM script if your router supports it, but I don't know. An alternative would be TACACS+ command accounting, which will log every command entered on your routers. When combined with rancid's hourly config backups, you can easily track down who-did-what-when if a problem occurs. Good luck! Steve From david at davidkrider.com Fri Apr 2 18:55:16 2010 From: david at davidkrider.com (David Krider) Date: Fri, 02 Apr 2010 14:55:16 -0400 Subject: [rancid] Rancid stopped working for my HP switches Message-ID: <4BB63D94.3010906@davidkrider.com> I had everything setup, and it worked for a couple weeks, and now I can't get backups for my HP Procurve switches. Running: export NOPIPE=YES; hrancid -d switch_janitor_closet.data-cave.com gets me this, from the raw file: ------------- ^MPress any key to continueProCurve 2610 [103]# ^M ProCurve 2610 [103]# no page^M ProCurve 2610 [103]# terminal length 0^M Invalid input: 0 ^MProCurve 2610 [103]# invalid command name "print" while executing "print "$command"" (procedure "run_commands" line 16) invoked from within "run_commands $prompt $command" ("foreach" body line 142) invoked from within" "foreach router [lrange $argv $i end] { set router [string tolower $router] send_user "$router\n" # Figure out prompt. # Since autoena..." (file "/var/lib/rancid/bin/hlogin" line 595) ------------- I've been looking at this for several hours, but I can't figure out what the problem is. My Cisco routers are unaffected. Can anyone point me in the right direction? Thanks! dk From James_Zuelow at ci.juneau.ak.us Fri Apr 2 19:20:36 2010 From: James_Zuelow at ci.juneau.ak.us (James Zuelow) Date: Fri, 2 Apr 2010 11:20:36 -0800 Subject: [rancid] Re: Rancid stopped working for my HP switches In-Reply-To: <4BB63D94.3010906@davidkrider.com> References: <4BB63D94.3010906@davidkrider.com> Message-ID: <4A09477D575C2C4B86497161427DD94C149F78863B@city-exchange07> > -----Original Message----- > From: rancid-discuss-bounces at shrubbery.net > [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of > David Krider > Sent: Friday, 02 April, 2010 10:55 > To: Rancid Discussion List > Subject: [rancid] Rancid stopped working for my HP switches > > I had everything setup, and it worked for a couple weeks, and now I > can't get backups for my HP Procurve switches. Running: > > export NOPIPE=YES; hrancid -d switch_janitor_closet.data-cave.com > > gets me this, from the raw file: > > ------------- > > > ^MPress any key to continueProCurve 2610 [103]# ^M > ProCurve 2610 [103]# no page^M > ProCurve 2610 [103]# terminal length 0^M > Invalid input: 0 On ALL of my Procurves, including 2610 series, the terminal length has to be a number between 2 and 1000. 0 causes an error. I lost collections from all of my Procurves when I upgraded from Lenny to Squid using the Debian packaged version of rancid. I was already using the Squid package on Lenny to work around another bug with collection from my 5406, so I'm not sure why that happened but it did. I edited hlogin and commented out the line: send "terminal length 0\r" After commenting out the line, everything works as advertised again. Perhaps that will work for you as well. Cheers, James From david at davidkrider.com Fri Apr 2 19:54:52 2010 From: david at davidkrider.com (David Krider) Date: Fri, 02 Apr 2010 15:54:52 -0400 Subject: [rancid] Re: Rancid stopped working for my HP switches In-Reply-To: <4A09477D575C2C4B86497161427DD94C149F78863B@city-exchange07> References: <4BB63D94.3010906@davidkrider.com> <4A09477D575C2C4B86497161427DD94C149F78863B@city-exchange07> Message-ID: <4BB64B8C.1060208@davidkrider.com> On 04/02/2010 03:20 PM, James Zuelow wrote: > On ALL of my Procurves, including 2610 series, the terminal length has to be a number between 2 and 1000. > > 0 causes an error. > > I lost collections from all of my Procurves when I upgraded from Lenny to Squid using the Debian packaged version of rancid. I was already using the Squid package on Lenny to work around another bug with collection from my 5406, so I'm not sure why that happened but it did. > > I edited hlogin and commented out the line: > > send "terminal length 0\r" > > After commenting out the line, everything works as advertised again. Perhaps that will work for you as well. Wow. This is embarrassing. I started looking in hlogin where that was, and kept wondering why the 'print "$command"' was up against the left margin, while everything else was indented, and then it hit me: *I* had put the "print" in there to try to see what commands the script actually ran, and then forgot about it as I went and did other things, and it broke the script. Just for the record, I tried it both ways, and my Procurves seem to do alright with leaving that "terminal length" line alone. Thanks for helping me see the error of my ways! dk From ThomisonL at muni.org Fri Apr 2 19:57:37 2010 From: ThomisonL at muni.org (Thomison, Lee) Date: Fri, 2 Apr 2010 11:57:37 -0800 Subject: [rancid] module for DIGI TS16 term server configurations? Message-ID: <27B58F038E8FC24680CE64F6CDC508E590A512CAAD@mlpsmail01.mlp.muniverse.net> Has anyone gotten rancid to work with DIGI TS16 terminal servers? Thx, From James_Zuelow at ci.juneau.ak.us Sat Apr 3 00:11:07 2010 From: James_Zuelow at ci.juneau.ak.us (James Zuelow) Date: Fri, 2 Apr 2010 16:11:07 -0800 Subject: [rancid] Re: Rancid stopped working for my HP switches In-Reply-To: <4BB64B8C.1060208@davidkrider.com> References: <4BB63D94.3010906@davidkrider.com> <4A09477D575C2C4B86497161427DD94C149F78863B@city-exchange07> <4BB64B8C.1060208@davidkrider.com> Message-ID: <4A09477D575C2C4B86497161427DD94C149F78863F@city-exchange07> > -----Original Message----- > From: rancid-discuss-bounces at shrubbery.net > [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of > David Krider > Sent: Friday, 02 April, 2010 11:55 > To: rancid-discuss at shrubbery.net > Subject: [rancid] Re: Rancid stopped working for my HP switches > > > Just for the record, I tried it both ways, and my Procurves seem to do > alright with leaving that "terminal length" line alone. > Mine don't. I don't get any configs at all if I leave that in. It's just another example of how my rancid doesn't appear to act like anyone else's rancid, even though all I'm doing is installing the package. Or maybe I've got knockoff Procurves. :) James Zuelow Network Specialist City and Borough of Juneau MIS (907)586-0236 From peo at chalmers.se Sat Apr 3 05:59:18 2010 From: peo at chalmers.se (Per-Olof Olsson) Date: Sat, 3 Apr 2010 07:59:18 +0200 Subject: [rancid] Re: Rancid stopped working for my HP switches In-Reply-To: <4A09477D575C2C4B86497161427DD94C149F78863F@city-exchange07> References: <4BB63D94.3010906@davidkrider.com> <4A09477D575C2C4B86497161427DD94C149F78863B@city-exchange07> <4BB64B8C.1060208@davidkrider.com> <4A09477D575C2C4B86497161427DD94C149F78863F@city-exchange07> Message-ID: <4BB6D936.7080108@chalmers.se> I There is some update for code using ssh!. Isn't there missing the "hpuifilter" to clean some terminal escape codes. After adding "hpuifilter --" I start to get output/updates in files. < set retval [ catch {eval spawn [split "$cmd -c $cyphertype -x -l $user $router" { }]} reason ] > set retval [ catch {eval spawn [split "hpuifilter -- $cmd -c $cyphertype -x -l $user $router" { }]} reason ] -----------------------------------------^^^^^^^^^^^^^^ ## $Id: hlogin.in 2162 2010-03-15 21:20:31Z heas $ ---------------------------------------------------- ---> diff hlogin.in.ORG hlogin.in 220,222c220,221 < # hp does not autoenable < #set autoenable 1 < #set avenable 0 --- > set autoenable 1 > set avenable 0 316c315 < proc login { router user userpswd passwd enapasswd cmethod cyphertype } { --- > proc login { router user userpswd passwd enapasswd cmethod cyphertype identfile } { 342c341,344 < set retval [ catch {eval spawn [split "$cmd -c $cyphertype -x -l $user $router" { }]} reason ] --- > if {"$identfile" != ""} { > set cmd "$cmd -i $identfile" > } > set retval [ catch {eval spawn [split "hpuifilter -- $cmd -c $cyphertype -x -l $user $router" { }]} reason ] 603a606,608 > # device identfile for ssh public key login > set identfile [join [lindex [find identity $router] 0] ""] > 720c725 < if {[login $router $ruser $userpswd $passwd $enapasswd $cmethod $cyphertype]} { --- > if {[login $router $ruser $userpswd $passwd $enapasswd $cmethod $cyphertype $identfile]} { ----------------------------------------------------- Comment: For new switches hp do autoenable Also used to add loggin via ssh public/private keys in my hlogin (No password/passphrase in .cloin. Part of code copyed from jlogin.) James Zuelow skrev 2010-04-03 02:11: > > >> -----Original Message----- >> From: rancid-discuss-bounces at shrubbery.net >> [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of >> David Krider >> Sent: Friday, 02 April, 2010 11:55 >> To: rancid-discuss at shrubbery.net >> Subject: [rancid] Re: Rancid stopped working for my HP switches >> > >> >> Just for the record, I tried it both ways, and my Procurves seem to do >> alright with leaving that "terminal length" line alone. >> > > Mine don't. I don't get any configs at all if I leave that in. > > It's just another example of how my rancid doesn't appear to act like anyone else's rancid, even though all I'm doing is installing the package. Or maybe I've got knockoff Procurves. :) > > > James Zuelow > Network Specialist > City and Borough of Juneau MIS (907)586-0236 > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss /Peo ---------------------------------------------------------- Per-Olof Olsson Email: peo at chalmers.se Chalmers tekniska h?gskola IT-service H?rsalsv?gen 5 412 96 G?teborg Tel: 031/772 6738 Fax: 031/772 8680 ---------------------------------------------------------- From heas at shrubbery.net Mon Apr 5 22:13:10 2010 From: heas at shrubbery.net (john heasley) Date: Mon, 5 Apr 2010 15:13:10 -0700 Subject: [rancid] Re: Rancid stopped working for my HP switches In-Reply-To: <4A09477D575C2C4B86497161427DD94C149F78863F@city-exchange07> References: <4BB63D94.3010906@davidkrider.com> <4A09477D575C2C4B86497161427DD94C149F78863B@city-exchange07> <4BB64B8C.1060208@davidkrider.com> <4A09477D575C2C4B86497161427DD94C149F78863F@city-exchange07> Message-ID: <20100405221310.GP8441@shrubbery.net> Fri, Apr 02, 2010 at 04:11:07PM -0800, James Zuelow: > > > > -----Original Message----- > > From: rancid-discuss-bounces at shrubbery.net > > [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of > > David Krider > > Sent: Friday, 02 April, 2010 11:55 > > To: rancid-discuss at shrubbery.net > > Subject: [rancid] Re: Rancid stopped working for my HP switches > > > > > > > Just for the record, I tried it both ways, and my Procurves seem to do > > alright with leaving that "terminal length" line alone. > > > > Mine don't. I don't get any configs at all if I leave that in. > > It's just another example of how my rancid doesn't appear to act like anyone else's rancid, even though all I'm doing is installing the package. Or maybe I've got knockoff Procurves. :) clearly it is an hp bug if you send it a command it stops functioning. perhaps there is a more recent revision of the code. hp does have a history of repeating the same bugs and making gratuitous changes, as are other vendors. my guess here would be that the pager continues to be used and is badly confused by a terminal length of zero, rather than just acting like cat(1). From heas at shrubbery.net Mon Apr 5 22:18:52 2010 From: heas at shrubbery.net (john heasley) Date: Mon, 5 Apr 2010 15:18:52 -0700 Subject: [rancid] Re: Rancid stopped working for my HP switches In-Reply-To: <4BB6D936.7080108@chalmers.se> References: <4BB63D94.3010906@davidkrider.com> <4A09477D575C2C4B86497161427DD94C149F78863B@city-exchange07> <4BB64B8C.1060208@davidkrider.com> <4A09477D575C2C4B86497161427DD94C149F78863F@city-exchange07> <4BB6D936.7080108@chalmers.se> Message-ID: <20100405221852.GQ8441@shrubbery.net> Sat, Apr 03, 2010 at 07:59:18AM +0200, Per-Olof Olsson: > I > > There is some update for code using ssh!. Isn't there missing the > "hpuifilter" to clean some terminal escape codes. > > After adding "hpuifilter --" I start to get output/updates in files. > > > < set retval [ catch {eval spawn [split "$cmd -c $cyphertype -x -l $user > $router" { }]} reason ] > > > set retval [ catch {eval spawn [split "hpuifilter -- $cmd -c $cyphertype -x -l $user $router" { }]} reason ] > -----------------------------------------^^^^^^^^^^^^^^ > > > ## $Id: hlogin.in 2162 2010-03-15 21:20:31Z heas $ > ---------------------------------------------------- > ---> diff hlogin.in.ORG hlogin.in > 220,222c220,221 > < # hp does not autoenable > < #set autoenable 1 > < #set avenable 0 > --- > > set autoenable 1 > > set avenable 0 > 316c315 > < proc login { router user userpswd passwd enapasswd cmethod cyphertype } { > --- > > proc login { router user userpswd passwd enapasswd cmethod cyphertype identfile } { > 342c341,344 > < set retval [ catch {eval spawn [split "$cmd -c $cyphertype > -x -l $user $router" { }]} reason ] > --- > > if {"$identfile" != ""} { > > set cmd "$cmd -i $identfile" > > } > > set retval [ catch {eval spawn [split "hpuifilter -- $cmd -c $cyphertype -x -l $user $router" { }]} reason ] > 603a606,608 > > # device identfile for ssh public key login > > set identfile [join [lindex [find identity $router] 0] ""] > > > 720c725 > < if {[login $router $ruser $userpswd $passwd $enapasswd $cmethod > $cyphertype]} { > --- > > if {[login $router $ruser $userpswd $passwd $enapasswd $cmethod $cyphertype $identfile]} { > ----------------------------------------------------- > > Comment: > For new switches hp do autoenable > Also used to add loggin via ssh public/private keys in my hlogin > (No password/passphrase in .cloin. Part of code copyed from jlogin.) Is it now possible to store a per-user ssh public key in the HP config? And, as peo@ mentions, I presume hpuifilter is still necessary. And, older models will still need to enable. > James Zuelow skrev 2010-04-03 02:11: > > > > > >> -----Original Message----- > >> From: rancid-discuss-bounces at shrubbery.net > >> [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of > >> David Krider > >> Sent: Friday, 02 April, 2010 11:55 > >> To: rancid-discuss at shrubbery.net > >> Subject: [rancid] Re: Rancid stopped working for my HP switches > >> > > > >> > >> Just for the record, I tried it both ways, and my Procurves seem to do > >> alright with leaving that "terminal length" line alone. > >> > > > > Mine don't. I don't get any configs at all if I leave that in. > > > > It's just another example of how my rancid doesn't appear to act like anyone else's rancid, even though all I'm doing is installing the package. Or maybe I've got knockoff Procurves. :) > > > > > > James Zuelow > > Network Specialist > > City and Borough of Juneau MIS (907)586-0236 > > _______________________________________________ > > Rancid-discuss mailing list > > Rancid-discuss at shrubbery.net > > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > > > /Peo > ---------------------------------------------------------- > Per-Olof Olsson Email: peo at chalmers.se > Chalmers tekniska h?gskola IT-service > H?rsalsv?gen 5 412 96 G?teborg > Tel: 031/772 6738 Fax: 031/772 8680 > ---------------------------------------------------------- > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss From peo at chalmers.se Tue Apr 6 08:41:35 2010 From: peo at chalmers.se (Per-Olof Olsson) Date: Tue, 6 Apr 2010 10:41:35 +0200 Subject: [rancid] Re: Rancid stopped working for my HP switches In-Reply-To: <20100405221852.GQ8441@shrubbery.net> References: <4BB63D94.3010906@davidkrider.com> <4A09477D575C2C4B86497161427DD94C149F78863B@city-exchange07> <4BB64B8C.1060208@davidkrider.com> <4A09477D575C2C4B86497161427DD94C149F78863F@city-exchange07> <4BB6D936.7080108@chalmers.se> <20100405221852.GQ8441@shrubbery.net> Message-ID: <4BBAF3BF.6030804@chalmers.se> john heasley wrote: > Sat, Apr 03, 2010 at 07:59:18AM +0200, Per-Olof Olsson: >> I >> >> There is some update for code using ssh!. Isn't there missing the >> "hpuifilter" to clean some terminal escape codes. >> >> After adding "hpuifilter --" I start to get output/updates in files. >> >> >> < set retval [ catch {eval spawn [split "$cmd -c $cyphertype -x -l $user >> $router" { }]} reason ] >> >>> set retval [ catch {eval spawn [split "hpuifilter -- $cmd -c $cyphertype -x -l $user $router" { }]} reason ] >> -----------------------------------------^^^^^^^^^^^^^^ >> >> >> ## $Id: hlogin.in 2162 2010-03-15 21:20:31Z heas $ >> ---------------------------------------------------- >> ---> diff hlogin.in.ORG hlogin.in >> 220,222c220,221 >> < # hp does not autoenable >> < #set autoenable 1 >> < #set avenable 0 >> --- >>> set autoenable 1 >>> set avenable 0 >> 316c315 >> < proc login { router user userpswd passwd enapasswd cmethod cyphertype } { >> --- >>> proc login { router user userpswd passwd enapasswd cmethod cyphertype identfile } { >> 342c341,344 >> < set retval [ catch {eval spawn [split "$cmd -c $cyphertype >> -x -l $user $router" { }]} reason ] >> --- >>> if {"$identfile" != ""} { >>> set cmd "$cmd -i $identfile" >>> } >>> set retval [ catch {eval spawn [split "hpuifilter -- $cmd -c $cyphertype -x -l $user $router" { }]} reason ] >> 603a606,608 >>> # device identfile for ssh public key login >>> set identfile [join [lindex [find identity $router] 0] ""] >>> >> 720c725 >> < if {[login $router $ruser $userpswd $passwd $enapasswd $cmethod >> $cyphertype]} { >> --- >>> if {[login $router $ruser $userpswd $passwd $enapasswd $cmethod $cyphertype $identfile]} { >> ----------------------------------------------------- >> >> Comment: >> For new switches hp do autoenable >> Also used to add loggin via ssh public/private keys in my hlogin >> (No password/passphrase in .cloin. Part of code copyed from jlogin.) > > Is it now possible to store a per-user ssh public key in the HP config? > And, as peo@ mentions, I presume hpuifilter is still necessary. And, > older models will still need to enable. > ssh login per-user? No. For old switches like 2500 and 4100. Only to operator level login when using ssh key. Yes. New switches like 2600/2610, 2800, 2910 you install public keys for operator and/or manager level login. I think up to 10 keys each. --------------------------------------------------------- hp_switch# copy tftp pub-key-file 1.1.1.1 manager_key append Add the key(s) for operator access. manager Replace the key(s) for manager access; follow with the 'append' option to add the key(s). operator Replace the key(s) for operator access (default); follow with the 'append' option to add the key(s). hp_switch# --------------------------------------------------------- ----.cloginrc---------------- add method hp_switch ssh add password hp_switch x x add identity hp_switch /.ssh/key-to-HP add autoenable hp_switch 1 add method old_hp_switch ssh add password old_hp_switch x add identity old_hp_switch /.ssh/key-to-HP-rsa1 add autoenable old_hp_switch 0 ------------------------------ (Username config on switches left blank) Hp count each test for a ssh-key as a login. Default is that you have 3 try to login (by ssh key or user/password). It's not working to add a long list of keys in ssh config files. Thats why I like to point out key files to each switch in the .cloginrc. Its not secure to not use ssh keys without passphrases. But if you have to type it down in .cloginrc... Thats why, passphrase settings not in .cloginrc. Is't it time to do some updates on hrancid. Grab some more information from hp switches. There is info about config files and inventory of sfp's for new switches. Useful? Rancid output to switch file from "show tech transceivers" and "show config files" commands ... ;Transceiver: ; Port # | Type | Prod # | Serial # | Part # ; -------+-----------+--------+------------------+---------- ; 51 | 1000SX | J4858B | PXXXXX | ; ;Configuration files: ; id | act pri sec | name ; ---+-------------+------------------------------------------------ ; 1 | * * * | config1 ; 2 | | ; 3 | | ; ... Updated to rancid 2.3.3 this morning and it run nicely on about 200 hp switches using included hrancid.in and hlogin.in. /Peo ---------------------------------------------------------- Per-Olof Olsson Email: peo at chalmers.se Chalmers tekniska h?gskola IT-service H?rsalsv?gen 5 412 96 G?teborg Tel: 031/772 6738 Fax: 031/772 8660 ---------------------------------------------------------- -------------- next part -------------- An embedded and charset-unspecified text was scrubbed... Name: hrancid.in Url: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20100406/a271ef55/attachment.ksh -------------- next part -------------- An embedded and charset-unspecified text was scrubbed... Name: hlogin.in Url: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20100406/a271ef55/attachment-0001.ksh From nickyicebrown at gmail.com Thu Apr 8 16:07:21 2010 From: nickyicebrown at gmail.com (Nicky Brown) Date: Thu, 8 Apr 2010 12:07:21 -0400 Subject: [rancid] No Password required to read Configs. Message-ID: Hi All, We have a Rancid installation on an internal IP. Everything is pretty much default and only our Cisco devices are managed through Rancid. I just noticed a truck sized hole in my config however. If you enter http://192.168.32.2/cgi-bin/cvsweb.cgi/ on your browser, you can access the config files for all our devices without a password. I have limited the IPs which can reach port 80 but that is far from enough. What must I change to protect this data? Is there a howto? Did I miss a section of the installation manual? Nicky. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20100408/803b21d8/attachment.html From Dan_Mitton at YMP.GOV Thu Apr 8 16:43:42 2010 From: Dan_Mitton at YMP.GOV (Dan_Mitton at YMP.GOV) Date: Thu, 8 Apr 2010 09:43:42 -0700 Subject: [rancid] Re: No Password required to read Configs. In-Reply-To: Message-ID: Nicky, What OS are we talking about? The easy answer is to remove cvsweb.cgi, but if you don't want to do that, make sure that your web server and rancid processes run with separate user id's and that the two can not read each others files. Dan Sent by: rancid-discuss-bounces at shrubbery.net To: rancid-discuss at shrubbery.net cc: (bcc: Dan Mitton/YD/RWDOE) Subject: [rancid] No Password required to read Configs. LSN: Not Relevant - Not Privileged User Filed as: Excl/AdminMgmt-14-4/QA:N/A Hi All, We have a Rancid installation on an internal IP. Everything is pretty much default and only our Cisco devices are managed through Rancid. I just noticed a truck sized hole in my config however. If you enter http://192.168.32.2/cgi-bin/cvsweb.cgi/ on your browser, you can access the config files for all our devices without a password. I have limited the IPs which can reach port 80 but that is far from enough. What must I change to protect this data? Is there a howto? Did I miss a section of the installation manual? Nicky._______________________________________________ Rancid-discuss mailing list Rancid-discuss at shrubbery.net http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20100408/816a3091/attachment.html From oogali at gmail.com Thu Apr 8 16:54:52 2010 From: oogali at gmail.com (Omachonu Ogali) Date: Thu, 8 Apr 2010 12:54:52 -0400 Subject: [rancid] Re: No Password required to read Configs. In-Reply-To: References: Message-ID: That's not really an easy answer. That completely eliminates the web access of RANCID, which eliminates the ability to view differences between two archived configurations. The real answer is to configure the web server to do the appropriate authentication and authorization so that a username and password is required to view configurations. That's something you have to refer to your web server's documentation for. oo 2010/4/8 > > Nicky, > > What OS are we talking about? The easy answer is to remove cvsweb.cgi, but > if you don't want to do that, make sure that your web server and rancid > processes run with separate user id's and that the two can not read each > others files. > > Dan > > > Sent by: rancid-discuss-bounces at shrubbery.net > > To: rancid-discuss at shrubbery.net > cc: (bcc: Dan Mitton/YD/RWDOE) > Subject: [rancid] No Password required to read Configs. > > LSN: Not Relevant - Not Privileged > User Filed as: Excl/AdminMgmt-14-4/QA:N/A > > Hi All, > > We have a Rancid installation on an internal IP. Everything is pretty much > default and only our Cisco devices are managed through Rancid. I just > noticed a truck sized hole in my config however. > > If you enter *http://192.168.32.2/cgi-bin/cvsweb.cgi/* > on your browser, you can access the config files for all our devices > without a password. > > > I have limited the IPs which can reach port 80 but that is far from > enough. What must I change to protect this data? Is there a howto? Did I > miss a section of the installation manual? > > Nicky._______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20100408/3ebd0dcc/attachment.html From nickyicebrown at gmail.com Thu Apr 8 17:07:42 2010 From: nickyicebrown at gmail.com (Nicky Brown) Date: Thu, 8 Apr 2010 13:07:42 -0400 Subject: [rancid] Re: No Password required to read Configs. In-Reply-To: References: Message-ID: Dan, The OS is Linux. CentOS. The Webserver is the Apache that ships with that distribution. Again, pretty much the default installation. Linux-: 2.6.18-128.el5 #1 SMP Wed Jan 21 10:44:23 EST 2009 i686 i686 i386 GNU/Linux # /usr/sbin/httpd -v Server version: Apache/2.2.3 Server built: Jul 14 2009 06:04:04 I have removed cvsweb.cgi and stopped sweating as nobody has access to the system via http right now. Some of our admins will need such access however so any further information would be helpful. Even if it's "Go ask on the foobar list instead." On Thu, Apr 8, 2010 at 12:43 PM, wrote: > > Nicky, > > What OS are we talking about? The easy answer is to remove cvsweb.cgi, but > if you don't want to do that, make sure that your web server and rancid > processes run with separate user id's and that the two can not read each > others files. > > Dan > > > Sent by: rancid-discuss-bounces at shrubbery.net > > To: rancid-discuss at shrubbery.net > cc: (bcc: Dan Mitton/YD/RWDOE) > Subject: [rancid] No Password required to read Configs. > > LSN: Not Relevant - Not Privileged > User Filed as: Excl/AdminMgmt-14-4/QA:N/A > > Hi All, > > We have a Rancid installation on an internal IP. Everything is pretty much > default and only our Cisco devices are managed through Rancid. I just > noticed a truck sized hole in my config however. > > If you enter *http://192.168.32.2/cgi-bin/cvsweb.cgi/* > on your browser, you can access the config files for all our devices > without a password. > > > I have limited the IPs which can reach port 80 but that is far from > enough. What must I change to protect this data? Is there a howto? Did I > miss a section of the installation manual? > > Nicky._______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20100408/92faadfa/attachment.html From cgauthier at mapscu.com Thu Apr 8 17:16:44 2010 From: cgauthier at mapscu.com (Chris Gauthier) Date: Thu, 8 Apr 2010 10:16:44 -0700 Subject: [rancid] Re: No Password required to read Configs. In-Reply-To: References: Message-ID: Here is a quickie tutorial on .htaccess for password authentication: http://www.csoft.net/docs/htaccess.html.en Chris G. From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Nicky Brown Sent: Thursday, April 08, 2010 7:08 AM To: Dan_Mitton at ymp.gov Cc: rancid-discuss at shrubbery.net Subject: [rancid] Re: No Password required to read Configs. Dan, The OS is Linux.? CentOS.? The Webserver is the Apache that ships with that distribution.? Again, pretty much the default installation. Linux-:? 2.6.18-128.el5 #1 SMP Wed Jan 21 10:44:23 EST 2009 i686 i686 i386 GNU/Linux # /usr/sbin/httpd -v Server version: Apache/2.2.3 Server built:?? Jul 14 2009 06:04:04 I have removed cvsweb.cgi and stopped sweating as nobody has access to the system via http right now.? Some of our admins will need such access however so any further information would be helpful.? Even if it's "Go ask on the foobar list instead." On Thu, Apr 8, 2010 at 12:43 PM, wrote: Nicky, What OS are we talking about? ?The easy answer is to remove cvsweb.cgi, but if you don't want to do that, make sure that your web server and rancid processes run with separate user id's and that the two can not read each others files. Dan Sent by: ? ? ? ?rancid-discuss-bounces at shrubbery.net To: ? ? ? ?rancid-discuss at shrubbery.net cc: ? ? ? ? (bcc: Dan Mitton/YD/RWDOE) Subject: ? ? ? ?[rancid] ?No Password required to read Configs. LSN: Not Relevant - Not Privileged User Filed as: Excl/AdminMgmt-14-4/QA:N/A Hi All, We have a Rancid installation on an internal IP.? Everything is pretty much default and only our Cisco devices are managed through Rancid.? I just noticed a truck sized hole in my config however.? If you enter http://192.168.32.2/cgi-bin/cvsweb.cgi/ ?? on your browser, you can access the config files for all our devices without a password. I have limited the IPs which can reach port 80 but that is far from enough.? What must I change to protect this data?? Is there a howto?? Did I miss a section of the installation manual? Nicky._______________________________________________ Rancid-discuss mailing list Rancid-discuss at shrubbery.net http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss From heas at shrubbery.net Thu Apr 8 22:54:00 2010 From: heas at shrubbery.net (john heasley) Date: Thu, 8 Apr 2010 15:54:00 -0700 Subject: [rancid] Re: Rancid stopped working for my HP switches In-Reply-To: <4BBAF3BF.6030804@chalmers.se> References: <4BB63D94.3010906@davidkrider.com> <4A09477D575C2C4B86497161427DD94C149F78863B@city-exchange07> <4BB64B8C.1060208@davidkrider.com> <4A09477D575C2C4B86497161427DD94C149F78863F@city-exchange07> <4BB6D936.7080108@chalmers.se> <20100405221852.GQ8441@shrubbery.net> <4BBAF3BF.6030804@chalmers.se> Message-ID: <20100408225400.GA3640@shrubbery.net> Tue, Apr 06, 2010 at 10:41:35AM +0200, Per-Olof Olsson: > john heasley wrote: > > Sat, Apr 03, 2010 at 07:59:18AM +0200, Per-Olof Olsson: > >> I > >> > >> There is some update for code using ssh!. Isn't there missing the > >> "hpuifilter" to clean some terminal escape codes. > >> > >> After adding "hpuifilter --" I start to get output/updates in files. > >> > >> > >> < set retval [ catch {eval spawn [split "$cmd -c $cyphertype -x -l $user > >> $router" { }]} reason ] > >> > >>> set retval [ catch {eval spawn [split "hpuifilter -- $cmd -c $cyphertype -x -l $user $router" { }]} reason ] > >> -----------------------------------------^^^^^^^^^^^^^^ > >> > >> > >> ## $Id: hlogin.in 2162 2010-03-15 21:20:31Z heas $ > >> ---------------------------------------------------- > >> ---> diff hlogin.in.ORG hlogin.in > >> 220,222c220,221 > >> < # hp does not autoenable > >> < #set autoenable 1 > >> < #set avenable 0 > >> --- > >>> set autoenable 1 > >>> set avenable 0 > >> 316c315 > >> < proc login { router user userpswd passwd enapasswd cmethod cyphertype } { > >> --- > >>> proc login { router user userpswd passwd enapasswd cmethod cyphertype identfile } { > >> 342c341,344 > >> < set retval [ catch {eval spawn [split "$cmd -c $cyphertype > >> -x -l $user $router" { }]} reason ] > >> --- > >>> if {"$identfile" != ""} { > >>> set cmd "$cmd -i $identfile" > >>> } > >>> set retval [ catch {eval spawn [split "hpuifilter -- $cmd -c $cyphertype -x -l $user $router" { }]} reason ] > >> 603a606,608 > >>> # device identfile for ssh public key login > >>> set identfile [join [lindex [find identity $router] 0] ""] > >>> > >> 720c725 > >> < if {[login $router $ruser $userpswd $passwd $enapasswd $cmethod > >> $cyphertype]} { > >> --- > >>> if {[login $router $ruser $userpswd $passwd $enapasswd $cmethod $cyphertype $identfile]} { > >> ----------------------------------------------------- > >> > >> Comment: > >> For new switches hp do autoenable > >> Also used to add loggin via ssh public/private keys in my hlogin > >> (No password/passphrase in .cloin. Part of code copyed from jlogin.) > > > > Is it now possible to store a per-user ssh public key in the HP config? > > And, as peo@ mentions, I presume hpuifilter is still necessary. And, > > older models will still need to enable. > > > ssh login per-user? > No. For old switches like 2500 and 4100. Only to operator level login > when using ssh key. > > Yes. New switches like 2600/2610, 2800, 2910 you install public keys for > operator and/or manager level login. I think up to 10 keys each. cool. please try the attached hlogin; I've imported the identity file handling from jlogin in its entirety. > --------------------------------------------------------- > hp_switch# copy tftp pub-key-file 1.1.1.1 manager_key > append Add the key(s) for operator access. > manager Replace the key(s) for manager access; follow with the > 'append' option to add the key(s). > operator Replace the key(s) for operator access (default); follow > with the 'append' option to add the key(s). > > hp_switch# > --------------------------------------------------------- > > ----.cloginrc---------------- > add method hp_switch ssh > add password hp_switch x x > add identity hp_switch /.ssh/key-to-HP > add autoenable hp_switch 1 > > add method old_hp_switch ssh > add password old_hp_switch x > add identity old_hp_switch /.ssh/key-to-HP-rsa1 > add autoenable old_hp_switch 0 > ------------------------------ > (Username config on switches left blank) > > Hp count each test for a ssh-key as a login. Default is that you have 3 > try to login (by ssh key or user/password). It's not working to add a > long list of keys in ssh config files. Thats why I like to point out key > files to each switch in the .cloginrc. > > Its not secure to not use ssh keys without passphrases. But if you have > to type it down in .cloginrc... > Thats why, passphrase settings not in .cloginrc. > > > > Is't it time to do some updates on hrancid. Grab some more information > from hp switches. There is info about config files and inventory of > sfp's for new switches. > > Useful? sure; please share the diffs and example i/o. > Rancid output to switch file from "show tech transceivers" and "show > config files" commands > ... > ;Transceiver: > ; Port # | Type | Prod # | Serial # | Part # > ; -------+-----------+--------+------------------+---------- > ; 51 | 1000SX | J4858B | PXXXXX | > ; > ;Configuration files: > ; id | act pri sec | name > ; ---+-------------+------------------------------------------------ > ; 1 | * * * | config1 > ; 2 | | > ; 3 | | > ; > ... > > > Updated to rancid 2.3.3 this morning and it run nicely on about 200 hp > switches using included hrancid.in and hlogin.in. > > /Peo > ---------------------------------------------------------- > Per-Olof Olsson Email: peo at chalmers.se > Chalmers tekniska h?gskola IT-service > H?rsalsv?gen 5 412 96 G?teborg > Tel: 031/772 6738 Fax: 031/772 8660 > ---------------------------------------------------------- > #! @PERLV_PATH@ > ## > ## $Id: hrancid.in 2117 2009-11-02 21:02:59Z heas $ > ## > ## @PACKAGE@ @VERSION@ > ## Copyright (c) 1997-2008 by Terrapin Communications, Inc. > ## All rights reserved. > ## > ## This code is derived from software contributed to and maintained by > ## Terrapin Communications, Inc. by Henry Kilmer, John Heasley, Andrew Partan, > ## Pete Whiting, Austin Schutz, and Andrew Fort. > ## > ## Redistribution and use in source and binary forms, with or without > ## modification, are permitted provided that the following conditions > ## are met: > ## 1. Redistributions of source code must retain the above copyright > ## notice, this list of conditions and the following disclaimer. > ## 2. Redistributions in binary form must reproduce the above copyright > ## notice, this list of conditions and the following disclaimer in the > ## documentation and/or other materials provided with the distribution. > ## 3. All advertising materials mentioning features or use of this software > ## must display the following acknowledgement: > ## This product includes software developed by Terrapin Communications, > ## Inc. and its contributors for RANCID. > ## 4. Neither the name of Terrapin Communications, Inc. nor the names of its > ## contributors may be used to endorse or promote products derived from > ## this software without specific prior written permission. > ## 5. It is requested that non-binding fixes and modifications be contributed > ## back to Terrapin Communications, Inc. > ## > ## THIS SOFTWARE IS PROVIDED BY Terrapin Communications, INC. AND CONTRIBUTORS > ## ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED > ## TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR > ## PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COMPANY OR CONTRIBUTORS > ## BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR > ## CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF > ## SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS > ## INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN > ## CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) > ## ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE > ## POSSIBILITY OF SUCH DAMAGE. > # > # Amazingly hacked version of Hank's rancid - this one tries to > # deal with HP procurves. > # > # RANCID - Really Awesome New Cisco confIg Differ > # > # usage: rancid [-dV] [-l] [-f filename | hostname] > # > use Getopt::Std; > getopts('dflV'); > if ($opt_V) { > print "@PACKAGE@ @VERSION@\n"; > exit(0); > } > $log = $opt_l; > $debug = $opt_d; > $file = $opt_f; > $host = $ARGV[0]; > $clean_run = 0; > $found_end = 0; # unused - hp lacks an end-of-config tag > $timeo = 90; # hlogin timeout in seconds > > my(@commandtable, %commands, @commands);# command lists > my($aclsort) = ("ipsort"); # ACL sorting mode > my($filter_commstr); # SNMP community string filtering > my($filter_pwds); # password filtering mode > > my($systeminfo) = 0; # show system-information > > # This routine is used to print out the router configuration > sub ProcessHistory { > my($new_hist_tag,$new_command,$command_string, at string) = (@_); > if ((($new_hist_tag ne $hist_tag) || ($new_command ne $command)) > && defined %history) { > print eval "$command \%history"; > undef %history; > } > if (($new_hist_tag) && ($new_command) && ($command_string)) { > if ($history{$command_string}) { > $history{$command_string} = "$history{$command_string}@string"; > } else { > $history{$command_string} = "@string"; > } > } elsif (($new_hist_tag) && ($new_command)) { > $history{++$#history} = "@string"; > } else { > print "@string"; > } > $hist_tag = $new_hist_tag; > $command = $new_command; > 1; > } > > sub numerically { $a <=> $b; } > > # This is a sort routine that will sort numerically on the > # keys of a hash as if it were a normal array. > sub keynsort { > local(%lines) = @_; > local($i) = 0; > local(@sorted_lines); > foreach $key (sort numerically keys(%lines)) { > $sorted_lines[$i] = $lines{$key}; > $i++; > } > @sorted_lines; > } > > # This is a sort routine that will sort on the > # keys of a hash as if it were a normal array. > sub keysort { > local(%lines) = @_; > local($i) = 0; > local(@sorted_lines); > foreach $key (sort keys(%lines)) { > $sorted_lines[$i] = $lines{$key}; > $i++; > } > @sorted_lines; > } > > # This is a sort routine that will sort on the > # values of a hash as if it were a normal array. > sub valsort{ > local(%lines) = @_; > local($i) = 0; > local(@sorted_lines); > foreach $key (sort values %lines) { > $sorted_lines[$i] = $key; > $i++; > } > @sorted_lines; > } > > # This is a numerical sort routine (ascending). > sub numsort { > local(%lines) = @_; > local($i) = 0; > local(@sorted_lines); > foreach $num (sort {$a <=> $b} keys %lines) { > $sorted_lines[$i] = $lines{$num}; > $i++; > } > @sorted_lines; > } > > # This is a sort routine that will sort on the > # ip address when the ip address is anywhere in > # the strings. > sub ipsort { > local(%lines) = @_; > local($i) = 0; > local(@sorted_lines); > foreach $addr (sort sortbyipaddr keys %lines) { > $sorted_lines[$i] = $lines{$addr}; > $i++; > } > @sorted_lines; > } > > # These two routines will sort based upon IP addresses > sub ipaddrval { > my(@a) = ($_[0] =~ m#^(\d+)\.(\d+)\.(\d+)\.(\d+)$#); > $a[3] + 256 * ($a[2] + 256 * ($a[1] +256 * $a[0])); > } > sub sortbyipaddr { > &ipaddrval($a) <=> &ipaddrval($b); > } > > # This routine parses "show version" > sub ShowVersion { > print STDERR " In ShowVersion: $_" if ($debug); > > while () { > tr/\015//d; > last if(/^$prompt/); > next if(/^(\s*|\s*$cmd\s*)$/); > return(-1) if (/command authorization failed/i); > return(-1) if /^(Invalid|Ambiguous) input:/i; > > s/^image//i; > s/^\s*//g; > > ProcessHistory("COMMENTS","keysort","C1", ";Image: $_") && next; > } > return(0); > } > > # This routine parses "show flash" > sub ShowFlash { > print STDERR " In ShowFlash: $_" if ($debug); > > while () { > tr/\015//d; > last if (/^$prompt/); > next if (/^(\s*|\s*$cmd\s*)$/); > return(-1) if (/command authorization failed/i); > return(1) if /^(Invalid|Ambiguous) input:/i; > return(1) if /^\s*\^\s*$/; > > ProcessHistory("COMMENTS","keysort","D0",";Flash: $_"); > } > > return; > } > > # This routine parses "show system-information" or "show system information" > sub ShowSystem { > print STDERR " In ShowSystem: $_" if ($debug); > > if ($systeminfo) { > $_ = ; > return(0); > } > > while () { > tr/\015//d; > last if (/^$prompt/); > next if (/^(\s*|\s*$cmd\s*)$/); > return(-1) if (/command authorization failed/i); > return(0) if /^(Invalid|Ambiguous) input:/i; > > if (/memory\s+-\s+total\s+:\s+(\S+)/i) { > my($mem) = $1; > my($mem_peo) = $1; > $mem =~ s/,//g; > $mem /= (1024 * 1024); > ProcessHistory("COMMENTS","keysort","B0",";Memory: " . $mem_peo . > " (" . int($mem) . "M)\n"); > next; > } > /serial\s+number\s+:\s+(\S+)/i && > ProcessHistory("COMMENTS","keysort","A1",";Serial Number: $1\n"); > /firmware\s+revision\s+:\s+(\S+)/i && > ProcessHistory("COMMENTS","keysort","C0",";Image: Firmware $1\n"); > /rom\s+version\s+:\s+(\S+)/i && > ProcessHistory("COMMENTS","keysort","C1",";Image: ROM $1\n"); > } > $systeminfo = 1; > > return(0); > } > > # This routine parses "show module". > sub ShowModule { > print STDERR " In ShowModule: $_" if ($debug); > > my(@lines); > my($slot); > > while () { > tr/\015//d; > return if (/^\s*\^$/); > last if (/^$prompt/); > next if (/^(\s*|\s*$cmd\s*)$/); > return(-1) if (/command authorization failed/i); > return(1) if /^(Invalid|Ambiguous) input:/i; > > ProcessHistory("COMMENTS","keysort","E0","; $_") && next; > } > > return(0); > } > > # This routine parses "show stack" > sub ShowStack { > print STDERR " In ShowStack: $_" if ($debug); > > while () { > tr/\015//d; > last if (/^$prompt/); > next if (/^(\s*|\s*$cmd\s*)$/); > return(-1) if (/command authorization failed/i); > return(1) if /^(Invalid|Ambiguous) input:/i; > > s/stacking - (Stacking Status).*/$1/i; > s/\s*members unreachable .*$//i; > > ProcessHistory("COMMENTS","keysort","F0",";$_"); > > /auto grab/i && last; > } > return(0); > } > > # This routine parses "show tech transceivers" > sub ShowTransceivers { > print STDERR " In ShowTransceivers: $_" if ($debug); > > while () { > tr/\015//d; > last if (/^$prompt/); > next if (/^(\s*|\s*$cmd\s*|transceivers\s*)$/); > return(-1) if (/command authorization failed/i); > return(1) if /^(Invalid|Ambiguous) input:/i; > > s/ Technical Information//i; > > ProcessHistory("COMMENTS","keysort","G0",";$_"); > > } > return(0); > } > > # This routine parses "show config files" > sub ShowConfigFiles { > print STDERR " In ShowConfigFiles: $_" if ($debug); > > while () { > tr/\015//d; > last if (/^$prompt/); > next if (/^(\s*|\s*$cmd\s*)$/); > return(-1) if (/command authorization failed/i); > return(1) if /^(Invalid|Ambiguous) input:/i; > > ProcessHistory("COMMENTS","keysort","H0",";$_"); > > } > return(0); > } > > > # This routine processes a "write term" > sub WriteTerm { > print STDERR " In WriteTerm: $_" if ($debug); > > while () { > tr/\015//d; > last if(/^$prompt/); > return(-1) if (/command authorization failed/i); > s/^<-+ More -+>\s*//; > # don't touch emty lines /Peo > # s/^$/;/; > > # skip the crap > /^running configuration:/i && next; > > # filter out any RCS/CVS tags to avoid confusing local CVS storage > s/\$(Revision|Id):/ $1:/; > /^; (\S+) configuration editor;/i && > ProcessHistory("COMMENTS","keysort","A0",";Chassis type: $1\n") && > ProcessHistory("","","",";\n;Running config file:\n$_") && > next; > > # order logging statements - doesnt appear to do syslog as of right now > /^logging (\d+\.\d+\.\d+\.\d+)/ && > ProcessHistory("LOGGING","ipsort","$1","$_") && next; > > # no so sure this match is correct. show running doesnt seem to > # actually o/p anything after "password (manager|operator)" > if (/^(\s*)password (manager|operator)?/ && $filter_pwds >= 1) { > ProcessHistory("LINE-PASS","","",";$1password $2 \n"); > next; > } > > if (/^(snmp-server community) (\S+)/) { > if ($filter_commstr) { > ProcessHistory("SNMPSERVERCOMM","keysort","$_", > ";$1 $'") && next; > } else { > ProcessHistory("SNMPSERVERCOMM","keysort","$_","$_") && next; > } > } > # order/prune snmp-server host statements - it actually appears to do > # the sortting for us, but just in case it changes ... > # we only prune lines of the form > # snmp-server host a.b.c.d > if (/^snmp-server host (\d+\.\d+\.\d+\.\d+) /) { > if ($filter_commstr) { > my($ip) = $1; > my($line) = "snmp-server host $ip"; > my(@tokens) = split(' ', $'); > my($token); > while ($token = shift(@tokens)) { > if ($token eq 'version') { > $line .= " " . join(' ', ($token, shift(@tokens))); > } elsif ($token =~ /^(informs?|traps?|(no)?auth)$/) { > $line .= " " . $token; > } else { > $line = ";$line " . join(' ', ("", join(' ', at tokens))); > last; > } > } > ProcessHistory("SNMPSERVERHOST","ipsort","$ip","$line\n"); > } else { > ProcessHistory("SNMPSERVERHOST","ipsort","$1","$_"); > } > next; > } > > # order/prune tacacs/radius server statements > if (/^(tacacs-server|radius-server) key / && $filter_pwds >= 1) { > ProcessHistory("","","",";$1 key \n"); > next; > } > if (/^(tacacs-server host \d+\.\S+) key / && $filter_pwds >= 1) { > ProcessHistory("","","",";$1 key \n"); > next; > } > > # prune passwords from stack member statements > if (/^(stack member .* password )\S+/ && $filter_pwds >= 1) { > ProcessHistory("","","",";$1$'"); > next; > } > > # order arp lists > /^ip arp\s+(\d+\.\d+\.\d+\.\d+)/ && > ProcessHistory("ARP","$aclsort","$1","$_") && next; > > /^ip prefix-list\s+(\S+)\s+seq\s+(\d+)\s+(permit|deny)\s+(\d\S+)(\/.*)$/ && > ProcessHistory("PACL $1 $3","$aclsort","$4","ip prefix-list $1 $3 $4$5\n") > && next; > > # blech!!!! > /^auto-tftp / && > ProcessHistory("","","",";$_") && next; > > > # the rest are from rancid (i.e.: cisco), but suspect they will someday > # be applicable or close to it. > > /^tftp-server flash / && next; # kill any tftp remains > /^ntp clock-period / && next; # kill ntp clock-period > /^ length / && next; # kill length on serial lines > /^ width / && next; # kill width on serial lines > if (/^(enable )?(password|passwd) / && $filter_pwds >= 1) { > ProcessHistory("ENABLE","","",";$1$2 \n"); > next; > } > if (/^username (\S+)(\s.*)? password /) { > if ($filter_pwds >= 1) { > ProcessHistory("USER","keysort","$1",";username $1$2 password \n"); > } else { > ProcessHistory("USER","keysort","$1","$_"); > } > next; > } > > if (/^(ip ftp password) / && $filter_pwds >= 1) { > ProcessHistory("","","",";$1 \n"); next; > } > if (/^( ip ospf authentication-key) / && $filter_pwds >= 1) { > ProcessHistory("","","",";$1 \n"); next; > } > if (/^( ip ospf message-digest-key \d+ md5) / && $filter_pwds >= 1) { > ProcessHistory("","","",";$1 \n"); next; > } > # sort route-maps > if (/^route-map (\S+)/) { > my($key) = $1; > my($routemap) = $_; > while () { > tr/\015//d; > last if (/^$prompt/ || ! /^(route-map |[ !])/); > if (/^route-map (\S+)/) { > ProcessHistory("ROUTEMAP","keysort","$key","$routemap"); > $key = $1; > $routemap = $_; > } else { > $routemap .= $_; > } > } > ProcessHistory("ROUTEMAP","keysort","$key","$routemap"); > } > # order access-lists > /^access-list\s+(\d\d?)\s+(\S+)\s+(\S+)/ && > ProcessHistory("ACL $1 $2","$aclsort","$3","$_") && next; > # order extended access-lists > /^access-list\s+(\d\d\d)\s+(\S+)\s+ip\s+host\s+(\S+)/ && > ProcessHistory("EACL $1 $2","$aclsort","$3","$_") && next; > /^access-list\s+(\d\d\d)\s+(\S+)\s+ip\s+(\d\S+)/ && > ProcessHistory("EACL $1 $2","$aclsort","$3","$_") && next; > /^access-list\s+(\d\d\d)\s+(\S+)\s+ip\s+any/ && > ProcessHistory("EACL $1 $2","$aclsort","0.0.0.0","$_") && next; > > # order alias statements > /^alias / && ProcessHistory("ALIAS","keysort","$_","$_") && next; > # delete ntp auth password > if (/^(ntp authentication-key \d+ md5) / && $filter_pwds >= 1) { > ProcessHistory("","","",";$1 \n"); next; > } > # order ntp peers/servers > if (/^ntp (server|peer) (\d+)\.(\d+)\.(\d+)\.(\d+)/) { > $sortkey = sprintf("$1 %03d%03d%03d%03d",$2,$3,$4,$5); > ProcessHistory("NTP","keysort",$sortkey,"$_"); > next; > } > # order ip host line statements > /^ip host line(\d+)/ && > ProcessHistory("IPHOST","numsort","$1","$_") && next; > # order ip nat source static statements > /^ip nat (\S+) source static (\S+)/ && > ProcessHistory("IP NAT $1","ipsort","$2","$_") && next; > # order ip rcmd lines > /^ip rcmd/ && ProcessHistory("RCMD","keysort","$_","$_") && next; > > # catch anything that wasnt match above. > ProcessHistory("","","","$_"); > } > return(0); > } > > # dummy function > sub DoNothing {print STDOUT;} > > # Main > @commandtable = ( > {'show version' => 'ShowVersion'}, > {'show flash' => 'ShowFlash'}, > {'show system-information' => 'ShowSystem'}, > {'show system information' => 'ShowSystem'}, > {'show module' => 'ShowModule'}, > {'show stack' => 'ShowStack'}, > {'show tech transceivers' => 'ShowTransceivers'}, > {'show config files' => 'ShowConfigFiles'}, > {'write term' => 'WriteTerm'} > ); > # Use an array to preserve the order of the commands and a hash for mapping > # commands to the subroutine and track commands that have been completed. > @commands = map(keys(%$_), @commandtable); > %commands = map(%$_, @commandtable); > > $cisco_cmds=join(";", at commands); > $cmds_regexp = join("|", map quotemeta($_), @commands); > > if (length($host) == 0) { > if ($file) { > print(STDERR "Too few arguments: file name required\n"); > exit(1); > } else { > print(STDERR "Too few arguments: host name required\n"); > exit(1); > } > } > open(OUTPUT,">$host.new") || die "Can't open $host.new for writing: $!\n"; > select(OUTPUT); > # make OUTPUT unbuffered if debugging > if ($debug) { $| = 1; } > > if ($file) { > print STDERR "opening file $host\n" if ($debug); > print STDOUT "opening file $host\n" if ($log); > open(INPUT,"<$host") || die "open failed for $host: $!\n"; > } else { > print STDERR "executing hlogin -t $timeo -c\"$cisco_cmds\" $host\n" if ($debug); > print STDOUT "executing hlogin -t $timeo -c\"$cisco_cmds\" $host\n" if ($log); > if (defined($ENV{NOPIPE})) { > system "hlogin -t $timeo -c \"$cisco_cmds\" $host $host.raw 2>&1" || die "hlogin failed for $host: $!\n"; > open(INPUT, "< $host.raw") || die "hlogin failed for $host: $!\n"; > } else { > open(INPUT,"hlogin -t $timeo -c \"$cisco_cmds\" $host } > } > > # determine ACL sorting mode > if ($ENV{"ACLSORT"} =~ /no/i) { > $aclsort = ""; > } > # determine community string filtering mode > if (defined($ENV{"NOCOMMSTR"}) && > ($ENV{"NOCOMMSTR"} =~ /yes/i || $ENV{"NOCOMMSTR"} =~ /^$/)) { > $filter_commstr = 1; > } else { > $filter_commstr = 0; > } > # determine password filtering mode > if ($ENV{"FILTER_PWDS"} =~ /no/i) { > $filter_pwds = 0; > } elsif ($ENV{"FILTER_PWDS"} =~ /all/i) { > $filter_pwds = 2; > } else { > $filter_pwds = 1; > } > > ProcessHistory("","","",";RANCID-CONTENT-TYPE: hp\n;\n"); > ProcessHistory("COMMENTS","keysort","B0",";\n"); # memory info > ProcessHistory("COMMENTS","keysort","C0",";\n"); # showversion > ProcessHistory("COMMENTS","keysort","D0",";\n"); # showflash > ProcessHistory("COMMENTS","keysort","E0",";\n"); # showmodule > ProcessHistory("COMMENTS","keysort","F0",";\n"); # showstack > ProcessHistory("COMMENTS","keysort","G0",";\n"); # showtechtransceivers > ProcessHistory("COMMENTS","keysort","H0",";\n"); # showconfigfiles > ProcessHistory("COMMENTS","keysort","I0",";\n"); > > TOP: while() { > tr/\015//d; > if (/$prompt\s*exit\s*$/i) { > $clean_run=1; > last; > } > if (/^Error:/) { > print STDOUT ("$host clogin error: $_"); > print STDERR ("$host clogin error: $_") if ($debug); > $clean_run=0; > last; > } > while (/#\s*($cmds_regexp)\s*$/) { > $cmd = $1; > if (!defined($prompt)) { > $prompt = ($_ =~ /^([^#]+)/)[0]; > $prompt =~ s/([][}{)(\\])/\\$1/g; > $prompt .= "[#>]"; > print STDERR ("PROMPT MATCH: $prompt\n") if ($debug); > } > print STDERR ("HIT COMMAND:$_") if ($debug); > if (! defined($commands{$cmd})) { > print STDERR "$host: found unexpected command - \"$cmd\"\n"; > $clean_run = 0; > last TOP; > } > $rval = &{$commands{$cmd}}; > delete($commands{$cmd}); > if ($rval == -1) { > $clean_run = 0; > last TOP; > } > } > } > print STDOUT "Done $logincmd: $_\n" if ($log); > # Flush History > ProcessHistory("","","",""); > # Cleanup > close(INPUT); > close(OUTPUT); > > if (defined($ENV{NOPIPE})) { > unlink("$host.raw") if (! $debug); > } > > # check for completeness > if (scalar(%commands) || !$clean_run) { > if (scalar(%commands)) { > printf(STDOUT "$host: missed cmd(s): %s\n", join(',', keys(%commands))); > printf(STDERR "$host: missed cmd(s): %s\n", join(',', keys(%commands))) if ($debug); > } > if (!$clean_run) { > print STDOUT "$host: End of run not found\n"; > print STDERR "$host: End of run not found\n" if ($debug); > system("/usr/bin/tail -1 $host.new"); > } > unlink "$host.new" if (! $debug); > } > #! @EXPECT_PATH@ -- > ## > ## $Id: hlogin.in 2162 2010-03-15 21:20:31Z heas $ > ## > ## @PACKAGE@ @VERSION@ > ## Copyright (c) 1997-2009 by Terrapin Communications, Inc. > ## All rights reserved. > ## > ## This code is derived from software contributed to and maintained by > ## Terrapin Communications, Inc. by Henry Kilmer, John Heasley, Andrew Partan, > ## Pete Whiting, Austin Schutz, and Andrew Fort. > ## > ## Redistribution and use in source and binary forms, with or without > ## modification, are permitted provided that the following conditions > ## are met: > ## 1. Redistributions of source code must retain the above copyright > ## notice, this list of conditions and the following disclaimer. > ## 2. Redistributions in binary form must reproduce the above copyright > ## notice, this list of conditions and the following disclaimer in the > ## documentation and/or other materials provided with the distribution. > ## 3. All advertising materials mentioning features or use of this software > ## must display the following acknowledgement: > ## This product includes software developed by Terrapin Communications, > ## Inc. and its contributors for RANCID. > ## 4. Neither the name of Terrapin Communications, Inc. nor the names of its > ## contributors may be used to endorse or promote products derived from > ## this software without specific prior written permission. > ## 5. It is requested that non-binding fixes and modifications be contributed > ## back to Terrapin Communications, Inc. > ## > ## THIS SOFTWARE IS PROVIDED BY Terrapin Communications, INC. AND CONTRIBUTORS > ## ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED > ## TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR > ## PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COMPANY OR CONTRIBUTORS > ## BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR > ## CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF > ## SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS > ## INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN > ## CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) > ## ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE > ## POSSIBILITY OF SUCH DAMAGE. > # > # The expect login scripts were based on Erik Sherk's gwtn, by permission. > # > # hlogin - hp login > # > # Most options are intuitive for logging into a Cisco router. > # The default is to enable (thus -noenable). Some folks have > # setup tacacs to have a user login at priv-lvl = 15 (enabled) > # so the -autoenable flag was added for this case (don't go through > # the process of enabling and the prompt will be the "#" prompt. > # The default username password is the same as the vty password. > # > > # Usage line > set usage "Usage: $argv0 \[-dSV\] \[-autoenable\] \[-noenable\] \[-c command\] \ > \[-Evar=x\] \[-e enable-password\] \[-f cloginrc-file\] \[-p user-password\] \ > \[-s script-file\] \[-t timeout\] \[-u username\] \ > \[-v vty-password\] \[-w enable-username\] \[-x command-file\] \ > \[-y ssh_cypher_type\] router \[router...\]\n" > > # env(CLOGIN) may contain: > # x == do not set xterm banner or name > > # Password file > set password_file $env(HOME)/.cloginrc > # Default is to login to the router > set do_command 0 > set do_script 0 > # The default is to automatically enable > set avenable 1 > # The default is that you login non-enabled (tacacs can have you login already > # enabled) > set avautoenable 0 > # The default is to look in the password file to find the passwords. This > # tracks if we receive them on the command line. > set do_passwd 1 > set do_enapasswd 1 > # attempt at platform switching. > set platform "" > # Save config, if prompted > set do_saveconfig 0 > # Sometimes routers take awhile to answer (the default is 10 sec) > set timeoutdflt 45 > # > set send_human {.2 .1 .4 .2 1} > > # Find the user in the ENV, or use the unix userid. > if {[ info exists env(CISCO_USER) ]} { > set default_user $env(CISCO_USER) > } elseif {[ info exists env(USER) ]} { > set default_user $env(USER) > } elseif {[ info exists env(LOGNAME) ]} { > set default_user $env(LOGNAME) > } else { > # This uses "id" which I think is portable. At least it has existed > # (without options) on all machines/OSes I've been on recently - > # unlike whoami or id -nu. > if [ catch {exec id} reason ] { > send_error "\nError: could not exec id: $reason\n" > exit 1 > } > regexp {\(([^)]*)} "$reason" junk default_user > } > if {[ info exists env(CLOGINRC) ]} { > set password_file $env(CLOGINRC) > } > > # Process the command line > for {set i 0} {$i < $argc} {incr i} { > set arg [lindex $argv $i] > > switch -glob -- $arg { > # Expect debug mode > -d* { > exp_internal 1 > # Username > } -u* { > if {! [ regexp .\[uU\](.+) $arg ignore user]} { > incr i > set username [ lindex $argv $i ] > } > # VTY Password > } -p* { > if {! [ regexp .\[pP\](.+) $arg ignore userpasswd]} { > incr i > set userpasswd [ lindex $argv $i ] > } > set do_passwd 0 > # VTY Password > } -v* { > if {! [ regexp .\[vV\](.+) $arg ignore passwd]} { > incr i > set passwd [ lindex $argv $i ] > } > set do_passwd 0 > # Version string > } -V* { > send_user "@PACKAGE@ @VERSION@\n" > exit 0 > # Enable Username > } -w* { > if {! [ regexp .\[wW\](.+) $arg ignore enauser]} { > incr i > set enausername [ lindex $argv $i ] > } > # Environment variable to pass to -s scripts > } -E* { > if {[ regexp .\[E\](.+)=(.+) $arg ignore varname varvalue]} { > set E$varname $varvalue > } else { > send_user "\nError: invalid format for -E in $arg\n" > exit 1 > } > # Enable Password > } -e* { > if {! [ regexp .\[e\](.+) $arg ignore enapasswd]} { > incr i > set enapasswd [ lindex $argv $i ] > } > set do_enapasswd 0 > # Command to run. > } -c* { > if {! [ regexp .\[cC\](.+) $arg ignore command]} { > incr i > set command [ lindex $argv $i ] > } > set do_command 1 > # Expect script to run. > } -s* { > if {! [ regexp .\[sS\](.+) $arg ignore sfile]} { > incr i > set sfile [ lindex $argv $i ] > } > if { ! [ file readable $sfile ] } { > send_user "\nError: Can't read $sfile\n" > exit 1 > } > set do_script 1 > # save config on exit > } -S* { > set do_saveconfig 1 > # 'ssh -c' cypher type > } -y* { > if {! [ regexp .\[eE\](.+) $arg ignore cypher]} { > incr i > set cypher [ lindex $argv $i ] > } > # alternate cloginrc file > } -f* { > if {! [ regexp .\[fF\](.+) $arg ignore password_file]} { > incr i > set password_file [ lindex $argv $i ] > } > # Timeout > } -t* { > if {! [ regexp .\[tT\](.+) $arg ignore timeout]} { > incr i > set timeoutdflt [ lindex $argv $i ] > } > # Command file > } -x* { > if {! [ regexp .\[xX\](.+) $arg ignore cmd_file]} { > incr i > set cmd_file [ lindex $argv $i ] > } > if [ catch {set cmd_fd [open $cmd_file r]} reason ] { > send_user "\nError: $reason\n" > exit 1 > } > set cmd_text [read $cmd_fd] > close $cmd_fd > set command [join [split $cmd_text \n] \;] > set do_command 1 > # Do we enable? > } -noenable { > set avenable 0 > # Does tacacs automatically enable us? > } -autoenable { > set autoenable 1 > set avenable 0 > } -* { > send_user "\nError: Unknown argument! $arg\n" > send_user $usage > exit 1 > } default { > break > } > } > } > # Process routers...no routers listed is an error. > if { $i == $argc } { > send_user "\nError: $usage" > } > > # Only be quiet if we are running a script (it can log its output > # on its own) > if { $do_script } { > log_user 0 > } else { > log_user 1 > } > > # > # Done configuration/variable setting. Now run with it... > # > > # Sets Xterm title if interactive...if its an xterm and the user cares > proc label { host } { > global env > # if CLOGIN has an 'x' in it, don't set the xterm name/banner > if [info exists env(CLOGIN)] { > if {[string first "x" $env(CLOGIN)] != -1} { return } > } > # take host from ENV(TERM) > if [info exists env(TERM)] { > if [regexp \^(xterm|vs) $env(TERM) ignore ] { > send_user "\033]1;[lindex [split $host "."] 0]\a" > send_user "\033]2;$host\a" > } > } > } > > # This is a helper function to make the password file easier to > # maintain. Using this the password file has the form: > # add password sl* pete cow > # add password at* steve > # add password * hanky-pie > proc add {var args} { global int_$var ; lappend int_$var $args} > proc include {args} { > global env > regsub -all "(^{|}$)" $args {} args > if { [ regexp "^/" $args ignore ] == 0 } { > set args $env(HOME)/$args > } > source_password_file $args > } > > proc find {var router} { > upvar int_$var list > if { [info exists list] } { > foreach line $list { > if { [string match [lindex $line 0] $router ] } { > return [lrange $line 1 end] > } > } > } > return {} > } > > # Loads the password file. Note that as this file is tcl, and that > # it is sourced, the user better know what to put in there, as it > # could install more than just password info... I will assume however, > # that a "bad guy" could just as easy put such code in the clogin > # script, so I will leave .cloginrc as just an extention of that script > proc source_password_file { password_file } { > global env > if { ! [file exists $password_file] } { > send_user "\nError: password file ($password_file) does not exist\n" > exit 1 > } > file stat $password_file fileinfo > if { [expr ($fileinfo(mode) & 007)] != 0000 } { > send_user "\nError: $password_file must not be world readable/writable\n" > exit 1 > } > if [ catch {source $password_file} reason ] { > send_user "\nError: $reason\n" > exit 1 > } > } > > # Log into the router. > # returns: 0 on success, 1 on failure > proc login { router user userpswd passwd enapasswd cmethod cyphertype identfile } { > global spawn_id in_proc do_command do_script platform > global prompt u_prompt p_prompt e_prompt sshcmd > set in_proc 1 > > # try each of the connection methods in $cmethod until one is successful > set progs [llength $cmethod] > foreach prog [lrange $cmethod 0 end] { > incr progs -1 > regexp {(telnet|ssh)(:([^[:space:]]+))*} $prog command suffix junk port > if [string match "telnet*" $prog] { > if {"$port" == ""} { > set retval [ catch {spawn hpuifilter -- telnet $router} reason ] > } else { > set retval [ catch {spawn hpuifilter -- telnet $router $port} reason ] > } > if { $retval } { > send_user "\nError: telnet failed: $reason\n" > return 1 > } > } elseif [string match "ssh*" $prog] { > regexp {ssh(:([^[:space:]]+))*} $prog methcmd suffix port > set cmd [join [lindex $sshcmd 0] " "] > if {"$port" != ""} { > set cmd "$cmd -p $port" > } > if {"$identfile" != ""} { > set cmd "$cmd -i $identfile" > } > set retval [ catch {eval spawn [split "hpuifilter -- $cmd -c $cyphertype -x -l $user $router" { }]} reason ] > if { $retval } { > send_user "\nError: $sshcmd failed: $reason\n" > return 1 > } > } elseif ![string compare $prog "rsh"] { > send_error "\nError: unsupported method: rsh\n" > if { $progs == 0 } { > return 1 > } > continue; > } else { > send_user "\nError: unknown connection method: $prog\n" > return 1 > } > sleep 0.3 > > # This helps cleanup each expect clause. > expect_after { > timeout { > send_user "\nError: TIMEOUT reached\n" > catch {close}; catch {wait}; > if { $in_proc} { > return 1 > } else { > continue > } > } eof { > send_user "\nError: EOF received\n" > catch {close}; catch {wait}; > if { $in_proc} { > return 1 > } else { > continue > } > } > } > > # Here we get a little tricky. There are several possibilities: > # the router can ask for a username and passwd and then > # talk to the TACACS server to authenticate you, or if the > # TACACS server is not working, then it will use the enable > # passwd. Or, the router might not have TACACS turned on, > # then it will just send the passwd. > # if telnet fails with connection refused, try ssh > expect { > "Press any key to continue" { > send " " > exp_continue > } > -re "(Connection refused|Secure connection \[^\n\r]+ refused|Connection closed by)" { > catch {close}; catch {wait}; > if !$progs { > send_user "\nError: Connection Refused ($prog)\n"; return 1 > } > } > "Host is unreachable" { > catch {close}; catch {wait}; > send_user "\nError: Host Unreachable!\n"; wait; return 1 > } > "No address associated with name" { > catch {close}; catch {wait}; > send_user "\nError: Unknown host\n"; wait; return 1 > } > -re "(Host key not found |The authenticity of host .* be established).*\(yes\/no\)\?" { > send "yes\r" > send_user "\nHost $router added to the list of known hosts.\n" > exp_continue } > -re "HOST IDENTIFICATION HAS CHANGED.* \(yes\/no\)\?" { > send "no\r" > send_user "\nError: The host key for $router has changed. Update the SSH known_hosts file accordingly.\n" > return 1 > } > -re "Offending key for .* \(yes\/no\)\?" { > send "no\r" > send_user "\nError: host key mismatch for $router. Update the SSH known_hosts file accordingly.\n" > return 1 > } > eof { send_user "\nError: Couldn't login\n"; wait; return 1 } > -nocase "unknown host\r" { > catch {close}; catch {wait}; > send_user "\nError: Unknown host\n"; wait; return 1 > } > -re "$u_prompt" { send -- "$user\r" > expect { > eof { send_user "\nError: Couldn't login\n"; wait; return 1 } > "Login invalid" { send_user "\nError: Invalid login\n"; > catch {close}; catch {wait}; > return 1 } > -re "$p_prompt" { send -- "$userpswd\r" } > "$prompt" { set in_proc 0; return 0 } > "Press any key to continue" { > send " " > exp_continue > } > } > exp_continue > } > -re "$p_prompt" { > if ![string compare $prog "ssh"] { > send -- "$userpswd\r" > } else { > send -- "$passwd\r" > } > expect { > eof { send_user "\nError: Couldn't login\n"; > wait; > return 1 > } > "Press any key to continue" { > send " "; > exp_continue > } > -re "$e_prompt" { send -- "$enapasswd\r" } > "$prompt" { set in_proc 0; > return 0 > } > } > exp_continue > } > "$prompt" { break; } > denied { send_user "\nError: Check your passwd for $router\n" > catch {close}; catch {wait}; return 1 > } > "% Bad passwords" {send_user "\nError: Check your passwd for $router\n"; return 1 } > } > } > > set in_proc 0 > return 0 > } > > # Enable > proc do_enable { enauser enapasswd } { > global prompt in_proc > global u_prompt e_prompt > set in_proc 1 > > send "enable\r" > expect { > -re "$u_prompt" { send -- "$enauser\r"; exp_continue} > -re "$e_prompt" { send -- "$enapasswd\r"; exp_continue} > "#" { set prompt "#" } > "(enable)" { set prompt "> (enable) " } > denied { send_user "\nError: Check your Enable passwd\n"; return 1} > "% Bad passwords" { send_user "\nError: Check your Enable passwd\n" > return 1 > } > } > # We set the prompt variable (above) so script files don't need > # to know what it is. > set in_proc 0 > return 0 > } > > # Run commands given on the command line. > proc run_commands { prompt command } { > global do_saveconfig in_proc platform > set in_proc 1 > > # Turn off the pager and escape regex meta characters in the $prompt > send "no page\r" > regsub -all {[)(]} $prompt {\\&} reprompt > regsub -all {^(.{1,11}).*([#>])$} $reprompt {\1([^#>\r\n]+)?[#>](\\([^)\\r\\n]+\\))?} reprompt > expect { > -re $reprompt {} > -re "\[\n\r]+" { exp_continue } > } > # this is the only way i see to get rid of more prompts in o/p..grrrrr > log_user 0 > > set commands [split $command \;] > set num_commands [llength $commands] > # if the pager can not be turned off, we have to look for the "More" > # prompt. > for {set i 0} {$i < $num_commands} { incr i} { > send -- "[subst -nocommands [lindex $commands $i]]\r" > expect { > -re "^\[^\n\r *]*$reprompt" { catch {send_user -- "$expect_out(buffer)"} } > -re "^\[^\n\r]*$reprompt " { catch {send_user -- "$expect_out(buffer)"} } > -re "\[\n\r]+" { catch {send_user -- "$expect_out(buffer)"} > exp_continue } > -re "\[^\r\n]*Press to cont\[^\r\n]*" { > catch {send " "}; > expect { > # gag, 2 more prompts > -re "\[\r\n]*\r" {} > -re "\[^\r\n]*Press to cont\[^\r\n]*" { > catch {send " "}; > exp_continue > } > } > exp_continue > } > -re "^<-+ More -+>\[^\n\r]*" { catch {send " "} > exp_continue } > -re "^-+ MORE -+\[^\n\r]*" { catch {send " "} > exp_continue } > # 3 flavours of the more prompt, first -More-, then --More-- (for > # cisco/riverhead AGM), then with more dashes. > -re "^-More-\[^\n\r-]*" { catch {send " "} > exp_continue } > -re "^--More--\[^\n\r-]*" { catch {send " "} > exp_continue } > -re "^---+More---+\[^\n\r]*" { > catch {send " "} > exp_continue } > -re "\b+" { exp_continue } > } > } > log_user 1 > send -h "exit\r" > expect { > "Do you want to save current configuration" { > if {$do_saveconfig} { > catch {send "y\r"} > } else { > catch {send "n\r"} > } > exp_continue > } > "Do you wish to save " { > if {$do_saveconfig} { > catch {send "y\r"} > } else { > catch {send "n\r"} > } > exp_continue > } > "Do you want to log out" { > catch {send "y\r"} > exp_continue > } > -re "\[\r\n]+" { exp_continue } > -re "^.+>" { > catch {send -h "exit\r"} > exp_continue > } > timeout { catch {close}; catch {wait}; > return 0 > } > eof { return 0 } > } > set in_proc 0 > } > > # > # For each router... (this is main loop) > # > source_password_file $password_file > set in_proc 0 > set exitval 0 > foreach router [lrange $argv $i end] { > set router [string tolower $router] > send_user "$router\n" > > # device timeout > set timeout [find timeout $router] > if { [llength $timeout] == 0 } { > set timeout $timeoutdflt > } > > # device identfile for ssh public key login > set identfile [join [lindex [find identity $router] 0] ""] > > # Figure out prompt. > # Since autoenable is off by default, if we have it defined, it > # was done on the command line. If it is not specifically set on the > # command line, check the password file. > if $avautoenable { > set autoenable 1 > set enable 0 > set prompt "#" > } else { > set ae [find autoenable $router] > if { "$ae" == "1" } { > set autoenable 1 > set enable 0 > set prompt "#" > } else { > set autoenable 0 > set enable $avenable > set prompt ">" > } > } > > # look for noenable option in .cloginrc > if { [find noenable $router] != "" } { > set enable 0 > } > > # Figure out passwords > if { $do_passwd || $do_enapasswd } { > set pswd [find password $router] > if { [llength $pswd] == 0 } { > send_user "\nError: no password for $router in $password_file.\n" > continue > } > if { $enable && $do_enapasswd && $autoenable == 0 && [llength $pswd] < 2 } { > send_user "\nError: no enable password for $router in $password_file.\n" > continue > } > set passwd [join [lindex $pswd 0] ""] > set enapasswd [join [lindex $pswd 1] ""] > } else { > set passwd $userpasswd > set enapasswd $enapasswd > } > > # Figure out username > if {[info exists username]} { > # command line username > set ruser $username > } else { > set ruser [join [find user $router] ""] > if { "$ruser" == "" } { set ruser $default_user } > } > > # Figure out username's password (if different from the vty password) > if {[info exists userpasswd]} { > # command line username > set userpswd $userpasswd > } else { > set userpswd [join [find userpassword $router] ""] > if { "$userpswd" == "" } { set userpswd $passwd } > } > > # Figure out enable username > if {[info exists enausername]} { > # command line enausername > set enauser $enausername > } else { > set enauser [join [find enauser $router] ""] > if { "$enauser" == "" } { set enauser $ruser } > } > > # Figure out prompts > set u_prompt [find userprompt $router] > if { "$u_prompt" == "" } { > set u_prompt "(Username|login|user name):" > } else { > set u_prompt [join [lindex $u_prompt 0] ""] > } > set p_prompt [find passprompt $router] > if { "$p_prompt" == "" } { > set p_prompt "(\[Pp]assword|passwd):" > } else { > set p_prompt [join [lindex $p_prompt 0] ""] > } > set e_prompt [find enableprompt $router] > if { "$e_prompt" == "" } { > set e_prompt "\[Pp]assword:" > } else { > set e_prompt [join [lindex $e_prompt 0] ""] > } > > # Figure out cypher type > if {[info exists cypher]} { > # command line cypher type > set cyphertype $cypher > } else { > set cyphertype [find cyphertype $router] > if { "$cyphertype" == "" } { set cyphertype "3des" } > } > > # Figure out connection method > set cmethod [find method $router] > if { "$cmethod" == "" } { set cmethod {{telnet} {ssh}} } > > # Figure out the SSH executable name > set sshcmd [find sshcmd $router] > if { "$sshcmd" == "" } { set sshcmd {ssh} } > > # Adjust our path to find hpuifilter > set hpf_path "" > regexp {(.*)/[^/]+} $argv0 junk hpf_path > if { "$hpf_path" != "" && "$hpf_path" != "." } { > append env(PATH) ":$hpf_path" > } > > # Login to the router > if {[login $router $ruser $userpswd $passwd $enapasswd $cmethod $cyphertype $identfile]} { > incr exitval > continue > } > if { $enable } { > if {[do_enable $enauser $enapasswd]} { > if { $do_command || $do_script } { > incr exitval > catch {close}; catch {wait}; > continue > } > } > } > # we are logged in, now figure out the full prompt > send "\r" > expect { > -re "\[\r\n]+" { exp_continue; } > -re "^.+$prompt" { set prompt $expect_out(0,string); } > } > > if { $do_command } { > if {[run_commands $prompt $command]} { > incr exitval > continue > } > } elseif { $do_script } { > # disable the pager > send "no page\r" > expect -re $prompt {} > source $sfile > catch {close}; > } else { > label $router > log_user 1 > interact > } > > # End of for each router > catch {wait}; > sleep 0.3 > } > exit $exitval > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss -------------- next part -------------- #! @EXPECT_PATH@ -- ## ## $Id: hlogin.in 2187 2010-04-08 22:51:46Z heas $ ## ## @PACKAGE@ @VERSION@ ## Copyright (c) 1997-2009 by Terrapin Communications, Inc. ## All rights reserved. ## ## This code is derived from software contributed to and maintained by ## Terrapin Communications, Inc. by Henry Kilmer, John Heasley, Andrew Partan, ## Pete Whiting, Austin Schutz, and Andrew Fort. ## ## Redistribution and use in source and binary forms, with or without ## modification, are permitted provided that the following conditions ## are met: ## 1. Redistributions of source code must retain the above copyright ## notice, this list of conditions and the following disclaimer. ## 2. Redistributions in binary form must reproduce the above copyright ## notice, this list of conditions and the following disclaimer in the ## documentation and/or other materials provided with the distribution. ## 3. All advertising materials mentioning features or use of this software ## must display the following acknowledgement: ## This product includes software developed by Terrapin Communications, ## Inc. and its contributors for RANCID. ## 4. Neither the name of Terrapin Communications, Inc. nor the names of its ## contributors may be used to endorse or promote products derived from ## this software without specific prior written permission. ## 5. It is requested that non-binding fixes and modifications be contributed ## back to Terrapin Communications, Inc. ## ## THIS SOFTWARE IS PROVIDED BY Terrapin Communications, INC. AND CONTRIBUTORS ## ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED ## TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ## PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COMPANY OR CONTRIBUTORS ## BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR ## CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF ## SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS ## INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN ## CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ## ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE ## POSSIBILITY OF SUCH DAMAGE. # # The expect login scripts were based on Erik Sherk's gwtn, by permission. # # hlogin - hp login # # Most options are intuitive for logging into a Cisco router. # The default is to enable (thus -noenable). Some folks have # setup tacacs to have a user login at priv-lvl = 15 (enabled) # so the -autoenable flag was added for this case (don't go through # the process of enabling and the prompt will be the "#" prompt. # The default username password is the same as the vty password. # # Usage line set usage "Usage: $argv0 \[-dSV\] \[-autoenable\] \[-noenable\] \[-c command\] \ \[-Evar=x\] \[-e enable-password\] \[-f cloginrc-file\] \[-p user-password\] \ \[-s script-file\] \[-t timeout\] \[-u username\] \ \[-v vty-password\] \[-w enable-username\] \[-x command-file\] \ \[-y ssh_cypher_type\] router \[router...\]\n" # env(CLOGIN) may contain: # x == do not set xterm banner or name # Password file set password_file $env(HOME)/.cloginrc # Default is to login to the router set do_command 0 set do_script 0 # The default is to automatically enable set avenable 1 # The default is that you login non-enabled (tacacs can have you login already # enabled) set avautoenable 0 # The default is to look in the password file to find the passwords. This # tracks if we receive them on the command line. set do_passwd 1 set do_enapasswd 1 # Save config, if prompted set do_saveconfig 0 # Sometimes routers take awhile to answer (the default is 10 sec) set timeoutdflt 45 # set send_human {.2 .1 .4 .2 1} # Find the user in the ENV, or use the unix userid. if {[ info exists env(CISCO_USER) ]} { set default_user $env(CISCO_USER) } elseif {[ info exists env(USER) ]} { set default_user $env(USER) } elseif {[ info exists env(LOGNAME) ]} { set default_user $env(LOGNAME) } else { # This uses "id" which I think is portable. At least it has existed # (without options) on all machines/OSes I've been on recently - # unlike whoami or id -nu. if [ catch {exec id} reason ] { send_error "\nError: could not exec id: $reason\n" exit 1 } regexp {\(([^)]*)} "$reason" junk default_user } if {[ info exists env(CLOGINRC) ]} { set password_file $env(CLOGINRC) } # Process the command line for {set i 0} {$i < $argc} {incr i} { set arg [lindex $argv $i] switch -glob -- $arg { # Expect debug mode -d* { exp_internal 1 # Username } -u* { if {! [ regexp .\[uU\](.+) $arg ignore user]} { incr i set username [ lindex $argv $i ] } # VTY Password } -p* { if {! [ regexp .\[pP\](.+) $arg ignore userpasswd]} { incr i set userpasswd [ lindex $argv $i ] } set do_passwd 0 # passphrase } -r* { if {! [ regexp .\[rR\](.+) $arg ignore passphrase]} { incr i set vapassphrase [ lindex $argv $i ] } # VTY Password } -v* { if {! [ regexp .\[vV\](.+) $arg ignore passwd]} { incr i set passwd [ lindex $argv $i ] } set do_passwd 0 # Version string } -V* { send_user "@PACKAGE@ @VERSION@\n" exit 0 # Enable Username } -w* { if {! [ regexp .\[wW\](.+) $arg ignore enauser]} { incr i set enausername [ lindex $argv $i ] } # Environment variable to pass to -s scripts } -E* { if {[ regexp .\[E\](.+)=(.+) $arg ignore varname varvalue]} { set E$varname $varvalue } else { send_user "\nError: invalid format for -E in $arg\n" exit 1 } # Enable Password } -e* { if {! [ regexp .\[e\](.+) $arg ignore enapasswd]} { incr i set enapasswd [ lindex $argv $i ] } set do_enapasswd 0 # Command to run. } -c* { if {! [ regexp .\[cC\](.+) $arg ignore command]} { incr i set command [ lindex $argv $i ] } set do_command 1 # Expect script to run. } -s* { if {! [ regexp .\[sS\](.+) $arg ignore sfile]} { incr i set sfile [ lindex $argv $i ] } if { ! [ file readable $sfile ] } { send_user "\nError: Can't read $sfile\n" exit 1 } set do_script 1 # save config on exit } -S* { set do_saveconfig 1 # 'ssh -c' cypher type } -y* { if {! [ regexp .\[eE\](.+) $arg ignore cypher]} { incr i set cypher [ lindex $argv $i ] } # alternate cloginrc file } -f* { if {! [ regexp .\[fF\](.+) $arg ignore password_file]} { incr i set password_file [ lindex $argv $i ] } # Timeout } -t* { if {! [ regexp .\[tT\](.+) $arg ignore timeout]} { incr i set timeoutdflt [ lindex $argv $i ] } # Command file } -x* { if {! [ regexp .\[xX\](.+) $arg ignore cmd_file]} { incr i set cmd_file [ lindex $argv $i ] } if [ catch {set cmd_fd [open $cmd_file r]} reason ] { send_user "\nError: $reason\n" exit 1 } set cmd_text [read $cmd_fd] close $cmd_fd set command [join [split $cmd_text \n] \;] set do_command 1 # Do we enable? } -noenable { set avenable 0 # Does tacacs automatically enable us? } -autoenable { # hp does not autoenable #set autoenable 1 #set avenable 0 } -* { send_user "\nError: Unknown argument! $arg\n" send_user $usage exit 1 } default { break } } } # Process routers...no routers listed is an error. if { $i == $argc } { send_user "\nError: $usage" } # Only be quiet if we are running a script (it can log its output # on its own) if { $do_script } { log_user 0 } else { log_user 1 } # # Done configuration/variable setting. Now run with it... # # Sets Xterm title if interactive...if its an xterm and the user cares proc label { host } { global env # if CLOGIN has an 'x' in it, don't set the xterm name/banner if [info exists env(CLOGIN)] { if {[string first "x" $env(CLOGIN)] != -1} { return } } # take host from ENV(TERM) if [info exists env(TERM)] { if [regexp \^(xterm|vs) $env(TERM) ignore ] { send_user "\033]1;[lindex [split $host "."] 0]\a" send_user "\033]2;$host\a" } } } # This is a helper function to make the password file easier to # maintain. Using this the password file has the form: # add password sl* pete cow # add password at* steve # add password * hanky-pie proc add {var args} { global int_$var ; lappend int_$var $args} proc include {args} { global env regsub -all "(^{|}$)" $args {} args if { [ regexp "^/" $args ignore ] == 0 } { set args $env(HOME)/$args } source_password_file $args } proc find {var router} { upvar int_$var list if { [info exists list] } { foreach line $list { if { [string match [lindex $line 0] $router ] } { return [lrange $line 1 end] } } } return {} } # Loads the password file. Note that as this file is tcl, and that # it is sourced, the user better know what to put in there, as it # could install more than just password info... I will assume however, # that a "bad guy" could just as easy put such code in the clogin # script, so I will leave .cloginrc as just an extention of that script proc source_password_file { password_file } { global env if { ! [file exists $password_file] } { send_user "\nError: password file ($password_file) does not exist\n" exit 1 } file stat $password_file fileinfo if { [expr ($fileinfo(mode) & 007)] != 0000 } { send_user "\nError: $password_file must not be world readable/writable\n" exit 1 } if [ catch {source $password_file} reason ] { send_user "\nError: $reason\n" exit 1 } } # Log into the router. # returns: 0 on success, 1 on failure proc login { router user userpswd passwd enapasswd cmethod cyphertype identfile } { global spawn_id in_proc do_command do_script passphrase global prompt u_prompt p_prompt e_prompt sshcmd set in_proc 1 # try each of the connection methods in $cmethod until one is successful set progs [llength $cmethod] foreach prog [lrange $cmethod 0 end] { incr progs -1 regexp {(telnet|ssh)(:([^[:space:]]+))*} $prog command suffix junk port if [string match "telnet*" $prog] { if {"$port" == ""} { set retval [ catch {spawn hpuifilter -- telnet $router} reason ] } else { set retval [ catch {spawn hpuifilter -- telnet $router $port} reason ] } if { $retval } { send_user "\nError: telnet failed: $reason\n" return 1 } } elseif [string match "ssh*" $prog] { # ssh to the router & try to login with or without an identfile. regexp {ssh(:([^[:space:]]+))*} $prog methcmd suffix port set cmd [join [lindex $sshcmd 0] " "] if {"$port" != ""} { set cmd "$cmd -p $port" } if {"$identfile" != ""} { set cmd "$cmd -i $identfile" } set retval [ catch {eval spawn hpuifilter -- [split "$cmd -c $cyphertype -x -l $user $router" { }]} reason ] if { $retval } { send_user "\nError: $sshcmd failed: $reason\n" return 1 } } elseif ![string compare $prog "rsh"] { send_error "\nError: unsupported method: rsh\n" if { $progs == 0 } { return 1 } continue; } else { send_user "\nError: unknown connection method: $prog\n" return 1 } sleep 0.3 # This helps cleanup each expect clause. expect_after { timeout { send_user "\nError: TIMEOUT reached\n" catch {close}; catch {wait}; if { $in_proc} { return 1 } else { continue } } eof { send_user "\nError: EOF received\n" catch {close}; catch {wait}; if { $in_proc} { return 1 } else { continue } } } # Here we get a little tricky. There are several possibilities: # the router can ask for a username and passwd and then # talk to the TACACS server to authenticate you, or if the # TACACS server is not working, then it will use the enable # passwd. Or, the router might not have TACACS turned on, # then it will just send the passwd. # if telnet fails with connection refused, try ssh expect { "Press any key to continue" { send " " exp_continue } -re "(Connection refused|Secure connection \[^\n\r]+ refused|Connection closed by)" { catch {close}; catch {wait}; if !$progs { send_user "\nError: Connection Refused ($prog)\n"; return 1 } } "Host is unreachable" { catch {close}; catch {wait}; send_user "\nError: Host Unreachable!\n"; wait; return 1 } "No address associated with name" { catch {close}; catch {wait}; send_user "\nError: Unknown host\n"; wait; return 1 } -re "(Host key not found |The authenticity of host .* be established).*\(yes\/no\)\?" { send "yes\r" send_user "\nHost $router added to the list of known hosts.\n" exp_continue } -re "HOST IDENTIFICATION HAS CHANGED.* \(yes\/no\)\?" { send "no\r" send_user "\nError: The host key for $router has changed. Update the SSH known_hosts file accordingly.\n" return 1 } -re "Offending key for .* \(yes\/no\)\?" { send "no\r" send_user "\nError: host key mismatch for $router. Update the SSH known_hosts file accordingly.\n" return 1 } eof { send_user "\nError: Couldn't login\n"; wait; return 1 } -nocase "unknown host\r" { catch {close}; catch {wait}; send_user "\nError: Unknown host\n"; wait; return 1 } -re "Enter passphrase.*: " { # sleep briefly to allow time for stty -echo sleep 1 send -- "$passphrase\r" exp_continue } -re "$u_prompt" { send -- "$user\r" expect { eof { send_user "\nError: Couldn't login\n"; wait; return 1 } "Login invalid" { send_user "\nError: Invalid login\n"; catch {close}; catch {wait}; return 1 } -re "$p_prompt" { send -- "$userpswd\r" } "$prompt" { set in_proc 0; return 0 } "Press any key to continue" { send " " exp_continue } } exp_continue } -re "$p_prompt" { if ![string compare $prog "ssh"] { send -- "$userpswd\r" } else { send -- "$passwd\r" } expect { eof { send_user "\nError: Couldn't login\n"; wait; return 1 } "Press any key to continue" { send " "; exp_continue } -re "$e_prompt" { send -- "$enapasswd\r" } "$prompt" { set in_proc 0; return 0 } } exp_continue } "$prompt" { break; } denied { send_user "\nError: Check your passwd for $router\n" catch {close}; catch {wait}; return 1 } "% Bad passwords" {send_user "\nError: Check your passwd for $router\n"; return 1 } } } set in_proc 0 return 0 } # Enable proc do_enable { enauser enapasswd } { global prompt in_proc global u_prompt e_prompt set in_proc 1 send "enable\r" expect { -re "$u_prompt" { send -- "$enauser\r"; exp_continue} -re "$e_prompt" { send -- "$enapasswd\r"; exp_continue} "#" { set prompt "#" } "(enable)" { set prompt "> (enable) " } denied { send_user "\nError: Check your Enable passwd\n"; return 1} "% Bad passwords" { send_user "\nError: Check your Enable passwd\n" return 1 } } # We set the prompt variable (above) so script files don't need # to know what it is. set in_proc 0 return 0 } # Run commands given on the command line. proc run_commands { prompt command } { global do_saveconfig in_proc set in_proc 1 # Turn off the pager and escape regex meta characters in the $prompt send "no page\r" regsub -all {[)(]} $prompt {\\&} reprompt regsub -all {^(.{1,11}).*([#>])$} $reprompt {\1([^#>\r\n]+)?[#>](\\([^)\\r\\n]+\\))?} reprompt expect { -re $reprompt {} -re "\[\n\r]+" { exp_continue } } # this is the only way i see to get rid of more prompts in o/p..grrrrr log_user 0 set commands [split $command \;] set num_commands [llength $commands] # if the pager can not be turned off, we have to look for the "More" # prompt. for {set i 0} {$i < $num_commands} { incr i} { send -- "[subst -nocommands [lindex $commands $i]]\r" expect { -re "^\[^\n\r *]*$reprompt" { catch {send_user -- "$expect_out(buffer)"} } -re "^\[^\n\r]*$reprompt " { catch {send_user -- "$expect_out(buffer)"} } -re "\[\n\r]+" { catch {send_user -- "$expect_out(buffer)"} exp_continue } -re "\[^\r\n]*Press to cont\[^\r\n]*" { catch {send " "}; expect { # gag, 2 more prompts -re "\[\r\n]*\r" {} -re "\[^\r\n]*Press to cont\[^\r\n]*" { catch {send " "}; exp_continue } } exp_continue } -re "^<-+ More -+>\[^\n\r]*" { catch {send " "} exp_continue } -re "^-+ MORE -+\[^\n\r]*" { catch {send " "} exp_continue } # 3 flavours of the more prompt, first -More-, then --More-- (for # cisco/riverhead AGM), then with more dashes. -re "^-More-\[^\n\r-]*" { catch {send " "} exp_continue } -re "^--More--\[^\n\r-]*" { catch {send " "} exp_continue } -re "^---+More---+\[^\n\r]*" { catch {send " "} exp_continue } -re "\b+" { exp_continue } } } log_user 1 send -h "exit\r" expect { "Do you want to save current configuration" { if {$do_saveconfig} { catch {send "y\r"} } else { catch {send "n\r"} } exp_continue } "Do you wish to save " { if {$do_saveconfig} { catch {send "y\r"} } else { catch {send "n\r"} } exp_continue } "Do you want to log out" { catch {send "y\r"} exp_continue } -re "\[\r\n]+" { exp_continue } -re "^.+>" { catch {send -h "exit\r"} exp_continue } timeout { catch {close}; catch {wait}; return 0 } eof { return 0 } } set in_proc 0 } # # For each router... (this is main loop) # source_password_file $password_file set in_proc 0 set exitval 0 foreach router [lrange $argv $i end] { set router [string tolower $router] send_user "$router\n" # device timeout set timeout [find timeout $router] if { [llength $timeout] == 0 } { set timeout $timeoutdflt } # Figure out prompt. # Since autoenable is off by default, if we have it defined, it # was done on the command line. If it is not specifically set on the # command line, check the password file. if $avautoenable { set autoenable 1 set enable 0 set prompt "#" } else { set ae [find autoenable $router] if { "$ae" == "1" } { set autoenable 1 set enable 0 set prompt "#" } else { set autoenable 0 set enable $avenable set prompt ">" } } # look for noenable option in .cloginrc if { [find noenable $router] != "" } { set enable 0 } # Figure out passwords if { $do_passwd || $do_enapasswd } { set pswd [find password $router] if { [llength $pswd] == 0 } { send_user "\nError: no password for $router in $password_file.\n" continue } if { $enable && $do_enapasswd && $autoenable == 0 && [llength $pswd] < 2 } { send_user "\nError: no enable password for $router in $password_file.\n" continue } set passwd [join [lindex $pswd 0] ""] set enapasswd [join [lindex $pswd 1] ""] } else { set passwd $userpasswd set enapasswd $enapasswd } # Figure out username if {[info exists username]} { # command line username set ruser $username } else { set ruser [join [find user $router] ""] if { "$ruser" == "" } { set ruser $default_user } } # Figure out username's password (if different from the vty password) if {[info exists userpasswd]} { # command line username set userpswd $userpasswd } else { set userpswd [join [find userpassword $router] ""] if { "$userpswd" == "" } { set userpswd $passwd } } # Figure out enable username if {[info exists enausername]} { # command line enausername set enauser $enausername } else { set enauser [join [find enauser $router] ""] if { "$enauser" == "" } { set enauser $ruser } } # Figure out prompts set u_prompt [find userprompt $router] if { "$u_prompt" == "" } { set u_prompt "(Username|login|user name):" } else { set u_prompt [join [lindex $u_prompt 0] ""] } set p_prompt [find passprompt $router] if { "$p_prompt" == "" } { set p_prompt "(\[Pp]assword|passwd):" } else { set p_prompt [join [lindex $p_prompt 0] ""] } set e_prompt [find enableprompt $router] if { "$e_prompt" == "" } { set e_prompt "\[Pp]assword:" } else { set e_prompt [join [lindex $e_prompt 0] ""] } # Figure out identity file to use set identfile [join [lindex [find identity $router] 0] ""] # Figure out passphrase to use if {[info exists avpassphrase]} { set passphrase $avpassphrase } else { set passphrase [join [lindex [find passphrase $router] 0] ""] } if { ! [string length "$passphrase"]} { set passphrase $passwd } # Figure out cypher type if {[info exists cypher]} { # command line cypher type set cyphertype $cypher } else { set cyphertype [find cyphertype $router] if { "$cyphertype" == "" } { set cyphertype "3des" } } # Figure out connection method set cmethod [find method $router] if { "$cmethod" == "" } { set cmethod {{telnet} {ssh}} } # Figure out the SSH executable name set sshcmd [find sshcmd $router] if { "$sshcmd" == "" } { set sshcmd {ssh} } # Adjust our path to find hpuifilter set hpf_path "" regexp {(.*)/[^/]+} $argv0 junk hpf_path if { "$hpf_path" != "" && "$hpf_path" != "." } { append env(PATH) ":$hpf_path" } # Login to the router if {[login $router $ruser $userpswd $passwd $enapasswd $cmethod $cyphertype $identfile]} { incr exitval continue } if { $enable } { if {[do_enable $enauser $enapasswd]} { if { $do_command || $do_script } { incr exitval catch {close}; catch {wait}; continue } } } # we are logged in, now figure out the full prompt send "\r" expect { -re "\[\r\n]+" { exp_continue; } -re "^.+$prompt" { set prompt $expect_out(0,string); } } if { $do_command } { if {[run_commands $prompt $command]} { incr exitval continue } } elseif { $do_script } { # disable the pager send "no page\r" expect -re $prompt {} source $sfile catch {close}; } else { label $router log_user 1 interact } # End of for each router catch {wait}; sleep 0.3 } exit $exitval From gpnster at gmail.com Fri Apr 9 07:00:35 2010 From: gpnster at gmail.com (Gregers Paludan Nakman) Date: Fri, 9 Apr 2010 09:00:35 +0200 Subject: [rancid] Re: No Password required to read Configs. In-Reply-To: References: Message-ID: <000001cad7b2$5aff1ee0$10fd5ca0$@com> This is our simple way of fixing the problem. Fix the webserve in order to look for .htaccess files in the dir where rancid is started from: vi /etc/httpd/conf/httpd.conf look for "cgi-bin" and change the AllowOverride Parameter: # AllowOverride None AllowOverride AuthConfig Options None Order allow,deny Allow from all Save In the dir refereed to in "Directory" ( /var/www/cgi-bin ), create a file named .htaccess with the following content: vi /var/www/cgi-bin/.htaccess AuthUserFile /usr/local/rancid/.htpasswd AuthGroupFile /dev/null AuthName EnterPassword AuthType Basic require user ex: require user jdoe The last thing to do is to create the password file for the user htpasswd -c /usr/local/rancid/.htpasswd jdoe New password: Re-type new password: Adding password for user jdoe Restart httpd #service httpd restart It is not the perfect way, but now the truck hole is just a gap for a small car ;-) BR Gregers ----------------- From nickyicebrown at gmail.com Fri Apr 9 15:50:15 2010 From: nickyicebrown at gmail.com (Nicky Brown) Date: Fri, 9 Apr 2010 10:50:15 -0500 Subject: [rancid] Re: No Password required to read Configs. In-Reply-To: <000001cad7b2$5aff1ee0$10fd5ca0$@com> References: <000001cad7b2$5aff1ee0$10fd5ca0$@com> Message-ID: Thank you Gregers, This works flawlessly. It should be enough for our modest current needs. In time, we can implement something more robust. On Fri, Apr 9, 2010 at 2:00 AM, Gregers Paludan Nakman wrote: > This is our simple way of fixing the problem. > > Fix the webserve in order to look for .htaccess files in the dir where > rancid is started from: > > vi /etc/httpd/conf/httpd.conf > > look for "cgi-bin" and change the AllowOverride Parameter: > > > # AllowOverride None > AllowOverride AuthConfig > Options None > Order allow,deny > Allow from all > > > Save > > In the dir refereed to in "Directory" ( /var/www/cgi-bin ), create a file > named .htaccess with the following content: > > vi /var/www/cgi-bin/.htaccess > > AuthUserFile /usr/local/rancid/.htpasswd > AuthGroupFile /dev/null > AuthName EnterPassword > AuthType Basic > > require user > ex: > require user jdoe > > The last thing to do is to create the password file for the user > > htpasswd -c /usr/local/rancid/.htpasswd jdoe > New password: > Re-type new password: > Adding password for user jdoe > > Restart httpd > > #service httpd restart > > It is not the perfect way, but now the truck hole is just a gap for a small > car ;-) > > BR > Gregers > ----------------- > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20100409/3a8102f6/attachment.html From hvgeekwtrvl at gmail.com Fri Apr 9 18:10:56 2010 From: hvgeekwtrvl at gmail.com (james machado) Date: Fri, 9 Apr 2010 11:10:56 -0700 Subject: [rancid] Re: Is there any way to show uncommitted changes In-Reply-To: <4BAABFBB.5090508@davidkrider.com> References: <4BA90D21.4050500@davidkrider.com> <20100323185609.GL15475@shrubbery.net> <20100324232414.GG4304@shrubbery.net> <4BAABFBB.5090508@davidkrider.com> Message-ID: David, look in the file /bin/rancid and in there you will find an array declaration @commandtable. this array shows the commands that rancid will run and the function used to parse the output prior to committing it to CVS/SVN. james On Wed, Mar 24, 2010 at 6:43 PM, David Krider wrote: > On 03/24/2010 07:24 PM, john heasley wrote: >> Tue, Mar 23, 2010 at 01:08:11PM -0700, Chris Gauthier: >>> I would be very interested in such a script! ?I just don't have time to write it. >> >> for r in `cut -d: -f 1-3 */router.db | grep -i ':cisco:up' | cut -d: -f 1` >> do >> clogin -c 'write mem' $r >> end >> > > Not to be obtuse, but what commands does rancid actually run normally? I > know it's at least "show run", but there's some extra there. I've tried > tracing the scripts, but I can't sort it out. I want to generate exactly > the same output as it's getting during a normal run (except to "show > conf"), so I can diff with the configs it's saving to the config > directory, with as little differences as possible. > > dk > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > From wpereira at pop-sp.rnp.br Mon Apr 12 21:22:21 2010 From: wpereira at pop-sp.rnp.br (Wagner Pereira) Date: Mon, 12 Apr 2010 18:22:21 -0300 Subject: [rancid] New device on .cloginrc Message-ID: <4BC38F0D.5060006@pop-sp.rnp.br> Hi, all. What should I do after include a new device in the .cloginrc file? I noticed after I did that, Rancid didn't create a new file in the config directory. Thanks for any help, as usual. Hugs. -- Wagner Pereira PoP-SP/RNP - Ponto de Presen?a da RNP em S?o Paulo CCE/USP - Centro de Computa??o Eletr?nica da Universidade de S?o Paulo http://www.pop-sp.rnp.br Tel. (11) 3091-8901 From rwest at zyedge.com Mon Apr 12 21:24:37 2010 From: rwest at zyedge.com (Ryan West) Date: Mon, 12 Apr 2010 21:24:37 +0000 Subject: [rancid] Re: New device on .cloginrc In-Reply-To: <4BC38F0D.5060006@pop-sp.rnp.br> References: <4BC38F0D.5060006@pop-sp.rnp.br> Message-ID: <5DC4853C6CC3EE4788779E0726E034DD1D27AF@zy-ex1.zyedge.local> > -----Original Message----- > From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss- > bounces at shrubbery.net] On Behalf Of Wagner Pereira > Sent: Monday, April 12, 2010 5:22 PM > To: Rancid Mailing List > Subject: [rancid] New device on .cloginrc > > Hi, all. > > What should I do after include a new device in the .cloginrc file? > > I noticed after I did that, Rancid didn't create a new file in the > config directory. > Update var//router.db with your new device and set it to up. -ryan From andrew.brennan at drexel.edu Mon Apr 12 21:24:40 2010 From: andrew.brennan at drexel.edu (Andrew Brennan) Date: Mon, 12 Apr 2010 17:24:40 -0400 (EDT) Subject: [rancid] Re: New device on .cloginrc In-Reply-To: <4BC38F0D.5060006@pop-sp.rnp.br> References: <4BC38F0D.5060006@pop-sp.rnp.br> Message-ID: <20100412172323.E10173@dust.noc.drexel.edu> You'll need to also add it to your router.db file(s). The .cloginrc is only the credentials, address, etc. The actual connection is based on what you have in your router.db file(s). andrew. On Mon, 12 Apr 2010, Wagner Pereira wrote: > Hi, all. > > What should I do after include a new device in the .cloginrc file? > > I noticed after I did that, Rancid didn't create a new file in the > config directory. > > Thanks for any help, as usual. > > Hugs. > > -- > > Wagner Pereira > > PoP-SP/RNP - Ponto de Presen?a da RNP em S?o Paulo > CCE/USP - Centro de Computa??o Eletr?nica da Universidade de S?o Paulo > http://www.pop-sp.rnp.br > Tel. (11) 3091-8901 > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > From ThomisonL at muni.org Tue Apr 13 00:34:13 2010 From: ThomisonL at muni.org (Thomison, Lee) Date: Mon, 12 Apr 2010 16:34:13 -0800 Subject: [rancid] svn, apache probably a config question? Message-ID: <27B58F038E8FC24680CE64F6CDC508E590A517DA8A@mlpsmail01.mlp.muniverse.net> I am having trouble using subversion with rancid to look at configurations using apache. I have the pertinent config info posted at the bottom of this note. Thanks in Advance! I can check a repository out as a file:/// $ > svn co file:///home/rancid/CVS q A q/mlpems A q/mlpems/router.db A q/mlpems/configs A q/mlpems/configs/fepts01 A q/mlpems/configs/fepts11 A q/mlpems/configs/fepts02 A q/mlpems/configs/fepts12 A q/mlpems/configs/mlpcomm1c A q/mlpems/configs/mlpcomm2c A q/mlpems/configs/mlpcomm1d A q/mlpems/configs/mlpcomm2d A q/mlpems/configs/sec-ts01 A q/mlpems/configs/sec-ts02 A q/mlpems/configs/sec-ts11 A q/mlpems/configs/sec-ts12 A q/mlpems/configs/mlpscada1a A q/mlpems/configs/mlpfw1 A q/mlpems/configs/mlpscada2a A q/mlpems/configs/mlpscada1b A q/mlpems/configs/mlpfw2 A q/mlpems/configs/mlpscada2b Checked out revision 21. $ > but if I try to use http: $ > svn co http://localhost/rancid q svn: PROPFIND request failed on '/rancid' svn: Could not open the requested SVN filesystem $ > I'm sure it's something silly, but at a loss. Any suggestions? /etc/rancid/rancid.conf: BASEDIR=/home/rancid; export BASEDIR PATH=/usr/libexec/rancid:/usr/bin:/usr/sbin:/bin:/usr/kerberos/bin:/usr/local/bin:/usr/bin; export PATH # Location of the CVS/SVN repository. Be careful changing this. CVSROOT=$BASEDIR/CVS; export CVSROOT # Location of log files produced by rancid-run(1). LOGDIR=$BASEDIR/logs; export LOGDIR # # Select which RCS system to use, "cvs" (default) or "svn". Do not change # this after CVSROOT has been created with rancid-cvs. Changing between these # requires manual conversions. RCSSYS=svn; export RCSSYS /etc/httpd/conf.d/subversion.conf: $ cat subversion.conf LoadModule dav_svn_module modules/mod_dav_svn.so LoadModule authz_svn_module modules/mod_authz_svn.so DAV svn SVNPath /home/rancid/CVS $ > getfacl /home/rancid getfacl: Removing leading '/' from absolute path names # file: home/rancid # owner: rancid # group: netadm user::rwx group::rwx other::--- default:user::rwx default:user:apache:rwx default:group::rwx default:group:apache:rwx default:mask::rwx default:other::--- $ > getfacl /home/rancid/CVS getfacl: Removing leading '/' from absolute path names # file: home/rancid/CVS # owner: rancid # group: netadm user::rwx group::r-x other::--- default:user::rwx default:user:apache:rwx default:group::r-x default:group:apache:rwx default:mask::rwx default:other::--- $ > httpd -t -D DUMP_MODULES Loaded Modules: core_module (static) mpm_prefork_module (static) http_module (static) so_module (static) auth_basic_module (shared) auth_digest_module (shared) authn_file_module (shared) authn_alias_module (shared) authn_anon_module (shared) authn_dbm_module (shared) authn_default_module (shared) authz_host_module (shared) authz_user_module (shared) authz_owner_module (shared) authz_groupfile_module (shared) authz_dbm_module (shared) authz_default_module (shared) ldap_module (shared) authnz_ldap_module (shared) include_module (shared) log_config_module (shared) logio_module (shared) env_module (shared) ext_filter_module (shared) mime_magic_module (shared) expires_module (shared) deflate_module (shared) headers_module (shared) usertrack_module (shared) setenvif_module (shared) mime_module (shared) dav_module (shared) status_module (shared) autoindex_module (shared) info_module (shared) dav_fs_module (shared) vhost_alias_module (shared) negotiation_module (shared) dir_module (shared) actions_module (shared) speling_module (shared) userdir_module (shared) alias_module (shared) rewrite_module (shared) proxy_module (shared) proxy_balancer_module (shared) proxy_ftp_module (shared) proxy_http_module (shared) proxy_connect_module (shared) cache_module (shared) disk_cache_module (shared) file_cache_module (shared) mem_cache_module (shared) cgi_module (shared) version_module (shared) mysql_auth_module (shared) authz_ldap_module (shared) perl_module (shared) php5_module (shared) proxy_ajp_module (shared) python_module (shared) ssl_module (shared) dav_svn_module (shared) authz_svn_module (shared) Syntax OK $ > From peo at chalmers.se Tue Apr 13 07:56:08 2010 From: peo at chalmers.se (Per-Olof Olsson) Date: Tue, 13 Apr 2010 09:56:08 +0200 Subject: [rancid] Re: Rancid stopped working for my HP switches In-Reply-To: <20100408225400.GA3640@shrubbery.net> References: <4BB63D94.3010906@davidkrider.com> <4A09477D575C2C4B86497161427DD94C149F78863B@city-exchange07> <4BB64B8C.1060208@davidkrider.com> <4A09477D575C2C4B86497161427DD94C149F78863F@city-exchange07> <4BB6D936.7080108@chalmers.se> <20100405221852.GQ8441@shrubbery.net> <4BBAF3BF.6030804@chalmers.se> <20100408225400.GA3640@shrubbery.net> Message-ID: <4BC42398.6080503@chalmers.se> john heasley wrote: > Tue, Apr 06, 2010 at 10:41:35AM +0200, Per-Olof Olsson: >> john heasley wrote: >>> Sat, Apr 03, 2010 at 07:59:18AM +0200, Per-Olof Olsson: >>>> I >>>> >>>> There is some update for code using ssh!. Isn't there missing the >>>> "hpuifilter" to clean some terminal escape codes. >>>> >>>> After adding "hpuifilter --" I start to get output/updates in files. >>>> >>>> >>>> < set retval [ catch {eval spawn [split "$cmd -c $cyphertype -x -l $user >>>> $router" { }]} reason ] >>>> >>>>> set retval [ catch {eval spawn [split "hpuifilter -- $cmd -c $cyphertype -x -l $user $router" { }]} reason ] >>>> -----------------------------------------^^^^^^^^^^^^^^ >>>> >>>> >>>> ## $Id: hlogin.in 2162 2010-03-15 21:20:31Z heas $ >>>> ---------------------------------------------------- >>>> ---> diff hlogin.in.ORG hlogin.in >>>> 220,222c220,221 >>>> < # hp does not autoenable >>>> < #set autoenable 1 >>>> < #set avenable 0 >>>> --- >>>>> set autoenable 1 >>>>> set avenable 0 >>>> 316c315 >>>> < proc login { router user userpswd passwd enapasswd cmethod cyphertype } { >>>> --- >>>>> proc login { router user userpswd passwd enapasswd cmethod cyphertype identfile } { >>>> 342c341,344 >>>> < set retval [ catch {eval spawn [split "$cmd -c $cyphertype >>>> -x -l $user $router" { }]} reason ] >>>> --- >>>>> if {"$identfile" != ""} { >>>>> set cmd "$cmd -i $identfile" >>>>> } >>>>> set retval [ catch {eval spawn [split "hpuifilter -- $cmd -c $cyphertype -x -l $user $router" { }]} reason ] >>>> 603a606,608 >>>>> # device identfile for ssh public key login >>>>> set identfile [join [lindex [find identity $router] 0] ""] >>>>> >>>> 720c725 >>>> < if {[login $router $ruser $userpswd $passwd $enapasswd $cmethod >>>> $cyphertype]} { >>>> --- >>>>> if {[login $router $ruser $userpswd $passwd $enapasswd $cmethod $cyphertype $identfile]} { >>>> ----------------------------------------------------- >>>> >>>> Comment: >>>> For new switches hp do autoenable >>>> Also used to add loggin via ssh public/private keys in my hlogin >>>> (No password/passphrase in .cloin. Part of code copyed from jlogin.) >>> Is it now possible to store a per-user ssh public key in the HP config? >>> And, as peo@ mentions, I presume hpuifilter is still necessary. And, >>> older models will still need to enable. >>> >> ssh login per-user? >> No. For old switches like 2500 and 4100. Only to operator level login >> when using ssh key. >> >> Yes. New switches like 2600/2610, 2800, 2910 you install public keys for >> operator and/or manager level login. I think up to 10 keys each. > > cool. please try the attached hlogin; I've imported the identity file > handling from jlogin in its entirety. hlogin is working but still need some tuning/fixes: 1: When running rancid-run using ssh passphrase I get about randomly 15-20% of switches to timeout during login doing some login retry. Don't know vhy. Is it: - switch working more when login via ssh passphrase - buffering, cleaning terminal escape codes in hpuifilter - timeout when switch try to get/set window size - or ? I exteded the sleep from 1 to 2s and then only 1-2% of switches randmoly show up the login timeout (rancid-run do login retry so you get your info and config from the switch but it's looks cleaner, to not have, that much login timeouts/retry). 2: Do you like use the command line option "-autoenable" to hlogin command when testing/debugging? Update code to do some variable settings by option args. 3: I also notice that the hlogin -S option (save running config on exit) is not working! There was a security issue about that operator was able to save config file... If you like to get to the "save current configuration"-question, you have to run "logout" from manager level. --------------------------------------------------------------- diff -c hlogin.in.ORG+1 hlogin.in *** hlogin.in.ORG+1 Mon Apr 12 07:54:40 2010 --- hlogin.in Mon Apr 12 16:36:15 2010 *************** *** 221,229 **** set avenable 0 # Does tacacs automatically enable us? } -autoenable { ! # hp does not autoenable ! #set autoenable 1 ! #set avenable 0 } -* { send_user "\nError: Unknown argument! $arg\n" send_user $usage --- 221,228 ---- set avenable 0 # Does tacacs automatically enable us? } -autoenable { ! set avautoenable 1 ! set avenable 0 } -* { send_user "\nError: Unknown argument! $arg\n" send_user $usage *************** *** 432,438 **** } -re "Enter passphrase.*: " { # sleep briefly to allow time for stty -echo ! sleep 1 send -- "$passphrase\r" exp_continue } --- 431,437 ---- } -re "Enter passphrase.*: " { # sleep briefly to allow time for stty -echo ! sleep 2 send -- "$passphrase\r" exp_continue *************** *** 564,570 **** } } log_user 1 ! send -h "exit\r" expect { "Do you want to save current configuration" { if {$do_saveconfig} { --- 563,569 ---- } } log_user 1 ! send -h "logout\r" expect { "Do you want to save current configuration" { if {$do_saveconfig} { if {$do_saveconfig} { ------------------------------------------ > >> --------------------------------------------------------- >> hp_switch# copy tftp pub-key-file 1.1.1.1 manager_key >> append Add the key(s) for operator access. >> manager Replace the key(s) for manager access; follow with the >> 'append' option to add the key(s). >> operator Replace the key(s) for operator access (default); follow >> with the 'append' option to add the key(s). >> >> hp_switch# >> --------------------------------------------------------- >> >> ----.cloginrc---------------- >> add method hp_switch ssh >> add password hp_switch x x >> add identity hp_switch /.ssh/key-to-HP >> add autoenable hp_switch 1 add passphrase hp_switch >> >> add method old_hp_switch ssh >> add password old_hp_switch x >> add identity old_hp_switch /.ssh/key-to-HP-rsa1 >> add autoenable old_hp_switch 0 add passphrase old_hp_switch >> ------------------------------ >> (Username config on switches left blank) >> >> Hp count each test for a ssh-key as a login. Default is that you have 3 >> try to login (by ssh key or user/password). It's not working to add a >> long list of keys in ssh config files. Thats why I like to point out key >> files to each switch in the .cloginrc. >> >> Its not secure to not use ssh keys without passphrases. But if you have >> to type it down in .cloginrc... >> Thats why, passphrase settings not in .cloginrc. >> >> >> >> Is't it time to do some updates on hrancid. Grab some more information >> from hp switches. There is info about config files and inventory of >> sfp's for new switches. >> >> Useful? > > sure; please share the diffs and example i/o. > This updates in hrancid.in was included in previous mail but if you like it in diff format... -------------------------------- diff -c hrancid.in.ORG hrancid.in *** hrancid.in.ORG Wed Mar 24 00:33:51 2010 --- hrancid.in Tue Mar 30 10:06:17 2010 *************** *** 223,232 **** if (/memory\s+-\s+total\s+:\s+(\S+)/i) { my($mem) = $1; $mem =~ s/,//g; $mem /= (1024 * 1024); ! ProcessHistory("COMMENTS","keysort","B0",";Memory: " . int($mem) . ! "M\n"); next; } /serial\s+number\s+:\s+(\S+)/i && --- 223,233 ---- if (/memory\s+-\s+total\s+:\s+(\S+)/i) { my($mem) = $1; + my($mem_peo) = $1; $mem =~ s/,//g; $mem /= (1024 * 1024); ! ProcessHistory("COMMENTS","keysort","B0",";Memory: " . $mem_peo . ! " (" . int($mem) . "M)\n"); next; } /serial\s+number\s+:\s+(\S+)/i && *************** *** 283,288 **** --- 284,326 ---- return(0); } + # This routine parses "show tech transceivers" + sub ShowTransceivers { + print STDERR " In ShowTransceivers: $_" if ($debug); + + while () { + tr/\015//d; + last if (/^$prompt/); + next if (/^(\s*|\s*$cmd\s*|transceivers\s*)$/); + return(-1) if (/command authorization failed/i); + return(1) if /^(Invalid|Ambiguous) input:/i; + + s/ Technical Information//i; + + ProcessHistory("COMMENTS","keysort","G0",";$_"); + + } + return(0); + } + + # This routine parses "show config files" + sub ShowConfigFiles { + print STDERR " In ShowConfigFiles: $_" if ($debug); + + while () { + tr/\015//d; + last if (/^$prompt/); + next if (/^(\s*|\s*$cmd\s*)$/); + return(-1) if (/command authorization failed/i); + return(1) if /^(Invalid|Ambiguous) input:/i; + + ProcessHistory("COMMENTS","keysort","H0",";$_"); + + } + return(0); + } + + # This routine processes a "write term" sub WriteTerm { print STDERR " In WriteTerm: $_" if ($debug); *************** *** 291,299 **** tr/\015//d; last if(/^$prompt/); return(-1) if (/command authorization failed/i); - # the pager can not be disabled per-session on the PIX s/^<-+ More -+>\s*//; ! s/^$/;/; # skip the crap /^running configuration:/i && next; --- 329,337 ---- tr/\015//d; last if(/^$prompt/); return(-1) if (/command authorization failed/i); s/^<-+ More -+>\s*//; ! # don't touch emty lines /Peo ! # s/^$/;/; # skip the crap /^running configuration:/i && next; *************** *** 302,307 **** --- 340,346 ---- s/\$(Revision|Id):/ $1:/; /^; (\S+) configuration editor;/i && ProcessHistory("COMMENTS","keysort","A0",";Chassis type: $1\n") && + ProcessHistory("","","",";\n;Running config file:\n$_") && next; # order logging statements - doesnt appear to do syslog as of right now *************** *** 474,479 **** --- 513,520 ---- {'show system information' => 'ShowSystem'}, {'show module' => 'ShowModule'}, {'show stack' => 'ShowStack'}, + {'show tech transceivers' => 'ShowTransceivers'}, + {'show config files' => 'ShowConfigFiles'}, {'write term' => 'WriteTerm'} ); # Use an array to preserve the order of the commands and a hash for mapping *************** *** 539,545 **** ProcessHistory("COMMENTS","keysort","D0",";\n"); # showflash ProcessHistory("COMMENTS","keysort","E0",";\n"); # showmodule ProcessHistory("COMMENTS","keysort","F0",";\n"); # showstack ! ProcessHistory("COMMENTS","keysort","G0",";\n"); TOP: while() { tr/\015//d; if (/$prompt\s*exit\s*$/i) { --- 580,589 ---- ProcessHistory("COMMENTS","keysort","D0",";\n"); # showflash ProcessHistory("COMMENTS","keysort","E0",";\n"); # showmodule ProcessHistory("COMMENTS","keysort","F0",";\n"); # showstack ! ProcessHistory("COMMENTS","keysort","G0",";\n"); # showtechtransceivers ! ProcessHistory("COMMENTS","keysort","H0",";\n"); # showconfigfiles ! ProcessHistory("COMMENTS","keysort","I0",";\n"); ! TOP: while() { tr/\015//d; if (/$prompt\s*exit\s*$/i) { ------------------------------------------------------------------ Also send you the raw output sample, cut/paste from "vi" showing some extra control characters. ----------my_switch.raw------------------------ ... ^Mmy_switch# show tech transceivers^M^M ^M ^Mtransceivers^M ^M^M ^MTransceiver Technical Information: ^M ^M Port # | Type | Prod # | Serial # | Part # ^M ^M -------+-----------+--------+------------------+----------^M ^M 51 | 1000SX | J4858B | XXXXXX | ^M ^M^M ^M^M ^Mmy_switch# show config files^M^M ^M ^MConfiguration files:^M ^M^M ^M id | act pri sec | name^M ^M ---+-------------+------------------------------------------------^M ^M 1 | * * * | config1^M ^M 2 | | ^M ^M 3 | | ^M ^M^M ^Mmy_switch# ... ------------------------- >> Rancid output to switch file from "show tech transceivers" and "show >> config files" commands >> ... >> ;Transceiver: >> ; Port # | Type | Prod # | Serial # | Part # >> ; -------+-----------+--------+------------------+---------- >> ; 51 | 1000SX | J4858B | PXXXXX | >> ; >> ;Configuration files: >> ; id | act pri sec | name >> ; ---+-------------+------------------------------------------------ >> ; 1 | * * * | config1 >> ; 2 | | >> ; 3 | | >> ; >> ... >> >> >> Updated to rancid 2.3.3 this morning and it run nicely on about 200 hp >> switches using included hrancid.in and hlogin.in. /Peo ---------------------------------------------------------- Per-Olof Olsson Email: peo at chalmers.se Chalmers tekniska h?gskola IT-service H?rsalsv?gen 5 412 96 G?teborg Tel: 031/772 6738 Fax: 031/772 8660 ---------------------------------------------------------- From wpereira at pop-sp.rnp.br Tue Apr 13 11:58:44 2010 From: wpereira at pop-sp.rnp.br (Wagner Pereira) Date: Tue, 13 Apr 2010 08:58:44 -0300 Subject: [rancid] Re: New device on .cloginrc In-Reply-To: <5DC4853C6CC3EE4788779E0726E034DD1D27AF@zy-ex1.zyedge.local> References: <4BC38F0D.5060006@pop-sp.rnp.br> <5DC4853C6CC3EE4788779E0726E034DD1D27AF@zy-ex1.zyedge.local> Message-ID: <4BC45C74.7010809@pop-sp.rnp.br> Hi, Ryan and Andrew. You both were right. I just included one new line in my router.db file and it is started to try diff it. But, in my log I noticed the Rancid isn't able to get the configs: "cannot open file 10.0.0.2 for comparing: Permission denied" (This is not the real IP!) There is Radius implemented in that device. Can it be the problem? Hugs, -- Wagner Pereira PoP-SP/RNP - Ponto de Presen?a da RNP em S?o Paulo CCE/USP - Centro de Computa??o Eletr?nica da Universidade de S?o Paulo http://www.pop-sp.rnp.br Tel. (11) 3091-8901 Em 12/4/2010 18:24, Ryan West escreveu: > > >> -----Original Message----- >> From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss- >> bounces at shrubbery.net] On Behalf Of Wagner Pereira >> Sent: Monday, April 12, 2010 5:22 PM >> To: Rancid Mailing List >> Subject: [rancid] New device on .cloginrc >> >> Hi, all. >> >> What should I do after include a new device in the .cloginrc file? >> >> I noticed after I did that, Rancid didn't create a new file in the >> config directory. >> >> > Update var//router.db with your new device and set it to up. > > -ryan > From marty at supine.com Tue Apr 13 12:05:35 2010 From: marty at supine.com (Martin Barry) Date: Tue, 13 Apr 2010 14:05:35 +0200 Subject: [rancid] Re: New device on .cloginrc In-Reply-To: <4BC45C74.7010809@pop-sp.rnp.br> References: <4BC38F0D.5060006@pop-sp.rnp.br> <5DC4853C6CC3EE4788779E0726E034DD1D27AF@zy-ex1.zyedge.local> <4BC45C74.7010809@pop-sp.rnp.br> Message-ID: <20100413120535.GA9580@merboo.mamista.net> $quoted_author = "Wagner Pereira" ; > > But, in my log I noticed the Rancid isn't able to get the configs: > "cannot open file 10.0.0.2 for comparing: Permission denied" > (This is not the real IP!) This sounds like either a file or directory permission issue. What user is rancid running as and do they have the appropriate permission in the working directory? > There is Radius implemented in that device. Can it be the problem? You can double check that by manually running clogin which will test logging into the device. cheers Marty From rwest at zyedge.com Tue Apr 13 12:07:39 2010 From: rwest at zyedge.com (Ryan West) Date: Tue, 13 Apr 2010 12:07:39 +0000 Subject: [rancid] Re: New device on .cloginrc In-Reply-To: <4BC45C74.7010809@pop-sp.rnp.br> References: <4BC38F0D.5060006@pop-sp.rnp.br> <5DC4853C6CC3EE4788779E0726E034DD1D27AF@zy-ex1.zyedge.local> <4BC45C74.7010809@pop-sp.rnp.br> Message-ID: <110856C5-C859-4049-8B2E-B15C1C10320F@zyedge.com> Sounds like your confiig and/or cvs/svn directories are owned by root. Did you ever go back and correct the permissions from your install? Sent from handheld. On Apr 13, 2010, at 8:00 AM, "Wagner Pereira" wrote: > Hi, Ryan and Andrew. > > You both were right. I just included one new line in my router.db file > and it is started to try diff it. > > But, in my log I noticed the Rancid isn't able to get the configs: > "cannot open file 10.0.0.2 for comparing: Permission denied" > (This is not the real IP!) > > There is Radius implemented in that device. Can it be the problem? > > Hugs, > > -- > > Wagner Pereira > > PoP-SP/RNP - Ponto de Presen?a da RNP em S?o Paulo > CCE/USP - Centro de Computa??o Eletr?nica da Universidade de S?o > Paulo > http://www.pop-sp.rnp.br > Tel. (11) 3091-8901 > > > Em 12/4/2010 18:24, Ryan West escreveu: >> >> >>> -----Original Message----- >>> From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss- >>> bounces at shrubbery.net] On Behalf Of Wagner Pereira >>> Sent: Monday, April 12, 2010 5:22 PM >>> To: Rancid Mailing List >>> Subject: [rancid] New device on .cloginrc >>> >>> Hi, all. >>> >>> What should I do after include a new device in the .cloginrc file? >>> >>> I noticed after I did that, Rancid didn't create a new file in the >>> config directory. >>> >>> >> Update var//router.db with your new device and set it >> to up. >> >> -ryan >> > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss From wpereira at pop-sp.rnp.br Tue Apr 13 13:33:43 2010 From: wpereira at pop-sp.rnp.br (Wagner Pereira) Date: Tue, 13 Apr 2010 10:33:43 -0300 Subject: [rancid] Re: New device on .cloginrc In-Reply-To: <20100413120535.GA9580@merboo.mamista.net> References: <4BC38F0D.5060006@pop-sp.rnp.br> <5DC4853C6CC3EE4788779E0726E034DD1D27AF@zy-ex1.zyedge.local> <4BC45C74.7010809@pop-sp.rnp.br> <20100413120535.GA9580@merboo.mamista.net> Message-ID: <4BC472B7.4080204@pop-sp.rnp.br> Hi, Marty. It sounds wrong, I suppose, because the Rancid is still running over other device perfectly. Then, I ran this: ---------------------- /home/rancid/bin/clogin 10.0.0.2 10.0.0.2 spawn telnet 10.0.0.2 Trying 10.0.0.2... telnet: Unable to connect to remote host: Connection refused spawn ssh -c 3des -x -l root 10.0.0.2 ssh_rsa_verify: RSA modulus too small: 512 < minimum 768 bits key_verify failed for server_host_key Error: Couldn't login: 10.0.0.2 ---------------------- What does it mean? Thanks. -- Wagner Pereira PoP-SP/RNP - Ponto de Presen?a da RNP em S?o Paulo CCE/USP - Centro de Computa??o Eletr?nica da Universidade de S?o Paulo http://www.pop-sp.rnp.br Tel. (11) 3091-8901 Em 13/4/2010 09:05, Martin Barry escreveu: > $quoted_author = "Wagner Pereira" ; > >> But, in my log I noticed the Rancid isn't able to get the configs: >> "cannot open file 10.0.0.2 for comparing: Permission denied" >> (This is not the real IP!) >> > This sounds like either a file or directory permission issue. What user is > rancid running as and do they have the appropriate permission in the working > directory? > > > >> There is Radius implemented in that device. Can it be the problem? >> > You can double check that by manually running clogin which will test logging > into the device. > > cheers > Marty > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > From rwest at zyedge.com Tue Apr 13 13:41:26 2010 From: rwest at zyedge.com (Ryan West) Date: Tue, 13 Apr 2010 13:41:26 +0000 Subject: [rancid] Re: New device on .cloginrc In-Reply-To: <4BC472B7.4080204@pop-sp.rnp.br> References: <4BC38F0D.5060006@pop-sp.rnp.br> <5DC4853C6CC3EE4788779E0726E034DD1D27AF@zy-ex1.zyedge.local> <4BC45C74.7010809@pop-sp.rnp.br> <20100413120535.GA9580@merboo.mamista.net> <4BC472B7.4080204@pop-sp.rnp.br> Message-ID: <5DC4853C6CC3EE4788779E0726E034DD1D3CA7@zy-ex1.zyedge.local> > -----Original Message----- > Sent: Tuesday, April 13, 2010 9:34 AM > To: rancid-discuss at shrubbery.net > Subject: [rancid] Re: New device on .cloginrc > > Hi, Marty. > > It sounds wrong, I suppose, because the Rancid is still running over > other device perfectly. > > Then, I ran this: > ---------------------- > /home/rancid/bin/clogin 10.0.0.2 > 10.0.0.2 > spawn telnet 10.0.0.2 > Trying 10.0.0.2... > telnet: Unable to connect to remote host: Connection refused > spawn ssh -c 3des -x -l root 10.0.0.2 > ssh_rsa_verify: RSA modulus too small: 512 < minimum 768 bits > key_verify failed for server_host_key > > Error: Couldn't login: 10.0.0.2 > ---------------------- Try googling the ss_rsa_verify output. I imagine the device you're connecting to is rather old, you should try to run a 1024 bit key at the minimum. I would recommend using a 2048 bit key if you can, but if it's an older device, be prepared to wait a while. You may be able to change how RANCID connects to the device, but I think you would be off gen'ing a new key on the device instead. -ryan From rancid at ale.cx Tue Apr 13 17:21:55 2010 From: rancid at ale.cx (Alex DEKKER) Date: Tue, 13 Apr 2010 18:21:55 +0100 Subject: [rancid] Re: svn, apache probably a config question? In-Reply-To: <27B58F038E8FC24680CE64F6CDC508E590A517DA8A@mlpsmail01.mlp.muniverse.net> References: <27B58F038E8FC24680CE64F6CDC508E590A517DA8A@mlpsmail01.mlp.muniverse.net> Message-ID: <201004131821.55668.rancid@ale.cx> On Tuesday 13 April 2010 01:34:13 Thomison, Lee wrote: > /etc/httpd/conf.d/subversion.conf: > > > $ cat subversion.conf > > LoadModule dav_svn_module modules/mod_dav_svn.so > LoadModule authz_svn_module modules/mod_authz_svn.so > > > > DAV svn > SVNPath /home/rancid/CVS Does the CVS/ directory exist? Does an SVN repo really use 'CVS/' to keep itself in? > > alexd From heas at shrubbery.net Tue Apr 13 18:06:47 2010 From: heas at shrubbery.net (john heasley) Date: Tue, 13 Apr 2010 11:06:47 -0700 Subject: [rancid] Re: svn, apache probably a config question? In-Reply-To: <201004131821.55668.rancid@ale.cx> References: <27B58F038E8FC24680CE64F6CDC508E590A517DA8A@mlpsmail01.mlp.muniverse.net> <201004131821.55668.rancid@ale.cx> Message-ID: <20100413180647.GK11287@shrubbery.net> Tue, Apr 13, 2010 at 06:21:55PM +0100, Alex DEKKER: > On Tuesday 13 April 2010 01:34:13 Thomison, Lee wrote: > > > /etc/httpd/conf.d/subversion.conf: > > > > > > $ cat subversion.conf > > > > LoadModule dav_svn_module modules/mod_dav_svn.so > > LoadModule authz_svn_module modules/mod_authz_svn.so > > > > > > > > DAV svn > > SVNPath /home/rancid/CVS > > Does the CVS/ directory exist? Does an SVN repo really use 'CVS/' to keep > itself in? it doesnt, but the user could have placed the svn repository anywhere. i have no experience accessing svn through apache, but as alex suggests, check the permissions on the repository for the apache process owner, that svn ls file:///home/rancid/CVS works, that apache isn't chroot'ed or similarly have a modified path, etc. you might check the svn "redbook" for configuration hints. From ThomisonL at muni.org Tue Apr 13 18:16:57 2010 From: ThomisonL at muni.org (Thomison, Lee) Date: Tue, 13 Apr 2010 10:16:57 -0800 Subject: [rancid] Re: svn, apache probably a config question? In-Reply-To: <27B58F038E8FC24680CE64F6CDC508E590A517DA8A@mlpsmail01.mlp.muniverse.net> References: <27B58F038E8FC24680CE64F6CDC508E590A517DA8A@mlpsmail01.mlp.muniverse.net> Message-ID: <27B58F038E8FC24680CE64F6CDC508E590A512CADB@mlpsmail01.mlp.muniverse.net> Turns out that explicitly setting the group ownership of /home/rancid to 'apache' makes everything work as expected. Apparently just setting an acl for apache isn't good enough. I'm not sure this is the right solution; in fact it's probably not. ACL's should be good enough. But I'd guess this is more an apache/svn_dav issue than a rancid issue. And I need to move on to other things. From wpereira at pop-sp.rnp.br Tue Apr 13 19:46:57 2010 From: wpereira at pop-sp.rnp.br (Wagner Pereira) Date: Tue, 13 Apr 2010 16:46:57 -0300 Subject: [rancid] Re: New device on .cloginrc In-Reply-To: <5DC4853C6CC3EE4788779E0726E034DD1D3CA7@zy-ex1.zyedge.local> References: <4BC38F0D.5060006@pop-sp.rnp.br> <5DC4853C6CC3EE4788779E0726E034DD1D27AF@zy-ex1.zyedge.local> <4BC45C74.7010809@pop-sp.rnp.br> <20100413120535.GA9580@merboo.mamista.net> <4BC472B7.4080204@pop-sp.rnp.br> <5DC4853C6CC3EE4788779E0726E034DD1D3CA7@zy-ex1.zyedge.local> Message-ID: <4BC4CA31.9030106@pop-sp.rnp.br> Ryan, You were right concerning to the rsa key. I ran the "crypto key generate rsa" command in my Cisco router, choosing 1024 bits. It worked. But now the error changed, as follows (it seems like the ssh connection method was not tried): --------------------- /home/rancid/bin/clogin 10.0.0.2 10.0.0.2 spawn telnet 10.0.0.2 Trying 10.0.0.2... telnet: Unable to connect to remote host: No route to host Error: Couldn't login: 10.0.0.2 --------------------- What's next? -- Wagner Pereira PoP-SP/RNP - Ponto de Presen?a da RNP em S?o Paulo CCE/USP - Centro de Computa??o Eletr?nica da Universidade de S?o Paulo http://www.pop-sp.rnp.br Tel. (11) 3091-8901 Em 13/4/2010 10:41, Ryan West escreveu: > > >> -----Original Message----- >> Sent: Tuesday, April 13, 2010 9:34 AM >> To: rancid-discuss at shrubbery.net >> Subject: [rancid] Re: New device on .cloginrc >> >> Hi, Marty. >> >> It sounds wrong, I suppose, because the Rancid is still running over >> other device perfectly. >> >> Then, I ran this: >> ---------------------- >> /home/rancid/bin/clogin 10.0.0.2 >> 10.0.0.2 >> spawn telnet 10.0.0.2 >> Trying 10.0.0.2... >> telnet: Unable to connect to remote host: Connection refused >> spawn ssh -c 3des -x -l root 10.0.0.2 >> ssh_rsa_verify: RSA modulus too small: 512< minimum 768 bits >> key_verify failed for server_host_key >> >> Error: Couldn't login: 10.0.0.2 >> ---------------------- >> > Try googling the ss_rsa_verify output. I imagine the device you're connecting to is rather old, you should try to run a 1024 bit key at the minimum. I would recommend using a 2048 bit key if you can, but if it's an older device, be prepared to wait a while. You may be able to change how RANCID connects to the device, but I think you would be off gen'ing a new key on the device instead. > > -ryan > From rwest at zyedge.com Tue Apr 13 19:54:48 2010 From: rwest at zyedge.com (Ryan West) Date: Tue, 13 Apr 2010 19:54:48 +0000 Subject: [rancid] Re: New device on .cloginrc In-Reply-To: <4BC4CA31.9030106@pop-sp.rnp.br> References: <4BC38F0D.5060006@pop-sp.rnp.br> <5DC4853C6CC3EE4788779E0726E034DD1D27AF@zy-ex1.zyedge.local> <4BC45C74.7010809@pop-sp.rnp.br> <20100413120535.GA9580@merboo.mamista.net> <4BC472B7.4080204@pop-sp.rnp.br> <5DC4853C6CC3EE4788779E0726E034DD1D3CA7@zy-ex1.zyedge.local> <4BC4CA31.9030106@pop-sp.rnp.br> Message-ID: <5DC4853C6CC3EE4788779E0726E034DD1D4B1E@zy-ex1.zyedge.local> Command line check that you connect to that device using telnet or ssh. If you can't, fix that first. If you want to connect via SSH, then change your connection method in your .cloginrc file. -ryan > -----Original Message----- > From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss- > bounces at shrubbery.net] On Behalf Of Wagner Pereira > Sent: Tuesday, April 13, 2010 3:47 PM > Cc: rancid-discuss at shrubbery.net > Subject: [rancid] Re: New device on .cloginrc > > Ryan, > > You were right concerning to the rsa key. > > I ran the "crypto key generate rsa" command in my Cisco router, choosing > 1024 bits. It worked. > > But now the error changed, as follows (it seems like the ssh connection > method was not tried): > > --------------------- > /home/rancid/bin/clogin 10.0.0.2 > 10.0.0.2 > spawn telnet 10.0.0.2 > Trying 10.0.0.2... > telnet: Unable to connect to remote host: No route to host > > Error: Couldn't login: 10.0.0.2 > --------------------- > > What's next? > > -- > > Wagner Pereira > > PoP-SP/RNP - Ponto de Presen?a da RNP em S?o Paulo > CCE/USP - Centro de Computa??o Eletr?nica da Universidade de S?o Paulo > http://www.pop-sp.rnp.br > Tel. (11) 3091-8901 > > > Em 13/4/2010 10:41, Ryan West escreveu: > > > > > >> -----Original Message----- > >> Sent: Tuesday, April 13, 2010 9:34 AM > >> To: rancid-discuss at shrubbery.net > >> Subject: [rancid] Re: New device on .cloginrc > >> > >> Hi, Marty. > >> > >> It sounds wrong, I suppose, because the Rancid is still running over > >> other device perfectly. > >> > >> Then, I ran this: > >> ---------------------- > >> /home/rancid/bin/clogin 10.0.0.2 > >> 10.0.0.2 > >> spawn telnet 10.0.0.2 > >> Trying 10.0.0.2... > >> telnet: Unable to connect to remote host: Connection refused > >> spawn ssh -c 3des -x -l root 10.0.0.2 > >> ssh_rsa_verify: RSA modulus too small: 512< minimum 768 bits > >> key_verify failed for server_host_key > >> > >> Error: Couldn't login: 10.0.0.2 > >> ---------------------- > >> > > Try googling the ss_rsa_verify output. I imagine the device you're > connecting to is rather old, you should try to run a 1024 bit key at the > minimum. I would recommend using a 2048 bit key if you can, but if it's an > older device, be prepared to wait a while. You may be able to change how > RANCID connects to the device, but I think you would be off gen'ing a new key > on the device instead. > > > > -ryan > > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss From wpereira at pop-sp.rnp.br Tue Apr 13 20:19:44 2010 From: wpereira at pop-sp.rnp.br (Wagner Pereira) Date: Tue, 13 Apr 2010 17:19:44 -0300 Subject: [rancid] Re: New device on .cloginrc In-Reply-To: <5DC4853C6CC3EE4788779E0726E034DD1D4B1E@zy-ex1.zyedge.local> References: <4BC38F0D.5060006@pop-sp.rnp.br> <5DC4853C6CC3EE4788779E0726E034DD1D27AF@zy-ex1.zyedge.local> <4BC45C74.7010809@pop-sp.rnp.br> <20100413120535.GA9580@merboo.mamista.net> <4BC472B7.4080204@pop-sp.rnp.br> <5DC4853C6CC3EE4788779E0726E034DD1D3CA7@zy-ex1.zyedge.local> <4BC4CA31.9030106@pop-sp.rnp.br> <5DC4853C6CC3EE4788779E0726E034DD1D4B1E@zy-ex1.zyedge.local> Message-ID: <4BC4D1E0.9050502@pop-sp.rnp.br> Ryan, I changed this: add method 10.0.0.2 {telnet} {ssh} To this: add method 10.0.0.2 {ssh} {telnet} But now, the error has changed...(ok, if "Update the SSH known_hosts file accordingly." is the answer, how can I do that?) ----------------------- /home/rancid/bin/clogin 10.0.0.2 10.0.0.2 spawn telnet 10.0.0.2 Trying 10.0.0.2... telnet: Unable to connect to remote host: Connection refused spawn ssh -c 3des -x -l root 10.0.0.2 @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY! Someone could be eavesdropping on you right now (man-in-the-middle attack)! It is also possible that the RSA host key has just been changed. The fingerprint for the RSA key sent by the remote host is 8f:23:61:b6:03:36:e0:7c:d2:e6:5c:0c:37:5d:c5:fe. Please contact your system administrator. Add correct host key in /root/.ssh/known_hosts to get rid of this message. Offending key in /root/.ssh/known_hosts:1 RSA host key for 10.0.0.2 has changed and you have requested strict checking. Host key verification failed. Error: The host key for 10.0.0.2 has changed. Update the SSH known_hosts file accordingly. ----------------------- -- Wagner Pereira PoP-SP/RNP - Ponto de Presen?a da RNP em S?o Paulo CCE/USP - Centro de Computa??o Eletr?nica da Universidade de S?o Paulo http://www.pop-sp.rnp.br Tel. (11) 3091-8901 Em 13/4/2010 16:54, Ryan West escreveu: > Command line check that you connect to that device using telnet or ssh. If you can't, fix that first. If you want to connect via SSH, then change your connection method in your .cloginrc file. > > -ryan > > >> -----Original Message----- >> From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss- >> bounces at shrubbery.net] On Behalf Of Wagner Pereira >> Sent: Tuesday, April 13, 2010 3:47 PM >> Cc: rancid-discuss at shrubbery.net >> Subject: [rancid] Re: New device on .cloginrc >> >> Ryan, >> >> You were right concerning to the rsa key. >> >> I ran the "crypto key generate rsa" command in my Cisco router, choosing >> 1024 bits. It worked. >> >> But now the error changed, as follows (it seems like the ssh connection >> method was not tried): >> >> --------------------- >> /home/rancid/bin/clogin 10.0.0.2 >> 10.0.0.2 >> spawn telnet 10.0.0.2 >> Trying 10.0.0.2... >> telnet: Unable to connect to remote host: No route to host >> >> Error: Couldn't login: 10.0.0.2 >> --------------------- >> >> What's next? >> >> -- >> >> Wagner Pereira >> >> PoP-SP/RNP - Ponto de Presen?a da RNP em S?o Paulo >> CCE/USP - Centro de Computa??o Eletr?nica da Universidade de S?o Paulo >> http://www.pop-sp.rnp.br >> Tel. (11) 3091-8901 >> >> >> Em 13/4/2010 10:41, Ryan West escreveu: >> >>> >>> >>>> -----Original Message----- >>>> Sent: Tuesday, April 13, 2010 9:34 AM >>>> To: rancid-discuss at shrubbery.net >>>> Subject: [rancid] Re: New device on .cloginrc >>>> >>>> Hi, Marty. >>>> >>>> It sounds wrong, I suppose, because the Rancid is still running over >>>> other device perfectly. >>>> >>>> Then, I ran this: >>>> ---------------------- >>>> /home/rancid/bin/clogin 10.0.0.2 >>>> 10.0.0.2 >>>> spawn telnet 10.0.0.2 >>>> Trying 10.0.0.2... >>>> telnet: Unable to connect to remote host: Connection refused >>>> spawn ssh -c 3des -x -l root 10.0.0.2 >>>> ssh_rsa_verify: RSA modulus too small: 512< minimum 768 bits >>>> key_verify failed for server_host_key >>>> >>>> Error: Couldn't login: 10.0.0.2 >>>> ---------------------- >>>> >>>> >>> Try googling the ss_rsa_verify output. I imagine the device you're >>> >> connecting to is rather old, you should try to run a 1024 bit key at the >> minimum. I would recommend using a 2048 bit key if you can, but if it's an >> older device, be prepared to wait a while. You may be able to change how >> RANCID connects to the device, but I think you would be off gen'ing a new key >> on the device instead. >> >>> -ryan >>> >>> >> _______________________________________________ >> Rancid-discuss mailing list >> Rancid-discuss at shrubbery.net >> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss >> From bmahaffey at pelco.com Tue Apr 13 20:28:59 2010 From: bmahaffey at pelco.com (Mahaffey, Brian) Date: Tue, 13 Apr 2010 13:28:59 -0700 Subject: [rancid] Re: New device on .cloginrc In-Reply-To: <4BC4D1E0.9050502@pop-sp.rnp.br> References: <4BC38F0D.5060006@pop-sp.rnp.br> <5DC4853C6CC3EE4788779E0726E034DD1D27AF@zy-ex1.zyedge.local> <4BC45C74.7010809@pop-sp.rnp.br> <20100413120535.GA9580@merboo.mamista.net> <4BC472B7.4080204@pop-sp.rnp.br> <5DC4853C6CC3EE4788779E0726E034DD1D3CA7@zy-ex1.zyedge.local><4BC4CA31.9030106@pop-sp.rnp.br><5DC4853C6CC3EE4788779E0726E034DD1D4B1E@zy-ex1.zyedge.local> <4BC4D1E0.9050502@pop-sp.rnp.br> Message-ID: <4BBAF403456ED74981E7164ED3A4C22401DF815C@CA-EVS02.pelco.org> http://lmgtfy.com/?q=Offending+key+in+%2Froot%2F.ssh%2Fknown_hosts rm -rf /root/.ssh/known_hosts -----Original Message----- From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Wagner Pereira Sent: Tuesday, April 13, 2010 1:20 PM To: Rancid Mailing List Subject: [rancid] Re: New device on .cloginrc Ryan, I changed this: add method 10.0.0.2 {telnet} {ssh} To this: add method 10.0.0.2 {ssh} {telnet} But now, the error has changed...(ok, if "Update the SSH known_hosts file accordingly." is the answer, how can I do that?) ----------------------- /home/rancid/bin/clogin 10.0.0.2 10.0.0.2 spawn telnet 10.0.0.2 Trying 10.0.0.2... telnet: Unable to connect to remote host: Connection refused spawn ssh -c 3des -x -l root 10.0.0.2 @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY! Someone could be eavesdropping on you right now (man-in-the-middle attack)! It is also possible that the RSA host key has just been changed. The fingerprint for the RSA key sent by the remote host is 8f:23:61:b6:03:36:e0:7c:d2:e6:5c:0c:37:5d:c5:fe. Please contact your system administrator. Add correct host key in /root/.ssh/known_hosts to get rid of this message. Offending key in /root/.ssh/known_hosts:1 RSA host key for 10.0.0.2 has changed and you have requested strict checking. Host key verification failed. Error: The host key for 10.0.0.2 has changed. Update the SSH known_hosts file accordingly. ----------------------- -- Wagner Pereira PoP-SP/RNP - Ponto de Presen?a da RNP em S?o Paulo CCE/USP - Centro de Computa??o Eletr?nica da Universidade de S?o Paulo http://www.pop-sp.rnp.br Tel. (11) 3091-8901 Em 13/4/2010 16:54, Ryan West escreveu: > Command line check that you connect to that device using telnet or ssh. If you can't, fix that first. If you want to connect via SSH, then change your connection method in your .cloginrc file. > > -ryan > > >> -----Original Message----- >> From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss- >> bounces at shrubbery.net] On Behalf Of Wagner Pereira >> Sent: Tuesday, April 13, 2010 3:47 PM >> Cc: rancid-discuss at shrubbery.net >> Subject: [rancid] Re: New device on .cloginrc >> >> Ryan, >> >> You were right concerning to the rsa key. >> >> I ran the "crypto key generate rsa" command in my Cisco router, choosing >> 1024 bits. It worked. >> >> But now the error changed, as follows (it seems like the ssh connection >> method was not tried): >> >> --------------------- >> /home/rancid/bin/clogin 10.0.0.2 >> 10.0.0.2 >> spawn telnet 10.0.0.2 >> Trying 10.0.0.2... >> telnet: Unable to connect to remote host: No route to host >> >> Error: Couldn't login: 10.0.0.2 >> --------------------- >> >> What's next? >> >> -- >> >> Wagner Pereira >> >> PoP-SP/RNP - Ponto de Presen?a da RNP em S?o Paulo >> CCE/USP - Centro de Computa??o Eletr?nica da Universidade de S?o Paulo >> http://www.pop-sp.rnp.br >> Tel. (11) 3091-8901 >> >> >> Em 13/4/2010 10:41, Ryan West escreveu: >> >>> >>> >>>> -----Original Message----- >>>> Sent: Tuesday, April 13, 2010 9:34 AM >>>> To: rancid-discuss at shrubbery.net >>>> Subject: [rancid] Re: New device on .cloginrc >>>> >>>> Hi, Marty. >>>> >>>> It sounds wrong, I suppose, because the Rancid is still running over >>>> other device perfectly. >>>> >>>> Then, I ran this: >>>> ---------------------- >>>> /home/rancid/bin/clogin 10.0.0.2 >>>> 10.0.0.2 >>>> spawn telnet 10.0.0.2 >>>> Trying 10.0.0.2... >>>> telnet: Unable to connect to remote host: Connection refused >>>> spawn ssh -c 3des -x -l root 10.0.0.2 >>>> ssh_rsa_verify: RSA modulus too small: 512< minimum 768 bits >>>> key_verify failed for server_host_key >>>> >>>> Error: Couldn't login: 10.0.0.2 >>>> ---------------------- >>>> >>>> >>> Try googling the ss_rsa_verify output. I imagine the device you're >>> >> connecting to is rather old, you should try to run a 1024 bit key at the >> minimum. I would recommend using a 2048 bit key if you can, but if it's an >> older device, be prepared to wait a while. You may be able to change how >> RANCID connects to the device, but I think you would be off gen'ing a new key >> on the device instead. >> >>> -ryan >>> >>> >> _______________________________________________ >> Rancid-discuss mailing list >> Rancid-discuss at shrubbery.net >> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss >> _______________________________________________ Rancid-discuss mailing list Rancid-discuss at shrubbery.net http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss This transmission is intended only for use by the intended recipient(s). If you are not an intended recipient you should not read, disclose copy, circulate or in any other way use the information contained in this transmission. The information contained in this transmission may be confidential and/or privileged. If you have received this transmission in error, please notify the sender immediately and delete this transmission including any attachments. From jethro.binks at strath.ac.uk Tue Apr 13 20:43:48 2010 From: jethro.binks at strath.ac.uk (Jethro R Binks) Date: Tue, 13 Apr 2010 21:43:48 +0100 (BST) Subject: [rancid] Re: New device on .cloginrc In-Reply-To: <4BBAF403456ED74981E7164ED3A4C22401DF815C@CA-EVS02.pelco.org> References: <4BC38F0D.5060006@pop-sp.rnp.br> <5DC4853C6CC3EE4788779E0726E034DD1D27AF@zy-ex1.zyedge.local> <4BC45C74.7010809@pop-sp.rnp.br> <20100413120535.GA9580@merboo.mamista.net> <4BC472B7.4080204@pop-sp.rnp.br> <5DC4853C6CC3EE4788779E0726E034DD1D3CA7@zy-ex1.zyedge.local><4BC4CA31.9030106@pop-sp.rnp.br><5DC4853C6CC3EE4788779E0726E034DD1D4B1E@zy-ex1.zyedge.local> <4BC4D1E0.9050502@pop-sp.rnp.br> <4BBAF403456ED74981E7164ED3A4C22401DF815C@CA-EVS02.pelco.org> Message-ID: On Tue, 13 Apr 2010, Mahaffey, Brian wrote: > http://lmgtfy.com/?q=Offending+key+in+%2Froot%2F.ssh%2Fknown_hosts > > rm -rf /root/.ssh/known_hosts Which will blow away the cached keys of all the known hosts. Probably better to edit that file, and selectively delete the entries for 10.0.0.2. Jethro. > > > -----Original Message----- > From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Wagner Pereira > Sent: Tuesday, April 13, 2010 1:20 PM > To: Rancid Mailing List > Subject: [rancid] Re: New device on .cloginrc > > Ryan, > > I changed this: > add method 10.0.0.2 {telnet} {ssh} > > To this: > add method 10.0.0.2 {ssh} {telnet} > > > But now, the error has changed...(ok, if "Update the SSH known_hosts > file accordingly." is the answer, how can I do that?) > > ----------------------- > /home/rancid/bin/clogin 10.0.0.2 > 10.0.0.2 > spawn telnet 10.0.0.2 > Trying 10.0.0.2... > telnet: Unable to connect to remote host: Connection refused > spawn ssh -c 3des -x -l root 10.0.0.2 > @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ > @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @ > @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ > IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY! > Someone could be eavesdropping on you right now (man-in-the-middle attack)! > It is also possible that the RSA host key has just been changed. > The fingerprint for the RSA key sent by the remote host is > 8f:23:61:b6:03:36:e0:7c:d2:e6:5c:0c:37:5d:c5:fe. > Please contact your system administrator. > Add correct host key in /root/.ssh/known_hosts to get rid of this message. > Offending key in /root/.ssh/known_hosts:1 > RSA host key for 10.0.0.2 has changed and you have requested strict > checking. > Host key verification failed. > > Error: The host key for 10.0.0.2 has changed. Update the SSH > known_hosts file accordingly. > ----------------------- > > -- > > Wagner Pereira > > PoP-SP/RNP - Ponto de Presen?a da RNP em S?o Paulo > CCE/USP - Centro de Computa??o Eletr?nica da Universidade de S?o Paulo > http://www.pop-sp.rnp.br > Tel. (11) 3091-8901 > > > Em 13/4/2010 16:54, Ryan West escreveu: > > Command line check that you connect to that device using telnet or ssh. If you can't, fix that first. If you want to connect via SSH, then change your connection method in your .cloginrc file. > > > > -ryan > > > > > >> -----Original Message----- > >> From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss- > >> bounces at shrubbery.net] On Behalf Of Wagner Pereira > >> Sent: Tuesday, April 13, 2010 3:47 PM > >> Cc: rancid-discuss at shrubbery.net > >> Subject: [rancid] Re: New device on .cloginrc > >> > >> Ryan, > >> > >> You were right concerning to the rsa key. > >> > >> I ran the "crypto key generate rsa" command in my Cisco router, choosing > >> 1024 bits. It worked. > >> > >> But now the error changed, as follows (it seems like the ssh connection > >> method was not tried): > >> > >> --------------------- > >> /home/rancid/bin/clogin 10.0.0.2 > >> 10.0.0.2 > >> spawn telnet 10.0.0.2 > >> Trying 10.0.0.2... > >> telnet: Unable to connect to remote host: No route to host > >> > >> Error: Couldn't login: 10.0.0.2 > >> --------------------- > >> > >> What's next? > >> > >> -- > >> > >> Wagner Pereira > >> > >> PoP-SP/RNP - Ponto de Presen?a da RNP em S?o Paulo > >> CCE/USP - Centro de Computa??o Eletr?nica da Universidade de S?o Paulo > >> http://www.pop-sp.rnp.br > >> Tel. (11) 3091-8901 > >> > >> > >> Em 13/4/2010 10:41, Ryan West escreveu: > >> > >>> > >>> > >>>> -----Original Message----- > >>>> Sent: Tuesday, April 13, 2010 9:34 AM > >>>> To: rancid-discuss at shrubbery.net > >>>> Subject: [rancid] Re: New device on .cloginrc > >>>> > >>>> Hi, Marty. > >>>> > >>>> It sounds wrong, I suppose, because the Rancid is still running over > >>>> other device perfectly. > >>>> > >>>> Then, I ran this: > >>>> ---------------------- > >>>> /home/rancid/bin/clogin 10.0.0.2 > >>>> 10.0.0.2 > >>>> spawn telnet 10.0.0.2 > >>>> Trying 10.0.0.2... > >>>> telnet: Unable to connect to remote host: Connection refused > >>>> spawn ssh -c 3des -x -l root 10.0.0.2 > >>>> ssh_rsa_verify: RSA modulus too small: 512< minimum 768 bits > >>>> key_verify failed for server_host_key > >>>> > >>>> Error: Couldn't login: 10.0.0.2 > >>>> ---------------------- > >>>> > >>>> > >>> Try googling the ss_rsa_verify output. I imagine the device you're > >>> > >> connecting to is rather old, you should try to run a 1024 bit key at the > >> minimum. I would recommend using a 2048 bit key if you can, but if it's an > >> older device, be prepared to wait a while. You may be able to change how > >> RANCID connects to the device, but I think you would be off gen'ing a new key > >> on the device instead. > >> > >>> -ryan > >>> > >>> > >> _______________________________________________ > >> Rancid-discuss mailing list > >> Rancid-discuss at shrubbery.net > >> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > >> > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > > This transmission is intended only for use by the intended > recipient(s). If you are not an intended recipient you should not read, disclose copy, circulate or in any other way use the information contained in this transmission. The information contained in this transmission may be confidential and/or privileged. If you have received this transmission in error, please notify the sender immediately and delete this transmission including any attachments. > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > . . . . . . . . . . . . . . . . . . . . . . . . . Jethro R Binks Computing Officer, IT Services, University Of Strathclyde, Glasgow, UK From wpereira at pop-sp.rnp.br Tue Apr 13 20:52:08 2010 From: wpereira at pop-sp.rnp.br (Wagner Pereira) Date: Tue, 13 Apr 2010 17:52:08 -0300 Subject: [rancid] Re: New device on .cloginrc In-Reply-To: References: <4BC38F0D.5060006@pop-sp.rnp.br> <5DC4853C6CC3EE4788779E0726E034DD1D27AF@zy-ex1.zyedge.local> <4BC45C74.7010809@pop-sp.rnp.br> <20100413120535.GA9580@merboo.mamista.net> <4BC472B7.4080204@pop-sp.rnp.br> <5DC4853C6CC3EE4788779E0726E034DD1D3CA7@zy-ex1.zyedge.local><4BC4CA31.9030106@pop-sp.rnp.br><5DC4853C6CC3EE4788779E0726E034DD1D4B1E@zy-ex1.zyedge.local> <4BC4D1E0.9050502@pop-sp.rnp.br> <4BBAF403456ED74981E7164ED3A4C22401DF815C@CA-EVS02.pelco.org> Message-ID: <4BC4D978.9020306@pop-sp.rnp.br> That's exactly what I did, Jethro. My known_host file has only one entry and I deleted that one. After then, he stopped to complain because this host key stuff. Now there is other error, but it is due to wrong password, I'm not sure. Thanks for all your help, guys. Hugs. -- Wagner Pereira PoP-SP/RNP - Ponto de Presen?a da RNP em S?o Paulo CCE/USP - Centro de Computa??o Eletr?nica da Universidade de S?o Paulo http://www.pop-sp.rnp.br Tel. (11) 3091-8901 Em 13/4/2010 17:43, Jethro R Binks escreveu: > On Tue, 13 Apr 2010, Mahaffey, Brian wrote: > > >> http://lmgtfy.com/?q=Offending+key+in+%2Froot%2F.ssh%2Fknown_hosts >> >> rm -rf /root/.ssh/known_hosts >> > Which will blow away the cached keys of all the known hosts. > > Probably better to edit that file, and selectively delete the entries for > 10.0.0.2. > > Jethro. > > > >> >> -----Original Message----- >> From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Wagner Pereira >> Sent: Tuesday, April 13, 2010 1:20 PM >> To: Rancid Mailing List >> Subject: [rancid] Re: New device on .cloginrc >> >> Ryan, >> >> I changed this: >> add method 10.0.0.2 {telnet} {ssh} >> >> To this: >> add method 10.0.0.2 {ssh} {telnet} >> >> >> But now, the error has changed...(ok, if "Update the SSH known_hosts >> file accordingly." is the answer, how can I do that?) >> >> ----------------------- >> /home/rancid/bin/clogin 10.0.0.2 >> 10.0.0.2 >> spawn telnet 10.0.0.2 >> Trying 10.0.0.2... >> telnet: Unable to connect to remote host: Connection refused >> spawn ssh -c 3des -x -l root 10.0.0.2 >> @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ >> @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @ >> @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ >> IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY! >> Someone could be eavesdropping on you right now (man-in-the-middle attack)! >> It is also possible that the RSA host key has just been changed. >> The fingerprint for the RSA key sent by the remote host is >> 8f:23:61:b6:03:36:e0:7c:d2:e6:5c:0c:37:5d:c5:fe. >> Please contact your system administrator. >> Add correct host key in /root/.ssh/known_hosts to get rid of this message. >> Offending key in /root/.ssh/known_hosts:1 >> RSA host key for 10.0.0.2 has changed and you have requested strict >> checking. >> Host key verification failed. >> >> Error: The host key for 10.0.0.2 has changed. Update the SSH >> known_hosts file accordingly. >> ----------------------- >> >> -- >> >> Wagner Pereira >> >> PoP-SP/RNP - Ponto de Presen?a da RNP em S?o Paulo >> CCE/USP - Centro de Computa??o Eletr?nica da Universidade de S?o Paulo >> http://www.pop-sp.rnp.br >> Tel. (11) 3091-8901 >> >> >> Em 13/4/2010 16:54, Ryan West escreveu: >> >>> Command line check that you connect to that device using telnet or ssh. If you can't, fix that first. If you want to connect via SSH, then change your connection method in your .cloginrc file. >>> >>> -ryan >>> >>> >>> >>>> -----Original Message----- >>>> From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss- >>>> bounces at shrubbery.net] On Behalf Of Wagner Pereira >>>> Sent: Tuesday, April 13, 2010 3:47 PM >>>> Cc: rancid-discuss at shrubbery.net >>>> Subject: [rancid] Re: New device on .cloginrc >>>> >>>> Ryan, >>>> >>>> You were right concerning to the rsa key. >>>> >>>> I ran the "crypto key generate rsa" command in my Cisco router, choosing >>>> 1024 bits. It worked. >>>> >>>> But now the error changed, as follows (it seems like the ssh connection >>>> method was not tried): >>>> >>>> --------------------- >>>> /home/rancid/bin/clogin 10.0.0.2 >>>> 10.0.0.2 >>>> spawn telnet 10.0.0.2 >>>> Trying 10.0.0.2... >>>> telnet: Unable to connect to remote host: No route to host >>>> >>>> Error: Couldn't login: 10.0.0.2 >>>> --------------------- >>>> >>>> What's next? >>>> >>>> -- >>>> >>>> Wagner Pereira >>>> >>>> PoP-SP/RNP - Ponto de Presen?a da RNP em S?o Paulo >>>> CCE/USP - Centro de Computa??o Eletr?nica da Universidade de S?o Paulo >>>> http://www.pop-sp.rnp.br >>>> Tel. (11) 3091-8901 >>>> >>>> >>>> Em 13/4/2010 10:41, Ryan West escreveu: >>>> >>>> >>>>> >>>>> >>>>>> -----Original Message----- >>>>>> Sent: Tuesday, April 13, 2010 9:34 AM >>>>>> To: rancid-discuss at shrubbery.net >>>>>> Subject: [rancid] Re: New device on .cloginrc >>>>>> >>>>>> Hi, Marty. >>>>>> >>>>>> It sounds wrong, I suppose, because the Rancid is still running over >>>>>> other device perfectly. >>>>>> >>>>>> Then, I ran this: >>>>>> ---------------------- >>>>>> /home/rancid/bin/clogin 10.0.0.2 >>>>>> 10.0.0.2 >>>>>> spawn telnet 10.0.0.2 >>>>>> Trying 10.0.0.2... >>>>>> telnet: Unable to connect to remote host: Connection refused >>>>>> spawn ssh -c 3des -x -l root 10.0.0.2 >>>>>> ssh_rsa_verify: RSA modulus too small: 512< minimum 768 bits >>>>>> key_verify failed for server_host_key >>>>>> >>>>>> Error: Couldn't login: 10.0.0.2 >>>>>> ---------------------- >>>>>> >>>>>> >>>>>> >>>>> Try googling the ss_rsa_verify output. I imagine the device you're >>>>> >>>>> >>>> connecting to is rather old, you should try to run a 1024 bit key at the >>>> minimum. I would recommend using a 2048 bit key if you can, but if it's an >>>> older device, be prepared to wait a while. You may be able to change how >>>> RANCID connects to the device, but I think you would be off gen'ing a new key >>>> on the device instead. >>>> >>>> >>>>> -ryan >>>>> >>>>> >>>>> >>>> _______________________________________________ >>>> Rancid-discuss mailing list >>>> Rancid-discuss at shrubbery.net >>>> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss >>>> >>>> >> _______________________________________________ >> Rancid-discuss mailing list >> Rancid-discuss at shrubbery.net >> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss >> >> This transmission is intended only for use by the intended >> recipient(s). If you are not an intended recipient you should not read, disclose copy, circulate or in any other way use the information contained in this transmission. The information contained in this transmission may be confidential and/or privileged. If you have received this transmission in error, please notify the sender immediately and delete this transmission including any attachments. >> _______________________________________________ >> Rancid-discuss mailing list >> Rancid-discuss at shrubbery.net >> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss >> >> > . . . . . . . . . . . . . . . . . . . . . . . . . > Jethro R Binks > Computing Officer, IT Services, University Of Strathclyde, Glasgow, UK > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > From rwest at zyedge.com Tue Apr 13 21:05:45 2010 From: rwest at zyedge.com (Ryan West) Date: Tue, 13 Apr 2010 21:05:45 +0000 Subject: [rancid] Re: New device on .cloginrc In-Reply-To: <4BC4D978.9020306@pop-sp.rnp.br> References: <4BC38F0D.5060006@pop-sp.rnp.br> <5DC4853C6CC3EE4788779E0726E034DD1D27AF@zy-ex1.zyedge.local> <4BC45C74.7010809@pop-sp.rnp.br> <20100413120535.GA9580@merboo.mamista.net> <4BC472B7.4080204@pop-sp.rnp.br> <5DC4853C6CC3EE4788779E0726E034DD1D3CA7@zy-ex1.zyedge.local><4BC4CA31.9030106@pop-sp.rnp.br><5DC4853C6CC3EE4788779E0726E034DD1D4B1E@zy-ex1.zyedge.local> <4BC4D1E0.9050502@pop-sp.rnp.br> <4BBAF403456ED74981E7164ED3A4C22401DF815C@CA-EVS02.pelco.org> <4BC4D978.9020306@pop-sp.rnp.br> Message-ID: <5DC4853C6CC3EE4788779E0726E034DD1D4D73@zy-ex1.zyedge.local> > -----Original Message----- > Sent: Tuesday, April 13, 2010 4:52 PM > To: Rancid Mailing List > Subject: [rancid] Re: New device on .cloginrc > > That's exactly what I did, Jethro. > > My known_host file has only one entry and I deleted that one. > > After then, he stopped to complain because this host key stuff. > > Now there is other error, but it is due to wrong password, I'm not sure. > I doubt root is the userid you have configured on your device, you'll need to work that. -ryan From ecables at gmail.com Tue Apr 13 20:32:19 2010 From: ecables at gmail.com (Eric Cables) Date: Tue, 13 Apr 2010 13:32:19 -0700 Subject: [rancid] Re: New device on .cloginrc In-Reply-To: <4BC4D1E0.9050502@pop-sp.rnp.br> References: <4BC38F0D.5060006@pop-sp.rnp.br> <5DC4853C6CC3EE4788779E0726E034DD1D27AF@zy-ex1.zyedge.local> <4BC45C74.7010809@pop-sp.rnp.br> <20100413120535.GA9580@merboo.mamista.net> <4BC472B7.4080204@pop-sp.rnp.br> <5DC4853C6CC3EE4788779E0726E034DD1D3CA7@zy-ex1.zyedge.local> <4BC4CA31.9030106@pop-sp.rnp.br> <5DC4853C6CC3EE4788779E0726E034DD1D4B1E@zy-ex1.zyedge.local> <4BC4D1E0.9050502@pop-sp.rnp.br> Message-ID: vi /root/.ssh/known_hosts and delete the first line, then re-run clogin. -- Eric Cables On Tue, Apr 13, 2010 at 1:19 PM, Wagner Pereira wrote: > Ryan, > > I changed this: > add method 10.0.0.2 {telnet} {ssh} > > To this: > add method 10.0.0.2 {ssh} {telnet} > > > But now, the error has changed...(ok, if "Update the SSH known_hosts > file accordingly." is the answer, how can I do that?) > > ----------------------- > /home/rancid/bin/clogin 10.0.0.2 > 10.0.0.2 > spawn telnet 10.0.0.2 > Trying 10.0.0.2... > telnet: Unable to connect to remote host: Connection refused > spawn ssh -c 3des -x -l root 10.0.0.2 > @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ > @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @ > @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ > IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY! > Someone could be eavesdropping on you right now (man-in-the-middle attack)! > It is also possible that the RSA host key has just been changed. > The fingerprint for the RSA key sent by the remote host is > 8f:23:61:b6:03:36:e0:7c:d2:e6:5c:0c:37:5d:c5:fe. > Please contact your system administrator. > Add correct host key in /root/.ssh/known_hosts to get rid of this message. > Offending key in /root/.ssh/known_hosts:1 > RSA host key for 10.0.0.2 has changed and you have requested strict > checking. > Host key verification failed. > > Error: The host key for 10.0.0.2 has changed. Update the SSH > known_hosts file accordingly. > ----------------------- > > -- > > Wagner Pereira > > PoP-SP/RNP - Ponto de Presen?a da RNP em S?o Paulo > CCE/USP - Centro de Computa??o Eletr?nica da Universidade de S?o Paulo > http://www.pop-sp.rnp.br > Tel. (11) 3091-8901 > > > Em 13/4/2010 16:54, Ryan West escreveu: > > Command line check that you connect to that device using telnet or ssh. > If you can't, fix that first. If you want to connect via SSH, then change > your connection method in your .cloginrc file. > > > > -ryan > > > > > >> -----Original Message----- > >> From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss- > >> bounces at shrubbery.net] On Behalf Of Wagner Pereira > >> Sent: Tuesday, April 13, 2010 3:47 PM > >> Cc: rancid-discuss at shrubbery.net > >> Subject: [rancid] Re: New device on .cloginrc > >> > >> Ryan, > >> > >> You were right concerning to the rsa key. > >> > >> I ran the "crypto key generate rsa" command in my Cisco router, choosing > >> 1024 bits. It worked. > >> > >> But now the error changed, as follows (it seems like the ssh connection > >> method was not tried): > >> > >> --------------------- > >> /home/rancid/bin/clogin 10.0.0.2 > >> 10.0.0.2 > >> spawn telnet 10.0.0.2 > >> Trying 10.0.0.2... > >> telnet: Unable to connect to remote host: No route to host > >> > >> Error: Couldn't login: 10.0.0.2 > >> --------------------- > >> > >> What's next? > >> > >> -- > >> > >> Wagner Pereira > >> > >> PoP-SP/RNP - Ponto de Presen?a da RNP em S?o Paulo > >> CCE/USP - Centro de Computa??o Eletr?nica da Universidade de S?o Paulo > >> http://www.pop-sp.rnp.br > >> Tel. (11) 3091-8901 > >> > >> > >> Em 13/4/2010 10:41, Ryan West escreveu: > >> > >>> > >>> > >>>> -----Original Message----- > >>>> Sent: Tuesday, April 13, 2010 9:34 AM > >>>> To: rancid-discuss at shrubbery.net > >>>> Subject: [rancid] Re: New device on .cloginrc > >>>> > >>>> Hi, Marty. > >>>> > >>>> It sounds wrong, I suppose, because the Rancid is still running over > >>>> other device perfectly. > >>>> > >>>> Then, I ran this: > >>>> ---------------------- > >>>> /home/rancid/bin/clogin 10.0.0.2 > >>>> 10.0.0.2 > >>>> spawn telnet 10.0.0.2 > >>>> Trying 10.0.0.2... > >>>> telnet: Unable to connect to remote host: Connection refused > >>>> spawn ssh -c 3des -x -l root 10.0.0.2 > >>>> ssh_rsa_verify: RSA modulus too small: 512< minimum 768 bits > >>>> key_verify failed for server_host_key > >>>> > >>>> Error: Couldn't login: 10.0.0.2 > >>>> ---------------------- > >>>> > >>>> > >>> Try googling the ss_rsa_verify output. I imagine the device you're > >>> > >> connecting to is rather old, you should try to run a 1024 bit key at the > >> minimum. I would recommend using a 2048 bit key if you can, but if it's > an > >> older device, be prepared to wait a while. You may be able to change > how > >> RANCID connects to the device, but I think you would be off gen'ing a > new key > >> on the device instead. > >> > >>> -ryan > >>> > >>> > >> _______________________________________________ > >> Rancid-discuss mailing list > >> Rancid-discuss at shrubbery.net > >> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > >> > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20100413/23b00af1/attachment.html From peo at chalmers.se Wed Apr 14 09:45:06 2010 From: peo at chalmers.se (Per-Olof Olsson) Date: Wed, 14 Apr 2010 11:45:06 +0200 Subject: [rancid] Re: Rancid stopped working for my HP switches In-Reply-To: <4BC42398.6080503@chalmers.se> References: <4BB63D94.3010906@davidkrider.com> <4A09477D575C2C4B86497161427DD94C149F78863B@city-exchange07> <4BB64B8C.1060208@davidkrider.com> <4A09477D575C2C4B86497161427DD94C149F78863F@city-exchange07> <4BB6D936.7080108@chalmers.se> <20100405221852.GQ8441@shrubbery.net> <4BBAF3BF.6030804@chalmers.se> <20100408225400.GA3640@shrubbery.net> <4BC42398.6080503@chalmers.se> Message-ID: <4BC58EA2.3030906@chalmers.se> Per-Olof Olsson wrote: Sorry Didn't say that if you replace "exit" with "logout" in hlogin. hrancid also have to get a new line to trig "clean run" hransid.in ... TOP: while() { tr/\015//d; if (/$prompt\s*exit\s*$/i) { $clean_run=1; last; } # Test to trig clean run from "logout" if (/Do you want to log out/i) { $clean_run=1; last; } EXIT-----raw ... ^M^M ^Mmy-switch#exit^M^M my-switch> exit^M^M Do you want to log out [y/n]? y^M^M Connection to my-switch closed.^M^M^M ------------- LOGOUT----raw .... ^M^M ^Mmy-switch#logout^M^M Do you want to log out [y/n]? y^M^M Do you want to save current configuration [y/n]? n^M^M Connection to my-switch closed.^M^M^M ------------- > > 3: > I also notice that the hlogin -S option (save running config on exit) is > not working! > There was a security issue about that operator was able to save config > file... > > If you like to get to the "save current configuration"-question, you > have to run "logout" from manager level. > > > --------------------------------------------------------------- > diff -c hlogin.in.ORG+1 hlogin.in > *** hlogin.in.ORG+1 Mon Apr 12 07:54:40 2010 > --- hlogin.in Mon Apr 12 16:36:15 2010 > *************** > *** 221,229 **** > set avenable 0 > # Does tacacs automatically enable us? > } -autoenable { > ! # hp does not autoenable > ! #set autoenable 1 > ! #set avenable 0 > } -* { > send_user "\nError: Unknown argument! $arg\n" > send_user $usage > --- 221,228 ---- > set avenable 0 > # Does tacacs automatically enable us? > } -autoenable { > ! set avautoenable 1 > ! set avenable 0 > } -* { > send_user "\nError: Unknown argument! $arg\n" > send_user $usage > *************** > *** 432,438 **** > } > -re "Enter passphrase.*: " { > # sleep briefly to allow time for stty -echo > ! sleep 1 > send -- "$passphrase\r" > exp_continue > } > --- 431,437 ---- > } > -re "Enter passphrase.*: " { > # sleep briefly to allow time for stty -echo > ! sleep 2 > send -- "$passphrase\r" > exp_continue > *************** > *** 564,570 **** > } > } > log_user 1 > ! send -h "exit\r" > expect { > "Do you want to save current configuration" { > if {$do_saveconfig} { > --- 563,569 ---- > } > } > log_user 1 > ! send -h "logout\r" > expect { > "Do you want to save current configuration" { > if {$do_saveconfig} { > if {$do_saveconfig} { > ------------------------------------------ /Peo ---------------------------------------------------------- Per-Olof Olsson Email: peo at chalmers.se Chalmers tekniska h?gskola IT-service H?rsalsv?gen 5 412 96 G?teborg Tel: 031/772 6738 Fax: 031/772 8660 ---------------------------------------------------------- From cderemer at phoebe.org Thu Apr 15 16:01:00 2010 From: cderemer at phoebe.org (Christopher DeRemer) Date: Thu, 15 Apr 2010 12:01:00 -0400 Subject: [rancid] WebSVN view old version Message-ID: <671DC9312DF0CC4D8A7F3ABE978DD5ADE5E9E09C5A@MAIL.phoebe.local> This is more of a WebSVN than a RANCID question, but I'm hoping someone can point me right. I have WebSVN working with my config difs and it works great. I can get the view differences between versions to work great. However what I can't figure out is how to have it show me just a "original" copy of an on revision, no difs with the current revision, just the old version. Any help is greatly appreciated. Cheers, Christopher DeRemer, CCENT Network Administrator Phoebe Services 484.619.2168 (Single # Reach) ________________________________ NOTICE: This confidential message/attachment contains information intended for a specific individual(s). Any inappropriate use, distribution or duplication is strictly prohibited. If received in error, notify the sender and immediately delete this transmission. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20100415/a48ddd6e/attachment.html From rwest at zyedge.com Thu Apr 15 16:08:26 2010 From: rwest at zyedge.com (Ryan West) Date: Thu, 15 Apr 2010 16:08:26 +0000 Subject: [rancid] Re: WebSVN view old version In-Reply-To: <671DC9312DF0CC4D8A7F3ABE978DD5ADE5E9E09C5A@MAIL.phoebe.local> References: <671DC9312DF0CC4D8A7F3ABE978DD5ADE5E9E09C5A@MAIL.phoebe.local> Message-ID: <5DC4853C6CC3EE4788779E0726E034DD1DD117@zy-ex1.zyedge.local> Chris, Select Log and from there you can set your max revs to 2000 or some number higher than your total copies. The copy after new router is your original. -ryan From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Christopher DeRemer Sent: Thursday, April 15, 2010 12:01 PM To: 'Rancid-discuss at shrubbery.net' Subject: [rancid] WebSVN view old version This is more of a WebSVN than a RANCID question, but I'm hoping someone can point me right. I have WebSVN working with my config difs and it works great. I can get the view differences between versions to work great. However what I can't figure out is how to have it show me just a "original" copy of an on revision, no difs with the current revision, just the old version. Any help is greatly appreciated. Cheers, Christopher DeRemer, CCENT Network Administrator Phoebe Services 484.619.2168 (Single # Reach) ________________________________ NOTICE: This confidential message/attachment contains information intended for a specific individual(s). Any inappropriate use, distribution or duplication is strictly prohibited. If received in error, notify the sender and immediately delete this transmission. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20100415/15c91a0f/attachment.html From wpereira at pop-sp.rnp.br Fri Apr 16 13:40:00 2010 From: wpereira at pop-sp.rnp.br (Wagner Pereira) Date: Fri, 16 Apr 2010 10:40:00 -0300 Subject: [rancid] Re: New device on .cloginrc In-Reply-To: <5DC4853C6CC3EE4788779E0726E034DD1D4D73@zy-ex1.zyedge.local> References: <4BC38F0D.5060006@pop-sp.rnp.br> <5DC4853C6CC3EE4788779E0726E034DD1D27AF@zy-ex1.zyedge.local> <4BC45C74.7010809@pop-sp.rnp.br> <20100413120535.GA9580@merboo.mamista.net> <4BC472B7.4080204@pop-sp.rnp.br> <5DC4853C6CC3EE4788779E0726E034DD1D3CA7@zy-ex1.zyedge.local><4BC4CA31.9030106@pop-sp.rnp.br><5DC4853C6CC3EE4788779E0726E034DD1D4B1E@zy-ex1.zyedge.local> <4BC4D1E0.9050502@pop-sp.rnp.br> <4BBAF403456ED74981E7164ED3A4C22401DF815C@CA-EVS02.pelco.org> <4BC4D978.9020306@pop-sp.rnp.br> <5DC4853C6CC3EE4788779E0726E034DD1D4D73@zy-ex1.zyedge.local> Message-ID: <4BC868B0.9040706@pop-sp.rnp.br> Ryan, When I try to connect to my device using /home/rancid/bin/clogin, this is what I get: -------------------- spawn ssh -c 3des -x -l root 10.0.0.2 root at 10.0.0.2's password: -------------------- But, there is no root user written in my .cloginrc file. Where does this root user should come from? Hugs, -- Wagner Pereira PoP-SP/RNP - Ponto de Presen?a da RNP em S?o Paulo CCE/USP - Centro de Computa??o Eletr?nica da Universidade de S?o Paulo http://www.pop-sp.rnp.br Tel. (11) 3091-8901 Em 13/4/2010 18:05, Ryan West escreveu: > > >> -----Original Message----- >> Sent: Tuesday, April 13, 2010 4:52 PM >> To: Rancid Mailing List >> Subject: [rancid] Re: New device on .cloginrc >> >> That's exactly what I did, Jethro. >> >> My known_host file has only one entry and I deleted that one. >> >> After then, he stopped to complain because this host key stuff. >> >> Now there is other error, but it is due to wrong password, I'm not sure. >> >> > I doubt root is the userid you have configured on your device, you'll need to work that. > > -ryan > From Drikus.Brits at vodacom.co.za Fri Apr 16 13:46:26 2010 From: Drikus.Brits at vodacom.co.za (Drikus Brits) Date: Fri, 16 Apr 2010 15:46:26 +0200 Subject: [rancid] Re: New device on .cloginrc In-Reply-To: <4BC868B0.9040706@pop-sp.rnp.br> References: <4BC38F0D.5060006@pop-sp.rnp.br> <5DC4853C6CC3EE4788779E0726E034DD1D27AF@zy-ex1.zyedge.local> <4BC45C74.7010809@pop-sp.rnp.br> <20100413120535.GA9580@merboo.mamista.net> <4BC472B7.4080204@pop-sp.rnp.br> <5DC4853C6CC3EE4788779E0726E034DD1D3CA7@zy-ex1.zyedge.local><4BC4CA31.9030106@pop-sp.rnp.br><5DC4853C6CC3EE4788779E0726E034DD1D4B1E@zy-ex1.zyedge.local> <4BC4D1E0.9050502@pop-sp.rnp.br> <4BBAF403456ED74981E7164ED3A4C22401DF815C@CA-EVS02.pelco.org> <4BC4D978.9020306@pop-sp.rnp.br> <5DC4853C6CC3EE4788779E0726E034DD1D4D73@zy-ex1.zyedge.local> <4BC868B0.9040706@pop-sp.rnp.br> Message-ID: <2462C3A55E5DA04395C77B0400E5300306E0266689@ZAMDC02104.vodacom.corp> Hi, The root user is most likely because clogin is being executed as the root user, ie: you're logged in as root when you try to clogin into your router. Hope this helps, Drikus. -----Original Message----- From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Wagner Pereira Sent: 16 April 2010 03:40 PM Cc: Rancid Mailing List Subject: [rancid] Re: New device on .cloginrc Ryan, When I try to connect to my device using /home/rancid/bin/clogin, this is what I get: -------------------- spawn ssh -c 3des -x -l root 10.0.0.2 root at 10.0.0.2's password: -------------------- But, there is no root user written in my .cloginrc file. Where does this root user should come from? Hugs, -- Wagner Pereira PoP-SP/RNP - Ponto de Presen?a da RNP em S?o Paulo CCE/USP - Centro de Computa??o Eletr?nica da Universidade de S?o Paulo http://www.pop-sp.rnp.br Tel. (11) 3091-8901 Em 13/4/2010 18:05, Ryan West escreveu: > > >> -----Original Message----- >> Sent: Tuesday, April 13, 2010 4:52 PM >> To: Rancid Mailing List >> Subject: [rancid] Re: New device on .cloginrc >> >> That's exactly what I did, Jethro. >> >> My known_host file has only one entry and I deleted that one. >> >> After then, he stopped to complain because this host key stuff. >> >> Now there is other error, but it is due to wrong password, I'm not sure. >> >> > I doubt root is the userid you have configured on your device, you'll need to work that. > > -ryan > _______________________________________________ Rancid-discuss mailing list Rancid-discuss at shrubbery.net http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss ?This e-mail is sent on the Terms and Conditions that can be accessed by Clicking on this link http://www.vodacom.co.za/legal/email.jsp " From wpereira at pop-sp.rnp.br Fri Apr 16 14:42:43 2010 From: wpereira at pop-sp.rnp.br (Wagner Pereira) Date: Fri, 16 Apr 2010 11:42:43 -0300 Subject: [rancid] Re: New device on .cloginrc In-Reply-To: <2462C3A55E5DA04395C77B0400E5300306E0266689@ZAMDC02104.vodacom.corp> References: <4BC38F0D.5060006@pop-sp.rnp.br> <5DC4853C6CC3EE4788779E0726E034DD1D27AF@zy-ex1.zyedge.local> <4BC45C74.7010809@pop-sp.rnp.br> <20100413120535.GA9580@merboo.mamista.net> <4BC472B7.4080204@pop-sp.rnp.br> <5DC4853C6CC3EE4788779E0726E034DD1D3CA7@zy-ex1.zyedge.local><4BC4CA31.9030106@pop-sp.rnp.br><5DC4853C6CC3EE4788779E0726E034DD1D4B1E@zy-ex1.zyedge.local> <4BC4D1E0.9050502@pop-sp.rnp.br> <4BBAF403456ED74981E7164ED3A4C22401DF815C@CA-EVS02.pelco.org> <4BC4D978.9020306@pop-sp.rnp.br> <5DC4853C6CC3EE4788779E0726E034DD1D4D73@zy-ex1.zyedge.local> <4BC868B0.9040706@pop-sp.rnp.br> <2462C3A55E5DA04395C77B0400E5300306E0266689@ZAMDC02104.vodacom.corp> Message-ID: <4BC87763.6080400@pop-sp.rnp.br> You're right, Drikus. I'm logged in as root user. By the way, I noticed this comment in the .cloginrc file: # add user # The default user is $USER (i.e.: the user running clogin). Ok, so, I copied the .cloginrc file to /root directory. It still doesn't work. Error: TIMEOUT reached Hugs, -- Wagner Pereira PoP-SP/RNP - Ponto de Presen?a da RNP em S?o Paulo CCE/USP - Centro de Computa??o Eletr?nica da Universidade de S?o Paulo http://www.pop-sp.rnp.br Tel. (11) 3091-8901 Em 16/4/2010 10:46, Drikus Brits escreveu: > Hi, > > The root user is most likely because clogin is being executed as the root user, ie: you're logged in as root when you try to clogin into your router. > > Hope this helps, > > Drikus. > > -----Original Message----- > From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Wagner Pereira > Sent: 16 April 2010 03:40 PM > Cc: Rancid Mailing List > Subject: [rancid] Re: New device on .cloginrc > > Ryan, > > When I try to connect to my device using /home/rancid/bin/clogin, this > is what I get: > > -------------------- > spawn ssh -c 3des -x -l root 10.0.0.2 > root at 10.0.0.2's password: > -------------------- > > But, there is no root user written in my .cloginrc file. > > Where does this root user should come from? > > Hugs, > > From wpereira at pop-sp.rnp.br Fri Apr 16 14:58:00 2010 From: wpereira at pop-sp.rnp.br (Wagner Pereira) Date: Fri, 16 Apr 2010 11:58:00 -0300 Subject: [rancid] Re: New device on .cloginrc In-Reply-To: <2462C3A55E5DA04395C77B0400E5300306E0266705@ZAMDC02104.vodacom.corp> References: <4BC38F0D.5060006@pop-sp.rnp.br> <5DC4853C6CC3EE4788779E0726E034DD1D27AF@zy-ex1.zyedge.local> <4BC45C74.7010809@pop-sp.rnp.br> <20100413120535.GA9580@merboo.mamista.net> <4BC472B7.4080204@pop-sp.rnp.br> <5DC4853C6CC3EE4788779E0726E034DD1D3CA7@zy-ex1.zyedge.local><4BC4CA31.9030106@pop-sp.rnp.br><5DC4853C6CC3EE4788779E0726E034DD1D4B1E@zy-ex1.zyedge.local> <4BC4D1E0.9050502@pop-sp.rnp.br> <4BBAF403456ED74981E7164ED3A4C22401DF815C@CA-EVS02.pelco.org> <4BC4D978.9020306@pop-sp.rnp.br> <5DC4853C6CC3EE4788779E0726E034DD1D4D73@zy-ex1.zyedge.local> <4BC868B0.9040706@pop-sp.rnp.br> <2462C3A55E5DA04395C77B0400E5300306E0266689@ZAMDC02104.vodacom.corp> <4BC87763.6080400@pop-sp.rnp.br> <2462C3A55E5DA04395C77B0400E5300306E0266705@ZAMDC02104.vodacom.corp> Message-ID: <4BC87AF8.70406@pop-sp.rnp.br> But, the thing is: In my first Cisco switch (already working) I logged in with the admin user. But in the second one, which I still can't run Rancid OK, there is a Radius AAA model implemented, which means: the authentication is not local, but this device ask other server if the user is known. I don't know what is the impact over Rancid when there is a Radius running in the device. Hugs, -- Wagner Pereira PoP-SP/RNP - Ponto de Presen?a da RNP em S?o Paulo CCE/USP - Centro de Computa??o Eletr?nica da Universidade de S?o Paulo http://www.pop-sp.rnp.br Tel. (11) 3091-8901 Em 16/4/2010 11:50, Drikus Brits escreveu: > Hi, > > If you need to use a specific user to log into your routers you can add it as > > > add user * wagner > > > That should then tell clogin to always use the username wagner for any switch. > > Regards, > > Drikus > > > > -----Original Message----- > From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Wagner Pereira > Sent: 16 April 2010 04:43 PM > Cc: Rancid Mailing List > Subject: [rancid] Re: New device on .cloginrc > > You're right, Drikus. I'm logged in as root user. > > By the way, I noticed this comment in the .cloginrc file: > > # add user > # The default user is $USER (i.e.: the user running clogin). > > Ok, so, I copied the .cloginrc file to /root directory. It still doesn't > work. > > Error: TIMEOUT reached > > Hugs, > > From Drikus.Brits at vodacom.co.za Fri Apr 16 14:50:09 2010 From: Drikus.Brits at vodacom.co.za (Drikus Brits) Date: Fri, 16 Apr 2010 16:50:09 +0200 Subject: [rancid] Re: New device on .cloginrc In-Reply-To: <4BC87763.6080400@pop-sp.rnp.br> References: <4BC38F0D.5060006@pop-sp.rnp.br> <5DC4853C6CC3EE4788779E0726E034DD1D27AF@zy-ex1.zyedge.local> <4BC45C74.7010809@pop-sp.rnp.br> <20100413120535.GA9580@merboo.mamista.net> <4BC472B7.4080204@pop-sp.rnp.br> <5DC4853C6CC3EE4788779E0726E034DD1D3CA7@zy-ex1.zyedge.local><4BC4CA31.9030106@pop-sp.rnp.br><5DC4853C6CC3EE4788779E0726E034DD1D4B1E@zy-ex1.zyedge.local> <4BC4D1E0.9050502@pop-sp.rnp.br> <4BBAF403456ED74981E7164ED3A4C22401DF815C@CA-EVS02.pelco.org> <4BC4D978.9020306@pop-sp.rnp.br> <5DC4853C6CC3EE4788779E0726E034DD1D4D73@zy-ex1.zyedge.local> <4BC868B0.9040706@pop-sp.rnp.br> <2462C3A55E5DA04395C77B0400E5300306E0266689@ZAMDC02104.vodacom.corp> <4BC87763.6080400@pop-sp.rnp.br> Message-ID: <2462C3A55E5DA04395C77B0400E5300306E0266705@ZAMDC02104.vodacom.corp> Hi, If you need to use a specific user to log into your routers you can add it as add user * wagner That should then tell clogin to always use the username wagner for any switch. Regards, Drikus -----Original Message----- From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Wagner Pereira Sent: 16 April 2010 04:43 PM Cc: Rancid Mailing List Subject: [rancid] Re: New device on .cloginrc You're right, Drikus. I'm logged in as root user. By the way, I noticed this comment in the .cloginrc file: # add user # The default user is $USER (i.e.: the user running clogin). Ok, so, I copied the .cloginrc file to /root directory. It still doesn't work. Error: TIMEOUT reached Hugs, -- Wagner Pereira PoP-SP/RNP - Ponto de Presen?a da RNP em S?o Paulo CCE/USP - Centro de Computa??o Eletr?nica da Universidade de S?o Paulo http://www.pop-sp.rnp.br Tel. (11) 3091-8901 Em 16/4/2010 10:46, Drikus Brits escreveu: > Hi, > > The root user is most likely because clogin is being executed as the root user, ie: you're logged in as root when you try to clogin into your router. > > Hope this helps, > > Drikus. > > -----Original Message----- > From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Wagner Pereira > Sent: 16 April 2010 03:40 PM > Cc: Rancid Mailing List > Subject: [rancid] Re: New device on .cloginrc > > Ryan, > > When I try to connect to my device using /home/rancid/bin/clogin, this > is what I get: > > -------------------- > spawn ssh -c 3des -x -l root 10.0.0.2 > root at 10.0.0.2's password: > -------------------- > > But, there is no root user written in my .cloginrc file. > > Where does this root user should come from? > > Hugs, > > _______________________________________________ Rancid-discuss mailing list Rancid-discuss at shrubbery.net http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss ?This e-mail is sent on the Terms and Conditions that can be accessed by Clicking on this link http://www.vodacom.co.za/legal/email.jsp " From mickael.garnier-prestataire at laposte.fr Fri Apr 16 14:09:28 2010 From: mickael.garnier-prestataire at laposte.fr (Mickael GARNIER) Date: Fri, 16 Apr 2010 16:09:28 +0200 Subject: [rancid] Re: New device on .cloginrc In-Reply-To: <2462C3A55E5DA04395C77B0400E5300306E0266689@ZAMDC02104.vodacom.corp> References: <4BC38F0D.5060006@pop-sp.rnp.br> <5DC4853C6CC3EE4788779E0726E034DD1D27AF@zy-ex1.zyedge.local> <4BC45C74.7010809@pop-sp.rnp.br> <20100413120535.GA9580@merboo.mamista.net> <4BC472B7.4080204@pop-sp.rnp.br> <5DC4853C6CC3EE4788779E0726E034DD1D3CA7@zy-ex1.zyedge.local><4BC4CA31.9030106@pop-sp.rnp.br><5DC4853C6CC3EE4788779E0726E034DD1D4B1E@zy-ex1.zyedge.local> <4BC4D1E0.9050502@pop-sp.rnp.br> <4BBAF403456ED74981E7164ED3A4C22401DF815C@CA-EVS02.pelco.org> <4BC4D978.9020306@pop-sp.rnp.br> <5DC4853C6CC3EE4788779E0726E034DD1D4D73@zy-ex1.zyedge.local> <4BC868B0.9040706@pop-sp.rnp.br> <2462C3A55E5DA04395C77B0400E5300306E0266689@ZAMDC02104.vodacom.corp> Message-ID: <4BC86F98.3040502@laposte.fr> Hi, do you have a 'add user' entry in your .cloginrc ? it should be like : add user add password add method ssh MG Le 16/04/2010 15:46, Drikus Brits a ?crit : > Hi, > > The root user is most likely because clogin is being executed as the root user, ie: you're logged in as root when you try to clogin into your router. > > Hope this helps, > > Drikus. > > -----Original Message----- > From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Wagner Pereira > Sent: 16 April 2010 03:40 PM > Cc: Rancid Mailing List > Subject: [rancid] Re: New device on .cloginrc > > Ryan, > > When I try to connect to my device using /home/rancid/bin/clogin, this > is what I get: > > -------------------- > spawn ssh -c 3des -x -l root 10.0.0.2 > root at 10.0.0.2's password: > -------------------- > > But, there is no root user written in my .cloginrc file. > > Where does this root user should come from? > > Hugs, > > Post-scriptum La Poste Ce message est confidentiel. Sous reserve de tout accord conclu par ecrit entre vous et La Poste, son contenu ne represente en aucun cas un engagement de la part de La Poste. Toute publication, utilisation ou diffusion, meme partielle, doit etre autorisee prealablement. Si vous n'etes pas destinataire de ce message, merci d'en avertir immediatement l'expediteur. From Drikus.Brits at vodacom.co.za Fri Apr 16 15:13:37 2010 From: Drikus.Brits at vodacom.co.za (Drikus Brits) Date: Fri, 16 Apr 2010 17:13:37 +0200 Subject: [rancid] Re: New device on .cloginrc In-Reply-To: <4BC87AF8.70406@pop-sp.rnp.br> References: <4BC38F0D.5060006@pop-sp.rnp.br> <5DC4853C6CC3EE4788779E0726E034DD1D27AF@zy-ex1.zyedge.local> <4BC45C74.7010809@pop-sp.rnp.br> <20100413120535.GA9580@merboo.mamista.net> <4BC472B7.4080204@pop-sp.rnp.br> <5DC4853C6CC3EE4788779E0726E034DD1D3CA7@zy-ex1.zyedge.local><4BC4CA31.9030106@pop-sp.rnp.br><5DC4853C6CC3EE4788779E0726E034DD1D4B1E@zy-ex1.zyedge.local> <4BC4D1E0.9050502@pop-sp.rnp.br> <4BBAF403456ED74981E7164ED3A4C22401DF815C@CA-EVS02.pelco.org> <4BC4D978.9020306@pop-sp.rnp.br> <5DC4853C6CC3EE4788779E0726E034DD1D4D73@zy-ex1.zyedge.local> <4BC868B0.9040706@pop-sp.rnp.br> <2462C3A55E5DA04395C77B0400E5300306E0266689@ZAMDC02104.vodacom.corp> <4BC87763.6080400@pop-sp.rnp.br> <2462C3A55E5DA04395C77B0400E5300306E0266705@ZAMDC02104.vodacom.corp> <4BC87AF8.70406@pop-sp.rnp.br> Message-ID: <2462C3A55E5DA04395C77B0400E5300306E0266714@ZAMDC02104.vodacom.corp> There should be no impact. Your radius setup is queried in the same way that TACACS would be queried, as such it should be invisible to clogin as to what/who is doing the authentication. So , when you change your .cloginrc file to the below : add user * admin add password * {whatever_the_password_is} what do you get ? Thus to recap..... 1. Make sure you are either user admin logged in on your system and then try to clogin 2. Set the user variable to "admin" in the .cloginrc file if you are another user. Also, can you try a manual login and see what happens ?..eg telnet into the device/or ssh and see if it completes ? d. -----Original Message----- From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Wagner Pereira Sent: 16 April 2010 04:58 PM Cc: Rancid Mailing List Subject: [rancid] Re: New device on .cloginrc But, the thing is: In my first Cisco switch (already working) I logged in with the admin user. But in the second one, which I still can't run Rancid OK, there is a Radius AAA model implemented, which means: the authentication is not local, but this device ask other server if the user is known. I don't know what is the impact over Rancid when there is a Radius running in the device. Hugs, -- Wagner Pereira PoP-SP/RNP - Ponto de Presen?a da RNP em S?o Paulo CCE/USP - Centro de Computa??o Eletr?nica da Universidade de S?o Paulo http://www.pop-sp.rnp.br Tel. (11) 3091-8901 Em 16/4/2010 11:50, Drikus Brits escreveu: > Hi, > > If you need to use a specific user to log into your routers you can add it as > > > add user * wagner > > > That should then tell clogin to always use the username wagner for any switch. > > Regards, > > Drikus > > > > -----Original Message----- > From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Wagner Pereira > Sent: 16 April 2010 04:43 PM > Cc: Rancid Mailing List > Subject: [rancid] Re: New device on .cloginrc > > You're right, Drikus. I'm logged in as root user. > > By the way, I noticed this comment in the .cloginrc file: > > # add user > # The default user is $USER (i.e.: the user running clogin). > > Ok, so, I copied the .cloginrc file to /root directory. It still doesn't > work. > > Error: TIMEOUT reached > > Hugs, > > _______________________________________________ Rancid-discuss mailing list Rancid-discuss at shrubbery.net http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss ?This e-mail is sent on the Terms and Conditions that can be accessed by Clicking on this link http://www.vodacom.co.za/legal/email.jsp " From wpereira at pop-sp.rnp.br Fri Apr 16 20:44:46 2010 From: wpereira at pop-sp.rnp.br (Wagner Pereira) Date: Fri, 16 Apr 2010 17:44:46 -0300 Subject: [rancid] Re: New device on .cloginrc In-Reply-To: <4BC86F98.3040502@laposte.fr> References: <4BC38F0D.5060006@pop-sp.rnp.br> <5DC4853C6CC3EE4788779E0726E034DD1D27AF@zy-ex1.zyedge.local> <4BC45C74.7010809@pop-sp.rnp.br> <20100413120535.GA9580@merboo.mamista.net> <4BC472B7.4080204@pop-sp.rnp.br> <5DC4853C6CC3EE4788779E0726E034DD1D3CA7@zy-ex1.zyedge.local><4BC4CA31.9030106@pop-sp.rnp.br><5DC4853C6CC3EE4788779E0726E034DD1D4B1E@zy-ex1.zyedge.local> <4BC4D1E0.9050502@pop-sp.rnp.br> <4BBAF403456ED74981E7164ED3A4C22401DF815C@CA-EVS02.pelco.org> <4BC4D978.9020306@pop-sp.rnp.br> <5DC4853C6CC3EE4788779E0726E034DD1D4D73@zy-ex1.zyedge.local> <4BC868B0.9040706@pop-sp.rnp.br> <2462C3A55E5DA04395C77B0400E5300306E0266689@ZAMDC02104.vodacom.corp> <4BC86F98.3040502@laposte.fr> Message-ID: <4BC8CC3E.10407@pop-sp.rnp.br> Mickael, Yes, my .cloginrc is exactly like the below (omitting all the real values, obviously): add password 10.0.0.2 {vty passwd} {enable passwd} add user 10.0.0.2 user add userprompt 10.0.0.2 {"Username:"} add passprompt 10.0.0.2 {"Password:"} add method 10.0.0.2 {ssh} {telnet} add enableprompt 10.0.0.2 {"Password:"} add cyphertype 10.0.0.2 {3des} I already have another device rancid'ing perfectly, that means my .cloginrc lines are correctly written, since I declared it at the same way that the above. Hugs, -- Wagner Pereira PoP-SP/RNP - Ponto de Presen?a da RNP em S?o Paulo CCE/USP - Centro de Computa??o Eletr?nica da Universidade de S?o Paulo http://www.pop-sp.rnp.br Tel. (11) 3091-8901 Em 16/4/2010 11:09, Mickael GARNIER escreveu: > Hi, > > do you have a 'add user' entry in your .cloginrc ? > > it should be like : > add user > add password > add method ssh > > MG > > > Le 16/04/2010 15:46, Drikus Brits a ?crit : > >> Hi, >> >> The root user is most likely because clogin is being executed as the root user, ie: you're logged in as root when you try to clogin into your router. >> >> Hope this helps, >> >> Drikus. >> >> -----Original Message----- >> From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Wagner Pereira >> Sent: 16 April 2010 03:40 PM >> Cc: Rancid Mailing List >> Subject: [rancid] Re: New device on .cloginrc >> >> Ryan, >> >> When I try to connect to my device using /home/rancid/bin/clogin, this >> is what I get: >> >> -------------------- >> spawn ssh -c 3des -x -l root 10.0.0.2 >> root at 10.0.0.2's password: >> -------------------- >> >> But, there is no root user written in my .cloginrc file. >> >> Where does this root user should come from? >> >> Hugs, >> >> >> > Post-scriptum La Poste > > Ce message est confidentiel. Sous reserve de tout accord conclu par > ecrit entre vous et La Poste, son contenu ne represente en aucun cas un > engagement de la part de La Poste. Toute publication, utilisation ou > diffusion, meme partielle, doit etre autorisee prealablement. Si vous > n'etes pas destinataire de ce message, merci d'en avertir immediatement > l'expediteur. > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > From bohara at ripe.net Tue Apr 20 07:58:20 2010 From: bohara at ripe.net (Ben O'Hara) Date: Tue, 20 Apr 2010 09:58:20 +0200 Subject: [rancid] another f5rancid patch Message-ID: <050D7D80-8777-42D9-B676-1320CE51E8B0@ripe.net> Hi, Attached is a quick patch to stop rancid sending diffs when a time value changes on f5 load balancers. Previous patches sent and applied missed this value. These values will be skipped from the config - # Failover.ActiveTime = 1271692815 + # Failover.ActiveTime = 1271736033 - # Failover.StandbyTime = 1271692860 + # Failover.StandbyTime = 1271736081 Could this be added to trunk? Cheers Ben -------------- next part -------------- A non-text attachment was scrubbed... Name: f5rancid.patch Type: application/octet-stream Size: 293 bytes Desc: not available Url : http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20100420/a2b0e6c9/attachment.obj -------------- next part -------------- -- Ben O'Hara RIPE Network Coordination Center Systems Engineer Singel 258, Amsterdam, NL http://www.ripe.net +31 20 535 4444 PGP Fingerprint: 080A 52FF BF0A A7FB F176 E7DB 513D 9A3D E968 7DBC From bohara at ripe.net Tue Apr 20 08:59:41 2010 From: bohara at ripe.net (Ben O'Hara) Date: Tue, 20 Apr 2010 10:59:41 +0200 Subject: [rancid] Re: another f5rancid patch In-Reply-To: <050D7D80-8777-42D9-B676-1320CE51E8B0@ripe.net> References: <050D7D80-8777-42D9-B676-1320CE51E8B0@ripe.net> Message-ID: <571D4DC2-8CDD-43A1-9F14-9D816E469B63@ripe.net> Hi, I've updated the patch so as to only match the required values. Cheers Ben On 20 Apr 2010, at 09:58, Ben O'Hara wrote: > Hi, > > Attached is a quick patch to stop rancid sending diffs when a time value changes on f5 load balancers. > > Previous patches sent and applied missed this value. > > These values will be skipped from the config > > - # Failover.ActiveTime = 1271692815 > + # Failover.ActiveTime = 1271736033 > > - # Failover.StandbyTime = 1271692860 > + # Failover.StandbyTime = 1271736081 > > Could this be added to trunk? > > Cheers > Ben > > -- > Ben O'Hara RIPE Network Coordination Center > Systems Engineer Singel 258, Amsterdam, NL > http://www.ripe.net +31 20 535 4444 > PGP Fingerprint: 080A 52FF BF0A A7FB F176 E7DB 513D 9A3D E968 7DBC > > > > > > > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss -------------- next part -------------- A non-text attachment was scrubbed... Name: f5rancid.patch Type: application/octet-stream Size: 296 bytes Desc: not available Url : http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20100420/4c430720/attachment.obj -------------- next part -------------- -- Ben O'Hara RIPE Network Coordination Center Systems Engineer Singel 258, Amsterdam, NL http://www.ripe.net +31 20 535 4444 PGP Fingerprint: 080A 52FF BF0A A7FB F176 E7DB 513D 9A3D E968 7DBC From rwest at zyedge.com Tue Apr 20 11:53:39 2010 From: rwest at zyedge.com (Ryan West) Date: Tue, 20 Apr 2010 11:53:39 +0000 Subject: [rancid] Re: another f5rancid patch In-Reply-To: <050D7D80-8777-42D9-B676-1320CE51E8B0@ripe.net> References: <050D7D80-8777-42D9-B676-1320CE51E8B0@ripe.net> Message-ID: <8A4DCC07-22A4-4F25-8528-82B654619FE3@zyedge.com> Does this patch ignore fan speed as well? Sent from handheld. On Apr 20, 2010, at 4:00 AM, "Ben O'Hara" wrote: > Hi, > > Attached is a quick patch to stop rancid sending diffs when a time > value changes on f5 load balancers. > > Previous patches sent and applied missed this value. > > These values will be skipped from the config > > - # Failover.ActiveTime = 1271692815 > + # Failover.ActiveTime = 1271736033 > > - # Failover.StandbyTime = 1271692860 > + # Failover.StandbyTime = 1271736081 > > Could this be added to trunk? > > Cheers > Ben > > > -- > Ben O'Hara RIPE Network Coordination Center > Systems Engineer Singel 258, Amsterdam, NL > http://www.ripe.net +31 20 535 4444 > PGP Fingerprint: 080A 52FF BF0A A7FB F176 E7DB 513D 9A3D E968 7DBC > > > > > > > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss From bohara at ripe.net Tue Apr 20 13:47:07 2010 From: bohara at ripe.net (Ben O'Hara) Date: Tue, 20 Apr 2010 15:47:07 +0200 Subject: [rancid] Re: another f5rancid patch In-Reply-To: <8A4DCC07-22A4-4F25-8528-82B654619FE3@zyedge.com> References: <050D7D80-8777-42D9-B676-1320CE51E8B0@ripe.net> <8A4DCC07-22A4-4F25-8528-82B654619FE3@zyedge.com> Message-ID: On 20 Apr 2010, at 13:53, Ryan West wrote: > Does this patch ignore fan speed as well? Hi Ryan, I submitted a patch a while back that ignored fan speed, its in the latest release AFAIK. This is the only thing we notice changing that still gets reported currently. Ben > > Sent from handheld. > > On Apr 20, 2010, at 4:00 AM, "Ben O'Hara" wrote: > >> Hi, >> >> Attached is a quick patch to stop rancid sending diffs when a time >> value changes on f5 load balancers. >> >> Previous patches sent and applied missed this value. >> >> These values will be skipped from the config >> >> - # Failover.ActiveTime = 1271692815 >> + # Failover.ActiveTime = 1271736033 >> >> - # Failover.StandbyTime = 1271692860 >> + # Failover.StandbyTime = 1271736081 >> >> Could this be added to trunk? >> >> Cheers >> Ben >> >> >> -- >> Ben O'Hara RIPE Network Coordination Center >> Systems Engineer Singel 258, Amsterdam, NL >> http://www.ripe.net +31 20 535 4444 >> PGP Fingerprint: 080A 52FF BF0A A7FB F176 E7DB 513D 9A3D E968 7DBC >> >> >> >> >> >> >> >> _______________________________________________ >> Rancid-discuss mailing list >> Rancid-discuss at shrubbery.net >> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > -- Ben O'Hara RIPE Network Coordination Center Systems Engineer Singel 258, Amsterdam, NL http://www.ripe.net +31 20 535 4444 PGP Fingerprint: 080A 52FF BF0A A7FB F176 E7DB 513D 9A3D E968 7DBC From don.t.roeun at us.army.mil Tue Apr 20 11:28:23 2010 From: don.t.roeun at us.army.mil (Roeun, Don T Mr CTR USA HRC) Date: Tue, 20 Apr 2010 07:28:23 -0400 Subject: [rancid] RANCID - output sorted? (UNCLASSIFIED) Message-ID: Classification: UNCLASSIFIED Caveats: NONE I noticed that some of my NAT statements were sorted in a different order on RANCID's backup compared to a manual output of 'show run'. Does RANCID sort out parts of the config automatically? If so, is there a way to keep them identical? Thanks! Don Classification: UNCLASSIFIED Caveats: NONE -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20100420/4358f19d/attachment.html From seph at directionless.org Tue Apr 20 19:57:11 2010 From: seph at directionless.org (seph) Date: Tue, 20 Apr 2010 15:57:11 -0400 Subject: [rancid] rancid and git Message-ID: Hi all. I'm just starting to look at using rancid to help manage and monitoring my network configs. I notice that there have been at least a couple of different sets of patches for using git. Anyone know if these might get accepted upstream? It seems like they've been around awhile. seph From heas at shrubbery.net Wed Apr 21 16:14:50 2010 From: heas at shrubbery.net (john heasley) Date: Wed, 21 Apr 2010 09:14:50 -0700 Subject: [rancid] Re: RANCID - output sorted? (UNCLASSIFIED) In-Reply-To: References: Message-ID: <20100421161450.GY26678@shrubbery.net> Tue, Apr 20, 2010 at 07:28:23AM -0400, Roeun, Don T Mr CTR USA HRC: > Classification: UNCLASSIFIED > Caveats: NONE > > I noticed that some of my NAT statements were sorted in a different > order on RANCID's backup compared to a manual output of 'show run'. > Does RANCID sort out parts of the config automatically? If so, is there > a way to keep them identical? > yes, by source ip. i dont believe that breaks the nat config. there is no knob to disable it. there is a knob for disabling ACL sorting. From heas at shrubbery.net Wed Apr 21 16:30:48 2010 From: heas at shrubbery.net (john heasley) Date: Wed, 21 Apr 2010 09:30:48 -0700 Subject: [rancid] Re: rancid and git In-Reply-To: References: Message-ID: <20100421163048.GZ26678@shrubbery.net> Tue, Apr 20, 2010 at 03:57:11PM -0400, seph: > Hi all. I'm just starting to look at using rancid to help manage and > monitoring my network configs. I notice that there have been at least > a couple of different sets of patches for using git. Anyone know if > these might get accepted upstream? It seems like they've been around > awhile. > i know that its superior for some work loads, but i dont use git and for rancid which rcs is used doesnt really matter. does the patch work completely? rancid-cvs, rancid-run, etc. From seph at directionless.org Thu Apr 22 15:49:49 2010 From: seph at directionless.org (seph) Date: Thu, 22 Apr 2010 11:49:49 -0400 Subject: [rancid] Re: rancid and git In-Reply-To: <20100421163048.GZ26678@shrubbery.net> (john heasley's message of "Wed, 21 Apr 2010 09:30:48 -0700") References: <20100421163048.GZ26678@shrubbery.net> Message-ID: john heasley writes: > Tue, Apr 20, 2010 at 03:57:11PM -0400, seph: >> Hi all. I'm just starting to look at using rancid to help manage and >> monitoring my network configs. I notice that there have been at least >> a couple of different sets of patches for using git. Anyone know if >> these might get accepted upstream? It seems like they've been around >> awhile. >> > i know that its superior for some work loads, but i dont use git and > for rancid which rcs is used doesnt really matter. The idea of having the configs pushed into a more central repo where I can then pull them to my laptop for reading/grepping/etc is appealing. And that's something git supports better than cvs and svn. > does the patch work completely? rancid-cvs, rancid-run, etc. To be honest, I'm not sure. I've only just started playing with rancid, and it's pretty complex feeling. I'm not sure I'm going to finish deploying it, my needs a simple enough that needing to test all that is less appealing than just writing my own shell script for it. seph From jkrauska at gmail.com Thu Apr 22 16:46:50 2010 From: jkrauska at gmail.com (Joel Krauska) Date: Thu, 22 Apr 2010 09:46:50 -0700 Subject: [rancid] Re: rancid and git In-Reply-To: References: <20100421163048.GZ26678@shrubbery.net> Message-ID: <4BD07D7A.2070006@gmail.com> On 4/22/10 8:49 AM, seph wrote: > The idea of having the configs pushed into a more central repo where I > can then pull them to my laptop for reading/grepping/etc is > appealing. And that's something git supports better than cvs and svn. how exactly does git support pulling this better than svn? git clone vs svn checkout ? Personally, I find that rancid is better than a shell script when it comes to managing lots of devices (>5) and heterogeneous devices (cisco switches, juniper routers, citrix loadbalancers). Writing interactive (expect) scripts is no fun. Even in their more modern implementations (python expect for example). Rancid already supports tons of hardware for which you would have to write custom code. Maybe give DIY a try and then see if you want to reconsider. :) Cheers, Joel From seph at directionless.org Thu Apr 22 17:44:43 2010 From: seph at directionless.org (seph) Date: Thu, 22 Apr 2010 13:44:43 -0400 Subject: [rancid] Re: rancid and git In-Reply-To: <4BD07D7A.2070006@gmail.com> (Joel Krauska's message of "Thu, 22 Apr 2010 09:46:50 -0700") References: <20100421163048.GZ26678@shrubbery.net> <4BD07D7A.2070006@gmail.com> Message-ID: Joel Krauska writes: > On 4/22/10 8:49 AM, seph wrote: >> The idea of having the configs pushed into a more central repo where I >> can then pull them to my laptop for reading/grepping/etc is >> appealing. And that's something git supports better than cvs and svn. > > how exactly does git support pulling this better than svn? > > git clone > vs > svn checkout > ? I've only just started switching to git from svn. I've been finding it much cleaner for this sort of thing, but its hard to clearly explain why. In svn, I'd need to stick the central repo somewhere, and then do a bunch of checkin operations on the rancid machine. It would work, but it would be a little slow, and I'd probably need to do checkouts too, and handling merges is a little scary and probably requires me to think hard. In git, I've been finding the actual process much cleaner. A bunch of checkins locally, and a simpler push change sets out. Yes it still needs a central point, but it's been much faster, and just smoother. Way cleaner merges too. Sure, it's small things. And rancid doesn't need to support it. But it seems like there are new patches for this every couple years. seph From wcgallar at iupui.edu Thu Apr 22 18:29:39 2010 From: wcgallar at iupui.edu (Gallardo, Winfred C) Date: Thu, 22 Apr 2010 14:29:39 -0400 Subject: [rancid] hlogin timeout after sucessful login Message-ID: i'm trying to debug why hlogin hangs after successfully logging into a hp procurve 5406. i see a sucessful prompt but will not execute any of the simple commands I issue to hlogin. Any help in determining how to debug this would be greatly appreciated. Chris Gallardo Network Services wcgallar at iupui.edu From James_Zuelow at ci.juneau.ak.us Thu Apr 22 18:50:36 2010 From: James_Zuelow at ci.juneau.ak.us (James Zuelow) Date: Thu, 22 Apr 2010 10:50:36 -0800 Subject: [rancid] Re: hlogin timeout after sucessful login In-Reply-To: References: Message-ID: <4A09477D575C2C4B86497161427DD94C14A6C8361E@city-exchange07> > -----Original Message----- > From: rancid-discuss-bounces at shrubbery.net > [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of > Gallardo, Winfred C > Sent: Thursday, 22 April, 2010 10:30 > To: rancid-discuss at shrubbery.net > Subject: [rancid] hlogin timeout after sucessful login > > i'm trying to debug why hlogin hangs after successfully > logging into a hp procurve 5406. > > > i see a sucessful prompt but will not execute any of the > simple commands I issue to hlogin. > > > Any help in determining how to debug this would be greatly > appreciated. > Which version of rancid, and where did you get it from? For example I have to comment out a line in the Debian Squeeze version of rancid to get it to talk to my 5406. James From wcgallar at iupui.edu Thu Apr 22 19:18:01 2010 From: wcgallar at iupui.edu (Gallardo, Winfred C) Date: Thu, 22 Apr 2010 15:18:01 -0400 Subject: [rancid] Re: hlogin timeout after sucessful login In-Reply-To: <4A09477D575C2C4B86497161427DD94C14A6C8361E@city-exchange07> References: <4A09477D575C2C4B86497161427DD94C14A6C8361E@city-exchange07> Message-ID: the version i can download on it is 2.3.3 i just downloaded it from ftp://ftp.shrubbery.net/pub/rancid/rancid-2.3.3.tar.gz i'm also running fedora core 12. I did check expect and it is 5.43 i did notice that after configuring radius on the 5406 is when this problem started. Chris Gallardo Network Services 317-278-9067 wcgallar at iupui.edu On 22 , Apr 2010, at 2:50 PM, James Zuelow wrote: > > >> -----Original Message----- >> From: rancid-discuss-bounces at shrubbery.net >> [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of >> Gallardo, Winfred C >> Sent: Thursday, 22 April, 2010 10:30 >> To: rancid-discuss at shrubbery.net >> Subject: [rancid] hlogin timeout after sucessful login >> >> i'm trying to debug why hlogin hangs after successfully >> logging into a hp procurve 5406. >> >> >> i see a sucessful prompt but will not execute any of the >> simple commands I issue to hlogin. >> >> >> Any help in determining how to debug this would be greatly >> appreciated. >> > > Which version of rancid, and where did you get it from? > > For example I have to comment out a line in the Debian Squeeze version of rancid to get it to talk to my 5406. > > James > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss From jkrauska at gmail.com Thu Apr 22 18:16:54 2010 From: jkrauska at gmail.com (Joel Krauska) Date: Thu, 22 Apr 2010 11:16:54 -0700 Subject: [rancid] Re: rancid and git In-Reply-To: References: <20100421163048.GZ26678@shrubbery.net> <4BD07D7A.2070006@gmail.com> Message-ID: <4BD09296.3070800@gmail.com> seph wrote: > In git, I've been finding the actual process much cleaner. A bunch of > checkins locally, and a simpler push change sets out. Yes it still needs > a central point, but it's been much faster, and just smoother. Way > cleaner merges too. My rancid SCM repos are read-only. Checking in changes to your SCM doesn't apply those changed configs to your devices. (unless I'm missing something fundamental about rancid) Yes, git is great for handling complicated merges, but the rancid process should be the only thing doing 'commits' to the tree so complicated merges are moot. There's a git-svn tool which acts as a conduit for svn trees if you really can't grock svn. But as I say, most of the big git wins won't apply for a read-only repo. Are people using the rancid repo to push changes to devices?? Cheers, Joel From brez at brezworks.com Thu Apr 22 21:58:10 2010 From: brez at brezworks.com (Jeremy Bresley) Date: Thu, 22 Apr 2010 16:58:10 -0500 Subject: [rancid] RANCID with Nexus 7000 VDCs Message-ID: <4BD0C672.7090002@brezworks.com> Anybody using RANCID to archive the configurations of VDCs on an N7K? We are able to connect to the base system correctly, but the VDCs are not archiving correctly. We can clogin to the device and run various commands, but rancid-run against the VDCs doesn't complete. The user being used for rancid to login has been created with role vdc-admin in the VDC configuration. The log file shows: Getting missed routers: round 1. distsw01: missed cmd(s): show module,show license,dir usb1:,dir debug:,show debug,show version build-info all,show cores vdc-all,show vtp status,show environment fan,show module xbar,show environment power,show license host-id,show inventory,dir usb2:,show vlan,dir bootflash:,dir volatile:,dir slot0:,show processes log vdc-all,show environment clock,dir logflash:,show license usage,show running-config,show system redundancy status,show environment temperature,show boot distsw01: End of run not found !Software: system compile time: 3/21/2009 12:00:00 [04/05/2009 23:43:35] The only differences I see between the base and the VDCs as far as prompts go is that the VDCs display as: coresw01-distsw01# The base system displays as: coresw01# What steps can I do to troubleshoot why this is failing? Has anybody else successfully used RANCID on an N7K VDC? Thanks. Jeremy From rwest at zyedge.com Thu Apr 22 22:18:48 2010 From: rwest at zyedge.com (Ryan West) Date: Thu, 22 Apr 2010 22:18:48 +0000 Subject: [rancid] Re: RANCID with Nexus 7000 VDCs In-Reply-To: <4BD0C672.7090002@brezworks.com> References: <4BD0C672.7090002@brezworks.com> Message-ID: <5DC4853C6CC3EE4788779E0726E034DD1F3A75@zy-ex1.zyedge.local> Jeremy, > -----Original Message----- > Sent: Thursday, April 22, 2010 5:58 PM > To: rancid-discuss at shrubbery.net > Subject: [rancid] RANCID with Nexus 7000 VDCs > > Anybody using RANCID to archive the configurations of VDCs on an N7K? > > We are able to connect to the base system correctly, but the VDCs are > not archiving correctly. We can clogin to the device and run various > commands, but rancid-run against the VDCs doesn't complete. > > The user being used for rancid to login has been created with role > vdc-admin in the VDC configuration. > > The log file shows: > Getting missed routers: round 1. > distsw01: missed cmd(s): show module,show license,dir usb1:,dir > debug:,show debug,show version build-info all,show cores vdc-all,show > vtp status,show environment fan,show module xbar,show environment > power,show license host-id,show inventory,dir usb2:,show vlan,dir > bootflash:,dir volatile:,dir slot0:,show processes log vdc-all,show > environment clock,dir logflash:,show license usage,show > running-config,show system redundancy status,show environment > temperature,show boot > distsw01: End of run not found > !Software: system compile time: 3/21/2009 12:00:00 [04/05/2009 23:43:35] > > The only differences I see between the base and the VDCs as far as > prompts go is that the VDCs display as: > coresw01-distsw01# > The base system displays as: > coresw01# > You'll want to check out the usercmd modification to make this happen. Hopefully this will point you in the right direction. http://www.shrubbery.net/pipermail/rancid-discuss/2006-May/001490.html -ryan From david at prophecy.net.nz Thu Apr 22 22:21:42 2010 From: david at prophecy.net.nz (David Young) Date: Fri, 23 Apr 2010 10:21:42 +1200 Subject: [rancid] Has anybody solved the extreme "unsaved changes" bug? Message-ID: <4BD0CBF6.7010203@prophecy.net.nz> Hi all, I refer to this issue: http://www.shrubbery.net/pipermail/rancid-discuss/2009-January/003614.html It seems that running RANCID against an extreme switch puts it into an "unsaved" state (maybe because of the clipaging?), and so while the first run is successful, any subsequent runs fail because of the asterisk in the prompt... i.e.: > > "expect -nobrace -re {* 300e48-x.([^#>\r\n]+)?[#>](\([^)\r\n]+\))?} {} -re {[ > > ^M]+} { exp_continue }" Thanks :) David From wpereira at pop-sp.rnp.br Thu Apr 22 22:32:55 2010 From: wpereira at pop-sp.rnp.br (Wagner Pereira) Date: Thu, 22 Apr 2010 19:32:55 -0300 Subject: [rancid] Re: Has anybody solved the extreme "unsaved changes" bug? In-Reply-To: <4BD0CBF6.7010203@prophecy.net.nz> References: <4BD0CBF6.7010203@prophecy.net.nz> Message-ID: <4BD0CE97.4030703@pop-sp.rnp.br> Hey, David. I would love to facing up this issue right now, you bet! But I am still trying to catch the configuration of my Extreme Alpine 3804 switch. It sounds like it is not too easy to run Rancid against Extreme devices, isn't it? I would appreciate any clue about Rancid X Extreme. Hugs, -- Wagner Pereira PoP-SP/RNP - Ponto de Presen?a da RNP em S?o Paulo CCE/USP - Centro de Computa??o Eletr?nica da Universidade de S?o Paulo http://www.pop-sp.rnp.br Tel. (11) 3091-8901 Em 22/4/2010 19:21, David Young escreveu: > Hi all, > > I refer to this issue: > > http://www.shrubbery.net/pipermail/rancid-discuss/2009-January/003614.html > > It seems that running RANCID against an extreme switch puts it into an > "unsaved" state (maybe because of the clipaging?), and so while the > first run is successful, any subsequent runs fail because of the > asterisk in the prompt... > > i.e.: > > >>> "expect -nobrace -re {* 300e48-x.([^#>\r\n]+)?[#>](\([^)\r\n]+\))?} >>> > {} -re {[ > >>> ^M]+} { exp_continue }" >>> > Thanks :) > David > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > From heas at shrubbery.net Thu Apr 22 23:49:54 2010 From: heas at shrubbery.net (john heasley) Date: Thu, 22 Apr 2010 16:49:54 -0700 Subject: [rancid] Re: Has anybody solved the extreme "unsaved changes" bug? In-Reply-To: <4BD0CBF6.7010203@prophecy.net.nz> References: <4BD0CBF6.7010203@prophecy.net.nz> Message-ID: <20100422234954.GV24599@shrubbery.net> Fri, Apr 23, 2010 at 10:21:42AM +1200, David Young: > Hi all, > > I refer to this issue: > > http://www.shrubbery.net/pipermail/rancid-discuss/2009-January/003614.html > > It seems that running RANCID against an extreme switch puts it into an > "unsaved" state (maybe because of the clipaging?), and so while the > first run is successful, any subsequent runs fail because of the > asterisk in the prompt... > > i.e.: > > > > "expect -nobrace -re {* 300e48-x.([^#>\r\n]+)?[#>](\([^)\r\n]+\))?} > {} -re {[ > > > ^M]+} { exp_continue }" this should work; it used to. we have one for testing but its not up yet. send the o/p of clogin -d -s 'show version' host >log 2>&1. that should identify the issue. i'd first make sure that you're using expect >= 5.43 and rancid 2.3.3. From istong at costar.com Tue Apr 27 12:48:25 2010 From: istong at costar.com (Ian Stong) Date: Tue, 27 Apr 2010 08:48:25 -0400 Subject: [rancid] Re: RANCID with Nexus 7000 In-Reply-To: <5DC4853C6CC3EE4788779E0726E034DD1F3A75@zy-ex1.zyedge.local> References: <4BD0C672.7090002@brezworks.com> <5DC4853C6CC3EE4788779E0726E034DD1F3A75@zy-ex1.zyedge.local> Message-ID: Hi, I'm using the nxrancid file and am able to successfully connect to the 7k using nxrancid -d device_ip. However when I run rancid via cron for all my devices, including this one, it doesn't work. In the router.db file I added 7k_ip:cisco:up but I'm not sure that is enough to tell rancid to use the nxrancid file versus the standard cisco rancid file. I read the router.db(5) man page and there is no mention of how to do this other than specifying Cisco for the type. Please advise on how to tell rancid to use the nxrancid file for this device. Thanks, Ian From rwest at zyedge.com Tue Apr 27 12:52:47 2010 From: rwest at zyedge.com (Ryan West) Date: Tue, 27 Apr 2010 12:52:47 +0000 Subject: [rancid] Re: RANCID with Nexus 7000 In-Reply-To: References: <4BD0C672.7090002@brezworks.com> <5DC4853C6CC3EE4788779E0726E034DD1F3A75@zy-ex1.zyedge.local> Message-ID: <5DC4853C6CC3EE4788779E0726E034DD1FFF39@zy-ex1.zyedge.local> Ian, > -----Original Message----- > Sent: Tuesday, April 27, 2010 8:48 AM > To: rancid-discuss at shrubbery.net > Subject: [rancid] Re: RANCID with Nexus 7000 > > Hi, > > I'm using the nxrancid file and am able to successfully connect to the > 7k using nxrancid -d device_ip. However when I run rancid via cron for > all my devices, including this one, it doesn't work. In the router.db > file I added 7k_ip:cisco:up but I'm not sure that is enough to tell > rancid to use the nxrancid file versus the standard cisco rancid file. I > read the router.db(5) man page and there is no mention of how to do this > other than specifying Cisco for the type. > You'll need to adjust your rancid-fe file and call to it with something like 7k_ip:nexus:up, assuming nexus is how you have it defined in rancid-fe. -ryan From brez at brezworks.com Tue Apr 27 15:11:02 2010 From: brez at brezworks.com (Jeremy Bresley) Date: Tue, 27 Apr 2010 10:11:02 -0500 Subject: [rancid] Re: RANCID with Nexus 7000 In-Reply-To: <5DC4853C6CC3EE4788779E0726E034DD1FFF39@zy-ex1.zyedge.local> References: <4BD0C672.7090002@brezworks.com> <5DC4853C6CC3EE4788779E0726E034DD1F3A75@zy-ex1.zyedge.local> <5DC4853C6CC3EE4788779E0726E034DD1FFF39@zy-ex1.zyedge.local> Message-ID: <4BD6FE86.9070907@brezworks.com> On 4/27/2010 7:52 AM, Ryan West wrote: > Ian, > > >> -----Original Message----- >> Sent: Tuesday, April 27, 2010 8:48 AM >> To: rancid-discuss at shrubbery.net >> Subject: [rancid] Re: RANCID with Nexus 7000 >> >> Hi, >> >> I'm using the nxrancid file and am able to successfully connect to the >> 7k using nxrancid -d device_ip. However when I run rancid via cron for >> all my devices, including this one, it doesn't work. In the router.db >> file I added 7k_ip:cisco:up but I'm not sure that is enough to tell >> rancid to use the nxrancid file versus the standard cisco rancid file. I >> read the router.db(5) man page and there is no mention of how to do this >> other than specifying Cisco for the type. >> >> > You'll need to adjust your rancid-fe file and call to it with something like 7k_ip:nexus:up, assuming nexus is how you have it defined in rancid-fe. > > -ryan > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > Use type cisco-nx for Nexus gear. This will have nxrancid run instead of rancid. Jeremy From wcgallar at iupui.edu Tue Apr 27 18:01:10 2010 From: wcgallar at iupui.edu (Gallardo, Winfred C) Date: Tue, 27 Apr 2010 14:01:10 -0400 Subject: [rancid] question if anybody can answer Message-ID: <09972508-54F8-4937-8B54-7CBF28A7D101@iupui.edu> what is the character limit for passing commands to clogin? for example clogin -c 'conf t.......' router_address i modify alot of acls and unfortunately some don't have indexes so the acl must be erased then rebuilt so each line of the acl is in its appropriate spot in the config. Chris Gallardo Network Services 317-278-9067 wcgallar at iupui.edu From heas at shrubbery.net Tue Apr 27 18:14:51 2010 From: heas at shrubbery.net (john heasley) Date: Tue, 27 Apr 2010 11:14:51 -0700 Subject: [rancid] Re: question if anybody can answer In-Reply-To: <09972508-54F8-4937-8B54-7CBF28A7D101@iupui.edu> References: <09972508-54F8-4937-8B54-7CBF28A7D101@iupui.edu> Message-ID: <20100427181451.GG10713@shrubbery.net> Tue, Apr 27, 2010 at 02:01:10PM -0400, Gallardo, Winfred C: > what is the character limit for passing commands to clogin? > > > for example > > > clogin -c 'conf t.......' router_address command line limit of your o/s, afaik. you're better off with a tftp/rcp/ftp file upload to running-config or clogin -x. > > i modify alot of acls and unfortunately some don't have indexes so the acl must be erased then rebuilt so each line of the acl is in its appropriate spot in the config. > > > > Chris Gallardo > Network Services > 317-278-9067 > wcgallar at iupui.edu > > > > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss From Drikus.Brits at vodacom.co.za Tue Apr 27 18:12:36 2010 From: Drikus.Brits at vodacom.co.za (Drikus Brits) Date: Tue, 27 Apr 2010 20:12:36 +0200 Subject: [rancid] Re: question if anybody can answer In-Reply-To: <09972508-54F8-4937-8B54-7CBF28A7D101@iupui.edu> References: <09972508-54F8-4937-8B54-7CBF28A7D101@iupui.edu> Message-ID: <2462C3A55E5DA04395C77B0400E5300306E2397B2B@ZAMDC02104.vodacom.corp> hi. personally i have added quite alot of commands in a one-liner using the cli -c option. Never counted the amount of chars i used though , but from the top of my head, i'd say it is most likely OS dependant d. ________________________________________ From: rancid-discuss-bounces at shrubbery.net [rancid-discuss-bounces at shrubbery.net] On Behalf Of Gallardo, Winfred C [wcgallar at iupui.edu] Sent: Tuesday, April 27, 2010 8:01 PM To: rancid-discuss at shrubbery.net Subject: [rancid] question if anybody can answer what is the character limit for passing commands to clogin? for example clogin -c 'conf t.......' router_address i modify alot of acls and unfortunately some don't have indexes so the acl must be erased then rebuilt so each line of the acl is in its appropriate spot in the config. Chris Gallardo Network Services 317-278-9067 wcgallar at iupui.edu _______________________________________________ Rancid-discuss mailing list Rancid-discuss at shrubbery.net http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss ?This e-mail is sent on the Terms and Conditions that can be accessed by Clicking on this link http://www.vodacom.co.za/legal/email.jsp " From mstefani at redhat.com Tue Apr 27 20:04:03 2010 From: mstefani at redhat.com (Michael Stefaniuc) Date: Tue, 27 Apr 2010 22:04:03 +0200 Subject: [rancid] [PATCH] Add support for the Cisco WLC Message-ID: <4BD74333.3020806@redhat.com> Hello guys, I hoped that somebody would beat me to add the Cisco WLC upstream... Though there was a lot of interest in testing such a patch so here it is. Especially testing on versions 4.x is needed as I could test it only on 5.2.x and 6.0.x. The attached patch is heavily based on the scripts posted by Ryan West here on rancid-discuss (http://www.shrubbery.net/pipermail/rancid-discuss/2010-February/004652.html). The patch applies on top of 2.3.3 and the license of the portions done by me is as always "whatever it takes to get the patch accepted upstream". My modifications: ----------------- - Rename ciscowlc5 to wlcrancid. - Rename wlogin to wlclogin. - Merge support for version 4.x into wlcrancid (*untested*). - Add -V command line arg to wlclogin/wlcrancid. - Remove the "!--WLC Begin Config Data--" markers. - Cleanups in wlcrancid (indentation, whitespace). - Added the needed configure/Makefile changes. Todo: ----- I might work on this items, when I get the time for it is a totally different story. - Add man pages for wlclogin/wlcrancid - From the parsed info generate the headers (comments) that rancid adds, e.g.: + !Chassis type: + !Processor ID: + !Image: Software: - Get rid of the "!WLC Show Udi Start" and "!WLC Show Sysinfo Start" markers too. bye michael -- Michael Stefaniuc Tel.: +49-711-96437-199 Consulting Communications Engineer Fax.: +49-711-96437-111 -------------------------------------------------------------------- Reg. Adresse: Red Hat GmbH, Otto-Hahn-Strasse 20, 85609 Dornach Handelsregister: Amtsgericht Muenchen HRB 153243 Gesch?ftsf?hrer: Brendan Lane, Charlie Peters, Michael Cunningham, Charles Cachera -------------- next part -------------- A non-text attachment was scrubbed... Name: rancid-ciscowlc.diff Type: text/x-patch Size: 38109 bytes Desc: not available Url : http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20100427/51468c62/attachment.bin From rwest at zyedge.com Tue Apr 27 23:46:53 2010 From: rwest at zyedge.com (Ryan West) Date: Tue, 27 Apr 2010 23:46:53 +0000 Subject: [rancid] Re: [PATCH] Add support for the Cisco WLC In-Reply-To: <4BD74333.3020806@redhat.com> References: <4BD74333.3020806@redhat.com> Message-ID: <5DC4853C6CC3EE4788779E0726E034DD201CDC@zy-ex1.zyedge.local> Michael, > -----Original Message----- > From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss- > bounces at shrubbery.net] On Behalf Of Michael Stefaniuc > Sent: Tuesday, April 27, 2010 4:04 PM > To: rancid-discuss at shrubbery.net > Subject: [rancid] [PATCH] Add support for the Cisco WLC > > Hello guys, > > I hoped that somebody would beat me to add the Cisco WLC upstream... > Though there was a lot of interest in testing such a patch so here it is. > Especially testing on versions 4.x is needed as I could test it only on 5.2.x > and 6.0.x. It's much cleaner with this version, but it's still failing on the pager or an expect loop. I would move over to version 6 assurewave but I think I would hit some of the bugs, so I'm holding on to 4.2.207 for a bit longer. Here is what's happening: rancid at netman:~/bin$ rancid-run -V rancid 2.3.3 rancid at netman:~/bin$ expect -v expect version 5.43.0 - debian Lenny 5.43.0-17 build rancid at netman:~/bin$ wlclogin -c 'show run-config commands' cisco-wlc4 cisco-wlc4 spawn ssh -c 3des -x -l adminuser1234 cisco-wlc4 (Cisco Controller) User: adminuser1234 Password:******** (Cisco Controller) > (Cisco Controller) >term length 0 Incorrect usage. Use the '?' or key to list commands. (Cisco Controller) >show run-config commands System Inventory NAME: "Chassis" , DESCR: "4400 Series WLAN Controller:12 APs" PID: AIR-WLC4402-12-K9, VID: V02, SN: FOC11111111 Burned-in MAC Address............................ xx:xx:xx:xx:xx:xx Crypto Accelerator 1............................. Absent Crypto Accelerator 2............................. Absent Power Supply 1................................... Absent Power Supply 2................................... Present, OK Error: TIMEOUT reached ============ same command with debug level set ========================= (Cisco Controller) > expect: does "term length 0\r\n\r\nIncorrect usage. Use the '?' or key to list commands.\r\n\r\n(Cisco Controller) >" (spawn_id exp6) match regular expression "\(Cisco Con([^#>\r\n]+)?[#>](\([^)\r\n]+\))?"? yes expect: set expect_out(0,string) "(Cisco Controller) >" expect: set expect_out(1,string) "troller) " expect: set expect_out(spawn_id) "exp6" expect: set expect_out(buffer) "term length 0\r\n\r\nIncorrect usage. Use the '?' or key to list commands.\r\n\r\n(Cisco Controller) >" send: sending "show run-config commands\r" to { exp6 } expect: does "" (spawn_id exp6) match regular expression "\u0008+"? no "^[^\n\r *]*\(Cisco Con([^#>\r\n]+)?[#>](\([^)\r\n]+\))?"? no "^[^\n\r]*\(Cisco Con([^#>\r\n]+)?[#>](\([^)\r\n]+\))?."? no "^--More--\r\n"? no "[\n\r]+"? no "[^\r\n]*Press to cont[^\r\n]*"? no "^ *--More--[^\n\r]*"? no "^<-+ More -+>[^\n\r]*"? no "^Press Enter to continue or to abort[^\n\r]*"? no expect: does "s" (spawn_id exp6) match regular expression "\u0008+"? no "^[^\n\r *]*\(Cisco Con([^#>\r\n]+)?[#>](\([^)\r\n]+\))?"? no "^[^\n\r]*\(Cisco Con([^#>\r\n]+)?[#>](\([^)\r\n]+\))?."? no "^--More--\r\n"? no "[\n\r]+"? no "[^\r\n]*Press to cont[^\r\n]*"? no "^ *--More--[^\n\r]*"? no "^<-+ More -+>[^\n\r]*"? no "^Press Enter to continue or to abort[^\n\r]*"? no expect: does "show run-config commands\r\nSystem Inventory\n\rNAME: "Chassis" , DESCR: "4400 Series WLAN Controller:12 APs"\n\rPID: AIR-WLC4402-12-K9, VID: V02, SN: FOC11111111\r\n\r\nBurned-in MAC Address............................ xx:xx:xx:xx:xx:xx\r\nCrypto Accelerator 1............................. Absent\r\nCrypto Accelerator 2............................. Absent\r\nPower Supply 1................................... Absent\r\nPower Supply 2................................... Present, OK\r\n\r\nPress Enter to continue Or to abort" (spawn_id exp6) match regular expression "\u0008+"? no "^[^\n\r *]*\(Cisco Con([^#>\r\n]+)?[#>](\([^)\r\n]+\))?"? no "^[^\n\r]*\(Cisco Con([^#>\r\n]+)?[#>](\([^)\r\n]+\))?."? no "^--More--\r\n"? no "[\n\r]+"? yes expect: set expect_out(0,string) "\r\n" expect: set expect_out(spawn_id) "exp6" expect: set expect_out(buffer) "show run-config commands\r\n" show run-config commands expect: continuing expect expect: does "System Inventory\n\rNAME: "Chassis" , DESCR: "4400 Series WLAN Controller:12 APs"\n\rPID: AIR-WLC4402-12-K9, VID: V02, SN: FOC11111111\r\n\r\nBurned-in MAC Address............................ xx:xx:xx:xx:xx:xx\r\nCrypto Accelerator 1............................. Absent\r\nCrypto Accelerator 2............................. Absent\r\nPower Supply 1................................... Absent\r\nPower Supply 2................................... Present, OK\r\n\r\nPress Enter to continue Or to abort" (spawn_id exp6) match regular expression "\u0008+"? no "^[^\n\r *]*\(Cisco Con([^#>\r\n]+)?[#>](\([^)\r\n]+\))?"? no "^[^\n\r]*\(Cisco Con([^#>\r\n]+)?[#>](\([^)\r\n]+\))?."? no "^--More--\r\n"? no "[\n\r]+"? yes expect: set expect_out(0,string) "\n\r" expect: set expect_out(spawn_id) "exp6" expect: set expect_out(buffer) "System Inventory\n\r" System Inventory expect: continuing expect expect: does "NAME: "Chassis" , DESCR: "4400 Series WLAN Controller:12 APs"\n\rPID: AIR-WLC4402-12-K9, VID: V02, SN: FOC11111111\r\n\r\nBurned-in MAC Address............................ xx:xx:xx:xx:xx:xx\r\nCrypto Accelerator 1............................. Absent\r\nCrypto Accelerator 2............................. Absent\r\nPower Supply 1................................... Absent\r\nPower Supply 2................................... Present, OK\r\n\r\nPress Enter to continue Or to abort" (spawn_id exp6) match regular expression "\u0008+"? no "^[^\n\r *]*\(Cisco Con([^#>\r\n]+)?[#>](\([^)\r\n]+\))?"? no "^[^\n\r]*\(Cisco Con([^#>\r\n]+)?[#>](\([^)\r\n]+\))?."? no "^--More--\r\n"? no "[\n\r]+"? yes expect: set expect_out(0,string) "\n\r" expect: set expect_out(spawn_id) "exp6" expect: set expect_out(buffer) "NAME: "Chassis" , DESCR: "4400 Series WLAN Controller:12 APs"\n\r" NAME: "Chassis" , DESCR: "4400 Series WLAN Controller:12 APs" expect: continuing expect expect: does "PID: AIR-WLC4402-12-K9, VID: V02, SN: FOC11111111\r\n\r\nBurned-in MAC Address............................ xx:xx:xx:xx:xx:xx\r\nCrypto Accelerator 1............................. Absent\r\nCrypto Accelerator 2............................. Absent\r\nPower Supply 1................................... Absent\r\nPower Supply 2................................... Present, OK\r\n\r\nPress Enter to continue Or to abort" (spawn_id exp6) match regular expression "\u0008+"? no "^[^\n\r *]*\(Cisco Con([^#>\r\n]+)?[#>](\([^)\r\n]+\))?"? no "^[^\n\r]*\(Cisco Con([^#>\r\n]+)?[#>](\([^)\r\n]+\))?."? no "^--More--\r\n"? no "[\n\r]+"? yes expect: set expect_out(0,string) "\r\n\r\n" expect: set expect_out(spawn_id) "exp6" expect: set expect_out(buffer) "PID: AIR-WLC4402-12-K9, VID: V02, SN: FOC11111111\r\n\r\n" PID: AIR-WLC4402-12-K9, VID: V02, SN: FOC11111111 expect: continuing expect expect: does "Burned-in MAC Address............................ xx:xx:xx:xx:xx:xx\r\nCrypto Accelerator 1............................. Absent\r\nCrypto Accelerator 2............................. Absent\r\nPower Supply 1................................... Absent\r\nPower Supply 2................................... Present, OK\r\n\r\nPress Enter to continue Or to abort" (spawn_id exp6) match regular expression "\u0008+"? no "^[^\n\r *]*\(Cisco Con([^#>\r\n]+)?[#>](\([^)\r\n]+\))?"? no "^[^\n\r]*\(Cisco Con([^#>\r\n]+)?[#>](\([^)\r\n]+\))?."? no "^--More--\r\n"? no "[\n\r]+"? yes expect: set expect_out(0,string) "\r\n" expect: set expect_out(spawn_id) "exp6" expect: set expect_out(buffer) "Burned-in MAC Address............................ xx:xx:xx:xx:xx:xx\r\n" Burned-in MAC Address............................ xx:xx:xx:xx:xx:xx expect: continuing expect expect: does "Crypto Accelerator 1............................. Absent\r\nCrypto Accelerator 2............................. Absent\r\nPower Supply 1................................... Absent\r\nPower Supply 2................................... Present, OK\r\n\r\nPress Enter to continue Or to abort" (spawn_id exp6) match regular expression "\u0008+"? no "^[^\n\r *]*\(Cisco Con([^#>\r\n]+)?[#>](\([^)\r\n]+\))?"? no "^[^\n\r]*\(Cisco Con([^#>\r\n]+)?[#>](\([^)\r\n]+\))?."? no "^--More--\r\n"? no "[\n\r]+"? yes expect: set expect_out(0,string) "\r\n" expect: set expect_out(spawn_id) "exp6" expect: set expect_out(buffer) "Crypto Accelerator 1............................. Absent\r\n" Crypto Accelerator 1............................. Absent expect: continuing expect expect: does "Crypto Accelerator 2............................. Absent\r\nPower Supply 1................................... Absent\r\nPower Supply 2................................... Present, OK\r\n\r\nPress Enter to continue Or to abort" (spawn_id exp6) match regular expression "\u0008+"? no "^[^\n\r *]*\(Cisco Con([^#>\r\n]+)?[#>](\([^)\r\n]+\))?"? no "^[^\n\r]*\(Cisco Con([^#>\r\n]+)?[#>](\([^)\r\n]+\))?."? no "^--More--\r\n"? no "[\n\r]+"? yes expect: set expect_out(0,string) "\r\n" expect: set expect_out(spawn_id) "exp6" expect: set expect_out(buffer) "Crypto Accelerator 2............................. Absent\r\n" Crypto Accelerator 2............................. Absent expect: continuing expect expect: does "Power Supply 1................................... Absent\r\nPower Supply 2................................... Present, OK\r\n\r\nPress Enter to continue Or to abort" (spawn_id exp6) match regular expression "\u0008+"? no "^[^\n\r *]*\(Cisco Con([^#>\r\n]+)?[#>](\([^)\r\n]+\))?"? no "^[^\n\r]*\(Cisco Con([^#>\r\n]+)?[#>](\([^)\r\n]+\))?."? no "^--More--\r\n"? no "[\n\r]+"? yes expect: set expect_out(0,string) "\r\n" expect: set expect_out(spawn_id) "exp6" expect: set expect_out(buffer) "Power Supply 1................................... Absent\r\n" Power Supply 1................................... Absent expect: continuing expect expect: does "Power Supply 2................................... Present, OK\r\n\r\nPress Enter to continue Or to abort" (spawn_id exp6) match regular expression "\u0008+"? no "^[^\n\r *]*\(Cisco Con([^#>\r\n]+)?[#>](\([^)\r\n]+\))?"? no "^[^\n\r]*\(Cisco Con([^#>\r\n]+)?[#>](\([^)\r\n]+\))?."? no "^--More--\r\n"? no "[\n\r]+"? yes expect: set expect_out(0,string) "\r\n\r\n" expect: set expect_out(spawn_id) "exp6" expect: set expect_out(buffer) "Power Supply 2................................... Present, OK\r\n\r\n" Power Supply 2................................... Present, OK expect: continuing expect expect: does "Press Enter to continue Or to abort" (spawn_id exp6) match regular expression "\u0008+"? no "^[^\n\r *]*\(Cisco Con([^#>\r\n]+)?[#>](\([^)\r\n]+\))?"? no "^[^\n\r]*\(Cisco Con([^#>\r\n]+)?[#>](\([^)\r\n]+\))?."? no "^--More--\r\n"? no "[\n\r]+"? no "[^\r\n]*Press to cont[^\r\n]*"? no "^ *--More--[^\n\r]*"? no "^<-+ More -+>[^\n\r]*"? no "^Press Enter to continue or to abort[^\n\r]*"? no expect: timed out Error: TIMEOUT reached write() failed to write anything - will sleep(1) and retry... When the 'show run-config commands' is run from CLI, I am able to page properly through the file. Can anyone shed any light on what might be causing what appears to be an expect loop? Thanks, -ryan From heas at shrubbery.net Wed Apr 28 08:44:05 2010 From: heas at shrubbery.net (john heasley) Date: Wed, 28 Apr 2010 08:44:05 +0000 Subject: [rancid] Re: [PATCH] Add support for the Cisco WLC In-Reply-To: <5DC4853C6CC3EE4788779E0726E034DD201CDC@zy-ex1.zyedge.local> References: <4BD74333.3020806@redhat.com> <5DC4853C6CC3EE4788779E0726E034DD201CDC@zy-ex1.zyedge.local> Message-ID: <20100428084405.GE21185@shrubbery.net> Tue, Apr 27, 2010 at 11:46:53PM +0000, Ryan West: > Michael, > > > -----Original Message----- > > From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss- > > bounces at shrubbery.net] On Behalf Of Michael Stefaniuc > > Sent: Tuesday, April 27, 2010 4:04 PM > > To: rancid-discuss at shrubbery.net > > Subject: [rancid] [PATCH] Add support for the Cisco WLC > > > > Hello guys, > > > > I hoped that somebody would beat me to add the Cisco WLC upstream... > > Though there was a lot of interest in testing such a patch so here it is. > > Especially testing on versions 4.x is needed as I could test it only on 5.2.x > > and 6.0.x. > > It's much cleaner with this version, but it's still failing on the pager or an expect loop. I would move over to version 6 assurewave but I think I would hit some of the bugs, so I'm holding on to 4.2.207 for a bit longer. > > Here is what's happening: > > rancid at netman:~/bin$ rancid-run -V > rancid 2.3.3 > rancid at netman:~/bin$ expect -v > expect version 5.43.0 - debian Lenny 5.43.0-17 build > > > rancid at netman:~/bin$ wlclogin -c 'show run-config commands' cisco-wlc4 > cisco-wlc4 > spawn ssh -c 3des -x -l adminuser1234 cisco-wlc4 > > > (Cisco Controller) > User: adminuser1234 > Password:******** > (Cisco Controller) > > (Cisco Controller) >term length 0 > > Incorrect usage. Use the '?' or key to list commands. > > expect: does "Press Enter to continue Or to abort" (spawn_id exp6) match regular expression "\u0008+"? no > "^[^\n\r *]*\(Cisco Con([^#>\r\n]+)?[#>](\([^)\r\n]+\))?"? no > "^[^\n\r]*\(Cisco Con([^#>\r\n]+)?[#>](\([^)\r\n]+\))?."? no > "^--More--\r\n"? no > "[\n\r]+"? no > "[^\r\n]*Press to cont[^\r\n]*"? no > "^ *--More--[^\n\r]*"? no > "^<-+ More -+>[^\n\r]*"? no > "^Press Enter to continue or to abort[^\n\r]*"? no > expect: timed out > > Error: TIMEOUT reached > write() failed to write anything - will sleep(1) and retry... > > When the 'show run-config commands' is run from CLI, I am able to page properly through the file. Can anyone shed any light on what might be causing what appears to be an expect loop? > the pager is waiting. From istong at costar.com Wed Apr 28 12:33:48 2010 From: istong at costar.com (Ian Stong) Date: Wed, 28 Apr 2010 08:33:48 -0400 Subject: [rancid] RANCID with Nexus 5000 - partial success In-Reply-To: <5DC4853C6CC3EE4788779E0726E034DD1F3A75@zy-ex1.zyedge.local> References: <4BD0C672.7090002@brezworks.com> <5DC4853C6CC3EE4788779E0726E034DD1F3A75@zy-ex1.zyedge.local> Message-ID: Using the nxrancid file I still had some issues getting it to work with the Nexus 5020. I eventually got it working by commenting out several commands it tries to run by default. The one command that I do care about that I had to comment out was the show version command. Running nxrancid -d host_ip with the show version uncommented resulted in the text "missed cmd(s): show license usage" - which was the very next uncommented command in the file. I commented that out and the next line was then the missed command. Eventually I figured out it was the very first command "show version" that was causing the missed cmd(s) message. What troubleshooting steps are there to determine why the show version command seems to be causing an issue? For what it's worth I ran nxrancid -d with the show version uncommented and the raw output included information on the other commands including the sh license usage output that was listed as a missed command. For now I have show version commented out and rancid has created CVS entries for the other commands outputs which is a great start. Thanks, Ian Stong From zeusdadog at gmail.com Wed Apr 28 13:08:55 2010 From: zeusdadog at gmail.com (Jay Nakamura) Date: Wed, 28 Apr 2010 09:08:55 -0400 Subject: [rancid] Cisco 7500 and flash size Message-ID: So, we have a Cisco 7500 with RSP4 and rancid keeps reporting the following line changed. It should be this !Memory: pcmcia Flash slot0 32768K But it keeps changing to this and back to normal !Memory: pcmcia Flash slot0 20480K The slave RSP has the smaller flash. Router hasn't switched RSP. I tried to figure out where rancid was grabbing this info and how it's confusing it but I haven't had any luck with it yet. Anyone ran into this? From heas at shrubbery.net Wed Apr 28 17:23:38 2010 From: heas at shrubbery.net (john heasley) Date: Wed, 28 Apr 2010 10:23:38 -0700 Subject: [rancid] Re: RANCID with Nexus 5000 - partial success In-Reply-To: References: <4BD0C672.7090002@brezworks.com> <5DC4853C6CC3EE4788779E0726E034DD1F3A75@zy-ex1.zyedge.local> Message-ID: <20100428172338.GB22608@shrubbery.net> Wed, Apr 28, 2010 at 08:33:48AM -0400, Ian Stong: > Using the nxrancid file I still had some issues getting it to work with > the Nexus 5020. I eventually got it working by commenting out several > commands it tries to run by default. The one command that I do care > about that I had to comment out was the show version command. > > Running nxrancid -d host_ip with the show version uncommented resulted > in the text "missed cmd(s): show license usage" - which was the very > next uncommented command in the file. I commented that out and the next > line was then the missed command. Eventually I figured out it was the > very first command "show version" that was causing the missed cmd(s) > message. you have the nexus bug where the next cli prompt is mingled with the last line of the show version. please complain to the cisco TAC. > What troubleshooting steps are there to determine why the show version > command seems to be causing an issue? For what it's worth I ran > nxrancid -d with the show version uncommented and the raw output > included information on the other commands including the sh license > usage output that was listed as a missed command. > > For now I have show version commented out and rancid has created CVS > entries for the other commands outputs which is a great start. > > > Thanks, > > Ian Stong > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss From mstefani at redhat.com Wed Apr 28 22:11:17 2010 From: mstefani at redhat.com (Michael Stefaniuc) Date: Thu, 29 Apr 2010 00:11:17 +0200 Subject: [rancid] Re: [PATCH] Add support for the Cisco WLC In-Reply-To: <5DC4853C6CC3EE4788779E0726E034DD201CDC@zy-ex1.zyedge.local> References: <4BD74333.3020806@redhat.com> <5DC4853C6CC3EE4788779E0726E034DD201CDC@zy-ex1.zyedge.local> Message-ID: <4BD8B285.2020901@redhat.com> On 04/28/2010 01:46 AM, Ryan West wrote: Hello Ryan, >> -----Original Message----- >> From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss- >> bounces at shrubbery.net] On Behalf Of Michael Stefaniuc >> Sent: Tuesday, April 27, 2010 4:04 PM >> To: rancid-discuss at shrubbery.net >> Subject: [rancid] [PATCH] Add support for the Cisco WLC >> >> Hello guys, >> >> I hoped that somebody would beat me to add the Cisco WLC upstream... >> Though there was a lot of interest in testing such a patch so here it is. >> Especially testing on versions 4.x is needed as I could test it only on 5.2.x >> and 6.0.x. > > It's much cleaner with this version, but it's still failing on the pager or an expect loop. I would move over to version 6 assurewave but I think I would hit some of the bugs, so I'm holding on to 4.2.207 for a bit longer. > > Here is what's happening: thanks for the detailed report; it made it easy to figure out what goes wrong. The 4.x versions seem to use this pager prompt too: Press Enter to continue Or to abort The fix was easy aka accept both "or" and "Or" and don't send a CTRL-Z but an ENTER. It still worked just fine on my 6.0.x boxes but the 5.2.x box begged to differ... There is one place in the "show running-config" where the pager "--More-- or (q)uit" clobbers a previous line. Can you please give the attached patch a whirl? It applies on top of my previous patch. I have added also an unrelated change for wlcrancid where the "External Temperature" is filtered out too. thanks bye michael -- Michael Stefaniuc Tel.: +49-711-96437-199 Consulting Communications Engineer Fax.: +49-711-96437-111 -------------------------------------------------------------------- Reg. Adresse: Red Hat GmbH, Otto-Hahn-Strasse 20, 85609 Dornach Handelsregister: Amtsgericht Muenchen HRB 153243 Gesch?ftsf?hrer: Brendan Lane, Charlie Peters, Michael Cunningham, Charles Cachera -------------- next part -------------- A non-text attachment was scrubbed... Name: wlc-v4-fix.diff Type: text/x-patch Size: 1925 bytes Desc: not available Url : http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20100429/92247240/attachment.bin From rwest at zyedge.com Thu Apr 29 03:12:28 2010 From: rwest at zyedge.com (Ryan West) Date: Thu, 29 Apr 2010 03:12:28 +0000 Subject: [rancid] Re: [PATCH] Add support for the Cisco WLC In-Reply-To: <4BD8B285.2020901@redhat.com> References: <4BD74333.3020806@redhat.com> <5DC4853C6CC3EE4788779E0726E034DD201CDC@zy-ex1.zyedge.local> <4BD8B285.2020901@redhat.com> Message-ID: <5DC4853C6CC3EE4788779E0726E034DD2052DC@zy-ex1.zyedge.local> Michael, > -----Original Message----- > From: Michael Stefaniuc [mailto:mstefani at redhat.com] > Sent: Wednesday, April 28, 2010 6:11 PM > To: Ryan West > Cc: rancid-discuss at shrubbery.net > Subject: Re: [rancid] [PATCH] Add support for the Cisco WLC > > On 04/28/2010 01:46 AM, Ryan West wrote: > Hello Ryan, > > >> -----Original Message----- > >> From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss- > >> bounces at shrubbery.net] On Behalf Of Michael Stefaniuc > >> Sent: Tuesday, April 27, 2010 4:04 PM > >> To: rancid-discuss at shrubbery.net > >> Subject: [rancid] [PATCH] Add support for the Cisco WLC > >> > >> Hello guys, > >> > >> I hoped that somebody would beat me to add the Cisco WLC upstream... > >> Though there was a lot of interest in testing such a patch so here it is. > >> Especially testing on versions 4.x is needed as I could test it only > >> on 5.2.x and 6.0.x. > > > > It's much cleaner with this version, but it's still failing on the pager or > an expect loop. I would move over to version 6 assurewave but I think I would > hit some of the bugs, so I'm holding on to 4.2.207 for a bit longer. > > > > Here is what's happening: > thanks for the detailed report; it made it easy to figure out what goes wrong. > The 4.x versions seem to use this pager prompt too: > Press Enter to continue Or to abort > > The fix was easy aka accept both "or" and "Or" and don't send a CTRL-Z but an > ENTER. It still worked just fine on my 6.0.x boxes but the 5.2.x box begged to > differ... There is one place in the "show running-config" where the pager "-- > More-- or (q)uit" clobbers a previous line. > > Can you please give the attached patch a whirl? It applies on top of my > previous patch. I have added also an unrelated change for wlcrancid where the > "External Temperature" is filtered out too. > I worked through the pager issues earlier as well, I used ^.*--More--.* to match on the unclean line. The problem still exists though, the output from 'show run-config commands' is very detailed and will change a lot over time. Some logic would need to be added to determine the major code version before issuing the commandtable. Here's some output: Radio Type..................................... RADIO_TYPE_80211b/g Noise Information Noise Profile................................ PASSED Channel 1.................................... -103 dBm Channel 2.................................... -98 dBm Channel 3.................................... -93 dBm Channel 4.................................... -97 dBm Channel 5.................................... -100 dBm Channel 6.................................... -102 dBm Channel 7.................................... -99 dBm Channel 8.................................... -95 dBm Channel 9.................................... -94 dBm Channel 10................................... -102 dBm Channel 11................................... -101 dBm Interference Information Interference Profile......................... PASSED Channel 1.................................... -80 dBm @ 5 % busy Channel 2.................................... -128 dBm @ 0 % busy ............................. -128 dBm @ 0 % busy Channel 4.................................... -128 dBm @ 0 % busy Channel 5.................................... -128 dBm @ 0 % busy Channel 6.................................... -78 dBm @ 5 % busy Channel 7.................................... -128 dBm @ 0 % busy Channel 8.................................... -128 dBm @ 0 % busy Channel 9.................................... -128 dBm @ 0 % busy Channel 10................................... -86 dBm @ 1 % busy Channel 11................................... -75 dBm @ 4 % busy Thanks, -ryan From heas at shrubbery.net Thu Apr 29 05:20:12 2010 From: heas at shrubbery.net (john heasley) Date: Thu, 29 Apr 2010 05:20:12 +0000 Subject: [rancid] Re: [PATCH] Add support for the Cisco WLC In-Reply-To: <5DC4853C6CC3EE4788779E0726E034DD2052DC@zy-ex1.zyedge.local> References: <4BD74333.3020806@redhat.com> <5DC4853C6CC3EE4788779E0726E034DD201CDC@zy-ex1.zyedge.local> <4BD8B285.2020901@redhat.com> <5DC4853C6CC3EE4788779E0726E034DD2052DC@zy-ex1.zyedge.local> Message-ID: <20100429052012.GM863@shrubbery.net> Thu, Apr 29, 2010 at 03:12:28AM +0000, Ryan West: > Michael, > > > -----Original Message----- > > From: Michael Stefaniuc [mailto:mstefani at redhat.com] > > Sent: Wednesday, April 28, 2010 6:11 PM > > To: Ryan West > > Cc: rancid-discuss at shrubbery.net > > Subject: Re: [rancid] [PATCH] Add support for the Cisco WLC > > > > On 04/28/2010 01:46 AM, Ryan West wrote: > > Hello Ryan, > > > > >> -----Original Message----- > > >> From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss- > > >> bounces at shrubbery.net] On Behalf Of Michael Stefaniuc > > >> Sent: Tuesday, April 27, 2010 4:04 PM > > >> To: rancid-discuss at shrubbery.net > > >> Subject: [rancid] [PATCH] Add support for the Cisco WLC > > >> > > >> Hello guys, > > >> > > >> I hoped that somebody would beat me to add the Cisco WLC upstream... > > >> Though there was a lot of interest in testing such a patch so here it is. > > >> Especially testing on versions 4.x is needed as I could test it only > > >> on 5.2.x and 6.0.x. > > > > > > It's much cleaner with this version, but it's still failing on the pager or > > an expect loop. I would move over to version 6 assurewave but I think I would > > hit some of the bugs, so I'm holding on to 4.2.207 for a bit longer. > > > > > > Here is what's happening: > > thanks for the detailed report; it made it easy to figure out what goes wrong. > > The 4.x versions seem to use this pager prompt too: > > Press Enter to continue Or to abort > > > > The fix was easy aka accept both "or" and "Or" and don't send a CTRL-Z but an > > ENTER. It still worked just fine on my 6.0.x boxes but the 5.2.x box begged to > > differ... There is one place in the "show running-config" where the pager "-- > > More-- or (q)uit" clobbers a previous line. > > > > Can you please give the attached patch a whirl? It applies on top of my > > previous patch. I have added also an unrelated change for wlcrancid where the > > "External Temperature" is filtered out too. > > > > I worked through the pager issues earlier as well, I used ^.*--More--.* to match on the unclean line. The problem still exists though, the output from 'show run-config commands' is very detailed and will change a lot over time. Some logic would need to be added to determine the major code version before issuing the commandtable. you want to turn off the pager if at all possible. if 4.x cant do it but could be upgraded, i'd just ignore 4.x - its that much of a pita. > Here's some output: > > Radio Type..................................... RADIO_TYPE_80211b/g > Noise Information > Noise Profile................................ PASSED > Channel 1.................................... -103 dBm > Channel 2.................................... -98 dBm > Channel 3.................................... -93 dBm > Channel 4.................................... -97 dBm > Channel 5.................................... -100 dBm > Channel 6.................................... -102 dBm > Channel 7.................................... -99 dBm > Channel 8.................................... -95 dBm > Channel 9.................................... -94 dBm > Channel 10................................... -102 dBm > Channel 11................................... -101 dBm > Interference Information > Interference Profile......................... PASSED > Channel 1.................................... -80 dBm @ 5 % busy > Channel 2.................................... -128 dBm @ 0 % busy > ............................. -128 dBm @ 0 % busy > Channel 4.................................... -128 dBm @ 0 % busy > Channel 5.................................... -128 dBm @ 0 % busy > Channel 6.................................... -78 dBm @ 5 % busy > Channel 7.................................... -128 dBm @ 0 % busy > Channel 8.................................... -128 dBm @ 0 % busy > Channel 9.................................... -128 dBm @ 0 % busy > Channel 10................................... -86 dBm @ 1 % busy > Channel 11................................... -75 dBm @ 4 % busy > > Thanks, > > -ryan > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss From bmahaffey at pelco.com Thu Apr 29 20:45:37 2010 From: bmahaffey at pelco.com (Mahaffey, Brian) Date: Thu, 29 Apr 2010 13:45:37 -0700 Subject: [rancid] Error Cannot read "N5" Message-ID: <4BBAF403456ED74981E7164ED3A4C22401EF81CD@CA-EVS02.pelco.org> When I run rancid I get the following output -bash-3.2$ clogin b5-m-c6509a.pelco.org Error: can't read "n5": no such variable Anyone seen this output before? This transmission is intended only for use by the intended recipient(s). If you are not an intended recipient you should not read, disclose copy, circulate or in any other way use the information contained in this transmission. The information contained in this transmission may be confidential and/or privileged. If you have received this transmission in error, please notify the sender immediately and delete this transmission including any attachments. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20100429/ce219e6f/attachment.html