[rancid] Ongoing Issues With Forigate

Chris Kilian chris.kilian at seccomglobal.com
Tue Nov 23 05:24:44 UTC 2010


Hi all

I have successfully managed to get Rancid working with all Cisco and Extreme equipment on the network as well as with SVN etc, I am however still having some ongoing issues with getting it to work with Fortinet, have installed and running Rancid-2.3.6 which I am led to believe is the version with the patch applied already, when running rancid on the Fortigate's I am getting the below in the log files.

x.x.x.x fnlogin error: Error: TIMEOUT reached
x.x.x.x: missed cmd(s): show full-configuration,get system status
0: found end
x.x.x.x End of run not found

Looking through the FAQ they are talking about various debugs to try, which I have done as per below.
clogin x.x.x.x
When doing this it appears that its using telnet to connect, however I need SSH , if I run it with the -d option I receive this error eventually.

rancid at syd-nms001:~/bin$ ./clogin -d xxxxxxxxx
xxxxxxxx
spawn telnet xxxxxxxxxxxxxxxx
parent: waiting for sync byte
parent: telling child to go ahead
parent: now unsynchronized from child
spawn: returns {3532}
expect: does "" (spawn_id exp6) match regular expression "(Connection refused|Secure connection [^\n\r]+ refused)"? no
"(Connection closed by|Connection to [^\n\r]+ closed)"? no
expect: does "" (spawn_id exp6) match glob pattern "unknown host\r"? no
expect: does "" (spawn_id exp6) match glob pattern "Host is unreachable"? no
"No address associated with name"? no
"(Host key not found |The authenticity of host .* be established).*(yes/no)?"? no
"HOST IDENTIFICATION HAS CHANGED.* (yes/no)?"? no
"Offending key for .* (yes/no)?"? no
"(denied|Sorry)"? no
"Login failed"? no
"% (Bad passwords|Authentication failed)"? no
"Press any key to continue"? no
"Enter Selection: "? no
"Last login:"? no
"@[^\r\n]+ ([Pp]assword|passwd|Enter password for [^ :]+):"? no
"Enter passphrase.*: "? no
"(Username|Login|login|user name|User):"? no
"([Pp]assword|passwd|Enter password for [^ :]+):"? no
"(>|#| \(enable\))"? no
"Login invalid"? no
Trying xxxxxxxxxxxxx...
expect: does "Trying xxxxxxxxxx...\r\n" (spawn_id exp6) match regular expression "(Connection refused|Secure connection [^\n\r]+ refused)"? no
"(Connection closed by|Connection to [^\n\r]+ closed)"? no
expect: does "Trying xxxxxxxxxx...\r\n" (spawn_id exp6) match glob pattern "unknown host\r"? no
expect: does "Trying xxxxxxxxxx...\r\n" (spawn_id exp6) match glob pattern "Host is unreachable"? no
"No address associated with name"? no
"(Host key not found |The authenticity of host .* be established).*(yes/no)?"? no
"HOST IDENTIFICATION HAS CHANGED.* (yes/no)?"? no
"Offending key for .* (yes/no)?"? no
"(denied|Sorry)"? no
"Login failed"? no
"% (Bad passwords|Authentication failed)"? no
"Press any key to continue"? no
"Enter Selection: "? no
"Last login:"? no
"@[^\r\n]+ ([Pp]assword|passwd|Enter password for [^ :]+):"? no
"Enter passphrase.*: "? no
"(Username|Login|login|user name|User):"? no
"([Pp]assword|passwd|Enter password for [^ :]+):"? no
"(>|#| \(enable\))"? no
"Login invalid"? no
expect: timed out
Error: TIMEOUT reached

I am guessing that this means that the expect is not getting what it is meant to see, however I cant seem to resolve this no matter what I do.

If I ssh direct to the host's the following is the output.

rancid at rancid-server:~/bin$ ssh admin at hostname
The authenticity of host 'hostname (hostname)' can't be established.
RSA key fingerprint is xxxxxxxxxxxxxxxxxxxxxxxx.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'hostname'(RSA) to the list of known hosts.
admin@ hostname's password:
hostname #

I am really batteling to try and resolve this and any help that anyone can provide would be hugely appreciated.

Thanks in advance, also if you need any further information just shout and I will provide.


Kind Regards
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20101123/ea7714df/attachment.html>


More information about the Rancid-discuss mailing list