[rancid] Ongoing Issues With Forigate

Lee ler762 at gmail.com
Tue Nov 23 12:12:21 UTC 2010


you need ssh and you're getting telnet, so add a
  add method {theDeviceName}  {ssh}
at the beginning of your .cloginrc & see if that fixes it.

Lee


On 11/23/10, Chris Kilian <chris.kilian at seccomglobal.com> wrote:
> Hi all
>
> I have successfully managed to get Rancid working with all Cisco and Extreme
> equipment on the network as well as with SVN etc, I am however still having
> some ongoing issues with getting it to work with Fortinet, have installed
> and running Rancid-2.3.6 which I am led to believe is the version with the
> patch applied already, when running rancid on the Fortigate's I am getting
> the below in the log files.
>
> x.x.x.x fnlogin error: Error: TIMEOUT reached
> x.x.x.x: missed cmd(s): show full-configuration,get system status
> 0: found end
> x.x.x.x End of run not found
>
> Looking through the FAQ they are talking about various debugs to try, which
> I have done as per below.
> clogin x.x.x.x
> When doing this it appears that its using telnet to connect, however I need
> SSH , if I run it with the -d option I receive this error eventually.
>
> rancid at syd-nms001:~/bin$ ./clogin -d xxxxxxxxx
> xxxxxxxx
> spawn telnet xxxxxxxxxxxxxxxx
> parent: waiting for sync byte
> parent: telling child to go ahead
> parent: now unsynchronized from child
> spawn: returns {3532}
> expect: does "" (spawn_id exp6) match regular expression "(Connection
> refused|Secure connection [^\n\r]+ refused)"? no
> "(Connection closed by|Connection to [^\n\r]+ closed)"? no
> expect: does "" (spawn_id exp6) match glob pattern "unknown host\r"? no
> expect: does "" (spawn_id exp6) match glob pattern "Host is unreachable"? no
> "No address associated with name"? no
> "(Host key not found |The authenticity of host .* be
> established).*(yes/no)?"? no
> "HOST IDENTIFICATION HAS CHANGED.* (yes/no)?"? no
> "Offending key for .* (yes/no)?"? no
> "(denied|Sorry)"? no
> "Login failed"? no
> "% (Bad passwords|Authentication failed)"? no
> "Press any key to continue"? no
> "Enter Selection: "? no
> "Last login:"? no
> "@[^\r\n]+ ([Pp]assword|passwd|Enter password for [^ :]+):"? no
> "Enter passphrase.*: "? no
> "(Username|Login|login|user name|User):"? no
> "([Pp]assword|passwd|Enter password for [^ :]+):"? no
> "(>|#| \(enable\))"? no
> "Login invalid"? no
> Trying xxxxxxxxxxxxx...
> expect: does "Trying xxxxxxxxxx...\r\n" (spawn_id exp6) match regular
> expression "(Connection refused|Secure connection [^\n\r]+ refused)"? no
> "(Connection closed by|Connection to [^\n\r]+ closed)"? no
> expect: does "Trying xxxxxxxxxx...\r\n" (spawn_id exp6) match glob pattern
> "unknown host\r"? no
> expect: does "Trying xxxxxxxxxx...\r\n" (spawn_id exp6) match glob pattern
> "Host is unreachable"? no
> "No address associated with name"? no
> "(Host key not found |The authenticity of host .* be
> established).*(yes/no)?"? no
> "HOST IDENTIFICATION HAS CHANGED.* (yes/no)?"? no
> "Offending key for .* (yes/no)?"? no
> "(denied|Sorry)"? no
> "Login failed"? no
> "% (Bad passwords|Authentication failed)"? no
> "Press any key to continue"? no
> "Enter Selection: "? no
> "Last login:"? no
> "@[^\r\n]+ ([Pp]assword|passwd|Enter password for [^ :]+):"? no
> "Enter passphrase.*: "? no
> "(Username|Login|login|user name|User):"? no
> "([Pp]assword|passwd|Enter password for [^ :]+):"? no
> "(>|#| \(enable\))"? no
> "Login invalid"? no
> expect: timed out
> Error: TIMEOUT reached
>
> I am guessing that this means that the expect is not getting what it is
> meant to see, however I cant seem to resolve this no matter what I do.
>
> If I ssh direct to the host's the following is the output.
>
> rancid at rancid-server:~/bin$ ssh admin at hostname
> The authenticity of host 'hostname (hostname)' can't be established.
> RSA key fingerprint is xxxxxxxxxxxxxxxxxxxxxxxx.
> Are you sure you want to continue connecting (yes/no)? yes
> Warning: Permanently added 'hostname'(RSA) to the list of known hosts.
> admin@ hostname's password:
> hostname #
>
> I am really batteling to try and resolve this and any help that anyone can
> provide would be hugely appreciated.
>
> Thanks in advance, also if you need any further information just shout and I
> will provide.
>
>
> Kind Regards
>


More information about the Rancid-discuss mailing list