[rancid] SSH public-keys
Michael Maymann
michael at maymann.org
Tue Jan 10 13:18:51 UTC 2012
Hi again...,
guess this guy was having same problem... no solution though...yet...:-)
http://www.shrubbery.net/pipermail/rancid-discuss/2010-October/005263.html
Thanks in advance :-) !
~maymann
2012/1/10 Michael Maymann <michael at maymann.org>
> Hi Tyler,
>
> Thanks for your reply...:-) !
>
> Same thing happens as for my network user...:
> 1. yes
> 2. no (clogin/hlogin requires a .cloginrc file with username/password to
> run) - and my best bet is that this is what it uses currently... so no
> ssh-keys using clogin/hlogin (from wither network user, root, rancid...).
> Furthermore prompt is also "hanging" and it doesn't parse the -c "sh ver"
> that works fine from normal ssh...
> 3. same as network user/root
>
> So key-sharing is working fine... but don't know how to utilize it/bypass
> .cloginrc in rancid...
> Just hoping that there is a way... - would'nt like to manually edit
> scripts every time i update Rancid... and I don't know expect that well
> either...:-) !
>
> Thanks in advance :-) !
> ~maymann
>
> 2012/1/10 Tyler J. Wagner <tyler at tolaris.com>
>
>> Michael,
>>
>>
>> I've not tried using clogin/hlogin with SSH keys, but I know a great deal
>> about SSH. Assuming that clogin will use a key if present (a big if):
>>
>> 1. Can you login with the SSH key using ssh as the root user?
>> 2. Can you login with the SSH key using clogin as the root user?
>> 3. What about as the rancid user?
>>
>> Regards,
>> Tyler
>>
>> On 2012-01-10 08:17, Michael Maymann wrote:
>> > I'm running on rhel-5u7-x64.
>> > Anyone...?
>> >
>> >
>> > Thanks in advance :-)
>> > ~maymann
>> >
>> > 2012/1/9 Michael Maymann <michael at maymann.org <mailto:
>> michael at maymann.org>>
>> >
>> > hlogin -w <USR> -c "sh ver" <HOSTNAME>:
>> > ---
>> > <HOSTNAME>
>> > spawn hpuifilter -- ssh -c 3des -x -l <USR> <HOSTNAME>
>> > We'd like to keep you up to date about:
>> > * Software feature updates
>> > * New product announcements
>> > * Special events
>> >
>> > Please register your products now at: www.ProCurve.com
>> > <http://www.ProCurve.com>
>> >
>> >
>> > ProCurve J8697A Switch 5406zl
>> > Software revision K.15.02.0005
>> >
>> > Copyright (C) 1991-2010 Hewlett-Packard Co. All Rights Reserved.
>> >
>> > RESTRICTED RIGHTS LEGEND
>> >
>> > Use, duplication, or disclosure by the Government is subject to
>> > restrictions
>> > as set forth in subdivision (b) (3) (ii) of the Rights in Technical
>> > Data and
>> > Computer Software clause at 52.227-7013.
>> >
>> > HEWLETT-PACKARD COMPANY, 3000 Hanover St., Palo Alto, CA
>> 94303
>> >
>> > Press any key to continue<HOSTNAME>#
>> > ---
>> > Just "hangs" there...
>> >
>> >
>> > ssh <USR>@<HOSTNAME>:
>> > ---
>> > We'd like to keep you up to date about:
>> > * Software feature updates
>> > * New product announcements
>> > * Special events
>> >
>> > Please register your products now at: www.ProCurve.com
>> > <http://www.ProCurve.com>
>> > ProCurve J8697A Switch 5406zl
>> > Software revision K.15.02.0005
>> >
>> > Copyright (C) 1991-2010 Hewlett-Packard Co. All Rights Reserved.
>> >
>> > RESTRICTED RIGHTS LEGEND
>> >
>> > Use, duplication, or disclosure by the Government is subject to
>> > restrictions
>> > as set forth in subdivision (b) (3) (ii) of the Rights in Technical
>> > Data and
>> > Computer Software clause at 52.227-7013.
>> >
>> > HEWLETT-PACKARD COMPANY, 3000 Hanover St., Palo Alto, CA
>> 94303
>> > Press any key to continue
>> > <HOSTNAME># sh ver
>> > Image stamp: /sw/code/build/btm(K_15_02)
>> > Oct 20 2010 16:19:41
>> > K.15.02.0005
>> > 121
>> > Boot Image: Primary
>> > <HOSTNAME># logout
>> > Do you want to log out [y/n]? y
>> > Connection to <HOSTNAME> closed.
>> > ---
>> > So SSH is working fine...
>> > I'm running Rancid 2.3.6... hlogin=$Id: hlogin.in <http://hlogin.in
>> >
>> > 2251 2010-10-01 19:26:36Z heas $
>> > Could there be a problem with HP Procurve 5406zl hlogin script
>> > somewhere... or can someone actually confirm this to be working on
>> > their 5406zl ?
>> >
>> > Furthermore, I would like to run hlogin+clogin wihout having to
>> > configure anything inside .cloginrc... is this possible somehow ?
>> >
>> >
>> > Thanks in advance... :-) !
>> > ~maymann
>> >
>> >
>> > 2012/1/9 Michael Maymann <michael at maymann.org <mailto:
>> michael at maymann.org>>
>> >
>> > Hi List,
>> >
>> > We have a setup where we have destributed 4096 bit RSA
>> public-keys
>> > to all our equipment from a network-user for optimanl security.
>> > Our equipment is already in a DB and we have a scripting
>> > environment that figures out the vendor/model/type for us
>> already.
>> > 1. Can I use rancid without using .cloginrc (e.g. directly from
>> > commandline) - how... ?
>> > 2. Alternatively, can I configure .cloginrc with ssh-keysharing
>> -
>> > how... ?
>> >
>> > We will need to connect to HP ProCurve (hlogin) and Cisco
>> (clogin)...
>> >
>> >
>> > Thanks in advance :-) !
>> >
>> > ~maymann
>> >
>> >
>> >
>> >
>> >
>> > _______________________________________________
>> > Rancid-discuss mailing list
>> > Rancid-discuss at shrubbery.net
>> > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
>>
>> --
>> "[...] we are not attacking the corporations, but endeavoring to do
>> away with any evil in them. We are not hostile to them; we are merely
>> determined that they shall be so handled as to subserve the public
>> good. We draw the line against misconduct, not against wealth."
>> -- Theodore Roosevelt
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20120110/b331a0b6/attachment.html>
More information about the Rancid-discuss
mailing list