[rancid] .cloginrc identity still asking for password + hlogin timeout...

Michael Maymann michael at maymann.org
Thu Jan 26 09:05:54 UTC 2012


Hi,

2012/1/25 Michael Maymann <michael at maymann.org>

> Hi,
>
> Heasley+Marito: Thanks for your replies...:-) !
>
> 2012/1/25 heasley <heas at shrubbery.net>
>
>> Wed, Jan 25, 2012 at 06:03:26PM +0100, Michael Maymann:
>> > Isn't the "add user..." and "add password..." used for logging in...?
>> > In my mind I should be able to remove the "add passsword..." line - but
>> > when I do - I tells me "no password in .cloginrc" or similar (not at
>> work
>> > currently... so can't give you the specific error...)
>>
>> i didnt expect folks to use it without a password/passphrase.  they can
>> be empty strings.
>>
> Ok. I am using ssh-keysharing without passphrase and therefore no password
> is needed.
> In general the "add password..." should not be obligatory when "add
> identity..." is present. I will try to see if "add password * {} {}" works
> tomorrow.
>

This works...:-)!
I surgest removing obligatory "add password..." when "add identity..." is
present. But is still should be an option if someone is using passphrase...
FYI: The error it gives me is:
"Error: no password for HOSTNAME in /PATH_TO/.cloginrc."

>
>> > No me either...:-) ! - is it possible from my strace to see where it
>> goes
>> > wrong, or can I run a specific command for better troubleshooting ?
>> > Will take a look at cloginrc(5) tomorrow at work...
>>
>> clogin -d host
>>
> I will try this tomorrow as well, and report back with findings.
>

Now this is my .cloginrc:
add method * ssh
add user * test
add identity * /PATH_TO/.ssh/id_rsa
add password * {} {}
add autoenable * {1}

and the autoenable also did the trick...:-) !
"hlogin -c "sh ip" HOSTNAME" now does what i expect...:-) !

After login, but before running the command specified in "-c" option, it
gives me:
HOSTNAME# no page
1. What does this mean ?

2. How do I check if a command i successful or not ?


clogin still fails though, here is the debug output:
-bash-3.2$ /usr/libexec/rancid/clogin -d -c "sh ip" hostname
hostname
spawn ssh -i /PATH_TO/.ssh/id_rsa -c 3des -x -l user hostname
parent: waiting for sync byte
parent: telling child to go ahead
parent: now unsynchronized from child
spawn: returns {22595}

expect: does "" (spawn_id exp6) match regular expression "(Connection
refused|Secure connection [^\n\r]+ refused)"? no
"(Connection closed by|Connection to [^\n\r]+ closed)"? no

expect: does "" (spawn_id exp6) match glob pattern "unknown host\r"? no

expect: does "" (spawn_id exp6) match glob pattern "Host is unreachable"? no
"No address associated with name"? no
"(Host key not found |The authenticity of host .* be
established).*(yes/no)?"? no
"HOST IDENTIFICATION HAS CHANGED.* (yes/no)?"? no
"Offending key for .* (yes/no)?"? no
"(denied|Sorry)"? no
"Login failed"? no
"% (Bad passwords|Authentication failed)"? no
"Press any key to continue"? no
"Enter Selection: "? no
"Last login:"? no
"@[^\r\n]+ ([Pp]assword|passwd|Enter password for [^ :]+):"? no
"Enter passphrase.*: "? no
"(Username|Login|login|user name|User):"? no
"([Pp]assword|passwd|Enter password for [^ :]+):"? no
"(>|#| \(enable\))"? no
"Login invalid"? no
We'd like to keep you up to date about:
  * Software feature updates
  * New product announcements
  * Special events

Please register your products now at:  www.ProCurve.com



expect: does "We'd like to keep you up to date about:\r\n  * Software
feature updates\r\n  * New product announcements\r\n  * Special
events\r\n\r\nPlease register your products now at:  www.ProCurve.com\r\o
"(Connection closed by|Connection to [^\n\r]+ closed)"? no

expect: does "We'd like to keep you up to date about:\r\n  * Software
feature updates\r\n  * New product announcements\r\n  * Special
events\r\n\r\nPlease register your products now at:  www.ProCurve.com\r\o

expect: does "We'd like to keep you up to date about:\r\n  * Software
feature updates\r\n  * New product announcements\r\n  * Special
events\r\n\r\nPlease register your products now at:  www.ProCurve.com\r\o
"No address associated with name"? no
"(Host key not found |The authenticity of host .* be
established).*(yes/no)?"? no
"HOST IDENTIFICATION HAS CHANGED.* (yes/no)?"? no
"Offending key for .* (yes/no)?"? no
"(denied|Sorry)"? no
"Login failed"? no
"% (Bad passwords|Authentication failed)"? no
"Press any key to continue"? no
"Enter Selection: "? no
"Last login:"? no
"@[^\r\n]+ ([Pp]assword|passwd|Enter password for [^ :]+):"? no
"Enter passphrase.*: "? no
"(Username|Login|login|user name|User):"? no
"([Pp]assword|passwd|Enter password for [^ :]+):"? no
"(>|#| \(enable\))"? no
"Login invalid"? no














expect: does "We'd like to keep you up to date about:\r\n  * Software
feature updates\r\n  * New product announcements\r\n  * Special
events\r\n\r\nPlease register your products now at:  www.ProCurve.com\r\o
"(Connection closed by|Connection to [^\n\r]+ closed)"? no

expect: does "We'd like to keep you up to date about:\r\n  * Software
feature updates\r\n  * New product announcements\r\n  * Special
events\r\n\r\nPlease register your products now at:  www.ProCurve.com\r\o

expect: does "We'd like to keep you up to date about:\r\n  * Software
feature updates\r\n  * New product announcements\r\n  * Special
events\r\n\r\nPlease register your products now at:  www.ProCurve.com\r\o
"No address associated with name"? no
"(Host key not found |The authenticity of host .* be
established).*(yes/no)?"? no
"HOST IDENTIFICATION HAS CHANGED.* (yes/no)?"? no
"Offending key for .* (yes/no)?"? no
"(denied|Sorry)"? no
"Login failed"? no
"% (Bad passwords|Authentication failed)"? no
"Press any key to continue"? no
"Enter Selection: "? no
"Last login:"? no
"@[^\r\n]+ ([Pp]assword|pass


















          ProCurve J8697A Switch 5406zl
Software revision K.15.02.0005

Copyright (C) 1991-2010 Hewlett-Packard Co.  All Rights Reserved.

                           RESTRICTED RIGHTS LEGEND

 Use, duplication, or disclosure by the Government is subject to
restrictions
 as set forth in subdivision (b) (3) (ii) of the Rights in Technical Data
and
 Computer Software clause at 52.227-7013.

         HEWLETT-PACKARD COMPANY, 3000 Hanover St., Palo Alto, CA 94303

expect: set expect_out(buffer) "We'd like to keep you up to date
about:\r\n  * Software feature updates\r\n  * New product
announcements\r\n  * Special events\r\n\r\nPlease register your products
now at:  w[













































HOSTNAME#
expect: does
"\u001b[14;1H\u001b[?25h\u001b[46;27H\u001b[?6l\u001b[1;46r\u001b[?7l\u001b[2J\u001b[1;1H\u001b[1;46r\u001b[46;1H\u001b[46;1H\u001b[2K\u001b[46;1H\u001b[?25h\u001b[46;1H\u001b[46;1HHOSTNAME#
\uo
"(Connection closed by|Connection to [^\n\r]+ closed)"? no

expect: does
"\u001b[14;1H\u001b[?25h\u001b[46;27H\u001b[?6l\u001b[1;46r\u001b[?7l\u001b[2J\u001b[1;1H\u001b[1;46r\u001b[46;1H\u001b[46;1H\u001b[2K\u001b[46;1H\u001b[?25h\u001b[46;1H\u001b[46;1HHOSTNAME#
\uo

expect: does
"\u001b[14;1H\u001b[?25h\u001b[46;27H\u001b[?6l\u001b[1;46r\u001b[?7l\u001b[2J\u001b[1;1H\u001b[1;46r\u001b[46;1H\u001b[46;1H\u001b[2K\u001b[46;1H\u001b[?25h\u001b[46;1H\u001b[46;1HHOSTNAME#
\uo
"No address associated with name"? no
"(Host key not found |The authenticity of host .* be
established).*(yes/no)?"? no
"HOST IDENTIFICATION HAS CHANGED.* (yes/no)?"? no
"Offending key for .* (yes/no)?"? no
"(denied|Sorry)"? no
"Login failed"? no
"% (Bad passwords|Authentication failed)"? no
"Press any key to continue"? no
"Enter Selection: "? no
"Last login:"? no
"@[^\r\n]+ ([Pp]assword|passwd|Enter password for [^ :]+):"? no
"Enter passphrase.*: "? no
"(Username|Login|login|user name|User):"? no
"([Pp]assword|passwd|Enter password for [^ :]+):"? no
"(>|#| \(enable\))"? yes
expect: set expect_out(0,string) "#"
expect: set expect_out(1,string) "#"
expect: set expect_out(spawn_id) "exp6"
expect: set expect_out(buffer)
"\u001b[14;1H\u001b[?25h\u001b[46;27H\u001b[?6l\u001b[1;46r\u001b[?7l\u001b[2J\u001b[1;1H\u001b[1;46r\u001b[46;1H\u001b[46;1H\u001b[2K\u001b[46;1H\u001b[?25h\u001b[46;1H\u001b"
send: sending "\r" to { exp6 }

expect: does "
\u001b[46;1H\u001b[46;11H\u001b[46;1H\u001b[?25h\u001b[46;11H" (spawn_id
exp6) match regular expression "[\r\n]+"? no
"^(.+[:.])1 ((>|#| \(enable\)))"? no
"^.+(>|#| \(enable\))"? no

HOSTNAME#
expect: does "
\u001b[46;1H\u001b[46;11H\u001b[46;1H\u001b[?25h\u001b[46;11H\u001b[46;0H\u001bE\u001b[46;1H\u001b[46;11H\u001b[46;1H\u001b[2K\u001b[46;1H\u001b[?25h\u001b[46;1H\u001b[1;46r\u001b[46;1H\u001bo
"^(.+[:.])1 ((>|#| \(enable\)))"? no
"^.+(>|#| \(enable\))"? yes
expect: set expect_out(0,string) "
\u001b[46;1H\u001b[46;11H\u001b[46;1H\u001b[?25h\u001b[46;11H\u001b[46;0H\u001bE\u001b[46;1H\u001b[46;11H\u001b[46;1H\u001b[2K\u001b[46;1H\u001b[?25h\u001b[46;1H\u001b[1;4"
expect: set expect_out(1,string) "#"
expect: set expect_out(spawn_id) "exp6"
expect: set expect_out(buffer) "
\u001b[46;1H\u001b[46;11H\u001b[46;1H\u001b[?25h\u001b[46;11H\u001b[46;0H\u001bE\u001b[46;1H\u001b[46;11H\u001b[46;1H\u001b[2K\u001b[46;1H\u001b[?25h\u001b[46;1H\u001b[1;46r"
send: sending "terminal length 0\r" to { exp6 }
couldn't compile regular expression pattern: parentheses () not balanced
    while executing
"expect -nobrace -re { [46;1H([^#>\r\n]+)?[#>](\([^)\r\n]+\))?} {} -re {[
]+} { exp_continue }"
    invoked from within
"expect {
            -re $reprompt       {}
            -re "\[\n\r]+"      { exp_continue }
        }"
    (procedure "run_commands" line 21)
    invoked from within
"run_commands $prompt $command"
    ("foreach" body line 166)
    invoked from within
"foreach router [lrange $argv $i end] {
    set router [string tolower $router]
    # attempt at platform switching.
    set platform ""
    send_user ..."
    (file "/usr/libexec/rancid/clogin" line 743)

3. Any idea why this is still causing me problems... ?


Thanks in advance :-) !
~maymann


>> > Ok, so you don't think that this is causing me my problems ?
>>
>> no
>>
> Super
>
> Thanks for your help so far...much appreciated...:-) !
>
> ~maymann
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20120126/1eaa051b/attachment-0001.html>


More information about the Rancid-discuss mailing list