[rancid] jlogin not using ssh key

Hinote, Willie Scott. (MSFC-IS40)[NICS] willie.s.hinote at nasa.gov
Wed Nov 28 17:52:32 UTC 2012

I appreciate the reply. Unfortunately this did not work exactly as prescribed but I did find a solution. For anyone else who may be experiencing this issue you need to have at least one character entered on the add password line. During testing I tried a number of different letters, numbers and symbols; all worked. Even adding up to 6 characters worked with no errors (I am sure more would work but I did not test). If you add the braces you must include a character between the braces and spaces do not work with or without the braces. My test Juniper is running JUNOS 10.4R2.6. My lab equipment is limited so I am not able to test with other JUNOS versions to see if it is version specific.

I tested by executing:
/usr/libexec/rancid/rancid-run JUNIPER
/usr/libexec/rancid/jlogin router X.X.X.X
/usr/libexec/rancid/jlogin -f /opt/rancid/.cloginrc router X.X.X.X

All tests completed without errors.

add identity	X.X.X.X		/opt/rancid/.ssh/id_rsa
add password	X.X.X.X		1
add method	X.X.X.X		ssh

 Hopefully this helps anyone else who may be stuck on this issue.

-----Original Message-----
From: heasley [mailto:heas at shrubbery.net] 
Sent: Wednesday, November 28, 2012 11:16 AM
To: Hinote, Willie Scott. (MSFC-IS40)[NICS]
Cc: rancid-discuss at shrubbery.net
Subject: Re: [rancid] jlogin not using ssh key

Wed, Nov 28, 2012 at 10:53:22AM -0600, Hinote, Willie Scott. (MSFC-IS40)[NICS]:
> I have setup SSH keys on a Juniper device. The keys work when I SSH as the RANCID user to the Juniper but do not work when I execute rancid-run or execute jlogin without the -p flag. I have modified my .cloginrc to use an identity file.
> .cloginrc
> --
> add identity        X.X.X.X /opt/rancid/.ssh/id_rsa
> Only the add identity line exists for this IP. No other add lines are in the .cloginrc.
> When I execute:
> /usr/libexec/rancid/jlogin -f /opt/rancid/.cloginrc X.X.X.X
> I receive error:
> Error: no password for router in /opt/rancid/.cloginrc. X.X.X.X
> When I execute:
> /usr/libexec/rancid/rancid-run JUNIPER
> I see errors in logs:
> X.X.X.X jlogin error: Error: no password for X.X.X.X in /opt/rancid/.cloginrc.
> X.X.X.X: missed cmd(s) ***Lots of commands***
> X.X.X.X: End of run not found
> If I execute:
> /usr/libexec/rancid/jlogin -p router X.X.X.X
> It logs me in with no errors.
> Are there any other options that need to be added to the .cloginrc file? Has anyone else successfully used SSH keys with Juniper devices?

it does insist on a pwd; just add an empty one
	add password glob {}

More information about the Rancid-discuss mailing list