[rancid] The reoccurring question - Cisco ASA Login failures

Danica L Alcaraz Danica_Alcaraz at fd.org
Tue Mar 5 22:30:16 UTC 2013 

I copied the clogin file to a backup, changed the line in clogin you
suggested and ran rancid.  SUCCESS!  It doesn't appear to have created a
problem for any of my other cisco devices.  Now I can include all the ASA's
without a problem.  Thanks again Peo!

Here's the change suggested by Peo:

 diff clogin clogin_special
> 350c350
> <           set retval [catch {eval spawn [split "$cmd -c $cyphertype -x
> -l $user $router" { }]} reason]
> ---
>   >           set retval [catch {eval spawn [split "$cmd -c $cyphertype
> -x -l" { }] \"$user\" $router } reason]

Sincerely,



Danica Alcaraz
Network Administrator
ODS-ITD NITOAD Branch
Administrative Office of the U.S. Courts
7550 IH 10 West, Suite 200
San Antonio, Texas 78229-5821
Direct:  (210) 308-3217
Fax:  (210) 308-3225
danica_alcaraz at fd.org




From:	Per-Olof Olsson <peo at chalmers.se>
To:	Danica L Alcaraz <Danica_Alcaraz at fd.org>,
Date:	03/05/2013 03:06 PM
Subject:	Re: [rancid] The reoccurring question - Cisco ASA Login
            failures



Hi

I don't think this fix will have any impact on other devices that is
using clogin. It's important that "split" cover "$cmd" on the changed line.

Can't you test some other cisco's if "clogin_special" work even for
them. Find a time gap when cron not running rancid-run or trun of cron
scrip a short time, replacing clogin and run rancid on a small group of
switches? ...



To create a new device typ you have to copy files and edit some.
No typo!!!

Shot one for a "cisco copy".
XX,, YY, ZZ unique names.

Add new type to translate in rancid-fe.
     'XX'  => 'YY',
copy rancid to YY
     edit YY to call ZZ instead of clogin.
copy clogin to ZZ
change device type in  routers.db to XX.

Read FAQ:n. How to run and test scripts.
  YY <hostname>
  rancid-run -r <hostname> <group>


/Peo

Danica L Alcaraz skrev 2013-03-05 19:54:
> /PEO, you are a GD genius!
>
> You obviously understand all the underlying code that I do not.  Can I
tell
> these types of devices to look at the clogin_special script just by using
a
> different device than cisco in the router.db configuration?  How to I
> direct it to do that?  Or can I feel safe in loading this change into the
> clogin file and not impact other devices?
>
>
> Sincerely,
>
>
>
> Danica Alcaraz
> Network Administrator
> ODS-ITD NITOAD Branch
> Administrative Office of the U.S. Courts
> 7550 IH 10 West, Suite 200
> San Antonio, Texas 78229-5821
> Direct:  (210) 308-3217
> Fax:  (210) 308-3225
> danica_alcaraz at fd.org
>
>
>
>
> From:		 Per-Olof Olsson <peo at chalmers.se>
> To:		 Danica L Alcaraz <Danica_Alcaraz at fd.org>,
> Cc:		 <rancid-discuss at shrubbery.net>
> Date:		 03/05/2013 11:56 AM
> Subject:		 Re: [rancid] The reoccurring question - Cisco ASA Login
>              failures
>
>
>
> Hello
>
> Space in user name. Crazy!
>
> Impossible or just to fix the scope for "split" and quote the username
> in clogin...
>
> Not tested to do a complete login but the ssh password prompt looks
> correct including a space.
>
>   >clogin host
> ...
> user name at host's password:
> ...
>
> diff clogin clogin_special
> 350c350
> <           set retval [catch {eval spawn [split "$cmd -c $cyphertype -x
> -l $user $router" { }]} reason]
> ---
>   >           set retval [catch {eval spawn [split "$cmd -c $cyphertype
> -x -l" { }] \"$user\" $router } reason]
>
>
> /Peo
> ----------------------------------------------------------
> Per-Olof Olsson               Email: peo at chalmers.se
> Chalmers tekniska högskola    IT-service
> Hörsalsvägen 5                412 96 Göteborg
> Tel: 031/772 6738  Fax: 031/772 8680
> ----------------------------------------------------------
>
> Danica L Alcaraz wrote 2013-03-05 16:41:
>>
>> Guys,
>>
>> I'm STILL not able to get my RANCID to successfully login to our Cisco
> ASA
>> firewalls.  We've got TACACS+ (which is not that big a deal) but they
>> insisted on giving usernames that had spaces in them and the script
> doesn't
>> like anything I've tried to get it to take the string literally (mostly
>> used {user name} or "user name").  I'm using Ubuntu 12.10 with RANCID
>> 2.3.8.  It insists that I designate the method ssh so I can't work it
> like
>> my HP boxes.  I need some more suggestions on this if you've got them.
>>
>> I've tried many things based on what I've seen in the blogs but here's
my
>> current:
>>
>> add user 		 		  192.168.*.*
{user name}
>   << or "user name" (or even
>> {"user name"}
>> add password 		 		  192.168.*.*
{password} {password}
>> add method		 		  192.168.*.*
ssh
>> add autoenable 192.168.*.*		 		  {1}
>>
>> prompt$ /usr/local/rancid/bin/clogin 192.168.*.*
>> 192.168.*.*
>> spawn ssh -c 3des -x -l user name 192.168.*.*
	 		  << with
> quotes or
>> squiggly brackets it still only reads the second word of the username
>> ssh:  Couldn't resolve hostname name: Name or service not known
>>
>> Error:  Couldn't login:  192.168.*.*
>>
>> Has anyone gotten it to work using another device script?
>> Are there other ways to tell Ubuntu to read the username with a space
>> literally?
>> My HP devices take the string literally without help from {} or "" but
> only
>> if I remove the add method directive,  Hmmm, I wonder if I make it think
>> it's an HP.
>>
>> Any ideas appreciated.  Thanks.
>>
>>
>> Sincerely,
>>
>>
>>
>> Danica Alcaraz
>> Network Administrator
>> ODS-ITD NITOAD Branch
>> Administrative Office of the U.S. Courts
>> 7550 IH 10 West, Suite 200
>> San Antonio, Texas 78229-5821
>> Direct:  (210) 308-3217
>> Fax:  (210) 308-3225
>> danica_alcaraz at fd.org
>>
>> _______________________________________________
>> Rancid-discuss mailing list
>> Rancid-discuss at shrubbery.net
>> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
>>
>
>
>
>
>

More information about the Rancid-discuss mailing list