[rancid] Problems with Rancid and Privilege Levels
Gordon Ross
gr306 at ucs.cam.ac.uk
Fri Jan 24 19:30:39 UTC 2014
I didn't want to give the Level 15 enable password for my ASAs to Rancid, so I've tried to configure Rancid to use a customer privilege level, but I'm stuck at the last hurdle and Rancid doesn't seem able to get the config. The steps I took were:
* Copied bin/clogin to asa-clogin.
* Changed the 'send "enable\r"' command to be 'send "enable 4\r"' in asa-clogin
* In rancid-fe, I added an entry of "'asa' => 'asa-clogin',"
* In my router.db I added "asa1.example.com:asa:up"
* Added the asa's credentials to .clogin
If I run (as the rancid user) "asa-clogin asa1.example.com" I end up at an enable prompt on my asa:
asa-1/act#
But when rancid runs, the logs show:
Trying to get all of the configs.
asa-1.example.com
spawn ssh -c 3des -x -l rancid asa-1.example.com
rancid at asa-1.example.com's password:
Type help or '?' for a list of available commands.
asa-1/act> enable 4
Password: ***********
asa-1/act#
asa-1/act# =====================================
Getting missed routers: round 1.
....
The rancid ASA can do show ver, show run, etc.
How can I find out what's wrong?
Thanks,
GTG
More information about the Rancid-discuss
mailing list