[rancid] Rancid 2.3.8 FreeBSD 10.1 Cisco Pix 506e

Aaron Wasserott aaron.wasserott at viawest.com
Tue Jul 14 23:27:00 UTC 2015


Did you see this notice on the RANCID page? Sounds like that could be your issue.

NOTE: For rancid >= 2.3, you must use expect >= 5.40. Versions prior to this appear to have a regex handling bug that affects the ability of clogin to parse CLI prompts.

http://www.shrubbery.net/rancid/

From: Andrew Meyer [mailto:andrewm659 at gmail.com]
Sent: Tuesday, July 14, 2015 4:25 PM
To: Aaron Wasserott
Cc: rancid-discuss at googlegroups.com
Subject: Re: [rancid] Rancid 2.3.8 FreeBSD 10.1 Cisco Pix 506e

The issue is the pix i'm connecting to is using ssh 1.0 and is not working.  Here is the output i'm getting

[rancid at tsg-monitoring01 ~]$ /usr/local/libexec/rancid/clogin -d -c "show run" 10.20.30.1
10.20.30.1
spawn ssh -c 3des -x -l rancid 10.20.30.1
parent: waiting for sync byte
parent: telling child to go ahead
parent: now unsynchronized from child
spawn: returns {35121}
Gate keeper glob pattern for '^<-+ More -+>[^
]*' is ''. Not usable, disabling the performance booster.
Gate keeper glob pattern for '(Connection refused|Secure connection [^
]+ refused)' is ''. Not usable, disabling the performance booster.
Gate keeper glob pattern for '(Connection closed by|Connection to [^
]+ closed)' is ''. Not usable, disabling the performance booster.
Gate keeper glob pattern for '(Host key not found |The authenticity of host .* be established).* \(yes/no\)\?' is ''. Not usable, disabling the performance booster.
Gate keeper glob pattern for 'HOST IDENTIFICATION HAS CHANGED.* \(yes/no\)\?' is 'HOST IDENTIFICATION HAS CHANGED* (yes/no)\?'. Activating booster.
Gate keeper glob pattern for 'HOST IDENTIFICATION HAS CHANGED[^
]+' is 'HOST IDENTIFICATION HAS CHANGED*'. Activating booster.
Gate keeper glob pattern for 'Offending key for .* \(yes/no\)\?' is 'Offending key for * (yes/no)\?'. Activating booster.
Gate keeper glob pattern for '(denied|Sorry)' is ''. Not usable, disabling the performance booster.
Gate keeper glob pattern for '% (Bad passwords|Authentication failed)' is ''. Not usable, disabling the performance booster.
Gate keeper glob pattern for 'Enter Selection: ' is 'Enter Selection: '. Activating booster.
Gate keeper glob pattern for 'Last login:' is 'Last login:'. Activating booster.
Gate keeper glob pattern for '@[^
]+ ([Pp]assword|passwd|Enter password for [^ :]+):' is ''. Not usable, disabling the performance booster.
Gate keeper glob pattern for 'Enter passphrase.*: ' is 'Enter passphrase*: '. Activating booster.
Gate keeper glob pattern for '(Username|Login|login|user name|User):' is ''. Not usable, disabling the performance booster.
Gate keeper glob pattern for '([Pp]assword|passwd|Enter password for [^ :]+):' is ''. Not usable, disabling the performance booster.
Gate keeper glob pattern for '(>|#| \(enable\))' is ''. Not usable, disabling the performance booster.

expect: does "" (spawn_id exp6) match regular expression "^<-+ More -+>[^\n\r]*"? (No Gate, RE only) gate=yes re=no
"(Connection refused|Secure connection [^\n\r]+ refused)"? (No Gate, RE only) gate=yes re=no
"(Connection closed by|Connection to [^\n\r]+ closed)"? (No Gate, RE only) gate=yes re=no

expect: does "" (spawn_id exp6) match glob pattern "unknown host\r"? no

expect: does "" (spawn_id exp6) match glob pattern "Host is unreachable"? no
"No address associated with name"? no
"(Host key not found |The authenticity of host .* be established).* \(yes/no\)\?"? (No Gate, RE only) gate=yes re=no
"HOST IDENTIFICATION HAS CHANGED.* \(yes/no\)\?"? Gate "HOST IDENTIFICATION HAS CHANGED* (yes/no)\?"? gate=no
"HOST IDENTIFICATION HAS CHANGED[^\n\r]+"? Gate "HOST IDENTIFICATION HAS CHANGED*"? gate=no
"Offending key for .* \(yes/no\)\?"? Gate "Offending key for * (yes/no)\?"? gate=no
"(denied|Sorry)"? (No Gate, RE only) gate=yes re=no
"Login failed"? no
"% (Bad passwords|Authentication failed)"? (No Gate, RE only) gate=yes re=no
"Press any key to continue"? no
"Enter Selection: "? Gate "Enter Selection: "? gate=no
"Last login:"? Gate "Last login:"? gate=no
"@[^\r\n]+ ([Pp]assword|passwd|Enter password for [^ :]+):"? (No Gate, RE only) gate=yes re=no
"Enter passphrase.*: "? Gate "Enter passphrase*: "? gate=no
"(Username|Login|login|user name|User):"? (No Gate, RE only) gate=yes re=no
"([Pp]assword|passwd|Enter password for [^ :]+):"? (No Gate, RE only) gate=yes re=no
"(>|#| \(enable\))"? (No Gate, RE only) gate=yes re=no
"Login invalid"? no
expect: timed out

Error: TIMEOUT reached



Andrew Meyer
andrewm659 at gmail.com<mailto:andrewm659 at gmail.com>
ameyer at tsg2.com<mailto:ameyer at tsg2.com>
314-266-4837

On Tue, Jul 14, 2015 at 5:20 PM, Aaron Wasserott <aaron.wasserott at viawest.com<mailto:aaron.wasserott at viawest.com>> wrote:
This is all I use to run simple one-liners and tests against a device:

/usr/local/rancid/bin/clogin -c "show run" 10.20.30.1

Have you checked the log file for the device that doesn’t work? Rancid is usually pretty good about providing a hint as to the issue.

When testing via clogin, make sure to test against the same hostname used in your router.db file. Helps to point out any DNS or stale SSH key issues that might be the cause.

Another thing, if you switch to rancid using su you should use – to ensure you get all the proper envvars – that way you shouldn’t need to specify path to .cloginrc.

From: Rancid-discuss [mailto:rancid-discuss-bounces at shrubbery.net<mailto:rancid-discuss-bounces at shrubbery.net>] On Behalf Of Andrew Meyer
Sent: Monday, July 13, 2015 3:15 PM
To: rancid-discuss at googlegroups.com<mailto:rancid-discuss at googlegroups.com>
Subject: [rancid] Rancid 2.3.8 FreeBSD 10.1 Cisco Pix 506e

For some reason 1 of the Pix 506e I have won't work with RANCID. I got it working on another.  I'm not sure what is going on. When I try the clogin cmd it times out.

Also, I'm trying to get it to use SSHv1.

[rancid at tsg-monitoring01 ~]$ /usr/local/libexec/rancid/clogin -t 120 -c "show run" 10.20.30.1
10.20.30.1
spawn ssh -c 3des -x -l rancid 10.20.30.1
^C[rancid at tsg-monitoring01 ~]$ /usr/local/libexec/rancid/clogin -t 120 -c "show run" 10.20.30.1 -1
10.20.30.1
spawn ssh -c 3des -x -l rancid 10.20.30.1
^C[rancid at tsg-monitoring01 ~]$ /usr/local/libexec/rancid/clogin -f .cloginrc -t 120 -c "show run" 10.20.30.1 -1
10.20.30.1
spawn ssh -c 3des -x -l rancid 10.20.30.1
^C[rancid at tsg-monitoring01 ~]$ /usr/local/libexec/rancid/clogin -t 120 -x -1 -c "show run" 10.20.30.1 -1


Can someone tell me the syntax?  I have it in the .cloginrc file but its not taking.
This message contains information that may be confidential, privileged or otherwise protected by law from disclosure. It is intended for the exclusive use of the addressee(s). Unless you are the addressee or authorized agent of the addressee, you may not review, copy, distribute or disclose to anyone the message or any information contained within. If you have received this message in error, please contact the sender by electronic reply and immediately delete all copies of the message.

This message contains information that may be confidential, privileged or otherwise protected by law from disclosure. It is intended for the exclusive use of the addressee(s). Unless you are the addressee or authorized agent of the addressee, you may not review, copy, distribute or disclose to anyone the message or any information contained within. If you have received this message in error, please contact the sender by electronic reply and immediately delete all copies of the message.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20150714/f8a9bda9/attachment.html>


More information about the Rancid-discuss mailing list