[rancid] Rancid 2.3.8 FreeBSD 10.1 Cisco Pix 506e

Andrew Meyer andrewm659 at gmail.com
Tue Jul 14 23:37:30 UTC 2015


hmmm....FreeBSD repo only has 5.43 as lowest.


Andrew Meyer
andrewm659 at gmail.com
ameyer at tsg2.com
314-266-4837

On Tue, Jul 14, 2015 at 6:27 PM, Andrew Meyer <andrewm659 at gmail.com> wrote:

> I saw it a while back and completely forgot.  Going to fix.
>
>
> Andrew Meyer
> andrewm659 at gmail.com
> ameyer at tsg2.com
> 314-266-4837
>
> On Tue, Jul 14, 2015 at 6:27 PM, Aaron Wasserott <
> aaron.wasserott at viawest.com> wrote:
>
>>  Did you see this notice on the RANCID page? Sounds like that could be
>> your issue.
>>
>>
>>
>> *NOTE: For rancid >= 2.3, you must use expect >= 5.40. Versions prior to
>> this appear to have a regex handling bug that affects the ability of clogin
>> to parse CLI prompts.*
>>
>>
>>
>> http://www.shrubbery.net/rancid/
>>
>>
>>
>> *From:* Andrew Meyer [mailto:andrewm659 at gmail.com]
>> *Sent:* Tuesday, July 14, 2015 4:25 PM
>> *To:* Aaron Wasserott
>> *Cc:* rancid-discuss at googlegroups.com
>> *Subject:* Re: [rancid] Rancid 2.3.8 FreeBSD 10.1 Cisco Pix 506e
>>
>>
>>
>> The issue is the pix i'm connecting to is using ssh 1.0 and is not
>> working.  Here is the output i'm getting
>>
>>
>>
>> [rancid at tsg-monitoring01 ~]$ /usr/local/libexec/rancid/clogin -d -c
>> "show run" 10.20.30.1
>>
>> 10.20.30.1
>>
>> spawn ssh -c 3des -x -l rancid 10.20.30.1
>>
>> parent: waiting for sync byte
>>
>> parent: telling child to go ahead
>>
>> parent: now unsynchronized from child
>>
>> spawn: returns {35121}
>>
>> Gate keeper glob pattern for '^<-+ More -+>[^
>>
>> ]*' is ''. Not usable, disabling the performance booster.
>>
>> Gate keeper glob pattern for '(Connection refused|Secure connection [^
>>
>> ]+ refused)' is ''. Not usable, disabling the performance booster.
>>
>> Gate keeper glob pattern for '(Connection closed by|Connection to [^
>>
>> ]+ closed)' is ''. Not usable, disabling the performance booster.
>>
>> Gate keeper glob pattern for '(Host key not found |The authenticity of
>> host .* be established).* \(yes/no\)\?' is ''. Not usable, disabling the
>> performance booster.
>>
>> Gate keeper glob pattern for 'HOST IDENTIFICATION HAS CHANGED.*
>> \(yes/no\)\?' is 'HOST IDENTIFICATION HAS CHANGED* (yes/no)\?'. Activating
>> booster.
>>
>> Gate keeper glob pattern for 'HOST IDENTIFICATION HAS CHANGED[^
>>
>> ]+' is 'HOST IDENTIFICATION HAS CHANGED*'. Activating booster.
>>
>> Gate keeper glob pattern for 'Offending key for .* \(yes/no\)\?' is
>> 'Offending key for * (yes/no)\?'. Activating booster.
>>
>> Gate keeper glob pattern for '(denied|Sorry)' is ''. Not usable,
>> disabling the performance booster.
>>
>> Gate keeper glob pattern for '% (Bad passwords|Authentication failed)' is
>> ''. Not usable, disabling the performance booster.
>>
>> Gate keeper glob pattern for 'Enter Selection: ' is 'Enter Selection: '.
>> Activating booster.
>>
>> Gate keeper glob pattern for 'Last login:' is 'Last login:'. Activating
>> booster.
>>
>> Gate keeper glob pattern for '@[^
>>
>> ]+ ([Pp]assword|passwd|Enter password for [^ :]+):' is ''. Not usable,
>> disabling the performance booster.
>>
>> Gate keeper glob pattern for 'Enter passphrase.*: ' is 'Enter
>> passphrase*: '. Activating booster.
>>
>> Gate keeper glob pattern for '(Username|Login|login|user name|User):' is
>> ''. Not usable, disabling the performance booster.
>>
>> Gate keeper glob pattern for '([Pp]assword|passwd|Enter password for [^
>> :]+):' is ''. Not usable, disabling the performance booster.
>>
>> Gate keeper glob pattern for '(>|#| \(enable\))' is ''. Not usable,
>> disabling the performance booster.
>>
>>
>>
>> expect: does "" (spawn_id exp6) match regular expression "^<-+ More
>> -+>[^\n\r]*"? (No Gate, RE only) gate=yes re=no
>>
>> "(Connection refused|Secure connection [^\n\r]+ refused)"? (No Gate, RE
>> only) gate=yes re=no
>>
>> "(Connection closed by|Connection to [^\n\r]+ closed)"? (No Gate, RE
>> only) gate=yes re=no
>>
>>
>>
>> expect: does "" (spawn_id exp6) match glob pattern "unknown host\r"? no
>>
>>
>>
>> expect: does "" (spawn_id exp6) match glob pattern "Host is unreachable"?
>> no
>>
>> "No address associated with name"? no
>>
>> "(Host key not found |The authenticity of host .* be established).*
>> \(yes/no\)\?"? (No Gate, RE only) gate=yes re=no
>>
>> "HOST IDENTIFICATION HAS CHANGED.* \(yes/no\)\?"? Gate "HOST
>> IDENTIFICATION HAS CHANGED* (yes/no)\?"? gate=no
>>
>> "HOST IDENTIFICATION HAS CHANGED[^\n\r]+"? Gate "HOST IDENTIFICATION HAS
>> CHANGED*"? gate=no
>>
>> "Offending key for .* \(yes/no\)\?"? Gate "Offending key for *
>> (yes/no)\?"? gate=no
>>
>> "(denied|Sorry)"? (No Gate, RE only) gate=yes re=no
>>
>> "Login failed"? no
>>
>> "% (Bad passwords|Authentication failed)"? (No Gate, RE only) gate=yes
>> re=no
>>
>> "Press any key to continue"? no
>>
>> "Enter Selection: "? Gate "Enter Selection: "? gate=no
>>
>> "Last login:"? Gate "Last login:"? gate=no
>>
>> "@[^\r\n]+ ([Pp]assword|passwd|Enter password for [^ :]+):"? (No Gate, RE
>> only) gate=yes re=no
>>
>> "Enter passphrase.*: "? Gate "Enter passphrase*: "? gate=no
>>
>> "(Username|Login|login|user name|User):"? (No Gate, RE only) gate=yes
>> re=no
>>
>> "([Pp]assword|passwd|Enter password for [^ :]+):"? (No Gate, RE only)
>> gate=yes re=no
>>
>> "(>|#| \(enable\))"? (No Gate, RE only) gate=yes re=no
>>
>> "Login invalid"? no
>>
>> expect: timed out
>>
>>
>>
>> Error: TIMEOUT reached
>>
>>
>>
>>
>>
>> Andrew Meyer
>> andrewm659 at gmail.com
>> ameyer at tsg2.com
>> 314-266-4837
>>
>>
>>
>> On Tue, Jul 14, 2015 at 5:20 PM, Aaron Wasserott <
>> aaron.wasserott at viawest.com> wrote:
>>
>> This is all I use to run simple one-liners and tests against a device:
>>
>>
>>
>> /usr/local/rancid/bin/clogin -c "show run" 10.20.30.1
>>
>>
>>
>> Have you checked the log file for the device that doesn’t work? Rancid is
>> usually pretty good about providing a hint as to the issue.
>>
>>
>>
>> When testing via clogin, make sure to test against the same hostname used
>> in your router.db file. Helps to point out any DNS or stale SSH key issues
>> that might be the cause.
>>
>>
>>
>> Another thing, if you switch to rancid using su you should use – to
>> ensure you get all the proper envvars – that way you shouldn’t need to
>> specify path to .cloginrc.
>>
>>
>>
>> *From:* Rancid-discuss [mailto:rancid-discuss-bounces at shrubbery.net] *On
>> Behalf Of *Andrew Meyer
>> *Sent:* Monday, July 13, 2015 3:15 PM
>> *To:* rancid-discuss at googlegroups.com
>> *Subject:* [rancid] Rancid 2.3.8 FreeBSD 10.1 Cisco Pix 506e
>>
>>
>>
>> For some reason 1 of the Pix 506e I have won't work with RANCID. I got it
>> working on another.  I'm not sure what is going on. When I try the clogin
>> cmd it times out.
>>
>>
>>
>> Also, I'm trying to get it to use SSHv1.
>>
>>
>>
>> [rancid at tsg-monitoring01 ~]$ /usr/local/libexec/rancid/clogin -t 120 -c
>> "show run" 10.20.30.1
>>
>> 10.20.30.1
>>
>> spawn ssh -c 3des -x -l rancid 10.20.30.1
>>
>> ^C[rancid at tsg-monitoring01 ~]$ /usr/local/libexec/rancid/clogin -t 120
>> -c "show run" 10.20.30.1 -1
>>
>> 10.20.30.1
>>
>> spawn ssh -c 3des -x -l rancid 10.20.30.1
>>
>> ^C[rancid at tsg-monitoring01 ~]$ /usr/local/libexec/rancid/clogin -f
>> .cloginrc -t 120 -c "show run" 10.20.30.1 -1
>>
>> 10.20.30.1
>>
>> spawn ssh -c 3des -x -l rancid 10.20.30.1
>>
>> ^C[rancid at tsg-monitoring01 ~]$ /usr/local/libexec/rancid/clogin -t 120
>> -x -1 -c "show run" 10.20.30.1 -1
>>
>>
>>
>>
>>
>> Can someone tell me the syntax?  I have it in the .cloginrc file but its
>> not taking.
>>
>> This message contains information that may be confidential, privileged or
>> otherwise protected by law from disclosure. It is intended for the
>> exclusive use of the addressee(s). Unless you are the addressee or
>> authorized agent of the addressee, you may not review, copy, distribute or
>> disclose to anyone the message or any information contained within. If you
>> have received this message in error, please contact the sender by
>> electronic reply and immediately delete all copies of the message.
>>
>>
>>  This message contains information that may be confidential, privileged
>> or otherwise protected by law from disclosure. It is intended for the
>> exclusive use of the addressee(s). Unless you are the addressee or
>> authorized agent of the addressee, you may not review, copy, distribute or
>> disclose to anyone the message or any information contained within. If you
>> have received this message in error, please contact the sender by
>> electronic reply and immediately delete all copies of the message.
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20150714/5322c6dc/attachment.html>


More information about the Rancid-discuss mailing list