[rancid] Mikrotik + ssh with cert + rancid + as rancid user = can not login ?

Lukasz Sokol el.es.cr at gmail.com
Fri Mar 13 13:42:56 UTC 2015 

Hi,
my first post here, hopefully I can still be helped ;)

I'm on Rancid 2.3.8-3 and ssh 6.0p1-4+deb7u1 from Debian repos.

As myself (user lukasz), from command line, i can do

[myrouter is not yet in router.db, imagine an IP given here]
[myuser is configured in .cloginrc see way below]

lukasz at george:~$ ~rancid/bin/mtlogin myrouter
myrouter
spawn ssh -c 3des -x -l myuser+ct myrouter

[mikrotik router welcome and  prompt follow as normal]

and get into ssh prompt, no problem here.

(I've a certificate made by /me/ in .ssh and installed on the router,
and also router is in cached ssh fingerprints, so no problem here either)

Next then I copied & chown'd the .cloginrc and the certificate file
into relevant places in ~rancid, first doing ssh to myrouter to add it to fingerprint cache, 

then I'm trying to run mtlogin as rancid user and I get this:

lukasz at george:~$ sudo su - rancid
[sudo] password for lukasz: 
rancid at george:~$ cd
rancid at george:~$ pwd
/var/lib/rancid
rancid at george:~$ bin/mtlogin myrouter
myrouter
spawn ssh -c 3des -x -l myuser+ct myrouter
myuser+ct at myrouter's password: 
Permission denied, please try again.
myuser+ct at myrouter's password: y
Permission denied, please try again.
myuser+ct at myrouter's password: 
Permission denied (password).

Error: Check your passwd for myrouter
rancid at george:~$ 

So it seems to be somehow /not/ noticing there is a certificate to be used...?

...but :

> rancid at george:~$ ls -l .ssh/
total 12
-rw------- 1 rancid rancid  668 Dec 27  2013 id_ssa_for_mt_backup

...and :

> rancid at george:~$ ssh -i .ssh/id_ssa_for_mt_backup myuser at myrouter

gives me ssh to Mikrotik myrouter as normal...

~rancid/.cloginrc has

add user * myuser
add password * totallyboguspassword
add method * ssh
add identity * /var/lib/rancid/.ssh/id_ssa_for_mt_backup // this line on 'lukasz' user is without path

Any pointer / keyword / wave of hand would be appreciated.

Kind Regards

el es

More information about the Rancid-discuss mailing list