[rancid] Mikrotik + ssh with cert + rancid + as rancid user = can not login ?
Lukasz Sokol
el.es.cr at gmail.com
Fri Mar 13 21:32:58 UTC 2015
Hi heasley,
On Fri, Mar 13, 2015 at 8:43 PM, heasley <heas at shrubbery.net> wrote:
>
> Fri, Mar 13, 2015 at 05:07:19PM +0000, Lukasz Sokol:
> > Actually
> >
> > - it's mtlogin that does not seem to pass -i to ssh at all
>
> indeed it doesnt; contributed code.
>
> does this patch work?
>
Thank you, I've no way to check right now - but will check on Monday
(GMT is my time zone)
(unless someone else who cares, beats me to it)
Kind Regards,
el es
--
(intentionally put below sig delimiter)
>
> Index: bin/mtlogin.in
> ===================================================================
> --- bin/mtlogin.in (revision 3056)
> +++ bin/mtlogin.in (working copy)
> @@ -119,7 +119,10 @@
> set do_passwd 0
> # ssh passphrase
> } -r* {
> - # ignore -r
> + if {! [regexp .\[rR\](.+) $arg ignore passphrase]} {
> + incr i
> + set avpassphrase [lindex $argv $i]
> + }
> # Version string
> } -V* {
> send_user "rancid 2.3.2a9\n"
> @@ -290,7 +293,7 @@
>
> # Log into the router.
> # returns: 0 on success, 1 on failure
> -proc login { router user userpswd passwd prompt cmethod cyphertype } {
> +proc login { router user userpswd passwd prompt cmethod cyphertype identfile } {
> global spawn_id in_proc do_command do_script
> global u_prompt p_prompt sshcmd
> set in_proc 1
> @@ -312,10 +315,20 @@
> return 1
> }
> } elseif ![string compare $prog "ssh"] {
> - if [ catch {spawn $sshcmd -c $cyphertype -x -l $user+ct $router} reason ] {
> - send_user "\nError: $sshcmd failed: $reason\n"
> - return 1
> - }
> + # ssh to the router & try to login with or without an identfile.
> + regexp {ssh(:([^[:space:]]+))*} $prog methcmd suffix port
> + set cmd $sshcmd
> + if {"$port" != ""} {
> + set cmd "$cmd -p $port"
> + }
> + if {"$identfile" != ""} {
> + set cmd "$cmd -i $identfile"
> + }
> + set retval [catch {eval spawn [split "$cmd -c $cyphertype -x -l $user+ct $router" { }]} reason]
> + if { $retval } {
> + send_user "\nError: $cmd failed: $reason\n"
> + return 1
> + }
> } elseif ![string compare $prog "rsh"] {
> send_error "\nError: unsupported method: rsh\n"
> if { $progs == 0 } {
> @@ -527,6 +540,19 @@
> set p_prompt [join [lindex $p_prompt 0] ""]
> }
>
> + # Figure out identity file to use
> + set identfile [join [lindex [find identity $router] 0] ""]
> +
> + # Figure out passphrase to use
> + if {[info exists avpassphrase]} {
> + set passphrase $avpassphrase
> + } else {
> + set passphrase [join [lindex [find passphrase $router] 0] ""]
> + }
> + if { ! [string length "$passphrase"]} {
> + set passphrase $passwd
> + }
> +
> # Figure out cypher type
> if {[info exists cypher]} {
> # command line cypher type
> @@ -545,7 +571,7 @@
> if { "$sshcmd" == "" } { set sshcmd {ssh} }
>
> # Login to the router
> - if {[login $router $ruser $userpswd $passwd $prompt $cmethod $cyphertype]} {
> + if {[login $router $ruser $userpswd $passwd $prompt $cmethod $cyphertype $identfile]} {
> incr exitval
> continue
> }
>
More information about the Rancid-discuss
mailing list