[rancid] Mikrotik + ssh with cert + rancid + as rancid user = can not login ?
Lukasz Sokol
el.es.cr at gmail.com
Mon Mar 16 10:11:07 UTC 2015
Hi heasley,
On 13/03/15 21:32, Lukasz Sokol wrote:
> Hi heasley,
>
> On Fri, Mar 13, 2015 at 8:43 PM, heasley <heas at shrubbery.net> wrote:
>>
>> Fri, Mar 13, 2015 at 05:07:19PM +0000, Lukasz Sokol:
>>> Actually
>>>
>>> - it's mtlogin that does not seem to pass -i to ssh at all
>>
>> indeed it doesnt; contributed code.
>>
>> does this patch work?
>>
yes, though I had to manually backport it (my file isn't named mtlogin.in, as I'm on the deb package...)
(and it did not have -v option so I had to slap the -r* cmdline param recognition somewhere where I deemed fit)
but with this :
---- (patch begin) ----
--- mtlogin.orig 2012-05-29 18:15:02.000000000 +0100
+++ mtlogin 2015-03-16 10:02:59.032715133 +0000
@@ -194,6 +194,14 @@
close $cmd_fd
set command [join [split $cmd_text \n] \;]
set do_command 1
+# portion of backport of ssh identity provision from trunk
+ # ssh passphrase
+ } -r* {
+ if {! [regexp .\[rR\](.+) $arg ignore passphrase]} {
+ incr i
+ set avpassphrase [lindex $argv $i]
+ }
+# backport end
# Do we enable?
} -noenable {
# ignore -noenable
@@ -293,7 +301,8 @@
# Log into the router.
# returns: 0 on success, 1 on failure
-proc login { router user userpswd passwd prompt cmethod cyphertype } {
+# proc login { router user userpswd passwd prompt cmethod cyphertype } {
+proc login { router user userpswd passwd prompt cmethod cyphertype identfile } {
global spawn_id in_proc do_command do_script
global u_prompt p_prompt sshcmd
set in_proc 1
@@ -315,10 +324,21 @@
return 1
}
} elseif ![string compare $prog "ssh"] {
- if [ catch {spawn $sshcmd -c $cyphertype -x -l $user+ct $router} reason ] {
- send_user "\nError: $sshcmd failed: $reason\n"
- return 1
- }
+ # ssh to the router & try to login with or without an identfile. backported from trunk.
+ regexp {ssh(:([^[:space:]]+))*} $prog methcmd suffix port
+ set cmd $sshcmd
+ if {"$port" != ""} {
+ set cmd "$cmd -p $port"
+ }
+ if {"$identfile" != ""} {
+ set cmd "$cmd -i $identfile"
+ }
+ set retval [catch {eval spawn [split "$cmd -c $cyphertype -x -l $user+ct $router" { }]} reason]
+ if { $retval } {
+ send_user "\nError: $cmd failed: $reason\n"
+ return 1
+ }
+# end of backport portion
} elseif ![string compare $prog "rsh"] {
send_error "\nError: unsupported method: rsh\n"
if { $progs == 0 } {
@@ -508,6 +528,21 @@
set p_prompt [join [lindex $p_prompt 0] ""]
}
+# backport of ssh ident provision from trunk
+ # Figure out identity file to use
+ set identfile [join [lindex [find identity $router] 0] ""]
+
+ # Figure out passphrase to use
+ if {[info exists avpassphrase]} {
+ set passphrase $avpassphrase
+ } else {
+ set passphrase [join [lindex [find passphrase $router] 0] ""]
+ }
+ if { ! [string length "$passphrase"]} {
+ set passphrase $passwd
+ }
+# backport of ssh ident provision from trunk
+
# Figure out cypher type
if {[info exists cypher]} {
# command line cypher type
@@ -526,7 +561,8 @@
if { "$sshcmd" == "" } { set sshcmd {ssh} }
# Login to the router
- if {[login $router $ruser $userpswd $passwd $prompt $cmethod $cyphertype]} {
+# backport of ssh ident provision from trunk
+ if {[login $router $ruser $userpswd $passwd $prompt $cmethod $cyphertype $identfile]} {
incr exitval
continue
}
---- (patch end) -----
i have this :
./mtlogin myrouter
myrouter
spawn ssh -i /var/lib/rancid/.ssh/id_ssa_for_mt_backup -c 3des -x -l myuser+ct myrouter
[ mikrotik prompts follows ]
Thanks ! :)
(patch also in attachment)
>
> Kind Regards,
>
> el es
>
el es
-------------- next part --------------
A non-text attachment was scrubbed...
Name: debian-package-ssh-provision.patch
Type: text/x-patch
Size: 2847 bytes
Desc: not available
URL: <http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20150316/fb8e1e53/attachment.bin>
More information about the Rancid-discuss
mailing list