[rancid] Radware/Alteon Interactive Commands
Iñaki Martínez Díez
imd at acens.com
Tue Mar 17 08:24:12 UTC 2015
Hello,
The problem is that if you connect via TELNET and answered ³y² you obtain:
# /cfg/dump
Display private keys? [y/n]: y
Access Denied: This operation can only be performed over a secure
connection such as HTTPS or SSH.
Connect to the device using a secure protocol and retry.
So my solution was this:
-re "Display private keys" {
if { "$cmethod" == "ssh" } {
send "y\r"
} else {
send "n\r"
}
exp_continue
}
So it is checked the method of connection.
But if you connect via SSH and answered ³y² you need to answered another
question:
# /cfg/dump
Display private keys? [y/n]: y
Enter passphrase:
So my solution was to add:
-re "passphrase" {
send ³PASSWORD\r"
exp_continue
}
Where ³PASSWORD² is a fix password that your certificates are cipher, so
any certificate to import needs that PASSWORD.
I hope this helps, for me it is working several months ago with several
versions and models of Radware including new models 4408, 5208 and 5224.
NOTE: I am still using Rancid 2.3.3 very modified to fit my needs, so
migrate to new 3.X (3.2 right now) seems very complicated.
--
Un saludo.
________________________________________
Iñaki Martínez Díez
Departamento de redes
acens Technologies S.L.
imd at acens.com
Teléfono: 637 772 156
Fax: 944 412 426
Este mensaje puede contener información confidencial dirigida exclusivamente a su destinatario.
No se permite su copia o distribución sin la autorización expresa y por anticipado de acens.
Si recibió este mensaje por error, por favor, comuníquelo al emisor y elimínelo de su ordenador. Gracias.
This message may contain confidential information exclusively addressed to its intended recipient.
The copy or distribution of this message is not permitted without the prior express consent by acens.
If you are not the intended recipient of this message please advise the sender and delete it. Thank you.
-----Mensaje original-----
De: heasley <heas at shrubbery.net>
Fecha: martes, 17 de marzo de 2015, 0:56
Para: Bob Franzke <Bob.Franzke at altn.com>
CC: "rancid-discuss at shrubbery.net" <rancid-discuss at shrubbery.net>
Asunto: Re: [rancid] Radware/Alteon Interactive Commands
>Thu, Feb 26, 2015 at 06:20:56AM -0600, Bob Franzke:
>> There is not unfortunately. You could remove the certificate and it
>>would no longer prompt but those are needed.
>>
>
>looking at alogin, there is already code there to send 'y'. for the
>purposes
>of automation, this is likely the right choice. although, it looks like
>the
>prompt has changed in your new version and the match needs to be updated
>as
>follows:
>
>Index: bin/alogin.in
>===================================================================
>--- bin/alogin.in (revision 3061)
>+++ bin/alogin.in (working copy)
>@@ -456,7 +459,7 @@
> -re "^\[^\n\r]*$reprompt" {}
> -re "^\[^\n\r ]*>>.*$reprompt" { exp_continue }
> -re "\[\n\r]+" { exp_continue }
>- -re "^\*Display private keys? \[y/n]:" {
>+ -re "^\*?Display private keys? \[y/n]:" {
> send "y\r"
> exp_continue
> }
>
>please lmk if that works.
>
>> > On Feb 26, 2015, at 3:39 AM, heasley <heas at shrubbery.net> wrote:
>> >
>> > Wed, Feb 25, 2015 at 04:39:00PM -0600, Robert Franzke:
>> >> So I recently upgraded the code on my Alteon 4408 Load Balancers.
>>Since this upgrade, when running the /c/dump command listed in arancid
>>to print out the current config while having some type of SSL
>>certificate installed on the device, the device asks you if you want to
>>Display the Private Keys and expects the user to reply with a Œy¹ or Œn¹
>>like so:
>> >>
>> >>>> ALTEON-A - Standalone ADC - Main# /c/d
>> >> Display private keys? [y/n]:
>> >>
>> >> This hangs RANCID up and causes the device config to not be
>>retrieved. Is there some way to fix this in the list of commands in
>>alogin/arancid such that the script would catch the ³Display private
>>keys? [y/n]:² and then send a Œn¹? I am not too sure which file I would
>>add this too to fix this.
>> >
>> > is there a configuration knob or argument to /c/dump to tell it not
>>to prompt?
>_______________________________________________
>Rancid-discuss mailing list
>Rancid-discuss at shrubbery.net
>http://www.shrubbery.net/mailman/listinfo/rancid-discuss
More information about the Rancid-discuss
mailing list