[rancid] Radware/Alteon Interactive Commands

Robert Franzke bob.franzke at altn.com
Tue Mar 17 21:58:00 UTC 2015


Yes, I think he means the passphrase for the certificate, not the device. When you answer yes it then prompts for a passphrase for the certificate before it runs the dump. I answer 'n' so I get no passphrase prompt, but someone who wants to include the private keys of any installed certificates on the device in the config dump would need to provide the passphrase for them to see them. Agreed, ugly.


-----Original Message-----
From: heasley [mailto:heas at shrubbery.net] 
Sent: Tuesday, March 17, 2015 1:59 PM
To: Iñaki Martínez Díez
Cc: heasley; Bob Franzke; rancid-discuss at shrubbery.net
Subject: Re: [rancid] Radware/Alteon Interactive Commands

Tue, Mar 17, 2015 at 09:24:12AM +0100, Iñaki Martínez Díez:
> Hello,
> 
>  The problem is that if you connect via TELNET and answered ³y² you obtain:
> 
> # /cfg/dump
> Display private keys? [y/n]: y
> 
> Access Denied: This operation can only be performed over a secure 
> connection such as HTTPS or SSH.
> Connect to the device using a secure protocol and retry.
> 
>  So my solution was this:
> 
> -re "Display private keys" {
>         if { "$cmethod" == "ssh" } {
>                 send "y\r"
>         } else {
>                 send "n\r"
>         }
>         exp_continue
> 
> So it is checked the method of connection.
> 
> But if you connect via SSH and answered ³y² you need to answered 
> another
> question:
> 
> # /cfg/dump
> Display private keys? [y/n]: y
> Enter passphrase:
> 
> So my solution was to add:
> 
> -re "passphrase" {
>         send ³PASSWORD\r"
>         exp_continue
>                                                 }
> 
> Where ³PASSWORD² is a fix password that your certificates are cipher, 
> so any certificate to import needs that PASSWORD.

Do you mean that the password is the passphrase for the Certificate?  Not the password for the device.  Thats ugly.  I'm not sure how to handle that generically.



More information about the Rancid-discuss mailing list