[rancid] Alternatives to cleartext password in .cloginrc ?
Lance Vermilion
rancid at gheek.net
Wed May 6 18:41:46 UTC 2015
For user access (not config backup) of rancid scripts a simple work around
I am (sometime soon) implementing a script that does a find/replace in the
.cloginrc. The password stored in the . cloginrc is in base64 format so not
clear text. This means i will also patch rancid to decode the password
encoded in base64. Each time the user logs in they will need to enact this
script that does the updating of the .cloginrc because at logout/login the
.cloginrc is set back to variables (for easy find and replace).
This solution will not work for everyone but it will for me.
On May 6, 2015 9:14 AM, "heasley" <heas at shrubbery.net> wrote:
>
> Wed, May 06, 2015 at 04:31:38PM +0100, Lukasz Sokol:
> > On 06/05/15 16:19, Matt Almgren wrote:
> > > Ssh keys are still on the table and that is one of the alternatives.
> >
> > They are relatively easy to roll out on rancid by itself - I did it
after some
> > googling, and it wasn't too bad... (key based ident is mentioned in one
of the articles
> > that pop up when googling for rancid and ssh... adapted a bit to my
debian needs and that's
> > it, all it really needed.)
>
> the passphrase is still stored somewhere. although interactive users
could
> use ssh-agent.
> _______________________________________________
> Rancid-discuss mailing list
> Rancid-discuss at shrubbery.net
> http://www.shrubbery.net/mailman/listinfo/rancid-discuss
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20150506/70143fa5/attachment.html>
More information about the Rancid-discuss
mailing list