[rancid] Debugging Logins for netscreen and procurve switches

Remsik,Robert Robert.Remsik at colostate.edu
Tue Aug 23 17:08:22 UTC 2016 

This seems to have solved the issue.  The only remaining issue I'm encountering is for logging into HP switches.  clogin logs in, but does nothing.  I can interact with the switch normally and exit.

In the .log:

10.1.3.21: missed cmd(s): all commands
10.1.3.21: End of run not found
10.1.3.21 clogin error: Error: Couldn't login


Running clogin manually:

rancid at server:~/bin$ ./clogin 10.1.3.21
10.1.3.21
spawn ssh -x -l LOGIN 10.1.3.21
We'd like to keep you up to date about:
  * Software feature updates
  * New product announcements
  * Special events
Please register your products now at:  www.hp.com/networking/register


LOGIN at 10.1.3.21's password:
HP J8692A Switch 3500yl-24G
Software revision K.15.10.0013m

Copyright (C) 1991-2013 Hewlett-Packard Development Company, L.P.

                   RESTRICTED RIGHTS LEGEND
 Confidential computer software.  Valid license from HP required for possession,
 use or copying. Consistent with FAR 12.211 and 12.212, Commercial Computer
 Software, Computer Software Documentation, and Technical Data for Commercial
 Items are licensed to the U.S. Government under vendor's standard commercial
 license.
                   HEWLETT-PACKARD DEVELOPMENT COMPANY, L.P.
                   20555 State Highway 249, Houston, TX 77070
SWITCH# ^[[64;237R
SWITCH#

--------
When I do ./clogin -c "show run" 10.1.3.21 I get the below and the prompt stays there.  I have to ctrl+c out of the program:
SWITCH# ^[[64;237R
SWITCH# terminal length 0
Invalid input: 0
SWITCH#

This is a new problem with rancid 3.4.9.9 and is not currently encountered on rancid 2.3.8.  Any help is appreciated, thank you in advance,
Robert





Robert Remsik

ACNS

Desk Phone: 970 491 7120

Robert.Remsik at colostate.edu


________________________________
From: heasley <heas at shrubbery.net>
Sent: Wednesday, August 17, 2016 12:24 AM
To: Remsik,Robert
Cc: heasley; rancid-discuss at shrubbery.net
Subject: Re: [rancid] Debugging Logins for netscreen and procurve switches

Mon, Aug 15, 2016 at 07:51:44PM +0000, Remsik,Robert:
> Using the FAQ as a reference (thank you) I was able generate a string that I can use to login to the device manually.
>
>
> $ssh -v -oHostKeyAlgorithms=+ssh-dss -oKexAlgorithms=+diffie-hellman-group1-sha1 login.name at x.y.148.230
>
> When running rancid-run, rancid runs and generates the log files.  When I run hlogin [ip] it does not work.
>
> $ /opt/rancid/bin/nlogin -t 90 -c "get system;get conf" x.y.148.230
> spawn ssh -c 3des -x -l login.name x.y.148.230
> Unknown cipher type '3des'
>
> Error: Couldn't login: x.y.148.230
>
> So my next thought is hrancid isn't passing the correct information to hlogin (even though the ssh algorithm and kex algorithms are specified in ssh.config file.
>
> $ ./nrancid -d -t netscreen x.y.148.230
> executing nlogin -t 90 -c"get system;get conf" x.y.148.230
> x.y.148.230 nlogin error: Error: Couldn't login: x.y.148.230
> x.y.148.230 nlogin error: Error: Couldn't login: x.y.148.230
> x.y.148.230: missed cmd(s): all commands
> x.y.148.230: End of run not found
> x.y.148.230: End of run not found
>
> I can edit the nlogin file to explicitly ask pass the cypher type as per the expect function, but I thought was what the point of this function was supposed to do (and far my dynamically than my static configuration)?  Do I need to modify it to read the .ssh config file?

please try the alpha version and see S3 Q13 in the current FAQ, and try it
without altering sshcmd your cloginrc.

>     # Figure out cypher type
>     if {[info exists cypher]} {
>         # command line cypher type
>         set cyphertype $cypher
>     } else {
>         set cyphertype [find cyphertype $router]
>         if { "$cyphertype" == "" } { set cyphertype "3des" }
>     }
>
> One other thing I noticed was the home directory of the rancid user is /home/rancid versus /opt/rancid(where my sys admin compiled and stored it).  I had to add the below the .bashrc to enable rancid to be able to run at all.  Is this the root of the issue?
> ## Changing $HOME directory to allow rancid to run
> ## $HOME is referenced in the rancid clogin files
> export HOME="/opt/rancid"

i doubt it.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20160823/36116d92/attachment.html>

More information about the Rancid-discuss mailing list