[rancid] set password ENC
Gerhard Mourani
gmourani at gmail.com
Fri Mar 18 22:44:48 UTC 2016
Guys,
This patch make the ENCRYPTED PRIVATE KEY part to be removed.
diff -ur rancid-3.2.orig/bin/fnrancid.in rancid-3.2/bin/fnrancid.in
--- rancid-3.2.orig/bin/fnrancid.in 2015-03-16 15:02:52.000000000 -0400
+++ rancid-3.2/bin/fnrancid.in 2016-03-17 13:22:16.494902363 -0400
@@ -170,6 +170,7 @@
sub GetSystem {
print STDERR " In GetSystem: $_" if ($debug);
+ my $priv_key;
while (<INPUT>) {
tr/\015//d;
next if /^\s*$/;
@@ -204,6 +205,11 @@
tr/\015//d;
next if /^\s*$/;
last if (/$prompt/);
+ # spot the start of an ENCRYPTED private key
+ $priv_key = 1 if(/^\s*set private-key "-----BEGIN ENCRYPTED PRIVATE KEY-----/);
+ # spot the end of an RSA private key
+ $priv_key = 0 && next if(/^\s*-----END ENCRYPTED PRIVATE KEY-----"/);
+ next if($priv_key == 1);
# System time is fortigate extraction time
next if (/^\s*!System time:/);
Gerhard,
> On Mar 15, 2016, at 1:47 PM, heasley <heas at shrubbery.net> wrote:
>
> Tue, Mar 15, 2016 at 05:35:10PM +0000, Nick Hilliard:
>> heasley wrote:
>>> meaning that the password has not changed but the encrypted string
>>> changes repeatedly?
>>
>> yeah, fortios does this. So does Adtran AOS. Apparently this is a
>> "feature".
>>
>> Nick
>
> now i realize that someone wanted those saved, regardless of the cycling.
> i suppose rancid does need an option separate from FILTER_PWDS to save
> cycling passwords, as someone ask about last week.
More information about the Rancid-discuss
mailing list