[rancid] Configuration Modification with RANCID
Chris Davis
Chris.Davis at principia.edu
Tue Oct 11 16:14:33 UTC 2016
So, I've been modifying my switch/router configurations with RANCID for many years now. This is the first time I've bumped into this one. At first look, this probably seems like a Cisco issue, but I think not. Well, maybe partially... The same command issued in the Cisco CLI works fine. It's only when I issue it via RANCID that I have a problem. The problem could also lie in the bash shell, which might be reacting to the periods and other meta characters in the encrypted string.
I'm trying to issue via "clogin -c" a set enable secret command (among others) using a predefined encrypted key. So, my command ends up something like this. (The encrypted value is bogus, but similarly constructed.)
for host in "list of switch IP addresses"; do clogin -c "config t;
enable secret 5 $8$VNEb$ait.ADc45ru5cDNQEGa/.
no username Bob.Smith;
no ip http authentication local;
ip http authentication aaa login-authentication local+radius;
ip http authentication aaa exec-authorization local+radius;
end; write memory;" $host > /tmp/$host.log & done
The Cisco CLI barks at the encrypted string and the rest of the commands work as expected.
Hostname(config)#enable secret 5 .ADc45ru5cDNQEGa/.
ERROR: The secret you entered is not a valid encrypted secret.
To enter an UNENCRYPTED secret, do not specify type 5 encryption.
When you properly enter an UNENCRYPTED secret, it will be encrypted.
As I write this, I suspect it's the bash shell that's mangling things. Any thoughts?
Chris
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20161011/52fc392c/attachment.html>
More information about the Rancid-discuss
mailing list