[rancid] Configuration Modification with RANCID

Chris Davis Chris.Davis at principia.edu
Tue Oct 11 16:14:33 UTC 2016

So, I've been modifying my switch/router configurations with RANCID for many years now.  This is the first time I've bumped into this one.  At first look, this probably seems like a Cisco issue, but I think not.  Well, maybe partially...  The same command issued in the Cisco CLI works fine.  It's only when I issue it via RANCID that I have a problem.  The problem could also lie in the bash shell, which might be reacting to the periods and other meta characters in the encrypted string.

I'm trying to issue via "clogin -c" a set enable secret command (among others) using a predefined encrypted key.   So, my command ends up something like this.  (The encrypted value is bogus, but similarly constructed.)

for host in  "list of switch IP addresses"; do clogin -c "config t;
enable secret 5 $8$VNEb$ait.ADc45ru5cDNQEGa/.
no username Bob.Smith;
no ip http authentication local;
ip http authentication aaa login-authentication local+radius;
ip http authentication aaa exec-authorization local+radius;
end; write memory;" $host > /tmp/$host.log & done

The Cisco CLI barks at the encrypted string and the rest of the commands work as expected.

Hostname(config)#enable secret 5 .ADc45ru5cDNQEGa/.
ERROR: The secret you entered is not a valid encrypted secret.
To enter an UNENCRYPTED secret, do not specify type 5 encryption.
When you properly enter an UNENCRYPTED secret, it will be encrypted.

As I write this, I suspect it's the bash shell that's mangling things.   Any thoughts?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20161011/52fc392c/attachment.html>

More information about the Rancid-discuss mailing list