[rancid] clogin not catching my "Password: " prompt

Gauthier, Chris cgauthier at comscore.com
Thu Oct 12 16:40:28 UTC 2017


Hi,

Recently, we changed authentication types on our Cisco switches and my rancid installation stopped authenticating.  I modified my .cloginrc appropriately (config below).  The target is “sw003core.example.com”.  I am running rancid 3.6.2 and the target switch is a Cisco 3850.

add method   * {ssh}
add user     * {user}
add password * {password1} {password1}
add autoenable sw*.example.com {1}

The switch has a pre-login banner.  Here is what it looks like when I manually log in using my own username:
user at host:~ $ ssh sw003core.example.com
CCCCC
############################################################
#                                                          #
#                          ALERT!                          #
#        You are entering into a secured area!             #
#   This service is restricted to authorized users only.   #
#       All activities on this system are logged.          #
#    Unauthorized access will be fully investigated.       #
#                                                          #
############################################################
Password:

When clogin runs, it gets a timeout.
[rancid at server ~]$ /usr/local/rancid/bin/clogin -d sw003core.example.com
sw003core.example.com
spawn ssh -x -l user sw003core.example.com
parent: waiting for sync byte
parent: telling child to go ahead
parent: now unsynchronized from child
spawn: returns {9518}
Gate keeper glob pattern for '^<-+ More -+>[^
]*' is ''. Not usable, disabling the performance booster.
Gate keeper glob pattern for '(Connection refused|Secure connection [^
]+ refused)' is ''. Not usable, disabling the performance booster.
Gate keeper glob pattern for '(Connection closed by|Connection to [^
]+ closed)' is ''. Not usable, disabling the performance booster.
Gate keeper glob pattern for '(Host key not found |The authenticity of host .* be established)' is ''. Not usable, disabling the performance booster.
Gate keeper glob pattern for 'HOST IDENTIFICATION HAS CHANGED' is 'HOST IDENTIFICATION HAS CHANGED'. Activating booster.
Gate keeper glob pattern for 'Offending key for ' is 'Offending key for '. Activating booster.
Gate keeper glob pattern for '^warning: remote host denied authentication agent forwarding.' is 'warning: remote host denied authentication agent forwarding?'. Activating booster.
Gate keeper glob pattern for '(denied|Sorry)' is ''. Not usable, disabling the performance booster.
Gate keeper glob pattern for '% (Bad passwords|Authentication failed)' is ''. Not usable, disabling the performance booster.
Gate keeper glob pattern for 'Enter Selection: ' is 'Enter Selection: '. Activating booster.
Gate keeper glob pattern for 'Last login:' is 'Last login:'. Activating booster.
Gate keeper glob pattern for 'Press the <tab> key [^
]+[
]+' is 'Press the <tab> key *'. Activating booster.
Gate keeper glob pattern for '@[^
]+ ([Pp]assword|passwd|Enter password for [^ :]+):' is ''. Not usable, disabling the performance booster.
Gate keeper glob pattern for 'Enter passphrase.*: ' is 'Enter passphrase*: '. Activating booster.
Gate keeper glob pattern for '([Uu]sername|Login|login|user name|User):' is ''. Not usable, disabling the performance booster.
Gate keeper glob pattern for '([Pp]assword|passwd|Enter password for [^ :]+):' is ''. Not usable, disabling the performance booster.
Gate keeper glob pattern for '(>|#| \(enable\))' is ''. Not usable, disabling the performance booster.
Gate keeper glob pattern for '[^
]*[
]+' is ''. Not usable, disabling the performance booster.

expect: does "" (spawn_id exp6) match regular expression "^<-+ More -+>[^\n\r]*"? (No Gate, RE only) gate=yes re=no
"(Connection refused|Secure connection [^\n\r]+ refused)"? (No Gate, RE only) gate=yes re=no
"(Connection closed by|Connection to [^\n\r]+ closed)"? (No Gate, RE only) gate=yes re=no

expect: does "" (spawn_id exp6) match glob pattern "unknown host\r"? no

expect: does "" (spawn_id exp6) match glob pattern "Host is unreachable"? no
"No address associated with name"? no
"(Host key not found |The authenticity of host .* be established)"? (No Gate, RE only) gate=yes re=no
"HOST IDENTIFICATION HAS CHANGED"? Gate "HOST IDENTIFICATION HAS CHANGED"? gate=no
"Offending key for "? Gate "Offending key for "? gate=no

expect: does "" (spawn_id exp6) match regular expression "^warning: remote host denied authentication agent forwarding."? Gate "warning: remote host denied authentication agent forwarding?"? gate=no

expect: does "" (spawn_id exp6) match regular expression "(denied|Sorry)"? (No Gate, RE only) gate=yes re=no
"Login failed"? no
"% (Bad passwords|Authentication failed)"? (No Gate, RE only) gate=yes re=no
"Press any key to continue"? no
"Enter Selection: "? Gate "Enter Selection: "? gate=no
"Last login:"? Gate "Last login:"? gate=no
"Press the <tab> key [^\r\n]+[\r\n]+"? Gate "Press the <tab> key *"? gate=no
"@[^\r\n]+ ([Pp]assword|passwd|Enter password for [^ :]+):"? (No Gate, RE only) gate=yes re=no
"Enter passphrase.*: "? Gate "Enter passphrase*: "? gate=no
"([Uu]sername|Login|login|user name|User):"? (No Gate, RE only) gate=yes re=no
"([Pp]assword|passwd|Enter password for [^ :]+):"? (No Gate, RE only) gate=yes re=no
"(>|#| \(enable\))"? (No Gate, RE only) gate=yes re=no
"Login invalid"? no
"[^\r\n]*[\r\n]+"? (No Gate, RE only) gate=yes re=no
CCCCC
############################################################
#                                                          #
#                          ALERT!                          #
#        You are entering into a secured area!             #
#   This service is restricted to authorized users only.   #
#       All activities on this system are logged.          #
#    Unauthorized access will be fully investigated.       #
#                                                          #
############################################################

expect: does "CCCCC\r\r\n############################################################\r\r\n#                                                          #\r\r\n#                          ALERT!                          #\r\r\n#        You are entering into a secured area!             #\r\r\n#   This service is restricted to authorized users only.   #\r\r\n#       All activities on this system are logged.          #\r\r\n#    Unauthorized access will be fully investigated.       #\r\r\n#                                                          #\r\r\n############################################################\r\r\n" (spawn_id exp6) match regular expression "^<-+ More -+>[^\n\r]*"? (No Gate, RE only) gate=yes re=no
"(Connection refused|Secure connection [^\n\r]+ refused)"? (No Gate, RE only) gate=yes re=no
"(Connection closed by|Connection to [^\n\r]+ closed)"? (No Gate, RE only) gate=yes re=no

expect: does "CCCCC\r\r\n############################################################\r\r\n#                                                          #\r\r\n#                          ALERT!                          #\r\r\n#        You are entering into a secured area!             #\r\r\n#   This service is restricted to authorized users only.   #\r\r\n#       All activities on this system are logged.          #\r\r\n#    Unauthorized access will be fully investigated.       #\r\r\n#                                                          #\r\r\n############################################################\r\r\n" (spawn_id exp6) match glob pattern "unknown host\r"? no

expect: does "CCCCC\r\r\n############################################################\r\r\n#                                                          #\r\r\n#                          ALERT!                          #\r\r\n#        You are entering into a secured area!             #\r\r\n#   This service is restricted to authorized users only.   #\r\r\n#       All activities on this system are logged.          #\r\r\n#    Unauthorized access will be fully investigated.       #\r\r\n#                                                          #\r\r\n############################################################\r\r\n" (spawn_id exp6) match glob pattern "Host is unreachable"? no
"No address associated with name"? no
"(Host key not found |The authenticity of host .* be established)"? (No Gate, RE only) gate=yes re=no
"HOST IDENTIFICATION HAS CHANGED"? Gate "HOST IDENTIFICATION HAS CHANGED"? gate=no
"Offending key for "? Gate "Offending key for "? gate=no

expect: does "CCCCC\r\r\n############################################################\r\r\n#                                                          #\r\r\n#                          ALERT!                          #\r\r\n#        You are entering into a secured area!             #\r\r\n#   This service is restricted to authorized users only.   #\r\r\n#       All activities on this system are logged.          #\r\r\n#    Unauthorized access will be fully investigated.       #\r\r\n#                                                          #\r\r\n############################################################\r\r\n" (spawn_id exp6) match regular expression "^warning: remote host denied authentication agent forwarding."? Gate "warning: remote host denied authentication agent forwarding?"? gate=no

expect: does "CCCCC\r\r\n############################################################\r\r\n#                                                          #\r\r\n#                          ALERT!                          #\r\r\n#        You are entering into a secured area!             #\r\r\n#   This service is restricted to authorized users only.   #\r\r\n#       All activities on this system are logged.          #\r\r\n#    Unauthorized access will be fully investigated.       #\r\r\n#                                                          #\r\r\n############################################################\r\r\n" (spawn_id exp6) match regular expression "(denied|Sorry)"? (No Gate, RE only) gate=yes re=no
"Login failed"? no
"% (Bad passwords|Authentication failed)"? (No Gate, RE only) gate=yes re=no
"Press any key to continue"? no
"Enter Selection: "? Gate "Enter Selection: "? gate=no
"Last login:"? Gate "Last login:"? gate=no
"Press the <tab> key [^\r\n]+[\r\n]+"? Gate "Press the <tab> key *"? gate=no
"@[^\r\n]+ ([Pp]assword|passwd|Enter password for [^ :]+):"? (No Gate, RE only) gate=yes re=no
"Enter passphrase.*: "? Gate "Enter passphrase*: "? gate=no
"([Uu]sername|Login|login|user name|User):"? (No Gate, RE only) gate=yes re=no
"([Pp]assword|passwd|Enter password for [^ :]+):"? (No Gate, RE only) gate=yes re=no
"(>|#| \(enable\))"? (No Gate, RE only) gate=yes re=yes
expect: set expect_out(0,string) "#"
expect: set expect_out(1,string) "#"
expect: set expect_out(spawn_id) "exp6"
expect: set expect_out(buffer) "CCCCC\r\r\n#"
send: sending "\r" to { exp6 }
Gate keeper glob pattern for '[
]+' is ''. Not usable, disabling the performance booster.
Gate keeper glob pattern for '^(.+[:.])1 ((>|#| \(enable\)))' is ''. Not usable, disabling the performance booster.
Gate keeper glob pattern for '^.+(>|#| \(enable\))' is ''. Not usable, disabling the performance booster.

expect: does "###########################################################\r\r\n#                                                          #\r\r\n#                          ALERT!                          #\r\r\n#        You are entering into a secured area!             #\r\r\n#   This service is restricted to authorized users only.   #\r\r\n#       All activities on this system are logged.          #\r\r\n#    Unauthorized access will be fully investigated.       #\r\r\n#                                                          #\r\r\n############################################################\r\r\n" (spawn_id exp6) match regular expression "[\r\n]+"? (No Gate, RE only) gate=yes re=yes
expect: set expect_out(0,string) "\r\r\n"
expect: set expect_out(spawn_id) "exp6"
expect: set expect_out(buffer) "###########################################################\r\r\n"
expect: continuing expect

expect: does "#                                                          #\r\r\n#                          ALERT!                          #\r\r\n#        You are entering into a secured area!             #\r\r\n#   This service is restricted to authorized users only.   #\r\r\n#       All activities on this system are logged.          #\r\r\n#    Unauthorized access will be fully investigated.       #\r\r\n#                                                          #\r\r\n############################################################\r\r\n" (spawn_id exp6) match regular expression "[\r\n]+"? (No Gate, RE only) gate=yes re=yes
expect: set expect_out(0,string) "\r\r\n"
expect: set expect_out(spawn_id) "exp6"
expect: set expect_out(buffer) "#                                                          #\r\r\n"
expect: continuing expect

expect: does "#                          ALERT!                          #\r\r\n#        You are entering into a secured area!             #\r\r\n#   This service is restricted to authorized users only.   #\r\r\n#       All activities on this system are logged.          #\r\r\n#    Unauthorized access will be fully investigated.       #\r\r\n#                                                          #\r\r\n############################################################\r\r\n" (spawn_id exp6) match regular expression "[\r\n]+"? (No Gate, RE only) gate=yes re=yes
expect: set expect_out(0,string) "\r\r\n"
expect: set expect_out(spawn_id) "exp6"
expect: set expect_out(buffer) "#                          ALERT!                          #\r\r\n"
expect: continuing expect

expect: does "#        You are entering into a secured area!             #\r\r\n#   This service is restricted to authorized users only.   #\r\r\n#       All activities on this system are logged.          #\r\r\n#    Unauthorized access will be fully investigated.       #\r\r\n#                                                          #\r\r\n############################################################\r\r\n" (spawn_id exp6) match regular expression "[\r\n]+"? (No Gate, RE only) gate=yes re=yes
expect: set expect_out(0,string) "\r\r\n"
expect: set expect_out(spawn_id) "exp6"
expect: set expect_out(buffer) "#        You are entering into a secured area!             #\r\r\n"
expect: continuing expect

expect: does "#   This service is restricted to authorized users only.   #\r\r\n#       All activities on this system are logged.          #\r\r\n#    Unauthorized access will be fully investigated.       #\r\r\n#                                                          #\r\r\n############################################################\r\r\n" (spawn_id exp6) match regular expression "[\r\n]+"? (No Gate, RE only) gate=yes re=yes
expect: set expect_out(0,string) "\r\r\n"
expect: set expect_out(spawn_id) "exp6"
expect: set expect_out(buffer) "#   This service is restricted to authorized users only.   #\r\r\n"
expect: continuing expect

expect: does "#       All activities on this system are logged.          #\r\r\n#    Unauthorized access will be fully investigated.       #\r\r\n#                                                          #\r\r\n############################################################\r\r\n" (spawn_id exp6) match regular expression "[\r\n]+"? (No Gate, RE only) gate=yes re=yes
expect: set expect_out(0,string) "\r\r\n"
expect: set expect_out(spawn_id) "exp6"
expect: set expect_out(buffer) "#       All activities on this system are logged.          #\r\r\n"
expect: continuing expect

expect: does "#    Unauthorized access will be fully investigated.       #\r\r\n#                                                          #\r\r\n############################################################\r\r\n" (spawn_id exp6) match regular expression "[\r\n]+"? (No Gate, RE only) gate=yes re=yes
expect: set expect_out(0,string) "\r\r\n"
expect: set expect_out(spawn_id) "exp6"
expect: set expect_out(buffer) "#    Unauthorized access will be fully investigated.       #\r\r\n"
expect: continuing expect

expect: does "#                                                          #\r\r\n############################################################\r\r\n" (spawn_id exp6) match regular expression "[\r\n]+"? (No Gate, RE only) gate=yes re=yes
expect: set expect_out(0,string) "\r\r\n"
expect: set expect_out(spawn_id) "exp6"
expect: set expect_out(buffer) "#                                                          #\r\r\n"
expect: continuing expect

expect: does "############################################################\r\r\n" (spawn_id exp6) match regular expression "[\r\n]+"? (No Gate, RE only) gate=yes re=yes
expect: set expect_out(0,string) "\r\r\n"
expect: set expect_out(spawn_id) "exp6"
expect: set expect_out(buffer) "############################################################\r\r\n"
expect: continuing expect

expect: does "" (spawn_id exp6) match regular expression "[\r\n]+"? (No Gate, RE only) gate=yes re=no
"^(.+[:.])1 ((>|#| \(enable\)))"? (No Gate, RE only) gate=yes re=no
"^.+(>|#| \(enable\))"? (No Gate, RE only) gate=yes re=no


expect: does "\r\n" (spawn_id exp6) match regular expression "[\r\n]+"? (No Gate, RE only) gate=yes re=yes
expect: set expect_out(0,string) "\r\n"
expect: set expect_out(spawn_id) "exp6"
expect: set expect_out(buffer) "\r\n"
expect: continuing expect

expect: does "" (spawn_id exp6) match regular expression "[\r\n]+"? (No Gate, RE only) gate=yes re=no
"^(.+[:.])1 ((>|#| \(enable\)))"? (No Gate, RE only) gate=yes re=no
"^.+(>|#| \(enable\))"? (No Gate, RE only) gate=yes re=no
Password:
expect: does "Password: " (spawn_id exp6) match regular expression "[\r\n]+"? (No Gate, RE only) gate=yes re=no
"^(.+[:.])1 ((>|#| \(enable\)))"? (No Gate, RE only) gate=yes re=no
"^.+(>|#| \(enable\))"? (No Gate, RE only) gate=yes re=no
expect: timed out

Error: TIMEOUT reached
[rancid at isgnetmgmttest ~]$

Any thoughts on why this behavior changed and how to resolve it?  I didn’t have a pre-login banner before, but cannot get rid of it, either.  TIA.

--Chris


Chris GauthierSenior Network Engineer | comScore, Inc.
o +1 503-331-2704cgauthier at comscore.com
317 SW Alder Street, Suite 700 | Portland | OR97204
............................................................................................................................................................................................................................

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20171012/4d22d539/attachment.html>


More information about the Rancid-discuss mailing list