[rancid] clogin not catching my "Password: " prompt
Gauthier, Chris
cgauthier at comscore.com
Thu Oct 12 16:40:28 UTC 2017
Hi,
Recently, we changed authentication types on our Cisco switches and my rancid installation stopped authenticating. I modified my .cloginrc appropriately (config below). The target is “sw003core.example.com”. I am running rancid 3.6.2 and the target switch is a Cisco 3850.
add method * {ssh}
add user * {user}
add password * {password1} {password1}
add autoenable sw*.example.com {1}
The switch has a pre-login banner. Here is what it looks like when I manually log in using my own username:
user at host:~ $ ssh sw003core.example.com
CCCCC
############################################################
# #
# ALERT! #
# You are entering into a secured area! #
# This service is restricted to authorized users only. #
# All activities on this system are logged. #
# Unauthorized access will be fully investigated. #
# #
############################################################
Password:
When clogin runs, it gets a timeout.
[rancid at server ~]$ /usr/local/rancid/bin/clogin -d sw003core.example.com
sw003core.example.com
spawn ssh -x -l user sw003core.example.com
parent: waiting for sync byte
parent: telling child to go ahead
parent: now unsynchronized from child
spawn: returns {9518}
Gate keeper glob pattern for '^<-+ More -+>[^
]*' is ''. Not usable, disabling the performance booster.
Gate keeper glob pattern for '(Connection refused|Secure connection [^
]+ refused)' is ''. Not usable, disabling the performance booster.
Gate keeper glob pattern for '(Connection closed by|Connection to [^
]+ closed)' is ''. Not usable, disabling the performance booster.
Gate keeper glob pattern for '(Host key not found |The authenticity of host .* be established)' is ''. Not usable, disabling the performance booster.
Gate keeper glob pattern for 'HOST IDENTIFICATION HAS CHANGED' is 'HOST IDENTIFICATION HAS CHANGED'. Activating booster.
Gate keeper glob pattern for 'Offending key for ' is 'Offending key for '. Activating booster.
Gate keeper glob pattern for '^warning: remote host denied authentication agent forwarding.' is 'warning: remote host denied authentication agent forwarding?'. Activating booster.
Gate keeper glob pattern for '(denied|Sorry)' is ''. Not usable, disabling the performance booster.
Gate keeper glob pattern for '% (Bad passwords|Authentication failed)' is ''. Not usable, disabling the performance booster.
Gate keeper glob pattern for 'Enter Selection: ' is 'Enter Selection: '. Activating booster.
Gate keeper glob pattern for 'Last login:' is 'Last login:'. Activating booster.
Gate keeper glob pattern for 'Press the <tab> key [^
]+[
]+' is 'Press the <tab> key *'. Activating booster.
Gate keeper glob pattern for '@[^
]+ ([Pp]assword|passwd|Enter password for [^ :]+):' is ''. Not usable, disabling the performance booster.
Gate keeper glob pattern for 'Enter passphrase.*: ' is 'Enter passphrase*: '. Activating booster.
Gate keeper glob pattern for '([Uu]sername|Login|login|user name|User):' is ''. Not usable, disabling the performance booster.
Gate keeper glob pattern for '([Pp]assword|passwd|Enter password for [^ :]+):' is ''. Not usable, disabling the performance booster.
Gate keeper glob pattern for '(>|#| \(enable\))' is ''. Not usable, disabling the performance booster.
Gate keeper glob pattern for '[^
]*[
]+' is ''. Not usable, disabling the performance booster.
expect: does "" (spawn_id exp6) match regular expression "^<-+ More -+>[^\n\r]*"? (No Gate, RE only) gate=yes re=no
"(Connection refused|Secure connection [^\n\r]+ refused)"? (No Gate, RE only) gate=yes re=no
"(Connection closed by|Connection to [^\n\r]+ closed)"? (No Gate, RE only) gate=yes re=no
expect: does "" (spawn_id exp6) match glob pattern "unknown host\r"? no
expect: does "" (spawn_id exp6) match glob pattern "Host is unreachable"? no
"No address associated with name"? no
"(Host key not found |The authenticity of host .* be established)"? (No Gate, RE only) gate=yes re=no
"HOST IDENTIFICATION HAS CHANGED"? Gate "HOST IDENTIFICATION HAS CHANGED"? gate=no
"Offending key for "? Gate "Offending key for "? gate=no
expect: does "" (spawn_id exp6) match regular expression "^warning: remote host denied authentication agent forwarding."? Gate "warning: remote host denied authentication agent forwarding?"? gate=no
expect: does "" (spawn_id exp6) match regular expression "(denied|Sorry)"? (No Gate, RE only) gate=yes re=no
"Login failed"? no
"% (Bad passwords|Authentication failed)"? (No Gate, RE only) gate=yes re=no
"Press any key to continue"? no
"Enter Selection: "? Gate "Enter Selection: "? gate=no
"Last login:"? Gate "Last login:"? gate=no
"Press the <tab> key [^\r\n]+[\r\n]+"? Gate "Press the <tab> key *"? gate=no
"@[^\r\n]+ ([Pp]assword|passwd|Enter password for [^ :]+):"? (No Gate, RE only) gate=yes re=no
"Enter passphrase.*: "? Gate "Enter passphrase*: "? gate=no
"([Uu]sername|Login|login|user name|User):"? (No Gate, RE only) gate=yes re=no
"([Pp]assword|passwd|Enter password for [^ :]+):"? (No Gate, RE only) gate=yes re=no
"(>|#| \(enable\))"? (No Gate, RE only) gate=yes re=no
"Login invalid"? no
"[^\r\n]*[\r\n]+"? (No Gate, RE only) gate=yes re=no
CCCCC
############################################################
# #
# ALERT! #
# You are entering into a secured area! #
# This service is restricted to authorized users only. #
# All activities on this system are logged. #
# Unauthorized access will be fully investigated. #
# #
############################################################
expect: does "CCCCC\r\r\n############################################################\r\r\n# #\r\r\n# ALERT! #\r\r\n# You are entering into a secured area! #\r\r\n# This service is restricted to authorized users only. #\r\r\n# All activities on this system are logged. #\r\r\n# Unauthorized access will be fully investigated. #\r\r\n# #\r\r\n############################################################\r\r\n" (spawn_id exp6) match regular expression "^<-+ More -+>[^\n\r]*"? (No Gate, RE only) gate=yes re=no
"(Connection refused|Secure connection [^\n\r]+ refused)"? (No Gate, RE only) gate=yes re=no
"(Connection closed by|Connection to [^\n\r]+ closed)"? (No Gate, RE only) gate=yes re=no
expect: does "CCCCC\r\r\n############################################################\r\r\n# #\r\r\n# ALERT! #\r\r\n# You are entering into a secured area! #\r\r\n# This service is restricted to authorized users only. #\r\r\n# All activities on this system are logged. #\r\r\n# Unauthorized access will be fully investigated. #\r\r\n# #\r\r\n############################################################\r\r\n" (spawn_id exp6) match glob pattern "unknown host\r"? no
expect: does "CCCCC\r\r\n############################################################\r\r\n# #\r\r\n# ALERT! #\r\r\n# You are entering into a secured area! #\r\r\n# This service is restricted to authorized users only. #\r\r\n# All activities on this system are logged. #\r\r\n# Unauthorized access will be fully investigated. #\r\r\n# #\r\r\n############################################################\r\r\n" (spawn_id exp6) match glob pattern "Host is unreachable"? no
"No address associated with name"? no
"(Host key not found |The authenticity of host .* be established)"? (No Gate, RE only) gate=yes re=no
"HOST IDENTIFICATION HAS CHANGED"? Gate "HOST IDENTIFICATION HAS CHANGED"? gate=no
"Offending key for "? Gate "Offending key for "? gate=no
expect: does "CCCCC\r\r\n############################################################\r\r\n# #\r\r\n# ALERT! #\r\r\n# You are entering into a secured area! #\r\r\n# This service is restricted to authorized users only. #\r\r\n# All activities on this system are logged. #\r\r\n# Unauthorized access will be fully investigated. #\r\r\n# #\r\r\n############################################################\r\r\n" (spawn_id exp6) match regular expression "^warning: remote host denied authentication agent forwarding."? Gate "warning: remote host denied authentication agent forwarding?"? gate=no
expect: does "CCCCC\r\r\n############################################################\r\r\n# #\r\r\n# ALERT! #\r\r\n# You are entering into a secured area! #\r\r\n# This service is restricted to authorized users only. #\r\r\n# All activities on this system are logged. #\r\r\n# Unauthorized access will be fully investigated. #\r\r\n# #\r\r\n############################################################\r\r\n" (spawn_id exp6) match regular expression "(denied|Sorry)"? (No Gate, RE only) gate=yes re=no
"Login failed"? no
"% (Bad passwords|Authentication failed)"? (No Gate, RE only) gate=yes re=no
"Press any key to continue"? no
"Enter Selection: "? Gate "Enter Selection: "? gate=no
"Last login:"? Gate "Last login:"? gate=no
"Press the <tab> key [^\r\n]+[\r\n]+"? Gate "Press the <tab> key *"? gate=no
"@[^\r\n]+ ([Pp]assword|passwd|Enter password for [^ :]+):"? (No Gate, RE only) gate=yes re=no
"Enter passphrase.*: "? Gate "Enter passphrase*: "? gate=no
"([Uu]sername|Login|login|user name|User):"? (No Gate, RE only) gate=yes re=no
"([Pp]assword|passwd|Enter password for [^ :]+):"? (No Gate, RE only) gate=yes re=no
"(>|#| \(enable\))"? (No Gate, RE only) gate=yes re=yes
expect: set expect_out(0,string) "#"
expect: set expect_out(1,string) "#"
expect: set expect_out(spawn_id) "exp6"
expect: set expect_out(buffer) "CCCCC\r\r\n#"
send: sending "\r" to { exp6 }
Gate keeper glob pattern for '[
]+' is ''. Not usable, disabling the performance booster.
Gate keeper glob pattern for '^(.+[:.])1 ((>|#| \(enable\)))' is ''. Not usable, disabling the performance booster.
Gate keeper glob pattern for '^.+(>|#| \(enable\))' is ''. Not usable, disabling the performance booster.
expect: does "###########################################################\r\r\n# #\r\r\n# ALERT! #\r\r\n# You are entering into a secured area! #\r\r\n# This service is restricted to authorized users only. #\r\r\n# All activities on this system are logged. #\r\r\n# Unauthorized access will be fully investigated. #\r\r\n# #\r\r\n############################################################\r\r\n" (spawn_id exp6) match regular expression "[\r\n]+"? (No Gate, RE only) gate=yes re=yes
expect: set expect_out(0,string) "\r\r\n"
expect: set expect_out(spawn_id) "exp6"
expect: set expect_out(buffer) "###########################################################\r\r\n"
expect: continuing expect
expect: does "# #\r\r\n# ALERT! #\r\r\n# You are entering into a secured area! #\r\r\n# This service is restricted to authorized users only. #\r\r\n# All activities on this system are logged. #\r\r\n# Unauthorized access will be fully investigated. #\r\r\n# #\r\r\n############################################################\r\r\n" (spawn_id exp6) match regular expression "[\r\n]+"? (No Gate, RE only) gate=yes re=yes
expect: set expect_out(0,string) "\r\r\n"
expect: set expect_out(spawn_id) "exp6"
expect: set expect_out(buffer) "# #\r\r\n"
expect: continuing expect
expect: does "# ALERT! #\r\r\n# You are entering into a secured area! #\r\r\n# This service is restricted to authorized users only. #\r\r\n# All activities on this system are logged. #\r\r\n# Unauthorized access will be fully investigated. #\r\r\n# #\r\r\n############################################################\r\r\n" (spawn_id exp6) match regular expression "[\r\n]+"? (No Gate, RE only) gate=yes re=yes
expect: set expect_out(0,string) "\r\r\n"
expect: set expect_out(spawn_id) "exp6"
expect: set expect_out(buffer) "# ALERT! #\r\r\n"
expect: continuing expect
expect: does "# You are entering into a secured area! #\r\r\n# This service is restricted to authorized users only. #\r\r\n# All activities on this system are logged. #\r\r\n# Unauthorized access will be fully investigated. #\r\r\n# #\r\r\n############################################################\r\r\n" (spawn_id exp6) match regular expression "[\r\n]+"? (No Gate, RE only) gate=yes re=yes
expect: set expect_out(0,string) "\r\r\n"
expect: set expect_out(spawn_id) "exp6"
expect: set expect_out(buffer) "# You are entering into a secured area! #\r\r\n"
expect: continuing expect
expect: does "# This service is restricted to authorized users only. #\r\r\n# All activities on this system are logged. #\r\r\n# Unauthorized access will be fully investigated. #\r\r\n# #\r\r\n############################################################\r\r\n" (spawn_id exp6) match regular expression "[\r\n]+"? (No Gate, RE only) gate=yes re=yes
expect: set expect_out(0,string) "\r\r\n"
expect: set expect_out(spawn_id) "exp6"
expect: set expect_out(buffer) "# This service is restricted to authorized users only. #\r\r\n"
expect: continuing expect
expect: does "# All activities on this system are logged. #\r\r\n# Unauthorized access will be fully investigated. #\r\r\n# #\r\r\n############################################################\r\r\n" (spawn_id exp6) match regular expression "[\r\n]+"? (No Gate, RE only) gate=yes re=yes
expect: set expect_out(0,string) "\r\r\n"
expect: set expect_out(spawn_id) "exp6"
expect: set expect_out(buffer) "# All activities on this system are logged. #\r\r\n"
expect: continuing expect
expect: does "# Unauthorized access will be fully investigated. #\r\r\n# #\r\r\n############################################################\r\r\n" (spawn_id exp6) match regular expression "[\r\n]+"? (No Gate, RE only) gate=yes re=yes
expect: set expect_out(0,string) "\r\r\n"
expect: set expect_out(spawn_id) "exp6"
expect: set expect_out(buffer) "# Unauthorized access will be fully investigated. #\r\r\n"
expect: continuing expect
expect: does "# #\r\r\n############################################################\r\r\n" (spawn_id exp6) match regular expression "[\r\n]+"? (No Gate, RE only) gate=yes re=yes
expect: set expect_out(0,string) "\r\r\n"
expect: set expect_out(spawn_id) "exp6"
expect: set expect_out(buffer) "# #\r\r\n"
expect: continuing expect
expect: does "############################################################\r\r\n" (spawn_id exp6) match regular expression "[\r\n]+"? (No Gate, RE only) gate=yes re=yes
expect: set expect_out(0,string) "\r\r\n"
expect: set expect_out(spawn_id) "exp6"
expect: set expect_out(buffer) "############################################################\r\r\n"
expect: continuing expect
expect: does "" (spawn_id exp6) match regular expression "[\r\n]+"? (No Gate, RE only) gate=yes re=no
"^(.+[:.])1 ((>|#| \(enable\)))"? (No Gate, RE only) gate=yes re=no
"^.+(>|#| \(enable\))"? (No Gate, RE only) gate=yes re=no
expect: does "\r\n" (spawn_id exp6) match regular expression "[\r\n]+"? (No Gate, RE only) gate=yes re=yes
expect: set expect_out(0,string) "\r\n"
expect: set expect_out(spawn_id) "exp6"
expect: set expect_out(buffer) "\r\n"
expect: continuing expect
expect: does "" (spawn_id exp6) match regular expression "[\r\n]+"? (No Gate, RE only) gate=yes re=no
"^(.+[:.])1 ((>|#| \(enable\)))"? (No Gate, RE only) gate=yes re=no
"^.+(>|#| \(enable\))"? (No Gate, RE only) gate=yes re=no
Password:
expect: does "Password: " (spawn_id exp6) match regular expression "[\r\n]+"? (No Gate, RE only) gate=yes re=no
"^(.+[:.])1 ((>|#| \(enable\)))"? (No Gate, RE only) gate=yes re=no
"^.+(>|#| \(enable\))"? (No Gate, RE only) gate=yes re=no
expect: timed out
Error: TIMEOUT reached
[rancid at isgnetmgmttest ~]$
Any thoughts on why this behavior changed and how to resolve it? I didn’t have a pre-login banner before, but cannot get rid of it, either. TIA.
--Chris
Chris GauthierSenior Network Engineer | comScore, Inc.
o +1 503-331-2704cgauthier at comscore.com
317 SW Alder Street, Suite 700 | Portland | OR97204
............................................................................................................................................................................................................................
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20171012/4d22d539/attachment.html>
More information about the Rancid-discuss
mailing list