[rancid] ASA IOS 9.8(2) support?

Wayne Eisenberg Wayne.Eisenberg at CarolinasIT.com
Tue Sep 12 04:06:35 UTC 2017 

Here’s the relevant section of .cloginrc:

add method asa {ssh}
add user asa {username}
add password asa {pw_here} {pw_here}
add cyphertype asa {aes256-cbc}
add autoenable asa {0}

Pretty much the same pattern everything else in the file has.

I might be able to try the no login-history command, I don’t think I will be allowed to do the others. (auto-enable)

Isn’t there a verbose mode for one of the rancid commands, like a –vvv or something like that? Is that in clogin?

Is this fixed in the current version of rancid?

............................................................................................................................................................................................................................





From: Rancid-discuss <rancid-discuss-bounces at shrubbery.net<mailto:rancid-discuss-bounces at shrubbery.net>> on behalf of Wayne Eisenberg <Wayne.Eisenberg at CarolinasIT.com<mailto:Wayne.Eisenberg at CarolinasIT.com>>
Date: Sunday, September 10, 2017 at 10:48 PM
To: "'rancid-discuss at shrubbery.net'" <rancid-discuss at shrubbery.net<mailto:rancid-discuss at shrubbery.net>>
Subject: [rancid] ASA IOS 9.8(2) support?

Hi,

I have an ASA firewall running version 9.8(2), and the clogin script is missing something in the sequence such that I don’t get to the enable mode properly.

[rancid3]$ bin/clogin asa
spawn ssh -c aes256-cbc -x -l <username> asa
<username>@asa's password:
User logged in to ASA
Logins over the last 4 days: 28.  Last login: 22:33:20 UTC Sep 10 2017 from x.y.z.a
Failed logins since the last login: 0.  Last failed login: 06:03:53 UTC Sep 8 2017 from x.y.z.a
Type help or '?' for a list of available commands.
ASA> <username>
            ^
ERROR: % Invalid input detected at '^' marker.

Error: Unrecognized command, check your enable command
ASA> <username>
            ^
ERROR: % Invalid input detected at '^' marker.
ASA> enable
Password:
Password:

And that is where it stops (never tries to type in the enable password). If I manually input the enable password that I have in .clogin, it lets me into enable mode. Other ASA’s with older versions work fine, the .clogin file is properly written for this device. Could upgrading to the current version of rancid solve this (currently on v3.1)?

This sounds like it could be related to the .clogrinrc file.  What does it look like (obviously obfuscating credentials)?

Thanks,
Wayne

--Chris

________________________________

The information in this Internet e-mail (and any attachments) is confidential, may be legally privileged and is intended solely for the Addressee(s) named above. If you are not the intended recipient, or the employee or agent responsible for delivering it to the intended recipient, then any dissemination or copying of this e-mail (and any attachments) is prohibited and may be unlawful. If you received this e-mail in error, please immediately notify us by e-mail or telephone, then delete the message. Thank you.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20170912/6ea6edb3/attachment.html>

More information about the Rancid-discuss mailing list