[rancid] Support for newer cisco ASA - iOS Version 9.8(2)

heasley heas at shrubbery.net
Fri Jun 8 15:27:54 UTC 2018


Thu, Jun 07, 2018 at 11:25:14AM +0000, Andy D'Arcy Jewell:
> Hi all,
> 
> 
> First time poster here. Apologies if I breach any protocols unintentionally.
> 
> 
> We have a number of ASAs running "Cisco Adaptive Security Appliance Software Version 9.8(2)" which were failing to back up with rancid version 3.5. I upgraded to 3.7, but had the same problem.
> 
> 
> I have worked out, and tested, a solution, and obviously would like to pass it upstream, so that others may benefit.
> 
> 
> It seems that v9.8(2) changes the login banner to include information about recent failed login attempts, and this confounds the expect script, because the login regex matches the new banner line, causing expect to attempt to send the login credentials again, when the device is expecting a valid command (such as "enable").
> 
> 

Index: bin/clogin.in
===================================================================
--- bin/clogin.in	(revision 3772)
+++ bin/clogin.in	(revision 3773)
@@ -248,6 +248,12 @@
 				  send_user "\nError: Check your passwd for $router\n"
 				  catch {close}; catch {wait}; return 1
 				}
+	-nocase -re "last login:"	{
+				  exp_continue
+				}
+	-nocase -re "failed login:"	{
+				  exp_continue
+				}
 	"Login failed"		{
 				  send_user "\nError: Check your passwd for $router\n"
 				  catch {close}; catch {wait}; return 1
@@ -267,9 +273,6 @@
 				  send "K\r"
 				  exp_continue
 				}
-	-re "Last login:"	{
-				  exp_continue
-				}
 	-re "Press the <tab> key \[^\r\n]+\[\r\n]+"	{
 				  exp_continue
 				}

full source:
http://rancid.shrubbery.net/rancid/svn/rancid/trunk/rancid/bin/clogin.in
alpha dist:
ftp://ftp.shrubbery.net/pub/rancid/alpha/rancid-3.99.99.tar.gz



More information about the Rancid-discuss mailing list