[rancid] how cisco nx-os switch work with rancid with read-only account
Piegorsch, Weylin William
weylin at bu.edu
Fri Nov 30 20:26:06 UTC 2018
What if you delete these commands:
role name rancid
rule 1 permit read
rule 2 permit command show *
and re-define your username command as:
username ro password XXX role network-operator
if you're on the CLI, "show role" will show you the pre-defined roles. See here for documentation.
https://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus3000/sw/system_mgmt/503_u2_2/b_Cisco_Nexus_3000_system_mgmt_config_gd_503_U2_2/b_Cisco_Nexus_3000_system_mgmt_config_gd_503_U2_2_chapter_0101.html#con_1230629
Using default / pre-defined roles, you don’t need to craft a role specifically for rancid. Unless you're concerned about a rogue user logging in with stolen credentials and having access to "show" commands you don't want to allow.
Weylin
-----Original Message-----
From: yuan song <songyuan007 at gmail.com>
Date: Friday, November 30, 2018 at 3:40 AM
To: <rancid-discuss at shrubbery.net>
Subject: [rancid] how cisco nx-os switch work with rancid with read-only account
i have a read access account "RO" in nexus 3048, and i add it to
.cloginrc file like that:
add method 10.36.0.71 {ssh}
add cyphertype * aes128-ctr,aes128-cbc,3des-cbc
add user 10.36.0.71 ro
add password 10.36.0.71 XXX
add noenable 10.36.0.71 1
however, rancid log give me:
10.36.0.71: End of run not found
Error: TIMEOUT reached
But, if i give my account full read&write permission, It works just fine.
Hope someone could help me here, thx a lot
PS:nexus config
role name rancid
rule 1 permit read
rule 2 permit command show *
username ro password XXX role rancid
More information about the Rancid-discuss
mailing list