[rancid] Fortinet private key problem

Ugo Bellavance ugob at lubik.ca
Fri Jul 26 13:31:41 UTC 2019

I found a fix:

In fnrancid (version 3724 2017-08-01 17:58:06Z), I had to change the regex
a bit because on my system (Fortiweb, not Fortigate), the double quote is
on another line.

I haven't been able to make it work with the new line (tried \n and \r\n)
and it didn't work so I just removed the double quote in the regex.

#               if (/^\s*-----END (RSA|ENCRYPTED) PRIVATE KEY-----"/) {
                if (/^\s*-----END (RSA|ENCRYPTED) PRIVATE KEY-----/) {

I'm not sure how future-proof this is but tips are welcome to make the
regex work with this input:

        unset passwd


On Thu, Jul 25, 2019 at 3:17 PM john heasley <heas at shrubbery.net> wrote:

> Thu, Jul 25, 2019 at 02:52:42PM -0400, Ugo Bellavance:
> > Hi,
> >
> > I'm trying to get rancid to work with my Fortinet device.  It seems to
> work
> > OK, except for the fact that it doesn't collect the whole config. It
> looks
> > like it's stuck in the removal of the private key.  It stops like this:
> >
> > #        set private-key "-----BEGIN ENCRYPTED PRIVATE KEY-----
> > # <removed>
> > Connection to server.xxx.xxx closed.
> >
> > I checked the code for filter cycling RSA private keys, but I don't know
> > where would be the problem.
> >
> > Any help or suggestion would be appreciated.
> what version of rancid?  show us example input.  test that you can run the
> command with the login script and receive the full output.

Ugo Bellavance (ugob at lubik.ca)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20190726/fbd5b7d9/attachment.html>

More information about the Rancid-discuss mailing list