[rancid] arcos repeated diffs of ssh keying

heasley heas at shrubbery.net
Mon Aug 29 15:59:11 UTC 2022 

Sun, Aug 28, 2022 at 10:16:17AM -0700, Randy Bush:
> i am getting repeated diffs of the running config because the ssh
> config, which has not changed (nothing has) is fooling rancid that
> something has changed.
> 
> this began when i added an ssh key
> 
> 
> ```
> diff --git a/configs/r2.sea.rg.net b/configs/r2.sea.rg.net
> index 1d36774..e5e3afd 100644
> - -- a/configs/r2.sea.rg.net
> @@ -110,7 +110,7 @@ system ntp server 147.28.0.35
>   !
>   system aaa authentication authentication-method [ TACACS_ALL LOCAL ]
>   system aaa authentication admin-user admin-password $6$A/scXvcPazy1rzJN$/KHYfV8YgrMGEdrP5mxuzxf7Zsz2llqDVy3dcqmbYU4sRVWmpJZptk2VjkCLDVjp9OQqACBVVAIb.2NqIs.E90
> - system aaa authentication admin-user ssh-key "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID9DzOVboz/9daQwQRPkxD/D4PZ4ZVNgMLqd+zc79Gl+ randy at ryuu.psg.com\nssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC8yvE/UBwHdLVDk708/U81ZQdtDLF9Y7grMkVBfUoclF4BGFCcH1bIv6y0p1I/2PATSRnK/B5ndvWP/SrQ6y0DqnQugHKoFMR3idkzVagjjXOhcZkpitcp5hRCdjn/y/88QEiIKItEM66q48nW0OtCgcq7ENXQuYUVt0e6kh6UKRDfrPP3i2D7m8o3/W+xYt8QkYZ0iFanCfhxHAP7w3SOezmThu+p7V6yxVcy+G0WTvPHrs2JlgSaI+4SoJ2btPgqIrmKu1ILfyoAr9/RjSVHr74LijsdUKec7OXnKnV2v1VfMRglBXFgXVaWyX/adA2tMuh9nMk3Y3a3+xDqPIz6RnzQAupqUmPZ/1qbFIrVSNmhygWTC9jgemaNNC/B1nFG7em6m+fmxKjauuWoIdpybaofWiJElUDBBT4bHU+L8NF7zbNROt1GtaDnbL4W9/asqzPu+aJy7L6uJQHtkc/eoXsheajztFC9I5qxW/29ja+FcQsVoDJpe96XmBtJ7elOGXaq3YtDRURwrdu9fGUBDWqwP1IFECVkeVh/NrXbQRHtgp4v533D+0MubA+hDhVTsUk6G93WLyX3usUprU1cJjyhrVzZ9U23eCPOj8J18Ixw4sJFuNeUhSCaN6j+rmOyGor3PYYysKTp1VfLNAYdcc/AYC0jDy9mYjjfCDwKfQ== randy at ryuu.psg.com\nssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCkrrpUCqIibbYB7v4Kr/B07yTGXJgMjAsFf+YHIC9WpcLvpe5v4+O8t4Q/WSMVETlk

> + Pf6tcvoSNLbJoIF+XQ7oRhOYNPiR2gBziQ3paEMLsl57ewGOAvwT+O26wys1tmwcPr0FQHUnIzv+ecDY3oCw9fRw== sra at thrintun.hactrn.net\nssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF3W5wyTzS0LNFb8r5CQJ20kBXSNPEpAeBp6be/UX855 sra at angband.hactrn.net\nssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDHHI0FRwQphzM4uLJmeN9Zeb8cwKmRB3dTR6VDultXiHNGcb5eJrD9Z4rLn70hD0OXDatlhPCbnxsCHd6gxHpjqQVwzNuEzDJCbt1y8xQfweNSfLsbqqscVal6yMMuAlBtmIw/Hv21URMZGPSdBymO6vBKAs2eep9NnoWK3G1bboNL4S1EDArCevlOq+5V5mnVXcX9csagSBudi/5Zeqh6Zj1QwSIu1KOjUBphvt/jSKQA92n8g9Y5pZnzQ6DGuv3YsUQWwPWDnTHkMePeWzbp1q+XzfiOwzwIK+w8VOm0/aYgI/ss/5MOm7uZO0g1/lJoSFZwYCQ+/IQPgDF0ugddtw1bn+xGTxThWmALYYSjgj+2QRDTXrD6WREQHqLsR/W6bi74hRU6/Fd7HuelkZbw0+f+9rGgCRynOEb5Y4Ge+hP1hCIZw64nL8Gmg/oEjoFJKAyrJzeEac0uthdNg1dGqXB6zZUpgpcOwd0VIjE6G8Vz+/m8Mf8vMlstZSQJA4VRCLuIG/Io3jtYgxy6hmi5y2aQY/c1n6fdjLxd/PXuTrkABCwcan5apcE8Qym8RLQr3KzNf6RZKpmLp5XvHt1WkgOd4xHRgV2qUHUrp+Y1XziZHHwc0oStdTnna0K9Ulf5cr+9zxkh7nUi/mcyBFZMDNrm+eshwjcq6i2WL7d5Hw== sra at angband.hactrn.net\nssh-rsa AAAAB3NzaC1yc2EAAA
> ```
> 
> and an hour later
> 
> ```
> diff --git a/configs/r2.sea.rg.net b/configs/r2.sea.rg.net
> index e5e3afd..1d36774 100644
> - -- a/configs/r2.sea.rg.net
> @@ -110,7 +110,7 @@ system ntp server 147.28.0.35
>   !
>   system aaa authentication authentication-method [ TACACS_ALL LOCAL ]
>   system aaa authentication admin-user admin-password $6$A/scXvcPazy1rzJN$/KHYfV8YgrMGEdrP5mxuzxf7Zsz2llqDVy3dcqmbYU4sRVWmpJZptk2VjkCLDVjp9OQqACBVVAIb.2NqIs.E90
> - Pf6tcvoSNLbJoIF+XQ7oRhOYNPiR2gBziQ3paEMLsl57ewGOAvwT+O26wys1tmwcPr0FQHUnIzv+ecDY3oCw9fRw== sra at thrintun.hactrn.net\nssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF3W5wyTzS0LNFb8r5CQJ20kBXSNPEpAeBp6be/UX855 sra at angband.hactrn.net\nssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDHHI0FRwQphzM4uLJmeN9Zeb8cwKmRB3dTR6VDultXiHNGcb5eJrD9Z4rLn70hD0OXDatlhPCbnxsCHd6gxHpjqQVwzNuEzDJCbt1y8xQfweNSfLsbqqscVal6yMMuAlBtmIw/Hv21URMZGPSdBymO6vBKAs2eep9NnoWK3G1bboNL4S1EDArCevlOq+5V5mnVXcX9csagSBudi/5Zeqh6Zj1QwSIu1KOjUBphvt/jSKQA92n8g9Y5pZnzQ6DGuv3YsUQWwPWDnTHkMePeWzbp1q+XzfiOwzwIK+w8VOm0/aYgI/ss/5MOm7uZO0g1/lJoSFZwYCQ+/IQPgDF0ugddtw1bn+xGTxThWmALYYSjgj+2QRDTXrD6WREQHqLsR/W6bi74hRU6/Fd7HuelkZbw0+f+9rGgCRynOEb5Y4Ge+hP1hCIZw64nL8Gmg/oEjoFJKAyrJzeEac0uthdNg1dGqXB6zZUpgpcOwd0VIjE6G8Vz+/m8Mf8vMlstZSQJA4VRCLuIG/Io3jtYgxy6hmi5y2aQY/c1n6fdjLxd/PXuTrkABCwcan5apcE8Qym8RLQr3KzNf6RZKpmLp5XvHt1WkgOd4xHRgV2qUHUrp+Y1XziZHHwc0oStdTnna0K9Ulf5cr+9zxkh7nUi/mcyBFZMDNrm+eshwjcq6i2WL7d5Hw== sra at angband.hactrn.net\nssh-rsa AAAAB3NzaC1yc2EAAA

> + system aaa authentication admin-user ssh-key "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID9DzOVboz/9daQwQRPkxD/D4PZ4ZVNgMLqd+zc79Gl+ randy at ryuu.psg.com\nssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC8yvE/UBwHdLVDk708/U81ZQdtDLF9Y7grMkVBfUoclF4BGFCcH1bIv6y0p1I/2PATSRnK/B5ndvWP/SrQ6y0DqnQugHKoFMR3idkzVagjjXOhcZkpitcp5hRCdjn/y/88QEiIKItEM66q48nW0OtCgcq7ENXQuYUVt0e6kh6UKRDfrPP3i2D7m8o3/W+xYt8QkYZ0iFanCfhxHAP7w3SOezmThu+p7V6yxVcy+G0WTvPHrs2JlgSaI+4SoJ2btPgqIrmKu1ILfyoAr9/RjSVHr74LijsdUKec7OXnKnV2v1VfMRglBXFgXVaWyX/adA2tMuh9nMk3Y3a3+xDqPIz6RnzQAupqUmPZ/1qbFIrVSNmhygWTC9jgemaNNC/B1nFG7em6m+fmxKjauuWoIdpybaofWiJElUDBBT4bHU+L8NF7zbNROt1GtaDnbL4W9/asqzPu+aJy7L6uJQHtkc/eoXsheajztFC9I5qxW/29ja+FcQsVoDJpe96XmBtJ7elOGXaq3YtDRURwrdu9fGUBDWqwP1IFECVkeVh/NrXbQRHtgp4v533D+0MubA+hDhVTsUk6G93WLyX3usUprU1cJjyhrVzZ9U23eCPOj8J18Ixw4sJFuNeUhSCaN6j+rmOyGor3PYYysKTp1VfLNAYdcc/AYC0jDy9mYjjfCDwKfQ== randy at ryuu.psg.com\nssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCkrrpUCqIibbYB7v4Kr/B07yTGXJgMjAsFf+YHIC9WpcLvpe5v4+O8t4Q/WSMVETlk
> ```

Since I monitor this device as well, I too saw this.  It appears to have
not displayed the first line of output, then did, repeat once, then settled.
It does not appear that you reverted the config to stop the changes.  I
suspect that the router was actually doing this itself, since rancid does
not alter these lines.  Of course, there could some tclexpect bug with the
long line; it is a single line.

More information about the Rancid-discuss mailing list