From guy20034u at yahoo.com  Thu Feb  3 04:00:52 2022
From: guy20034u at yahoo.com (simon ben)
Date: Thu, 3 Feb 2022 04:00:52 +0000 (UTC)
Subject: [rancid] Password not accepted after restore from Rancid backup
In-Reply-To: <YfgkMPLMs/W/GoMg@shrubbery.net>
References: <1718214208.2214076.1643616625151.ref@mail.yahoo.com>
 <1718214208.2214076.1643616625151@mail.yahoo.com>
 <YfgkMPLMs/W/GoMg@shrubbery.net>
Message-ID: <1580084653.2925218.1643860852900@mail.yahoo.com>

 
Dear heasley,
Really appreciate your replyi set the rancid conf file variables to NO and tested on cisco.it worked greatOnce again thank you so much for the wise reply and GOD Bless

Regards
Simon

    On Monday, January 31, 2022, 09:02:25 PM GMT+3, heasley <heas at shrubbery.net> wrote:  
 
 Mon, Jan 31, 2022 at 08:10:25AM +0000, simon ben:
> so i realized that after i had restored the backup i had to create user and assigned a password for him
> So just wanted to know if this the right practice i need to go about or do i need to follow another way

There are 2 ways to handle passwords, and two caveats.

1) replace "<removed>" configuration with proper values before loading or
manually configure them after loading,
2) set rancid.conf variables FILTER_PWDS and NOCOMMSTR to "NO".

Caveat 1) some devices re-produce the password crypt shown in the config
each time, which may always be filtered by rancid or affected by rancid.conf
variable FILTER_OSC, because it becomes annoying to have diffs each time
rancid runs as a result.

Caveat 2) some devices have trouble loading exported configs, such as one
of the HP models.? Cisco, juniper, nokia are known to work, but I can not
test every one.? Please test your DR processes.
  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20220203/76f23c5e/attachment.htm>

From hafeezabdulhakeem at gmail.com  Tue Feb  8 17:23:55 2022
From: hafeezabdulhakeem at gmail.com (Hafeez Hakeem)
Date: Tue, 8 Feb 2022 17:23:55 +0000
Subject: [rancid] hlogin issue with HP J9850A
Message-ID: <CADoZGusEJjLoSk259AAwKuAcqRGFUeAteboddXDV2LdYqXynkA@mail.gmail.com>

Hello There,

I am battling with this issue. any help appreciated.
using rancid version 2.3.2

spawn ssh -x -l Hostname  10.10.10.10


We'd like to keep you up to date about:
* Software feature updates
* New product announcements
* Special events
Please register your products now at: www.hpe.com/networking/register<
http://www.hpe.com/networking/register>



Hostname at 10.10.10.10's<mailto:Hostname at 10.10.10.10's> password:
HP J9850A Switch 5406Rzl2

Software revision KB.16.01.0006


ERROR:
(C) Copyright 2016 Hewlett Packard Enterprise Development LP

RESTRICTED RIGHTS LEGEND
Confidential computer software. Valid license from Hewlett Packard
Enterprise Development LP required for possession, use or copying.
Consistent with FAR 12.211 and 12.212, Commercial Computer Software,
Computer Software Documentation, and Technical Data for Commercial Items are
licensed to the U.S. Government under vendor's standard commercial license.

[1;13r[1;1H[24;1HPress any key to
continue[13;1H[?25h[24;27H[?6l[1;24r[?7l[2J[1;1H[1920;1920H[6n[1;1HYour
previous successful login (as manager) was on 2009-08-12 05:28:05
from 10.43.19.237
[1;24r[24;1H[24;1H[2K[24;1H[?25h[24;1H[24;1HHP-5406-GDL-01#
[24;1H[24;17H[24;1H[?25h[24;17H
Error: TIMEOUT reached
Failure testing connection
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20220208/a715e0a3/attachment.htm>

From jlewis at lewis.org  Thu Feb 10 13:42:04 2022
From: jlewis at lewis.org (Jon Lewis)
Date: Thu, 10 Feb 2022 08:42:04 -0500 (EST)
Subject: [rancid] rancid access via console server
Message-ID: <fe5aacbb-1f6d-09b-b21e-b556e8acd732@lewis.org>

I have a use case where it'd be nice if we could use clogin to access 
switches via their console ports via an out of band access console server 
(that allows authenticated access to its serial ports via ssh mapping TCP 
ports to serial ports).  I thought I recalled this having come up on the 
list in the past, but AFAICT, it doesn't seem to have made it into rancid 
as a feature [yet?].  Is that correct, or am I missing something in the 
docs?

----------------------------------------------------------------------
  Jon Lewis, MCP :)           |  I route
  StackPath, Sr. Neteng       |  therefore you are
_________ http://www.lewis.org/~jlewis/pgp for PGP public key_________


From c.o.hopkins at gmail.com  Thu Feb 10 14:31:50 2022
From: c.o.hopkins at gmail.com (Craig Hopkins)
Date: Thu, 10 Feb 2022 14:31:50 +0000
Subject: [rancid] rancid access via console server
In-Reply-To: <fe5aacbb-1f6d-09b-b21e-b556e8acd732@lewis.org>
References: <fe5aacbb-1f6d-09b-b21e-b556e8acd732@lewis.org>
Message-ID: <CAAHxzyv++y9PLsbhD=h4wA0iOOB+5w+1sW2MhNaxmAeoG8hJGw@mail.gmail.com>

I'm intrigued how this would work. A console port doesn't have to be logged
off so the expect script would fail. Also, if someone else were using the
console port at the same time then you'd just end up typing over each
other.

On Thu, 10 Feb 2022, 13:42 Jon Lewis, <jlewis at lewis.org> wrote:

> I have a use case where it'd be nice if we could use clogin to access
> switches via their console ports via an out of band access console server
> (that allows authenticated access to its serial ports via ssh mapping TCP
> ports to serial ports).  I thought I recalled this having come up on the
> list in the past, but AFAICT, it doesn't seem to have made it into rancid
> as a feature [yet?].  Is that correct, or am I missing something in the
> docs?
>
> ----------------------------------------------------------------------
>   Jon Lewis, MCP :)           |  I route
>   StackPath, Sr. Neteng       |  therefore you are
> _________ http://www.lewis.org/~jlewis/pgp for PGP public key_________
>
> _______________________________________________
> Rancid-discuss mailing list
> Rancid-discuss at www.shrubbery.net
> https://www.shrubbery.net/mailman/listinfo/rancid-discuss
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20220210/d2256c92/attachment.htm>

From jlewis at lewis.org  Thu Feb 10 16:41:19 2022
From: jlewis at lewis.org (Jon Lewis)
Date: Thu, 10 Feb 2022 11:41:19 -0500 (EST)
Subject: [rancid] rancid access via console server
In-Reply-To: <CAAHxzyv++y9PLsbhD=h4wA0iOOB+5w+1sW2MhNaxmAeoG8hJGw@mail.gmail.com>
References: <fe5aacbb-1f6d-09b-b21e-b556e8acd732@lewis.org>
 <CAAHxzyv++y9PLsbhD=h4wA0iOOB+5w+1sW2MhNaxmAeoG8hJGw@mail.gmail.com>
Message-ID: <97d497d0-5023-152b-c313-866fcfa5dccf@lewis.org>

Yeah...there are a few monkey wrenches to watch out for.  I ended up just 
writing an expect script (well...editing an autoexpect created script) to 
do what I needed.  The fact that the device may already be "logged into" 
on the console port was something that occurred to me while working on the 
script, and wasn't too difficult to cope with based on the "prompt" being 
different if you're presented with a login prompt vs a CLI prompt.  Our 
console servers will allow "multi-use", but that's not a huge issue for 
the immediate purpose (which is just validating the console cabling for a 
newly deployed console and set of network gear).

On Thu, 10 Feb 2022, Craig Hopkins wrote:

> I'm intrigued how this would work. A console port doesn't have to be logged off so the expect script would fail. Also, if someone else were using the console port at the same
> time then you'd just end up typing over each other.?
> 
> On Thu, 10 Feb 2022, 13:42 Jon Lewis, <jlewis at lewis.org> wrote:
>       I have a use case where it'd be nice if we could use clogin to access
>       switches via their console ports via an out of band access console server
>       (that allows authenticated access to its serial ports via ssh mapping TCP
>       ports to serial ports).? I thought I recalled this having come up on the
>       list in the past, but AFAICT, it doesn't seem to have made it into rancid
>       as a feature [yet?].? Is that correct, or am I missing something in the
>       docs?

----------------------------------------------------------------------
  Jon Lewis, MCP :)           |  I route
  StackPath, Sr. Neteng       |  therefore you are
_________ http://www.lewis.org/~jlewis/pgp for PGP public key_________

From jlewis at lewis.org  Tue Feb 15 18:35:07 2022
From: jlewis at lewis.org (Jon Lewis)
Date: Tue, 15 Feb 2022 13:35:07 -0500 (EST)
Subject: [rancid] Assistance creating a perl module to use with ZPE
 Systems NodegridOS Devices
In-Reply-To: <B34FDDF4-1DAB-441C-93B6-9831FB8B38C6@heanet.ie>
References: <7F239A31-6214-412E-9750-FADF9647A5A5@heanet.ie>
 <YWmu6icWWCTz1UX+@shrubbery.net>
 <9ED90C4A-A1DA-4C26-9727-C5BA44842092@heanet.ie>
 <YWnTbhRfuwzhIJZk@shrubbery.net>
 <B34FDDF4-1DAB-441C-93B6-9831FB8B38C6@heanet.ie>
Message-ID: <8ceaa653-291-1564-a89c-38964fbd87e9@lewis.org>

I'm looking to start backing up some ZPE console servers, so, of course, I 
checked to see if rancid could do it, which led me to to this thread.

The CentOS 7 system I'm testing this on has an older version of rancid 
(rancid-3.12-1.el7.x86_64) which caused a bit of confusion, as I don't 
have the eos module...but I was still able to reproduce what you did, down 
to having rancid run zpelogin, run the two commands, receive all the 
expected output, exit, save the entire raw session to a file, and then 
complain.

executing zpelogin -t 90 -c"show system/about;export_settings" 
devicename
PROMPT MATCH: \[user at hostname /\]#
HIT COMMAND:[user at hostname /]#  show system/about
     In ShowVersion: [user at hostname /]#  show system/about
devicename: End of run not found
devicename: found_end is false
!sed pba version: none

Did you (or anyone else) ever get further than this with ZPE backups?

On Fri, 15 Oct 2021, Mick O'Donovan wrote:

>
> ?On 15/10/2021, 20:16, "heasley" <heas at shrubbery.net> wrote:
>
>    CAUTION[External]: This email originated from outside of the organisation. Do not click on links or open the attachments unless you recognise the sender and know the content is safe.
>
>
>    Fri, Oct 15, 2021 at 07:10:45PM +0000, Mick O'Donovan:
>    >     IMO, it is part of the conversation and is further confirmation that was
>    >     normal.  Various devices have had cli bugs over time.  Does not hurt to
>    >     remove it for debugging.
>    >
>    > By this do you mean to leave the original file alone or my version is fine? Sorry excuse my ignorance here.
>
>    Leave the modification for testing, but to be pedantic, try to restore the
>    check once everything else is working.
>
>    > Something must be up alright, here's the contents of the raw file that was created...
>    >
>    > ===
>    > Error: Usage: /usr/bin/zpelogin [-dhSV] [-m|M] [-autoenable] [-noenable]  [-c command] [-Evar=x] [-e enable-password] [-f cloginrc-file]  [-p user-password] [-r passphrase] [-s script-file] [-t timeout]  [-u username] [-v vty-password] [-w enable-username] [-x command-file]  [-y ssh_cypher_type] router [router...]
>    > ===
>    >
>    > Any ideas?
>
>    my mistake; the hostname is missing, whatever it is:
>
>    eval `rancid -C -t zpe <hostname>` >& raw
>
> The raw file is flawless!
>
> This is most frustrating ?
>
> The raw file shows:
>
> 1. the login
> 2. command 1 being run
> 3. the command 1 output (in full and as expected)
> 4. command 2 being run (I've reduced it to just two commands - "show system/about" and "export_settings")
> 5. the command 2 output (in full and as expected)
> 6. the exit being issued and successfully exiting
>
> Mick
>
>
> _______________________________________________
> Rancid-discuss mailing list
> Rancid-discuss at www.shrubbery.net
> https://www.shrubbery.net/mailman/listinfo/rancid-discuss
>

----------------------------------------------------------------------
  Jon Lewis, MCP :)           |  I route
  StackPath, Sr. Neteng       |  therefore you are
_________ http://www.lewis.org/~jlewis/pgp for PGP public key_________

From cra at fea.st  Tue Feb 15 22:02:27 2022
From: cra at fea.st (Chuck Anderson)
Date: Tue, 15 Feb 2022 17:02:27 -0500
Subject: [rancid] Assistance creating a perl module to use with ZPE
 Systems NodegridOS Devices
In-Reply-To: <8ceaa653-291-1564-a89c-38964fbd87e9@lewis.org>
References: <7F239A31-6214-412E-9750-FADF9647A5A5@heanet.ie>
 <YWmu6icWWCTz1UX+@shrubbery.net>
 <9ED90C4A-A1DA-4C26-9727-C5BA44842092@heanet.ie>
 <YWnTbhRfuwzhIJZk@shrubbery.net>
 <B34FDDF4-1DAB-441C-93B6-9831FB8B38C6@heanet.ie>
 <8ceaa653-291-1564-a89c-38964fbd87e9@lewis.org>
Message-ID: <20220215220227.q43k7tssiijj4us3@gauge.lan>

On Tue, Feb 15, 2022 at 01:35:07PM -0500, Jon Lewis wrote:
> The CentOS 7 system I'm testing this on has an older version of rancid 
> (rancid-3.12-1.el7.x86_64) which caused a bit of confusion, as I don't 

rancid-3.13-3.el7 is in testing now if you want to update and provide testing feedback:

https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2022-076fdd31f3


From heas at shrubbery.net  Thu Feb 17 04:45:23 2022
From: heas at shrubbery.net (heasley)
Date: Thu, 17 Feb 2022 04:45:23 +0000
Subject: [rancid] Assistance creating a perl module to use with ZPE
 Systems NodegridOS Devices
In-Reply-To: <8ceaa653-291-1564-a89c-38964fbd87e9@lewis.org>
References: <7F239A31-6214-412E-9750-FADF9647A5A5@heanet.ie>
 <YWmu6icWWCTz1UX+@shrubbery.net>
 <9ED90C4A-A1DA-4C26-9727-C5BA44842092@heanet.ie>
 <YWnTbhRfuwzhIJZk@shrubbery.net>
 <B34FDDF4-1DAB-441C-93B6-9831FB8B38C6@heanet.ie>
 <8ceaa653-291-1564-a89c-38964fbd87e9@lewis.org>
Message-ID: <Yg3S46a/5H37e/u5@shrubbery.net>

Tue, Feb 15, 2022 at 01:35:07PM -0500, Jon Lewis:
> I'm looking to start backing up some ZPE console servers, so, of course, I 
> checked to see if rancid could do it, which led me to to this thread.
> 
> The CentOS 7 system I'm testing this on has an older version of rancid 
> (rancid-3.12-1.el7.x86_64) which caused a bit of confusion, as I don't 
> have the eos module...but I was still able to reproduce what you did, down 
> to having rancid run zpelogin, run the two commands, receive all the 
> expected output, exit, save the entire raw session to a file, and then 
> complain.
> 
> executing zpelogin -t 90 -c"show system/about;export_settings" 
> devicename
> PROMPT MATCH: \[user at hostname /\]#
> HIT COMMAND:[user at hostname /]#  show system/about
>      In ShowVersion: [user at hostname /]#  show system/about
> devicename: End of run not found
> devicename: found_end is false
> !sed pba version: none
> 
> Did you (or anyone else) ever get further than this with ZPE backups?

If one of you shares the raw file and the code, i can try to help resolve
that failure.

> On Fri, 15 Oct 2021, Mick O'Donovan wrote:
> 
> >
> > ?On 15/10/2021, 20:16, "heasley" <heas at shrubbery.net> wrote:
> >
> >    Fri, Oct 15, 2021 at 07:10:45PM +0000, Mick O'Donovan:
> >    >     IMO, it is part of the conversation and is further confirmation that was
> >    >     normal.  Various devices have had cli bugs over time.  Does not hurt to
> >    >     remove it for debugging.
> >    >
> >    > By this do you mean to leave the original file alone or my version is fine? Sorry excuse my ignorance here.
> >
> >    Leave the modification for testing, but to be pedantic, try to restore the
> >    check once everything else is working.
> >
> >    > Something must be up alright, here's the contents of the raw file that was created...
> >    >
> >    > ===
> >    > Error: Usage: /usr/bin/zpelogin [-dhSV] [-m|M] [-autoenable] [-noenable]  [-c command] [-Evar=x] [-e enable-password] [-f cloginrc-file]  [-p user-password] [-r passphrase] [-s script-file] [-t timeout]  [-u username] [-v vty-password] [-w enable-username] [-x command-file]  [-y ssh_cypher_type] router [router...]
> >    > ===
> >    >
> >    > Any ideas?
> >
> >    my mistake; the hostname is missing, whatever it is:
> >
> >    eval `rancid -C -t zpe <hostname>` >& raw
> >
> > The raw file is flawless!
> >
> > This is most frustrating ?
> >
> > The raw file shows:
> >
> > 1. the login
> > 2. command 1 being run
> > 3. the command 1 output (in full and as expected)
> > 4. command 2 being run (I've reduced it to just two commands - "show system/about" and "export_settings")
> > 5. the command 2 output (in full and as expected)
> > 6. the exit being issued and successfully exiting
> >
> > Mick


From mick.odonovan at heanet.ie  Fri Feb 25 11:46:54 2022
From: mick.odonovan at heanet.ie (Mick O'Donovan)
Date: Fri, 25 Feb 2022 11:46:54 +0000
Subject: [rancid] Assistance creating a perl module to use with ZPE
 Systems NodegridOS Devices
In-Reply-To: <Yg3S46a/5H37e/u5@shrubbery.net>
References: <7F239A31-6214-412E-9750-FADF9647A5A5@heanet.ie>
 <YWmu6icWWCTz1UX+@shrubbery.net>
 <9ED90C4A-A1DA-4C26-9727-C5BA44842092@heanet.ie>
 <YWnTbhRfuwzhIJZk@shrubbery.net>
 <B34FDDF4-1DAB-441C-93B6-9831FB8B38C6@heanet.ie>
 <8ceaa653-291-1564-a89c-38964fbd87e9@lewis.org>
 <Yg3S46a/5H37e/u5@shrubbery.net>
Message-ID: <DB7PR06MB449170C9CD2759708F8D38CAF53E9@DB7PR06MB4491.eurprd06.prod.outlook.com>

An HTML attachment was scrubbed...
URL: <http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20220225/ca46418c/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 9735 bytes
Desc: not available
URL: <http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20220225/ca46418c/attachment.bin>

From troy at i2bnetworks.com  Mon Feb 28 19:40:06 2022
From: troy at i2bnetworks.com (Troy Beisigl)
Date: Mon, 28 Feb 2022 11:40:06 -0800
Subject: [rancid] Rancid and Cisco ASA
Message-ID: <6344792F-39BB-4B1A-A6A0-EC262417CF16@i2bnetworks.com>

Hello everyone,

I have been seeing this happen every time rancid runs on one ASA only. It is a Cisco FPR running ASA image 9.14(2)15. Has anyone ran into this and is there a patch?

 !Flash: disk0: 805306526  drwx  4096         00:57:32 Nov 13 2021  .private
- !Flash: disk0: 228    drwx  4096         15:25:01 Feb 27 2022  log
+ !Flash: disk0: 228    drwx  4096         16:02:37 Feb 28 2022  log
 !Flash: disk0: 537568801  -rw-  35741420     04:59:48 Apr 16 2021  asdm.bin

Best,

-Troy

From heas at shrubbery.net  Mon Feb 28 19:59:59 2022
From: heas at shrubbery.net (heasley)
Date: Mon, 28 Feb 2022 19:59:59 +0000
Subject: [rancid] Rancid and Cisco ASA
In-Reply-To: <6344792F-39BB-4B1A-A6A0-EC262417CF16@i2bnetworks.com>
References: <6344792F-39BB-4B1A-A6A0-EC262417CF16@i2bnetworks.com>
Message-ID: <Yh0pvwcC77HP0dHb@shrubbery.net>

Mon, Feb 28, 2022 at 11:40:06AM -0800, Troy Beisigl:
> Hello everyone,
> 
> I have been seeing this happen every time rancid runs on one ASA only. It is a Cisco FPR running ASA image 9.14(2)15. Has anyone ran into this and is there a patch?
> 
>  !Flash: disk0: 805306526  drwx  4096         00:57:32 Nov 13 2021  .private
> - !Flash: disk0: 228    drwx  4096         15:25:01 Feb 27 2022  log
> + !Flash: disk0: 228    drwx  4096         16:02:37 Feb 28 2022  log
>  !Flash: disk0: 537568801  -rw-  35741420     04:59:48 Apr 16 2021  asdm.bin
> 

hi.  please try this patch
https://github.com/haussli/rancid/commit/3e7126770dcdcc417a23b3dd0024977183abc1c1