From heas at shrubbery.net Sat Jan 1 17:20:38 2022 From: heas at shrubbery.net (heasley) Date: Sat, 1 Jan 2022 17:20:38 +0000 Subject: [rancid] Rancid and Mikrotik OS 7.1 stable In-Reply-To: <3e983819b7854e9e87dc7e08a1907fd1@timoid.org> References: <0DDFA941-9B1B-4921-863D-44BF217B2701@i2bnetworks.com> <3e983819b7854e9e87dc7e08a1907fd1@timoid.org> Message-ID: Fri, Dec 31, 2021 at 11:31:50PM +0000, Tim Warnock: > Is this no longer working on 7.1+? https://github.com/haussli/rancid/issues/31 https://github.com/haussli/rancid/issues/32 This is the commit that I expect will fix the collection: https://github.com/haussli/rancid/commit/fef0b6ec166ae2892e8fc6e6a3d0f2de82379c29 Please let me know if it does not. Still would be great to have confirmation that this also works: https://github.com/haussli/rancid/issues/25 https://github.com/haussli/rancid/tree/routeros67 From troy at i2bnetworks.com Mon Jan 3 17:39:15 2022 From: troy at i2bnetworks.com (Troy Beisigl) Date: Mon, 3 Jan 2022 09:39:15 -0800 Subject: [rancid] Rancid and Mikrotik OS 7.1 stable In-Reply-To: References: <0DDFA941-9B1B-4921-863D-44BF217B2701@i2bnetworks.com> <3e983819b7854e9e87dc7e08a1907fd1@timoid.org> Message-ID: Looks like that corrected the issue. Thanks everyone for the quick reply. Best, -Troy > On Jan 1, 2022, at 9:20 AM, heasley wrote: > > Fri, Dec 31, 2021 at 11:31:50PM +0000, Tim Warnock: >> Is this no longer working on 7.1+? https://github.com/haussli/rancid/issues/31 > > https://github.com/haussli/rancid/issues/32 > > This is the commit that I expect will fix the collection: > > https://github.com/haussli/rancid/commit/fef0b6ec166ae2892e8fc6e6a3d0f2de82379c29 > > Please let me know if it does not. > > Still would be great to have confirmation that this also works: > https://github.com/haussli/rancid/issues/25 > https://github.com/haussli/rancid/tree/routeros67 From jerome.m at gmail.com Mon Jan 3 17:47:21 2022 From: jerome.m at gmail.com (brutuz bigdaddy) Date: Mon, 3 Jan 2022 12:47:21 -0500 Subject: [rancid] Timeout Message-ID: I have this information.. add user myNexus5k prodlogin add password myNexus5k prodpass add noenable myNexus5k 1 add method myNexus5k ssh running debug: expect: does "" (spawn_id exp7) match regular expression "[\r\n]+"? (No Gate, RE only) gate=yes re=no "^(.+[:.])1 ((>|#| $enable$))"? (No Gate, RE only) gate=yes re=no "^.+(>|#| $enable$)"? (No Gate, RE only) gate=yes re=no Password: expect: does "Password: " (spawn_id exp7) match regular expression "[\r\n]+"? (No Gate, RE only) gate=yes re=no "^(.+[:.])1 ((>|#| $enable$))"? (No Gate, RE only) gate=yes re=no "^.+(>|#| $enable$)"? (No Gate, RE only) gate=yes re=no expect: timed out Error: TIMEOUT reached The nexus5k switch has banner/motd. It looks like pass is not being sent. -------------- next part -------------- An HTML attachment was scrubbed... URL: From timoid at timoid.org Mon Jan 3 20:37:09 2022 From: timoid at timoid.org (Tim Warnock) Date: Mon, 3 Jan 2022 20:37:09 +0000 Subject: [rancid] Timeout In-Reply-To: References: Message-ID: <63f0e2f0ec9f48a7b41c76a644ee4ee4@timoid.org> Does your banner contain any of > or # ? -----Original Message----- From: Rancid-discuss On Behalf Of brutuz bigdaddy Sent: Tuesday, 4 January 2022 3:47 AM To: rancid-discuss at www.shrubbery.net Subject: [rancid] Timeout I have this information.. add user myNexus5k prodlogin add password myNexus5k prodpass add noenable myNexus5k 1 add method myNexus5k ssh running debug: expect: does "" (spawn_id exp7) match regular expression "[\r\n]+"? (No Gate, RE only) gate=yes re=no "^(.+[:.])1 ((>|#| $enable$))"? (No Gate, RE only) gate=yes re=no "^.+(>|#| $enable$)"? (No Gate, RE only) gate=yes re=no Password: expect: does "Password: " (spawn_id exp7) match regular expression "[\r\n]+"? (No Gate, RE only) gate=yes re=no "^(.+[:.])1 ((>|#| $enable$))"? (No Gate, RE only) gate=yes re=no "^.+(>|#| $enable$)"? (No Gate, RE only) gate=yes re=no expect: timed out Error: TIMEOUT reached The nexus5k switch has banner/motd. It looks like pass is not being sent. From kfrauendienst at mconsult.us Wed Jan 5 15:05:51 2022 From: kfrauendienst at mconsult.us (Karl) Date: Wed, 5 Jan 2022 09:05:51 -0600 Subject: [rancid] Ignore Extreme hivemanager account Message-ID: <5c57a154-c591-2d83-b29f-e67a2b6fbcf7@mconsult.us> Good morning, One of the sites where I run RANCID has Extreme switches and also has the ExtremeCloud IQ web-based management.? The management platform adds a user account called hivemanager, and it cycles (or at least re-encrypts) the password every so often.? A few of them every just about every day get a config revision from this with no other changes.? Is there something I can do to just leave the hivemanager line out of the config entirely?? Here's what it looks like. create account admin hivemanager encrypted "$x$xxxxxx$xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" I'm running RANCID version 3.13. Thanks, Karl From dtonline at gmail.com Thu Jan 6 22:23:44 2022 From: dtonline at gmail.com (Daniel Thomas) Date: Thu, 6 Jan 2022 22:23:44 +0000 Subject: [rancid] Trying to backup InfiNet Devices Message-ID: Hi I have been working on getting RANCID to collect configuration information from some equipment that is made by InfiNet. So far I have been unable to locate any similar work performed previously and so made a start on getting RANCID to connect to the devices. Through trial and error I found that the ?jlogin? login script was able to connect to the device but would not allow interaction once connected. I decided to use that script as a base for my work and so made a copy of it and named that copy ?infilogin? I found that the reason that issues were being hit was that the match of the prompt string was being thrown off as the InfiNet device changes it?s prompt, and that there were trailing charaters what were causing issues. With regards the changing prompt I saw it take the two following forms: basehostname> basehostname$1> And the trailing characters I saw were: \r\u001b[16C\u001b[K\r\u001b[16C To work around this I created an ??altprompt? which took a substring of ?$prompt? and then did some greedy matching which then gave the following in the ?we are now logged in, figure out the full prompt? [.. # we are logged in, now figure out the full prompt send "\r" expect { -re "(\r\n|\n)" { exp_continue; } -re "^\[^ ]+$prompt" { set prompt $expect_out(0,string); *regsub ">" $prompt ">" prompt; * <<<< } } # send $prompt set in_proc 0 return 0 } # Run commands given on the command line. proc run_commands { prompt command } { global do_interact in_proc set in_proc 1 * set altprompt [string range $prompt 0 11] * <<<< # handle escaped ;s in commands, and ;; and ^; regsub -all {([^\\]);} $command \\1\u0002; esccommand regsub -all {([^\\]);;} $esccommand \\1;\u0002; command regsub {^;} $command "\u0002;" esccommand regsub -all {[\\];} $esccommand ";" command regsub -all {\u0002;} $command "\u0002" esccommand set sep "\u0002" set commands [split $esccommand $sep] set num_commands [llength $commands] for {set i 0} {$i < $num_commands} { incr i} { send -- "[subst -nocommands [lindex $commands $i]]\r" expect { *-re "^\[^\n\r *]*$prompt.*" {}* <<<< * -re "^$altprompt.*>.*" {} * <<<< -re "^\[^\n\r]*$prompt." { exp_continue } -re "(\r\n|\n)" { exp_continue } * -re "\r-- more --\r" { send " "; exp_continue } * <<<< } } ..] I have marked my deviations from ?jlogin? with four less than signs. With these bodges applied I can successfully get connected to a device, execute commands and exit. I can also issue the ?infilogin? with -c or -x and the relevant commands will execute, and I see the output. I then went and updated the ?rancid.types.conf? with an entry as below: [.. infinet;script;rancid -t infinet infinet;login;jlogin infinet;module;infinet infinet;inloop;infinet::inloop infinet;command;infinet::ShowVersion;system version infinet;command;infinet::ShowConfiguration;config show ..] I created an ?infinet.pm? based on ?mrv.pm?, made an addition to the ?router.db? and now I can see when ?rancid-run? is called that the system connects out 4 times to the InfiNet device (tcpdump helped here) but in the log file for the run I keep seeing : 10.12.25.208 : missed cmd(s): all commands 10.12.25.208 : End of run not found >From what I have read it would seem that my issue lies with the ?inloop? within my ?infinet.pm? file, but cannot get to grips with what needs to be there, or if the ?$prompt? hacks I made in ?infilogin? are coming back to bite me now. If anyone can point me in the right direction I will be very grateful. Thank you for taking the time to read this and for supporting this great tool. (By that I mean RANCID not that I am a tool . . but now I come to mention it) DeeTee -------------- next part -------------- An HTML attachment was scrubbed... URL: From heas at shrubbery.net Thu Jan 6 22:55:37 2022 From: heas at shrubbery.net (heasley) Date: Thu, 6 Jan 2022 22:55:37 +0000 Subject: [rancid] Trying to backup InfiNet Devices In-Reply-To: References: Message-ID: Thu, Jan 06, 2022 at 10:23:44PM +0000, Daniel Thomas: > Hi > > > > I have been working on getting RANCID to collect configuration information > from some equipment that is made by InfiNet. So far I have been unable to > locate any similar work performed previously and so made a start on getting > RANCID to connect to the devices. > > > > Through trial and error I found that the ?jlogin? login script was able to > connect to the device but would not allow interaction once connected. I > decided to use that script as a base for my work and so made a copy of it > and named that copy ?infilogin? I found that the reason that issues were > being hit was that the match of the prompt string was being thrown off as > the InfiNet device changes it?s prompt, and that there were trailing > charaters what were causing issues. > > With regards the changing prompt I saw it take the two following forms: > basehostname> > basehostname$1> > > And the trailing characters I saw were: > > \r\u001b[16C\u001b[K\r\u001b[16C > > To work around this I created an ??altprompt? which took a substring of > ?$prompt? and then did some greedy matching which then gave the following > in the ?we are now logged in, figure out the full prompt? You might look at clogin; the EXOS also has a command line counter. Is it a cmd-line counter? And, look at hlogin, which uses hpuifilter to remove most of the screen manipulation escape codes. Sometimes a more rudimentary TERM type causes devices no use the escape codes; like 'network' or 'dumb'. there are at least 2 *.pm's that do this. I think that if you combine these two methods, it will be easier. copy clogin and modify for the prompt alternatives, add the hpuifilter changes from hlogin. if thats not attractive, debug the missed commands with rancid -d -t looking for the command matches. I expect there will be none and the *.new file will be empty. Compare the prompt matchine in inloop() to whats in the *.raw file and look for escape codes in the prompts within the *.raw file. below, I would just alter $prompt to accept either version of the prompt. That will make it easier (more consistent with other scripts) for -x or -s. > [.. > > > > # we are logged in, now figure out the full prompt > > send "\r" > > expect { > > -re "(\r\n|\n)" { exp_continue; } > > -re "^\[^ ]+$prompt" { set prompt $expect_out(0,string); > > *regsub ">" $prompt ">" prompt; > * > <<<< > > } > > } > > # send $prompt > > set in_proc 0 > > return 0 > > } > > > > # Run commands given on the command line. > > proc run_commands { prompt command } { > > global do_interact in_proc > > set in_proc 1 > > > > * set altprompt [string range $prompt 0 11] * > <<<< > > # handle escaped ;s in commands, and ;; and ^; > > regsub -all {([^\\]);} $command \\1\u0002; esccommand > > regsub -all {([^\\]);;} $esccommand \\1;\u0002; command > > regsub {^;} $command "\u0002;" esccommand > > regsub -all {[\\];} $esccommand ";" command > > regsub -all {\u0002;} $command "\u0002" esccommand > > set sep "\u0002" > > set commands [split $esccommand $sep] > > set num_commands [llength $commands] > > for {set i 0} {$i < $num_commands} { incr i} { > > send -- "[subst -nocommands [lindex $commands $i]]\r" > > expect { > > *-re "^\[^\n\r *]*$prompt.*" {}* > <<<< > > * -re "^$altprompt.*>.*" {} * > <<<< > > -re "^\[^\n\r]*$prompt." { exp_continue } > > -re "(\r\n|\n)" { exp_continue } > > * -re "\r-- more --\r" { send " "; exp_continue } > * > <<<< > > } > > } > > > > > > ..] > > > > I have marked my deviations from ?jlogin? with four less than signs. > > > > With these bodges applied I can successfully get connected to a device, > execute commands and exit. I can also issue the ?infilogin? with -c or -x > and the relevant commands will execute, and I see the output. I then went > and updated the ?rancid.types.conf? with an entry as below: > > > > [.. > > infinet;script;rancid -t infinet > > infinet;login;jlogin > > infinet;module;infinet > > infinet;inloop;infinet::inloop > > infinet;command;infinet::ShowVersion;system version > > infinet;command;infinet::ShowConfiguration;config show > > ..] > > > > I created an ?infinet.pm? based on ?mrv.pm?, made an addition to the > ?router.db? and now I can see when ?rancid-run? is called that the system > connects out 4 times to the InfiNet device (tcpdump helped here) but in the > log file for the run I keep seeing : > > > > 10.12.25.208 : missed cmd(s): all commands > > 10.12.25.208 : End of run not found > > > > >From what I have read it would seem that my issue lies with the ?inloop? > within my ?infinet.pm? file, but cannot get to grips with what needs to be > there, or if the ?$prompt? hacks I made in ?infilogin? are coming back to > bite me now. If anyone can point me in the right direction I will be very > grateful. > > > > Thank you for taking the time to read this and for supporting this great > tool. (By that I mean RANCID not that I am a tool . . but now I come to > mention it) > > DeeTee > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at www.shrubbery.net > https://www.shrubbery.net/mailman/listinfo/rancid-discuss From dtonline at gmail.com Fri Jan 7 11:31:25 2022 From: dtonline at gmail.com (Daniel Thomas) Date: Fri, 7 Jan 2022 11:31:25 +0000 Subject: [rancid] Trying to backup InfiNet Devices In-Reply-To: References: Message-ID: Thank you very much for your swift response. I will have a look at clogin hlogin (specifically the hpuifilter) to see what I can learn from them. I will also clean up the "$prompt" so that it accepts both versions of the prompt. It doesn't appear to be a cmd-line counter - I know that one aspect of the behaviour is that the part of the hostname relates to how many simultaneous SSH sessions there are. However I cannot understand how on some occasions it "reports back" as not including the suffix. I will play with the debug again and see what I get. I'm reticent to mention this bit as I think it relates to our installation of RANCID and the behaviour of the *nix system on which it lives . . but when I have been executing the "rancid -d -t " I get (what I think is) non standard behaviour. If I execute "./rancid -d -t " I get the following behaviour: ./rancid -d -t infinet 10.126.254.208 loadtype: device type infinet loadtype: found device type infinet at /usr/local/rancid/etc/rancid.types.conf:119 device script (rancid) does not appear to be me (./rancid): exec(rancid -t infinet -d 10.126.254.208) Can't exec "rancid": No such file or directory at ./rancid line 104. exec(rancid) failed: No such file or directory And so no .raw nor .new is generated. If I execute perl rancid -d -t infinet 10.126.254.208 loadtype: device type infinet loadtype: found device type infinet at /usr/local/rancid/etc/rancid.types.conf:119 executing infilogin -t 90 -c"system version;config show" 10.126.254.208 10.126.254.208: missed cmd(s): all commands 10.126.254.208: End of run not found 10.126.254.208: clean_run is false 10.126.254.208: found_end is false ! Then raw and new are generated but the .raw then contains: sh: infilogin: command not found Which I understand to be the shell expressing it does not recognise that command. However as mentioned previously everything seems to run fine when ?rancid-run? is called. I mention this as it hampers me a bit on the more granular troubleshooting that is available. Thanks again DeeTee On Thu, 6 Jan 2022 at 22:55, heasley wrote: > Thu, Jan 06, 2022 at 10:23:44PM +0000, Daniel Thomas: > > Hi > > > > > > > > I have been working on getting RANCID to collect configuration > information > > from some equipment that is made by InfiNet. So far I have been unable to > > locate any similar work performed previously and so made a start on > getting > > RANCID to connect to the devices. > > > > > > > > Through trial and error I found that the ?jlogin? login script was able > to > > connect to the device but would not allow interaction once connected. I > > decided to use that script as a base for my work and so made a copy of it > > and named that copy ?infilogin? I found that the reason that issues were > > being hit was that the match of the prompt string was being thrown off as > > the InfiNet device changes it?s prompt, and that there were trailing > > charaters what were causing issues. > > > > With regards the changing prompt I saw it take the two following forms: > > basehostname> > > basehostname$1> > > > > And the trailing characters I saw were: > > > > \r\u001b[16C\u001b[K\r\u001b[16C > > > > To work around this I created an ??altprompt? which took a substring of > > ?$prompt? and then did some greedy matching which then gave the following > > in the ?we are now logged in, figure out the full prompt? > > You might look at clogin; the EXOS also has a command line counter. Is it > a cmd-line counter? > > And, look at hlogin, which uses hpuifilter to remove most of the screen > manipulation escape codes. Sometimes a more rudimentary TERM type causes > devices no use the escape codes; like 'network' or 'dumb'. there are at > least 2 *.pm's that do this. > > I think that if you combine these two methods, it will be easier. copy > clogin and modify for the prompt alternatives, add the hpuifilter changes > from hlogin. > > if thats not attractive, debug the missed commands with rancid -d -t > looking for the command matches. I expect there will be none and the *.new > file will be empty. Compare the prompt matchine in inloop() to whats in > the *.raw file and look for escape codes in the prompts within the *.raw > file. > > below, I would just alter $prompt to accept either version of the prompt. > That will make it easier (more consistent with other scripts) for -x or > -s. > > > [.. > > > > > > > > # we are logged in, now figure out the full prompt > > > > send "\r" > > > > expect { > > > > -re "(\r\n|\n)" { exp_continue; } > > > > -re "^\[^ ]+$prompt" { set prompt $expect_out(0,string); > > > > *regsub ">" $prompt ">" prompt; > > * > > <<<< > > > > } > > > > } > > > > # send $prompt > > > > set in_proc 0 > > > > return 0 > > > > } > > > > > > > > # Run commands given on the command line. > > > > proc run_commands { prompt command } { > > > > global do_interact in_proc > > > > set in_proc 1 > > > > > > > > * set altprompt [string range $prompt 0 11] * > > <<<< > > > > # handle escaped ;s in commands, and ;; and ^; > > > > regsub -all {([^\\]);} $command \\1\u0002; esccommand > > > > regsub -all {([^\\]);;} $esccommand \\1;\u0002; command > > > > regsub {^;} $command "\u0002;" esccommand > > > > regsub -all {[\\];} $esccommand ";" command > > > > regsub -all {\u0002;} $command "\u0002" esccommand > > > > set sep "\u0002" > > > > set commands [split $esccommand $sep] > > > > set num_commands [llength $commands] > > > > for {set i 0} {$i < $num_commands} { incr i} { > > > > send -- "[subst -nocommands [lindex $commands $i]]\r" > > > > expect { > > > > *-re "^\[^\n\r *]*$prompt.*" {}* > > <<<< > > > > * -re "^$altprompt.*>.*" {} * > > <<<< > > > > -re "^\[^\n\r]*$prompt." { exp_continue } > > > > -re "(\r\n|\n)" { exp_continue } > > > > * -re "\r-- more --\r" { send " "; exp_continue } > > * > > <<<< > > > > } > > > > } > > > > > > > > > > > > ..] > > > > > > > > I have marked my deviations from ?jlogin? with four less than signs. > > > > > > > > With these bodges applied I can successfully get connected to a device, > > execute commands and exit. I can also issue the ?infilogin? with -c or -x > > and the relevant commands will execute, and I see the output. I then > went > > and updated the ?rancid.types.conf? with an entry as below: > > > > > > > > [.. > > > > infinet;script;rancid -t infinet > > > > infinet;login;jlogin > > > > infinet;module;infinet > > > > infinet;inloop;infinet::inloop > > > > infinet;command;infinet::ShowVersion;system version > > > > infinet;command;infinet::ShowConfiguration;config show > > > > ..] > > > > > > > > I created an ?infinet.pm? based on ?mrv.pm?, made an addition to the > > ?router.db? and now I can see when ?rancid-run? is called that the system > > connects out 4 times to the InfiNet device (tcpdump helped here) but in > the > > log file for the run I keep seeing : > > > > > > > > 10.12.25.208 : missed cmd(s): all commands > > > > 10.12.25.208 : End of run not found > > > > > > > > >From what I have read it would seem that my issue lies with the ?inloop? > > within my ?infinet.pm? file, but cannot get to grips with what needs to > be > > there, or if the ?$prompt? hacks I made in ?infilogin? are coming back to > > bite me now. If anyone can point me in the right direction I will be very > > grateful. > > > > > > > > Thank you for taking the time to read this and for supporting this great > > tool. (By that I mean RANCID not that I am a tool . . but now I come to > > mention it) > > > > DeeTee > > > _______________________________________________ > > Rancid-discuss mailing list > > Rancid-discuss at www.shrubbery.net > > https://www.shrubbery.net/mailman/listinfo/rancid-discuss > > -- Regards Daniel Thomas -------------- next part -------------- An HTML attachment was scrubbed... URL: From heas at shrubbery.net Sat Jan 8 19:11:53 2022 From: heas at shrubbery.net (heasley) Date: Sat, 8 Jan 2022 19:11:53 +0000 Subject: [rancid] Ignore Extreme hivemanager account In-Reply-To: <5c57a154-c591-2d83-b29f-e67a2b6fbcf7@mconsult.us> References: <5c57a154-c591-2d83-b29f-e67a2b6fbcf7@mconsult.us> Message-ID: Wed, Jan 05, 2022 at 09:05:51AM -0600, Karl: > Good morning, > > One of the sites where I run RANCID has Extreme switches and also has > the ExtremeCloud IQ web-based management.? The management platform adds > a user account called hivemanager, and it cycles (or at least > re-encrypts) the password every so often.? A few of them every just > about every day get a config revision from this with no other changes.? > Is there something I can do to just leave the hivemanager line out of > the config entirely?? Here's what it looks like. > > create account admin hivemanager encrypted > "$x$xxxxxx$xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" > > I'm running RANCID version 3.13. Hey, please confirm that the attached patch works. -------------- next part -------------- diff --git a/lib/exos.pm.in b/lib/exos.pm.in index 399ddb39..7c1a96e0 100644 --- a/lib/exos.pm.in +++ b/lib/exos.pm.in @@ -303,6 +303,11 @@ sub WriteTerm { /# system name/i && next; /# software version/i && next; + if (/((create|configure) account admin hivemanager) / && + ($filter_pwds >= 2 || $filter_osc > 1)) { + ProcessHistory("COMMENTS","keysort","H0","# $1 \n"); + next; + } if (/((create|configure) account \S+ \S+) / && $filter_pwds >= 2) { ProcessHistory("COMMENTS","keysort","H0","# $1 \n"); next; From guy20034u at yahoo.com Sun Jan 9 09:04:27 2022 From: guy20034u at yahoo.com (simon ben) Date: Sun, 9 Jan 2022 09:04:27 +0000 (UTC) Subject: [rancid] Frontend admin for Rancid In-Reply-To: <1642817397.104311.1639297215177@mail.yahoo.com> References: <1642817397.104311.1639297215177.ref@mail.yahoo.com> <1642817397.104311.1639297215177@mail.yahoo.com> Message-ID: <942017952.1561586.1641719067026@mail.yahoo.com> Dear All, As per my below mail I found the below but its old projectAnyone has implemented the same https://github.com/BigAirCommunityBroadband/FETID appreciate your views thanks and regards simon On Sunday, December 12, 2021, 11:20:15 AM GMT+3, simon ben wrote: Dear All, Rancid is an excellent tool and and been working greatIs there any frontend admin for rancid through a browser? As my colleague is a novice in Linux and would like to add new devices to rancid I did google on the net .. there is one but probably very old Appreciate if anyone has tried or some like that can be of help Thanks and Regards simon -------------- next part -------------- An HTML attachment was scrubbed... URL: From dtonline at gmail.com Wed Jan 12 21:40:08 2022 From: dtonline at gmail.com (Daniel Thomas) Date: Wed, 12 Jan 2022 21:40:08 +0000 Subject: [rancid] Trying to backup InfiNet Devices In-Reply-To: References: Message-ID: Hi I need to send you a huge thanks for your help. Your input was critical to me getting this bit of work done. In the early hours of this morning RANCID collected the config of 48 out of 50 of the InfiNet devices. Will tinker with the last two in the coming days / weeks. In order to get the "./rancid -d -t " to work correctly for me I had to edit the following two lines in "rancid.types.conf": infinet;script;rancid -t infinet infinet;login;infilogin So that they read as: infinet;script;./rancid -t infinet infinet;login;/usr/local/rancid/bin/infilogin This then meant that my .new and .raw files would populate and I was able to troubleshoot the issues that were happening in inLoop. The big problem that I was facing was that the "$" in the hostname was being read as a variable in PERL. As the RANCID SSH was always the 1st connection the hostname had "$1" at the end and so PERL was looking at the contents of $1 - which threw off all the prompt matches. In trying to remove that (with my poor PERL skills) I stumbled over a not so elegant solution of using: tr/\$/\\/; In each of the subroutines in the infinet.pm file (just after each occurence of "tr/\015//d;") This way the hostname was viewed consistently throughout the script. After that as we were just looking to grab a plain copy of the config (which is short and nice and static) I ended up mostly gutting the sub routines of all the clever matches and we got where we needed to be. (might try to tinker and learn about these in my own time) Once again I am very grateful to you for your guidance and support with this. All the very best DeeTee On Sat, 8 Jan 2022 at 18:36, heasley wrote: > Fri, Jan 07, 2022 at 10:13:58AM +0000, Daniel Thomas: > > Thank you very much for your swift response. I will have a look at clogin > > hlogin (specifically the hpuifilter) to see what I can learn from them. > > There are 4 places in hlogin that deal with hpuifilter. should be easy > to adopt it or even start with that instead. the procurve devices are > similar to cisco. > > > I will also clean up the "$prompt" so that it accepts both versions of > the > > prompt. > > > > It doesn't appear to be a cmd-line counter - I know that one aspect of > the > > behaviour is that the part of the hostname relates > to > > how many simultaneous SSH sessions there are. However I cannot understand > > how on some occasions it "reports back" as not including the > Sign> suffix. I will play with the debug again and see what I > get. > > I never understand why these prompt things are useful, but ... you want to > match that whether its there or not. something like this, using the > hostname generically, $prompt = > > '^hostname(\$[0-9]+)?>' > > or in expectese > '^hostname(\\\$\[0-9]+)?>' > > forgive me if I dont have the \'s correct. > > > I'm reticent to mention this bit as I think it relates to our > installation > > of RANCID and the behaviour of the *nix system on which it lives . . but > > when I have been executing the "rancid -d -t " I get (what I think > > is) non standard behaviour. > > > > If I execute "./rancid -d -t " I get the following behaviour: > > > > ./rancid -d -t infinet 10.126.254.208 > > > > > > > > loadtype: device type infinet > > > > loadtype: found device type infinet at > > /usr/local/rancid/etc/rancid.types.conf:119 > > > > device script (rancid) does not appear to be me (./rancid): exec(rancid > -t > > infinet -d 10.126.254.208) > > > > Can't exec "rancid": No such file or directory at ./rancid line 104. > > > > exec(rancid) failed: No such file or directory > > > > > > > > And so no .raw nor .new is generated. > > > > > > > > If I execute > > > > > > > > perl rancid -d -t infinet 10.126.254.208 > > > > loadtype: device type infinet > > > > loadtype: found device type infinet at > > /usr/local/rancid/etc/rancid.types.conf:119 > > > > executing infilogin -t 90 -c"system version;config show" 10.126.254.208 > > > > 10.126.254.208: missed cmd(s): all commands > > > > 10.126.254.208: End of run not found > > > > 10.126.254.208: clean_run is false > > > > 10.126.254.208: found_end is false > > > > ! > > > > > > > > Then raw and new are generated but the .raw then contains: > > > > > > > > sh: infilogin: command not found > > > > > > > > Which I understand to be the shell expressing it does not recognise that > > command. However as mentioned previously everything seems to run fine > when > > ?rancid-run? is called. > > > > > > I mention this as it hampers me a bit on the more granular > troubleshooting > > that is available. > > yes; it actually improves troubleshooting :) for me anyway. if you adopt > the path set in rancid.conf, that should solve this for you. But, it can > also be manipulated to test local versions, as can evn(PERLV_PATH) be set > to for local versions of rancid modules. > > > > > Thanks again > > > > > > DeeTee > > > > > > On Thu, 6 Jan 2022 at 22:55, heasley wrote: > > > > > Thu, Jan 06, 2022 at 10:23:44PM +0000, Daniel Thomas: > > > > Hi > > > > > > > > > > > > > > > > I have been working on getting RANCID to collect configuration > > > information > > > > from some equipment that is made by InfiNet. So far I have been > unable to > > > > locate any similar work performed previously and so made a start on > > > getting > > > > RANCID to connect to the devices. > > > > > > > > > > > > > > > > Through trial and error I found that the ?jlogin? login script was > able > > > to > > > > connect to the device but would not allow interaction once > connected. I > > > > decided to use that script as a base for my work and so made a copy > of it > > > > and named that copy ?infilogin? I found that the reason that issues > were > > > > being hit was that the match of the prompt string was being thrown > off as > > > > the InfiNet device changes it?s prompt, and that there were trailing > > > > charaters what were causing issues. > > > > > > > > With regards the changing prompt I saw it take the two following > forms: > > > > basehostname> > > > > basehostname$1> > > > > > > > > And the trailing characters I saw were: > > > > > > > > \r\u001b[16C\u001b[K\r\u001b[16C > > > > > > > > To work around this I created an ??altprompt? which took a substring > of > > > > ?$prompt? and then did some greedy matching which then gave the > following > > > > in the ?we are now logged in, figure out the full prompt? > > > > > > You might look at clogin; the EXOS also has a command line counter. > Is it > > > a cmd-line counter? > > > > > > And, look at hlogin, which uses hpuifilter to remove most of the screen > > > manipulation escape codes. Sometimes a more rudimentary TERM type > causes > > > devices no use the escape codes; like 'network' or 'dumb'. there are > at > > > least 2 *.pm's that do this. > > > > > > I think that if you combine these two methods, it will be easier. copy > > > clogin and modify for the prompt alternatives, add the hpuifilter > changes > > > from hlogin. > > > > > > if thats not attractive, debug the missed commands with rancid -d -t > > > > looking for the command matches. I expect there will be none and the > *.new > > > file will be empty. Compare the prompt matchine in inloop() to whats > in > > > the *.raw file and look for escape codes in the prompts within the > *.raw > > > file. > > > > > > below, I would just alter $prompt to accept either version of the > prompt. > > > That will make it easier (more consistent with other scripts) for -x or > > > -s. > > > > > > > [.. > > > > > > > > > > > > > > > > # we are logged in, now figure out the full prompt > > > > > > > > send "\r" > > > > > > > > expect { > > > > > > > > -re "(\r\n|\n)" { exp_continue; } > > > > > > > > -re "^\[^ ]+$prompt" { set prompt $expect_out(0,string); > > > > > > > > *regsub ">" $prompt ">" prompt; > > > > * > > > > <<<< > > > > > > > > } > > > > > > > > } > > > > > > > > # send $prompt > > > > > > > > set in_proc 0 > > > > > > > > return 0 > > > > > > > > } > > > > > > > > > > > > > > > > # Run commands given on the command line. > > > > > > > > proc run_commands { prompt command } { > > > > > > > > global do_interact in_proc > > > > > > > > set in_proc 1 > > > > > > > > > > > > > > > > * set altprompt [string range $prompt 0 11] * > > > > <<<< > > > > > > > > # handle escaped ;s in commands, and ;; and ^; > > > > > > > > regsub -all {([^\\]);} $command \\1\u0002; esccommand > > > > > > > > regsub -all {([^\\]);;} $esccommand \\1;\u0002; command > > > > > > > > regsub {^;} $command "\u0002;" esccommand > > > > > > > > regsub -all {[\\];} $esccommand ";" command > > > > > > > > regsub -all {\u0002;} $command "\u0002" esccommand > > > > > > > > set sep "\u0002" > > > > > > > > set commands [split $esccommand $sep] > > > > > > > > set num_commands [llength $commands] > > > > > > > > for {set i 0} {$i < $num_commands} { incr i} { > > > > > > > > send -- "[subst -nocommands [lindex $commands $i]]\r" > > > > > > > > expect { > > > > > > > > *-re "^\[^\n\r *]*$prompt.*" {}* > > > > <<<< > > > > > > > > * -re "^$altprompt.*>.*" {} * > > > > <<<< > > > > > > > > -re "^\[^\n\r]*$prompt." { exp_continue } > > > > > > > > -re "(\r\n|\n)" { exp_continue } > > > > > > > > * -re "\r-- more --\r" { send " "; exp_continue } > > > > * > > > > <<<< > > > > > > > > } > > > > > > > > } > > > > > > > > > > > > > > > > > > > > > > > > ..] > > > > > > > > > > > > > > > > I have marked my deviations from ?jlogin? with four less than signs. > > > > > > > > > > > > > > > > With these bodges applied I can successfully get connected to a > device, > > > > execute commands and exit. I can also issue the ?infilogin? with -c > or -x > > > > and the relevant commands will execute, and I see the output. I then > > > went > > > > and updated the ?rancid.types.conf? with an entry as below: > > > > > > > > > > > > > > > > [.. > > > > > > > > infinet;script;rancid -t infinet > > > > > > > > infinet;login;jlogin > > > > > > > > infinet;module;infinet > > > > > > > > infinet;inloop;infinet::inloop > > > > > > > > infinet;command;infinet::ShowVersion;system version > > > > > > > > infinet;command;infinet::ShowConfiguration;config show > > > > > > > > ..] > > > > > > > > > > > > > > > > I created an ?infinet.pm? based on ?mrv.pm?, made an addition to the > > > > ?router.db? and now I can see when ?rancid-run? is called that the > system > > > > connects out 4 times to the InfiNet device (tcpdump helped here) but > in > > > the > > > > log file for the run I keep seeing : > > > > > > > > > > > > > > > > 10.12.25.208 : missed cmd(s): all commands > > > > > > > > 10.12.25.208 : End of run not found > > > > > > > > > > > > > > > > >From what I have read it would seem that my issue lies with the > ?inloop? > > > > within my ?infinet.pm? file, but cannot get to grips with what > needs to > > > be > > > > there, or if the ?$prompt? hacks I made in ?infilogin? are coming > back to > > > > bite me now. If anyone can point me in the right direction I will be > very > > > > grateful. > > > > > > > > > > > > > > > > Thank you for taking the time to read this and for supporting this > great > > > > tool. (By that I mean RANCID not that I am a tool . . but now I come > to > > > > mention it) > > > > > > > > DeeTee > > > > > > > _______________________________________________ > > > > Rancid-discuss mailing list > > > > Rancid-discuss at www.shrubbery.net > > > > https://www.shrubbery.net/mailman/listinfo/rancid-discuss > > > > > > > > > > -- > > Regards > > > > Daniel Thomas > -- Regards Daniel Thomas -------------- next part -------------- An HTML attachment was scrubbed... URL: From heas at shrubbery.net Wed Jan 12 22:39:14 2022 From: heas at shrubbery.net (heasley) Date: Wed, 12 Jan 2022 22:39:14 +0000 Subject: [rancid] Trying to backup InfiNet Devices In-Reply-To: References: Message-ID: Wed, Jan 12, 2022 at 09:40:08PM +0000, Daniel Thomas: > In order to get the "./rancid -d -t " to work correctly for me I had > to edit the > following two lines in "rancid.types.conf": > infinet;script;rancid -t infinet > infinet;login;infilogin > So that they read as: > infinet;script;./rancid -t infinet > infinet;login;/usr/local/rancid/bin/infilogin Assuming that directory is in rancid.conf:PATH, it does not have to be a FQPN here. it can be though, obviously. > This then meant that my .new and .raw files would populate > and I > was able to troubleshoot the issues that were happening in inLoop. The big > problem > that I was facing was that the "$" in the hostname was being read as a > variable in PERL. > > As the RANCID SSH was always the 1st connection the hostname had "$1" at the > end and so PERL was looking at the contents of $1 - which threw off all the > prompt > matches. In trying to remove that (with my poor PERL skills) I stumbled > over > a not so elegant solution of using: > tr/\$/\\/; > In each of the subroutines in the infinet.pm file (just after each > occurence of "tr/\015//d;") > This way the hostname was viewed consistently throughout the script. Not sure that I follow, but if it works in all the permutation of the prompt, great. I suspect this might be the problem with your 2 failing devices. maybe discard the tail of the prompt, escape any regex atoms, and append the aforementioned regex like: if (!defined($prompt)) { $prompt = ($_ =~ /^([^#>$]+)(\$\d+)?[#>]/)[0]; $prompt =~ s/([][}{)(+\\])/\\$1/g; $prompt .= "(\$\d+)?[#>]"; print STDERR ("PROMPT MATCH: $prompt\n") if ($debug); } prost From kfrauendienst at mconsult.us Thu Jan 13 20:15:34 2022 From: kfrauendienst at mconsult.us (Karl) Date: Thu, 13 Jan 2022 14:15:34 -0600 Subject: [rancid] Ignore Extreme hivemanager account In-Reply-To: References: <5c57a154-c591-2d83-b29f-e67a2b6fbcf7@mconsult.us> Message-ID: <71a9140c-4185-d586-b5b9-582f31b12d3d@mconsult.us> I think that did it.? I have this in the diff now from each one. - create account admin hivemanager encrypted "$x$xxxxxx$xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" + # create account admin hivemanager Thanks, Karl On 1/8/2022 1:11 PM, heasley wrote: > Wed, Jan 05, 2022 at 09:05:51AM -0600, Karl: >> Good morning, >> >> One of the sites where I run RANCID has Extreme switches and also has >> the ExtremeCloud IQ web-based management.? The management platform adds >> a user account called hivemanager, and it cycles (or at least >> re-encrypts) the password every so often.? A few of them every just >> about every day get a config revision from this with no other changes. >> Is there something I can do to just leave the hivemanager line out of >> the config entirely?? Here's what it looks like. >> >> create account admin hivemanager encrypted >> "$x$xxxxxx$xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" >> >> I'm running RANCID version 3.13. > Hey, please confirm that the attached patch works. -------------- next part -------------- An HTML attachment was scrubbed... URL: From heas at shrubbery.net Fri Jan 14 15:48:58 2022 From: heas at shrubbery.net (heasley) Date: Fri, 14 Jan 2022 15:48:58 +0000 Subject: [rancid] Ignore Extreme hivemanager account In-Reply-To: <71a9140c-4185-d586-b5b9-582f31b12d3d@mconsult.us> References: <5c57a154-c591-2d83-b29f-e67a2b6fbcf7@mconsult.us> <71a9140c-4185-d586-b5b9-582f31b12d3d@mconsult.us> Message-ID: Thu, Jan 13, 2022 at 02:15:34PM -0600, Karl: > I think that did it.? I have this in the diff now from each one. > > - create account admin hivemanager encrypted "$x$xxxxxx$xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" > + # create account admin hivemanager > Toll! Thanks for confirming. I've changed the $filter_osc comparison to >=; so the filtering will be the default out of the box. https://github.com/haussli/rancid/commit/d57204a2616684c076568d55d0e3b40d9bf178be From jethro.binks at strath.ac.uk Fri Jan 14 19:43:07 2022 From: jethro.binks at strath.ac.uk (Jethro Binks) Date: Fri, 14 Jan 2022 19:43:07 +0000 Subject: [rancid] Support for new OS (HP) ArubaOS-CX In-Reply-To: <611r533-1s95-ro16-727s-57566rs851qs@fgengu.np.hx> References: <611r533-1s95-ro16-727s-57566rs851qs@fgengu.np.hx> Message-ID: Hello, Ref: https://www.shrubbery.net/pipermail/rancid-discuss/2021-May/011036.html Ref: https://www.shrubbery.net/pipermail/rancid-discuss/2021-May/011038.html I found some time to take a look at this. Note that this is for ArubaOS-CX, not ArubaOS (which is what Provision on newer products is now referred to as), nor AOS (which is the wireless controller OS: see here https://github.com/miken32/rancid-aruba). You can find my current effort here: https://gist.github.com/jrbinks/c28691f11238c23432394302a948900b Looking to get a real-world feedback for it, then can hand it over for inclusion. It uses the usual clogin as the login script. You will need something like the following in .cloginrc: add password routername {PLACEHOLDER-NOTUSED} add identity routername {~/.ssh/id_rancid} add user routername rancid add method routername {ssh} add noenable routername 1 add cyphertype routername {aes128-ctr} As far as I can see, you have to have your user in the administrators group. And in rancid.types.conf you might want something like: arubaoscx;script;rancid -t arubaoscx arubaoscx;login;clogin arubaoscx;module;arubaoscx arubaoscx;inloop;arubaoscx::inloop arubaoscx;command;rancid::RunCommand;no page # system commands arubaoscx;command;arubaoscx::CommentOutput;show system arubaoscx;command;arubaoscx::CommentOutput;show version arubaoscx;command;arubaoscx::CommentOutput;show images # hardware commands arubaoscx;command;arubaoscx::CommentOutput;show module arubaoscx;command;arubaoscx::CommentOutput;show environment power-supply arubaoscx;command;arubaoscx::CommentOutput;show environment power-redundancy arubaoscx;command;arubaoscx::CommentOutput;show environment fan arubaoscx;command;arubaoscx::CommentOutput;show environment temperature arubaoscx;command;arubaoscx::CommentOutput;show environment led arubaoscx;command;arubaoscx::CommentOutput;show interface transceiver # system state commands arubaoscx;command;arubaoscx::CommentOutput;show vsx brief arubaoscx;command;arubaoscx::CommentOutput;show vsx status arubaoscx;command;arubaoscx::CommentOutput;show vsx config-consistency arubaoscx;command;arubaoscx::CommentOutput;show vsx lacp configuration arubaoscx;command;arubaoscx::CommentOutput;show vsf arubaoscx;command;arubaoscx::CommentOutput;show vsf detail arubaoscx;command;arubaoscx::CommentOutput;show vsf link arubaoscx;command;arubaoscx::CommentOutput;show vlan arubaoscx;command;arubaoscx::CommentOutput;show ntp status arubaoscx;command;arubaoscx::CommentOutput;show lldp neighbor-info arubaoscx;command;arubaoscx::CommentOutput;show ip ospf arubaoscx;command;arubaoscx::CommentOutput;show ip ospf interface arubaoscx;command;arubaoscx::CommentOutput;show ip ospf neighbors arubaoscx;command;arubaoscx::CommentOutput;show ip ospf statistics arubaoscx;command;arubaoscx::CommentOutput;show bgp ipv4 unicast summary arubaoscx;command;arubaoscx::CommentOutput;show bgp ipv6 unicast summary arubaoscx;command;arubaoscx::ShowConfiguration;show running-config Tested on: Aruba JL658A 6300M Aruba JL635A 8325-48Y8C both version 10.5. I will upgrade a box to something more recent and re-test soon. I don't have any of the edge products to test. Let me know how you get on and if any other commands would be useful. Also, there are probably more secrets to be hidden, if you run with filtering of passwords and community strings. Jethro. . . . . . . . . . . . . . . . . . . . . . . . . . Jethro R Binks, Network Manager, Information Services Directorate, University Of Strathclyde, Glasgow, UK The University of Strathclyde is a charitable body, registered in Scotland, number SC015263. ________________________________ From: Jethro R Binks Sent: 04 June 2021 21:48 To: rancid-discuss at shrubbery.net Subject: Re: [rancid] Support for new OS (HP) ArubaOS-CX Interest here, but not been able to get development time to look at it. Jethro. On Wed, 5 May 2021, Viktor Svanstr?m wrote: > Hi list, > I have a Aruba JL581A HPE Aruba 8320 Switch running ArubaOS-CX TL.10.04.2000. At the moment it seems like there is no support for this OS in rancid? Is there any plan to support it or has anyone out there managed to make their own custom login script? > > Best regards Viktor > > . . . . . . . . . . . . . . . . . . . . . . . . . Jethro R Binks, Network Manager, Information Services Directorate, University Of Strathclyde, Glasgow, UK The University of Strathclyde is a charitable body, registered in Scotland, number SC015263. -------------- next part -------------- An HTML attachment was scrubbed... URL: From guy20034u at yahoo.com Tue Jan 18 20:14:33 2022 From: guy20034u at yahoo.com (simon ben) Date: Tue, 18 Jan 2022 20:14:33 +0000 (UTC) Subject: [rancid] Backing up HP router issue References: <1116631097.867290.1642536873206.ref@mail.yahoo.com> Message-ID: <1116631097.867290.1642536873206@mail.yahoo.com> Dear All, I have the below Rancid ver 3.9 running on Centos 8.4 backing up with no issues Cisco Switches ,Routers and Forgate Firewall?I wanted to backup a new HP router but the config file is emptyI am able to login into the router with cloginhere are my .clogin.rc and my router.db file --------------.clogin.rc entry add cyphertype ipaddress????aes256-ctradd method ipaddress ???? telnetadd enablecmd ipaddress ????????? "super"add password ipaddress ? {password} {password}------------- router.db entry ipaddress;hp;up ------------------------------------- when i run ./path/clogin ipaddress of hp router it logs me in and i see the below ****************************************************************************** * Copyright (c) 2010-2015 Hewlett Packard Enterprise Development LP????????? * * Without the owner's prior written consent,???????????????????????????????? * * no decompiling or reverse-engineering shall be allowed.??????????????????? * ****************************************************************************** Login authentication Password: super Please input the password to change the privilege level. Press CTRL_C to abort. ?Password: User privilege level is 3, and only those commands can be used whose level is equal or less than this. Privilege note: 0-VISIT, 1-MONITOR, 2-SYSTEM, 3-MANAGE --------------------------------------- my error log ----------------- Trying to get all of the configs. ipaddres: missed cmd(s): all commands ipaddres: End of run not found ipaddress clogin error: Error: TIMEOUT reached ; ===================================== Getting missed routers: round 1. ipaddress: missed cmd(s): all commands ipaddress: End of run not found ipaddress clogin error: Error: TIMEOUT reached ; ===================================== Getting missed routers: round 2. ipaddress: missed cmd(s): all commands ipaddress: End of run not found ipaddress clogin error: Error: TIMEOUT reached ; ===================================== Getting missed routers: round 3. ipaddress: missed cmd(s): all commands ipaddress: End of run not found ipaddress clogin error: Error: TIMEOUT reached ; ===================================== Getting missed routers: round 4. ipaddress: missed cmd(s): all commands ipaddress: End of run not found ipaddress clogin error: Error: TIMEOUT reached ; cvs diff: Diffing . cvs diff: Diffing configs cvs commit: Examining . cvs commit: Examining configs Checking in router.db; /usr/local/rancid/var/CVS/Routers/router.db,v? <--? router.db new revision: 1.9; previous revision: 1.8 done ------------------------------------------------------------------------------------------------ Appreciate your help and advice Thanks and Regards Simon -------------- next part -------------- An HTML attachment was scrubbed... URL: From heas at shrubbery.net Tue Jan 18 20:40:23 2022 From: heas at shrubbery.net (heasley) Date: Tue, 18 Jan 2022 20:40:23 +0000 Subject: [rancid] Backing up HP router issue In-Reply-To: <1116631097.867290.1642536873206@mail.yahoo.com> References: <1116631097.867290.1642536873206.ref@mail.yahoo.com> <1116631097.867290.1642536873206@mail.yahoo.com> Message-ID: Tue, Jan 18, 2022 at 08:14:33PM +0000, simon ben: > Dear All, > I have the below > Rancid ver 3.9 running on Centos 8.4 backing up with no issues Cisco Switches ,Routers and Forgate Firewall?I wanted to backup a new HP router but the config file is emptyI am able to login into the router with cloginhere are my .clogin.rc and my router.db file > --------------.clogin.rc entry > add cyphertype ipaddress????aes256-ctradd method ipaddress ???? telnetadd enablecmd ipaddress ????????? "super"add password ipaddress ? {password} {password}------------- > router.db entry > ipaddress;hp;up > ------------------------------------- > when i run ./path/clogin ipaddress of hp router it logs me in and i see the below hp uses hlogin. If you have the device in a group's router.db, you can use plogin and it will exect the appropriate script. Also see the FAQ section 3 for a more detailed login test. Lack of permissions might be causing the failure. but, hp mostly (entirely?) OEMs their NOS. see comments in rancid.types.base for hp models known to work with types hp or foundry. type smc is another option to try. > Password: > super > Please input the password to change the privilege level. Press CTRL_C to abort. > ?Password: > User privilege level is 3, and only those commands can be used > whose level is equal or less than this. > Privilege note: 0-VISIT, 1-MONITOR, 2-SYSTEM, 3-MANAGE > --------------------------------------- > my error log > ----------------- From jandrewartha at ccgs.wa.edu.au Wed Jan 19 06:38:07 2022 From: jandrewartha at ccgs.wa.edu.au (James Andrewartha) Date: Wed, 19 Jan 2022 14:38:07 +0800 Subject: [rancid] Ignore Extreme hivemanager account In-Reply-To: <71a9140c-4185-d586-b5b9-582f31b12d3d@mconsult.us> References: <5c57a154-c591-2d83-b29f-e67a2b6fbcf7@mconsult.us> <71a9140c-4185-d586-b5b9-582f31b12d3d@mconsult.us> Message-ID: <70595a12-3698-5929-9f2f-7d4ef35d9e89@ccgs.wa.edu.au> Hi Karl, On 14/1/22 04:15, Karl wrote: > I think that did it.? I have this in the diff now from each one. > > - create account admin hivemanager encrypted "$x$xxxxxx$xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" > + # create account admin hivemanager What version of EXOS are you running on the switches? I have some X435s running 31.3 and they don't show the hivemanager account (but it does exist since you can see it doing things in `show cli journal`). Thanks, -- James Andrewartha Network & Projects Engineer Christ Church Grammar School Claremont, Western Australia Ph. (08) 9442 1757 Mob. 0424 160 877 From jethro.binks at strath.ac.uk Wed Jan 19 12:39:45 2022 From: jethro.binks at strath.ac.uk (Jethro Binks) Date: Wed, 19 Jan 2022 12:39:45 +0000 Subject: [rancid] Backing up HP router issue In-Reply-To: References: <1116631097.867290.1642536873206.ref@mail.yahoo.com> <1116631097.867290.1642536873206@mail.yahoo.com> Message-ID: This is a variant of a comware device. Standard rancid has vrp.pm and xilogin which are probably the nearest fit, being of Huawei heritage, but I have never tried them. I have my own cmw.pm/cmwlogin which are ... in a bit of a state ... and have never been tested on 1920G and similar. You might try something along the lines of setting the user you are logging in as with: authorization-attribute level 3 and: add autoenable ipaddress {1} so you don't need the "super" command. Jethro. . . . . . . . . . . . . . . . . . . . . . . . . . Jethro R Binks, Network Manager, Information Services Directorate, University Of Strathclyde, Glasgow, UK The University of Strathclyde is a charitable body, registered in Scotland, number SC015263. ________________________________ From: Rancid-discuss on behalf of heasley Sent: 18 January 2022 20:40 To: simon ben Cc: rancid-discuss at shrubbery.net Subject: Re: [rancid] Backing up HP router issue Tue, Jan 18, 2022 at 08:14:33PM +0000, simon ben: > Dear All, > I have the below > Rancid ver 3.9 running on Centos 8.4 backing up with no issues Cisco Switches ,Routers and Forgate Firewall I wanted to backup a new HP router but the config file is emptyI am able to login into the router with cloginhere are my .clogin.rc and my router.db file > --------------.clogin.rc entry > add cyphertype ipaddress aes256-ctradd method ipaddress telnetadd enablecmd ipaddress "super"add password ipaddress {password} {password}------------- > router.db entry > ipaddress;hp;up > ------------------------------------- > when i run ./path/clogin ipaddress of hp router it logs me in and i see the below hp uses hlogin. If you have the device in a group's router.db, you can use plogin and it will exect the appropriate script. Also see the FAQ section 3 for a more detailed login test. Lack of permissions might be causing the failure. but, hp mostly (entirely?) OEMs their NOS. see comments in rancid.types.base for hp models known to work with types hp or foundry. type smc is another option to try. > Password: > super > Please input the password to change the privilege level. Press CTRL_C to abort. > Password: > User privilege level is 3, and only those commands can be used > whose level is equal or less than this. > Privilege note: 0-VISIT, 1-MONITOR, 2-SYSTEM, 3-MANAGE > --------------------------------------- > my error log > ----------------- _______________________________________________ Rancid-discuss mailing list Rancid-discuss at www.shrubbery.net https://www.shrubbery.net/mailman/listinfo/rancid-discuss -------------- next part -------------- An HTML attachment was scrubbed... URL: From jethro.binks at strath.ac.uk Sun Jan 23 12:57:53 2022 From: jethro.binks at strath.ac.uk (Jethro Binks) Date: Sun, 23 Jan 2022 12:57:53 +0000 Subject: [rancid] $platform value Message-ID: There's some rudimentary code in clogin/etc that attempts to do things slightly differently depending on the value of $platform. The setting for $platform appears to be magically divined in some cases (primarily noting "extreme" in clogin). I'd like this to be user-controllable, so below patch against rancid 3.13 adds -P as an option for clogin, and it is also setable via cloginrc. But the patch doesn't make any changes to any current magic divination behaviour. My use case for this is some very similar switches, but some particular submodels need a bunch of extra commands sending before rancid will work properly, and it isn't possible/reliable to magically divine which they are. So I just want to be able to add lines to cloginrc to their entries to give rancid a helping hand, eg: add platform 10.x.y.z cmwbaseline (or via command line). If this can be adopted, it would make the changes I need to maintain locally a lot easier and I might be able to contribute back more. Also, I think it might start to lead to other benefits. One of the problems I find with rancid is that there are so many *login scripts, and if you want to develop support for some new hardware, it's difficult to know which to pick to start from. I assume clogin is the "most" maintained, but that's also the most complicated and if you need something simpler it is hard to strip back from there. It isn't always clear if generic changes in clogin get transferred to the other ones .. and let's face it most of them are 80% the same content, reading the command-line and cloginrc, running ssh, etc. By introducing a bit more intelligence, it might be possible to reduce the number, by adding a few platform-dependent conditional operations to some common ones where are just a few tweaks need making. Jethro. --- clogin.orig +++ clogin 2022-01-23 12:50:26.007313000 +0000 @@ -59,12 +59,16 @@ # Some CLIs having problems if we write too fast (Extreme, PIX, Cat) set send_human {.2 .1 .4 .2 1} +# Initialise the platform to a reasonable default for this type of hardware +# "" is a reasonable default if you don't need to use platform switching +set defaultplatform "" + # Usage line set usage "Usage: $argv0 \[-dhiSV\] \[-m|M\] \[-autoenable\] \[-noenable\] \ \[-c command\] \[-Evar=x\] \[-e enable-password\] \[-f cloginrc-file\] \ \[-p user-password\] \[-r passphrase\] \[-s script-file\] \[-t timeout\] \ \[-u username\] \[-v vty-password\] \[-w enable-username\] \[-x command-file\] \ -\[-y ssh_cypher_type\] router \[router...\]\n" +\[-y ssh_cypher_type\] \[-P platform\] router \[router...\]\n" # Password file set password_file $env(HOME)/.cloginrc @@ -175,7 +179,7 @@ set do_interact 1 # user Password } -p* { - if {! [regexp .\[pP\](.+) $arg ignore userpasswd]} { + if {! [regexp .\[p\](.+) $arg ignore userpasswd]} { incr i set userpasswd [lindex $argv $i] } @@ -259,6 +263,12 @@ incr i set cypher [lindex $argv $i] } + # Platform (device type refinement) + } -P* { + if {! [regexp .\[P\](.+) $arg ignore platform]} { + incr i + set plat [lindex $argv $i] + } # Do we enable? } -noenable { set avenable 0 @@ -391,8 +401,8 @@ # Log into the router. # returns: 0 on success, 1 on failure, -1 if rsh was used successfully -proc login { router user userpswd passwd enapasswd cmethod cyphertype identfile } { - global command spawn_id in_proc do_command do_script platform passphrase +proc login { router user userpswd passwd enapasswd cmethod cyphertype identfile platform } { + global command spawn_id in_proc do_command do_script defaultplatform passphrase global prompt prompt_match u_prompt p_prompt e_prompt sshcmd telnetcmd set in_proc 1 set uprompt_seen 0 @@ -880,8 +890,8 @@ foreach router [lrange $argv $i end] { set router [string tolower $router] # attempt at platform switching. - set platform "" - send_user -- "$router\n" + set platform $defaultplatform + send_user -- "$router (initial platform: \"$platform\")\n" # device timeout set timeout [find timeout $router] @@ -1024,11 +1034,21 @@ set telnetcmd [join [lindex [find telnetcmd $router] 0] ""] if { "$telnetcmd" == "" } { set telnetcmd "telnet -K" } + # Figure out if we have a platform hint + if {[info exists plat]} { + # command line platform + set platform $plat + } else { + set plat [find platform $router] + if { "$plat" ne "" } { set platform $plat } + } + send_user -- "$router (active platform: \"$platform\")\n" + # if [-mM], skip do not login if { $do_cloginrcdbg > 0 } { continue; } # Login to the router - if {[login $router $ruser $userpswd $passwd $enapasswd $cmethod $cyphertype $identfile]} { + if {[login $router $ruser $userpswd $passwd $enapasswd $cmethod $cyphertype $identfile $platform]} { incr exitval # if login failed or rsh was unsuccessful, move on to the next device continue . . . . . . . . . . . . . . . . . . . . . . . . . Jethro R Binks, Network Manager, Information Services Directorate, University Of Strathclyde, Glasgow, UK The University of Strathclyde is a charitable body, registered in Scotland, number SC015263. -------------- next part -------------- An HTML attachment was scrubbed... URL: From jethro.binks at strath.ac.uk Sun Jan 30 16:49:59 2022 From: jethro.binks at strath.ac.uk (Jethro Binks) Date: Sun, 30 Jan 2022 16:49:59 +0000 Subject: [rancid] string compare vs string equal In-Reply-To: References: Message-ID: This is a follow-up to my previous the other day regarding the $platform selection, but it's a general tcl question more than anything (I just about muddle through with tcl, rancid is my only exposure to it). I commented that there was rudimentary detection for "extreme" as a platform. In clogin, there are tests this like: if { [string compare "extreme" "$platform"] } { (string compare is used in lots of other places too, see below). Should this not be "string equal"? If I do this: set platform "cmw" if { [string compare "extreme" "$platform"] } { send_user "true $platform\n" } else { send_user "false $platform\n" } then string compare looks at "extreme" and "cmw" and returns "true cmw" - not what I would expect. Docs say "string compare" returns 0 if equal, -1 if string1 comes before string2, else 1. But in tcl false is 0, and any other non-zero is true. So it doesn't seem that string compare is suitable, since it will return true in circumstances when the strings are not equal (like when returning -1). Do I misunderstand why compare is being used here? I fell over this when my platform selection was not working. To make the code work, I replaced: if { [string compare "extreme" "$platform"] } { send -h "exit\r" } else { send -h "quit\r" } with: if {[string equal "extreme" "$platform"]} { send -h "exit\r" } elseif {[string equal "cmw" "$platform"] || [string equal "cmwbaseline" "$platform"]} { send -h "$exitcmd\r" } else { send -h "quit\r" } The other common appearance of "string compare" across the expect scripts is in lines like below, but I haven't studied these or the other "extreme" cases to see if they make sense or just work by chance ... I do not have cisco or extreme to test against. } elseif ![string compare $prog "rsh"] { } elseif ![string compare $prog "ssh"] { Ultimately I'm working towards a set of changes to better support Comware-based gear which is often requested (e.g https://github.com/haussli/rancid/issues/24 and on this list), which ideally would be fully incorporated into clogin (if acceptable, using the platform selection), or otherwise be as few changes as needed to it and maintained alongside. Which means tidying up these bits and pieces first to make life easier for tracking. I'm personally in favour of clogin being a bit more complex, but thereby being able to support more platforms with a few modifications, so there need be fewer *login scripts to maintain. As shown above, I've also abstracted the exit command to a variable set by platform selection. The code could be tidied further incorporating this. Happy for me to submit pull requests via github for consideration, heasley? Jethro. . . . . . . . . . . . . . . . . . . . . . . . . . Jethro R Binks, Network Manager, Information Services Directorate, University Of Strathclyde, Glasgow, UK The University of Strathclyde is a charitable body, registered in Scotland, number SC015263. ________________________________ From: Jethro Binks Sent: 23 January 2022 12:57 To: rancid-discuss at shrubbery.net Subject: $platform value There's some rudimentary code in clogin/etc that attempts to do things slightly differently depending on the value of $platform. The setting for $platform appears to be magically divined in some cases (primarily noting "extreme" in clogin). I'd like this to be user-controllable, so below patch against rancid 3.13 adds -P as an option for clogin, and it is also setable via cloginrc. But the patch doesn't make any changes to any current magic divination behaviour. My use case for this is some very similar switches, but some particular submodels need a bunch of extra commands sending before rancid will work properly, and it isn't possible/reliable to magically divine which they are. So I just want to be able to add lines to cloginrc to their entries to give rancid a helping hand, eg: add platform 10.x.y.z cmwbaseline (or via command line). If this can be adopted, it would make the changes I need to maintain locally a lot easier and I might be able to contribute back more. Also, I think it might start to lead to other benefits. One of the problems I find with rancid is that there are so many *login scripts, and if you want to develop support for some new hardware, it's difficult to know which to pick to start from. I assume clogin is the "most" maintained, but that's also the most complicated and if you need something simpler it is hard to strip back from there. It isn't always clear if generic changes in clogin get transferred to the other ones .. and let's face it most of them are 80% the same content, reading the command-line and cloginrc, running ssh, etc. By introducing a bit more intelligence, it might be possible to reduce the number, by adding a few platform-dependent conditional operations to some common ones where are just a few tweaks need making. Jethro. --- clogin.orig +++ clogin 2022-01-23 12:50:26.007313000 +0000 @@ -59,12 +59,16 @@ # Some CLIs having problems if we write too fast (Extreme, PIX, Cat) set send_human {.2 .1 .4 .2 1} +# Initialise the platform to a reasonable default for this type of hardware +# "" is a reasonable default if you don't need to use platform switching +set defaultplatform "" + # Usage line set usage "Usage: $argv0 \[-dhiSV\] \[-m|M\] \[-autoenable\] \[-noenable\] \ \[-c command\] \[-Evar=x\] \[-e enable-password\] \[-f cloginrc-file\] \ \[-p user-password\] \[-r passphrase\] \[-s script-file\] \[-t timeout\] \ \[-u username\] \[-v vty-password\] \[-w enable-username\] \[-x command-file\] \ -\[-y ssh_cypher_type\] router \[router...\]\n" +\[-y ssh_cypher_type\] \[-P platform\] router \[router...\]\n" # Password file set password_file $env(HOME)/.cloginrc @@ -175,7 +179,7 @@ set do_interact 1 # user Password } -p* { - if {! [regexp .\[pP\](.+) $arg ignore userpasswd]} { + if {! [regexp .\[p\](.+) $arg ignore userpasswd]} { incr i set userpasswd [lindex $argv $i] } @@ -259,6 +263,12 @@ incr i set cypher [lindex $argv $i] } + # Platform (device type refinement) + } -P* { + if {! [regexp .\[P\](.+) $arg ignore platform]} { + incr i + set plat [lindex $argv $i] + } # Do we enable? } -noenable { set avenable 0 @@ -391,8 +401,8 @@ # Log into the router. # returns: 0 on success, 1 on failure, -1 if rsh was used successfully -proc login { router user userpswd passwd enapasswd cmethod cyphertype identfile } { - global command spawn_id in_proc do_command do_script platform passphrase +proc login { router user userpswd passwd enapasswd cmethod cyphertype identfile platform } { + global command spawn_id in_proc do_command do_script defaultplatform passphrase global prompt prompt_match u_prompt p_prompt e_prompt sshcmd telnetcmd set in_proc 1 set uprompt_seen 0 @@ -880,8 +890,8 @@ foreach router [lrange $argv $i end] { set router [string tolower $router] # attempt at platform switching. - set platform "" - send_user -- "$router\n" + set platform $defaultplatform + send_user -- "$router (initial platform: \"$platform\")\n" # device timeout set timeout [find timeout $router] @@ -1024,11 +1034,21 @@ set telnetcmd [join [lindex [find telnetcmd $router] 0] ""] if { "$telnetcmd" == "" } { set telnetcmd "telnet -K" } + # Figure out if we have a platform hint + if {[info exists plat]} { + # command line platform + set platform $plat + } else { + set plat [find platform $router] + if { "$plat" ne "" } { set platform $plat } + } + send_user -- "$router (active platform: \"$platform\")\n" + # if [-mM], skip do not login if { $do_cloginrcdbg > 0 } { continue; } # Login to the router - if {[login $router $ruser $userpswd $passwd $enapasswd $cmethod $cyphertype $identfile]} { + if {[login $router $ruser $userpswd $passwd $enapasswd $cmethod $cyphertype $identfile $platform]} { incr exitval # if login failed or rsh was unsuccessful, move on to the next device continue . . . . . . . . . . . . . . . . . . . . . . . . . Jethro R Binks, Network Manager, Information Services Directorate, University Of Strathclyde, Glasgow, UK The University of Strathclyde is a charitable body, registered in Scotland, number SC015263. -------------- next part -------------- An HTML attachment was scrubbed... URL: From guy20034u at yahoo.com Mon Jan 31 08:10:25 2022 From: guy20034u at yahoo.com (simon ben) Date: Mon, 31 Jan 2022 08:10:25 +0000 (UTC) Subject: [rancid] Password not accepted after restore from Rancid backup References: <1718214208.2214076.1643616625151.ref@mail.yahoo.com> Message-ID: <1718214208.2214076.1643616625151@mail.yahoo.com> Dear All, I have the below Rancid setup working perfectly for sometime and just faced a issue after a restore of switch Config to the new switch Centos 8rancid version 3.9 Now I wanted to replace a failed switch so using tftp i restored my rancid backup to the switch?Now when from he console it asks me for a username which is adminand i put the password its not accepting( all our switches configure with username and password )? after some troubleshooting I found that there is? username in my backed-up rancid config file and also on the restored one on my new switch but the password is removed--------- !username admin privilege 15 password ---------------- also in line console 0 i see the below -------------- | line con 0 | | 807 | exec-timeout 5 0 | | 808 | ! password | ---------------------- so i realized that after i had restored the backup i had to create user and assigned a password for him So just wanted to know if this the right practice i need to go about or do i need to follow another way really appreciate your advise and help Thanks and regards Simon ? -------------- next part -------------- An HTML attachment was scrubbed... URL: From ugob at lubik.ca Mon Jan 31 17:43:54 2022 From: ugob at lubik.ca (Ugo Bellavance) Date: Mon, 31 Jan 2022 12:43:54 -0500 Subject: [rancid] Password not accepted after restore from Rancid backup In-Reply-To: <1718214208.2214076.1643616625151@mail.yahoo.com> References: <1718214208.2214076.1643616625151.ref@mail.yahoo.com> <1718214208.2214076.1643616625151@mail.yahoo.com> Message-ID: You may want to read this: https://lists.archive.carbon60.com/rancid/users/11119?page=last On Mon, Jan 31, 2022 at 3:10 AM simon ben wrote: > Dear All, > > I have the below Rancid setup working perfectly for sometime and just > faced a issue after a restore of switch Config to the new switch > > Centos 8 > rancid version 3.9 > > Now I wanted to replace a failed switch so using tftp i restored my rancid > backup to the switch > Now when from he console it asks me for a username which is admin > and i put the password its not accepting > ( all our switches configure with username and password ) > > after some troubleshooting I found that there is username in my backed-up > rancid config file and also on the restored one on my new switch but the > password is removed > --------- > > !username admin privilege 15 password > > ---------------- > > also in line console 0 i see the below > > -------------- > line con 0 > 807 > exec-timeout > 5 0 > 808 > ! > password > ---------------------- > > so i realized that after i had restored the backup i had to create user > and assigned a password for him > > So just wanted to know if this the right practice i need to go about or do > i need to follow another way > > really appreciate your advise and help > > > Thanks and regards > > Simon > > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at www.shrubbery.net > https://www.shrubbery.net/mailman/listinfo/rancid-discuss > -- Ugo Bellavance (ugob at lubik.ca) -------------- next part -------------- An HTML attachment was scrubbed... URL: From heas at shrubbery.net Mon Jan 31 18:02:24 2022 From: heas at shrubbery.net (heasley) Date: Mon, 31 Jan 2022 18:02:24 +0000 Subject: [rancid] Password not accepted after restore from Rancid backup In-Reply-To: <1718214208.2214076.1643616625151@mail.yahoo.com> References: <1718214208.2214076.1643616625151.ref@mail.yahoo.com> <1718214208.2214076.1643616625151@mail.yahoo.com> Message-ID: Mon, Jan 31, 2022 at 08:10:25AM +0000, simon ben: > so i realized that after i had restored the backup i had to create user and assigned a password for him > So just wanted to know if this the right practice i need to go about or do i need to follow another way There are 2 ways to handle passwords, and two caveats. 1) replace "" configuration with proper values before loading or manually configure them after loading, 2) set rancid.conf variables FILTER_PWDS and NOCOMMSTR to "NO". Caveat 1) some devices re-produce the password crypt shown in the config each time, which may always be filtered by rancid or affected by rancid.conf variable FILTER_OSC, because it becomes annoying to have diffs each time rancid runs as a result. Caveat 2) some devices have trouble loading exported configs, such as one of the HP models. Cisco, juniper, nokia are known to work, but I can not test every one. Please test your DR processes. From guy20034u at yahoo.com Mon Jan 31 19:05:32 2022 From: guy20034u at yahoo.com (simon ben) Date: Mon, 31 Jan 2022 19:05:32 +0000 (UTC) Subject: [rancid] Password not accepted after restore from Rancid backup In-Reply-To: References: <1718214208.2214076.1643616625151.ref@mail.yahoo.com> <1718214208.2214076.1643616625151@mail.yahoo.com> Message-ID: <173610431.2332103.1643655932389@mail.yahoo.com> Thank you. for the quick reply will test it out thanks and regards simon On Monday, January 31, 2022, 09:02:25 PM GMT+3, heasley wrote: Mon, Jan 31, 2022 at 08:10:25AM +0000, simon ben: > so i realized that after i had restored the backup i had to create user and assigned a password for him > So just wanted to know if this the right practice i need to go about or do i need to follow another way There are 2 ways to handle passwords, and two caveats. 1) replace "" configuration with proper values before loading or manually configure them after loading, 2) set rancid.conf variables FILTER_PWDS and NOCOMMSTR to "NO". Caveat 1) some devices re-produce the password crypt shown in the config each time, which may always be filtered by rancid or affected by rancid.conf variable FILTER_OSC, because it becomes annoying to have diffs each time rancid runs as a result. Caveat 2) some devices have trouble loading exported configs, such as one of the HP models.? Cisco, juniper, nokia are known to work, but I can not test every one.? Please test your DR processes. -------------- next part -------------- An HTML attachment was scrubbed... URL: From ambroise+rancid at toleressea.fr Mon Jan 31 20:11:39 2022 From: ambroise+rancid at toleressea.fr (Ambroise) Date: Mon, 31 Jan 2022 21:11:39 +0100 Subject: [rancid] Password not accepted after restore from Rancid backup In-Reply-To: <173610431.2332103.1643655932389@mail.yahoo.com> References: <1718214208.2214076.1643616625151.ref@mail.yahoo.com> <1718214208.2214076.1643616625151@mail.yahoo.com> <173610431.2332103.1643655932389@mail.yahoo.com> Message-ID: Hi Simon, Another solution, if your IOS version is not too old, it's to replace the "password" command by the "secret" command. username admin privilege 15 secret ........ With this version (and with the parameter FILTER_PWDS set at 1), you can keep the secret password in the saved config. But, be carefully, some password are always configured with the "password" command (like OSPF or BGP preshared key). Ambroise -------------- next part -------------- An HTML attachment was scrubbed... URL: From ambroise+rancid at toleressea.fr Mon Jan 31 20:11:39 2022 From: ambroise+rancid at toleressea.fr (Ambroise) Date: Mon, 31 Jan 2022 21:11:39 +0100 Subject: [rancid] Password not accepted after restore from Rancid backup In-Reply-To: <173610431.2332103.1643655932389@mail.yahoo.com> References: <1718214208.2214076.1643616625151.ref@mail.yahoo.com> <1718214208.2214076.1643616625151@mail.yahoo.com> <173610431.2332103.1643655932389@mail.yahoo.com> Message-ID: Hi Simon, Another solution, if your IOS version is not too old, it's to replace the "password" command by the "secret" command. username admin privilege 15 secret ........ With this version (and with the parameter FILTER_PWDS set at 1), you can keep the secret password in the saved config. But, be carefully, some password are always configured with the "password" command (like OSPF or BGP preshared key). Ambroise -------------- next part -------------- An HTML attachment was scrubbed... URL: From jerome.m at gmail.com Mon Jan 3 14:31:59 2022 From: jerome.m at gmail.com (brutuz bigdaddy) Date: Mon, 03 Jan 2022 14:31:59 -0000 Subject: [rancid] Timeout Message-ID: I have this information.. add user myNexus5k prodlogin add password myNexus5k prodpass add noenable myNexus5k 1 add method myNexus5k ssh running debug: expect: does "" (spawn_id exp7) match regular expression "[\r\n]+"? (No Gate, RE only) gate=yes re=no "^(.+[:.])1 ((>|#| $enable$))"? (No Gate, RE only) gate=yes re=no "^.+(>|#| $enable$)"? (No Gate, RE only) gate=yes re=no Password: expect: does "Password: " (spawn_id exp7) match regular expression "[\r\n]+"? (No Gate, RE only) gate=yes re=no "^(.+[:.])1 ((>|#| $enable$))"? (No Gate, RE only) gate=yes re=no "^.+(>|#| $enable$)"? (No Gate, RE only) gate=yes re=no expect: timed out Error: TIMEOUT reached The nexus5k switch has banners/motd. It looks like pass is not being sent. -------------- next part -------------- An HTML attachment was scrubbed... URL: