From weylin at bu.edu Wed May 3 05:09:54 2023 From: weylin at bu.edu (Piegorsch, Weylin William) Date: Wed, 3 May 2023 05:09:54 +0000 Subject: [rancid] Unable to Login via clogin Message-ID: Anyone know what I'm doing wrong here? I've verified password and devices names are correct, password has nothing but alphanumerics, and "ssh weylin at my-switch" login works fine from the rancid account on the same server. [rancid at nsgv-prod-59 ~]$ read passwd ***********redacted [rancid at nsgv-prod-59 ~]$ clogin -u weylin -p $passwd my-switch my-switch spawn ssh -2 -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o LogLevel=ERROR -c aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc -x -l weylin my-switch Password: Password: Error: Couldn't login: my-switch [rancid at nsgv-prod-59 ~]$ clogin -V rancid 3.4.1 [rancid at nsgv-prod-59 ~]$ [signature_1593189312] Weylin Piegorsch | Manager, Network Engineering Boston University Information Services & Technology weylin at bu.edu | 617.353.8128 | bu.edu/tech Listen. Learn. Lead. -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: image001.jpg Type: image/jpeg Size: 1595 bytes Desc: image001.jpg URL: From andreas at naund.org Wed May 3 16:41:09 2023 From: andreas at naund.org (Andreas Ott) Date: Wed, 3 May 2023 09:41:09 -0700 Subject: [rancid] Unable to Login via clogin In-Reply-To: References: Message-ID: In case your password has non-alphanumeric characters in it, try enclosing the variable substitution on the shell in single or double quotes. You can rule out if that is your issue by temporarily setting the password to just a random string of only alphanumeric [A-Za-z0-9]. In my experience passwords with all kinds of characters will be properly quoted and used by clogin when they are set in {} inside .cloginrc . -andreas On Tue, May 2, 2023 at 10:10?PM Piegorsch, Weylin William wrote: > Anyone know what I?m doing wrong here? I?ve verified password and devices > names are correct, password has nothing but alphanumerics, and ?ssh > weylin at my-switch? login works fine from the rancid account on the same > server. > > > > [rancid at nsgv-prod-59 ~]$ read passwd > > ***********redacted > > [rancid at nsgv-prod-59 ~]$ clogin -u weylin -p $passwd my-switch > > my-switch > > spawn ssh -2 -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null > -o LogLevel=ERROR -c > aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc > -x -l weylin my-switch > > Password: > > Password: > > > > Error: Couldn't login: my-switch > > [rancid at nsgv-prod-59 ~]$ clogin -V > > rancid 3.4.1 > > [rancid at nsgv-prod-59 ~]$ > > > > > > > > > > > > [image: signature_1593189312] > > > > *Weylin Piegorsch *| Manager, Network Engineering > > Boston University Information Services & Technology > weylin at bu.edu | 617.353.8128 | bu.edu/tech > > *Listen. Learn. Lead.* > > > > > > > > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at www.shrubbery.net > https://www.shrubbery.net/mailman/listinfo/rancid-discuss > -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: image001.jpg Type: image/jpeg Size: 1595 bytes Desc: not available URL: From adudek16 at gmail.com Wed May 3 17:12:18 2023 From: adudek16 at gmail.com (Aaron Dudek) Date: Wed, 3 May 2023 13:12:18 -0400 Subject: [rancid] Unable to Login via clogin In-Reply-To: References: Message-ID: what happens if you try this from the cmd line? ssh -2 -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o LogLevel=ERROR -c aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc -x -l weylin my-switch maybe add a couple of -v to get debug data. On Wed, May 3, 2023 at 1:10?AM Piegorsch, Weylin William wrote: > Anyone know what I?m doing wrong here? I?ve verified password and devices > names are correct, password has nothing but alphanumerics, and ?ssh > weylin at my-switch? login works fine from the rancid account on the same > server. > > > > [rancid at nsgv-prod-59 ~]$ read passwd > > ***********redacted > > [rancid at nsgv-prod-59 ~]$ clogin -u weylin -p $passwd my-switch > > my-switch > > spawn ssh -2 -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null > -o LogLevel=ERROR -c > aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc > -x -l weylin my-switch > > Password: > > Password: > > > > Error: Couldn't login: my-switch > > [rancid at nsgv-prod-59 ~]$ clogin -V > > rancid 3.4.1 > > [rancid at nsgv-prod-59 ~]$ > > > > > > > > > > > > [image: signature_1593189312] > > > > *Weylin Piegorsch *| Manager, Network Engineering > > Boston University Information Services & Technology > weylin at bu.edu | 617.353.8128 | bu.edu/tech > > *Listen. Learn. Lead.* > > > > > > > > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at www.shrubbery.net > https://www.shrubbery.net/mailman/listinfo/rancid-discuss > -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: image001.jpg Type: image/jpeg Size: 1595 bytes Desc: not available URL: From weylin at bu.edu Wed May 3 20:10:51 2023 From: weylin at bu.edu (Piegorsch, Weylin William) Date: Wed, 3 May 2023 20:10:51 +0000 Subject: [rancid] Unable to Login via clogin In-Reply-To: References: Message-ID: Thanks. I had that thought too, so I made sure first that I wasn?t using any special characters. There are no non-alphanumeric characters in the password I?m using - no spaces, quotes, emojis, wingdings etc. [signature_1593189312] Weylin Piegorsch | Manager, Network Engineering Boston University Information Services & Technology weylin at bu.edu | 617.353.8128 | bu.edu/tech Listen. Learn. Lead. From: Andreas Ott Sent: Wednesday, May 3, 2023 12:41 PM To: rancid-discuss at sea.shrubbery.net Cc: Piegorsch, Weylin William Subject: Re: [rancid] Unable to Login via clogin In case your password has non-alphanumeric characters in it, try enclosing the variable substitution on the shell in single or double quotes. You can rule out if that is your issue by temporarily setting the password to just a random string of only alphanumeric [A-Za-z0-9]. In my experience passwords with all kinds of characters will be properly quoted and used by clogin when they are set in {} inside .cloginrc . -andreas On Tue, May 2, 2023 at 10:10?PM Piegorsch, Weylin William > wrote: Anyone know what I?m doing wrong here? I?ve verified password and devices names are correct, password has nothing but alphanumerics, and ?ssh weylin at my-switch? login works fine from the rancid account on the same server. [rancid at nsgv-prod-59 ~]$ read passwd ***********redacted [rancid at nsgv-prod-59 ~]$ clogin -u weylin -p $passwd my-switch my-switch spawn ssh -2 -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o LogLevel=ERROR -c aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc -x -l weylin my-switch Password: Password: Error: Couldn't login: my-switch [rancid at nsgv-prod-59 ~]$ clogin -V rancid 3.4.1 [rancid at nsgv-prod-59 ~]$ [signature_1593189312] Weylin Piegorsch | Manager, Network Engineering Boston University Information Services & Technology weylin at bu.edu | 617.353.8128 | bu.edu/tech Listen. Learn. Lead. _______________________________________________ Rancid-discuss mailing list Rancid-discuss at www.shrubbery.net https://www.shrubbery.net/mailman/listinfo/rancid-discuss -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: image001.jpg Type: image/jpeg Size: 1595 bytes Desc: image001.jpg URL: From weylin at bu.edu Wed May 3 20:11:57 2023 From: weylin at bu.edu (Piegorsch, Weylin William) Date: Wed, 3 May 2023 20:11:57 +0000 Subject: [rancid] Unable to Login via clogin In-Reply-To: References:

Message-ID: Using SSH, works fine. Using clogin with the same username/password using the -u and -p flags, can?t login. [signature_1593189312] Weylin Piegorsch | Manager, Network Engineering Boston University Information Services & Technology weylin at bu.edu | 617.353.8128 | bu.edu/tech Listen. Learn. Lead. From: Aaron Dudek Sent: Wednesday, May 3, 2023 1:12 PM To: Piegorsch, Weylin William Cc: rancid-discuss at www.shrubbery.net Subject: Re: [rancid] Unable to Login via clogin what happens if you try this from the cmd line? ssh -2 -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o LogLevel=ERROR -c aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc -x -l weylin my-switch maybe add a couple of -v to get debug data. On Wed, May 3, 2023 at 1:10?AM Piegorsch, Weylin William > wrote: Anyone know what I?m doing wrong here? I?ve verified password and devices names are correct, password has nothing but alphanumerics, and ?ssh weylin at my-switch? login works fine from the rancid account on the same server. [rancid at nsgv-prod-59 ~]$ read passwd ***********redacted [rancid at nsgv-prod-59 ~]$ clogin -u weylin -p $passwd my-switch my-switch spawn ssh -2 -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o LogLevel=ERROR -c aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc -x -l weylin my-switch Password: Password: Error: Couldn't login: my-switch [rancid at nsgv-prod-59 ~]$ clogin -V rancid 3.4.1 [rancid at nsgv-prod-59 ~]$ [signature_1593189312] Weylin Piegorsch | Manager, Network Engineering Boston University Information Services & Technology weylin at bu.edu | 617.353.8128 | bu.edu/tech Listen. Learn. Lead. _______________________________________________ Rancid-discuss mailing list Rancid-discuss at www.shrubbery.net https://www.shrubbery.net/mailman/listinfo/rancid-discuss -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: image001.jpg Type: image/jpeg Size: 1595 bytes Desc: image001.jpg URL: From adudek16 at gmail.com Wed May 3 20:40:32 2023 From: adudek16 at gmail.com (Aaron Dudek) Date: Wed, 3 May 2023 16:40:32 -0400 Subject: [rancid] Unable to Login via clogin In-Reply-To: References:

Message-ID: add debugging to the clogin script On Wednesday, May 3, 2023, Piegorsch, Weylin William wrote: > Using SSH, works fine. Using clogin with the same username/password using > the -u and -p flags, can?t login. > > > > > > > > > > > > [image: signature_1593189312] > > > > *Weylin Piegorsch *| Manager, Network Engineering > > Boston University Information Services & Technology > weylin at bu.edu | 617.353.8128 | bu.edu/tech > > *Listen. Learn. Lead.* > > > > > > > > > > *From:* Aaron Dudek > *Sent:* Wednesday, May 3, 2023 1:12 PM > *To:* Piegorsch, Weylin William > *Cc:* rancid-discuss at www.shrubbery.net > *Subject:* Re: [rancid] Unable to Login via clogin > > > > what happens if you try this from the cmd line? > > ssh -2 -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o > LogLevel=ERROR -c aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc > -x -l weylin my-switch > > > > maybe add a couple of -v to get debug data. > > > > > > > > On Wed, May 3, 2023 at 1:10?AM Piegorsch, Weylin William > wrote: > > Anyone know what I?m doing wrong here? I?ve verified password and devices > names are correct, password has nothing but alphanumerics, and ?ssh > weylin at my-switch? login works fine from the rancid account on the same > server. > > > > [rancid at nsgv-prod-59 ~]$ read passwd > > ***********redacted > > [rancid at nsgv-prod-59 ~]$ clogin -u weylin -p $passwd my-switch > > my-switch > > spawn ssh -2 -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null > -o LogLevel=ERROR -c aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc > -x -l weylin my-switch > > Password: > > Password: > > > > Error: Couldn't login: my-switch > > [rancid at nsgv-prod-59 ~]$ clogin -V > > rancid 3.4.1 > > [rancid at nsgv-prod-59 ~]$ > > > > > > > > > > > > [image: signature_1593189312] > > > > *Weylin Piegorsch *| Manager, Network Engineering > > Boston University Information Services & Technology > weylin at bu.edu | 617.353.8128 | bu.edu/tech > > *Listen. Learn. Lead.* > > > > > > > > > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at www.shrubbery.net > https://www.shrubbery.net/mailman/listinfo/rancid-discuss > > -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: image001.jpg Type: image/jpeg Size: 1595 bytes Desc: not available URL: From weylin at bu.edu Thu May 4 12:53:22 2023 From: weylin at bu.edu (Piegorsch, Weylin William) Date: Thu, 4 May 2023 12:53:22 +0000 Subject: [rancid] Unable to Login via clogin In-Reply-To: References:

Message-ID: Good question, I?m not claiming to be expert on reading the output but I?m not seeing anything glaring. It?s almost like clogin isn?t using my password [signature_1593189312] Weylin Piegorsch | Manager, Network Engineering Boston University Information Services & Technology weylin at bu.edu | 617.353.8128 | bu.edu/tech Listen. Learn. Lead. From: Aaron Dudek Sent: Wednesday, May 3, 2023 4:41 PM To: Piegorsch, Weylin William Cc: rancid-discuss at www.shrubbery.net Subject: Re: [rancid] Unable to Login via clogin add debugging to the clogin script On Wednesday, May 3, 2023, Piegorsch, Weylin William > wrote: Using SSH, works fine. Using clogin with the same username/password using the -u and -p flags, can?t login. [signature_1593189312] Weylin Piegorsch | Manager, Network Engineering Boston University Information Services & Technology weylin at bu.edu | 617.353.8128 | bu.edu/tech Listen. Learn. Lead. From: Aaron Dudek > Sent: Wednesday, May 3, 2023 1:12 PM To: Piegorsch, Weylin William > Cc: rancid-discuss at www.shrubbery.net Subject: Re: [rancid] Unable to Login via clogin what happens if you try this from the cmd line? ssh -2 -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o LogLevel=ERROR -c aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc -x -l weylin my-switch maybe add a couple of -v to get debug data. On Wed, May 3, 2023 at 1:10?AM Piegorsch, Weylin William > wrote: Anyone know what I?m doing wrong here? I?ve verified password and devices names are correct, password has nothing but alphanumerics, and ?ssh weylin at my-switch? login works fine from the rancid account on the same server. [rancid at nsgv-prod-59 ~]$ read passwd ***********redacted [rancid at nsgv-prod-59 ~]$ clogin -u weylin -p $passwd my-switch my-switch spawn ssh -2 -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o LogLevel=ERROR -c aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc -x -l weylin my-switch Password: Password: Error: Couldn't login: my-switch [rancid at nsgv-prod-59 ~]$ clogin -V rancid 3.4.1 [rancid at nsgv-prod-59 ~]$ [signature_1593189312] Weylin Piegorsch | Manager, Network Engineering Boston University Information Services & Technology weylin at bu.edu | 617.353.8128 | bu.edu/tech Listen. Learn. Lead. _______________________________________________ Rancid-discuss mailing list Rancid-discuss at www.shrubbery.net https://www.shrubbery.net/mailman/listinfo/rancid-discuss -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: image001.jpg Type: image/jpeg Size: 1595 bytes Desc: image001.jpg URL: From heas at shrubbery.net Thu May 4 12:59:48 2023 From: heas at shrubbery.net (heasley) Date: Thu, 4 May 2023 12:59:48 +0000 Subject: [rancid] Unable to Login via clogin In-Reply-To: References:

Message-ID: Thu, May 04, 2023 at 12:53:22PM +0000, Piegorsch, Weylin William: > Good question, I?m not claiming to be expert on reading the output but I?m not seeing anything glaring. It?s almost like clogin isn?t using my password > if you privately share your cloginrc with me, I'll help you debug it: clogin -m and redact the passwords. > Using SSH, works fine. Using clogin with the same username/password using the -u and -p flags, can?t login. > [rancid at nsgv-prod-59 ~]$ clogin -V > rancid 3.4.1 From mauric at gmx.ch Thu May 4 18:21:43 2023 From: mauric at gmx.ch (mauric at gmx.ch) Date: Thu, 4 May 2023 20:21:43 +0200 Subject: [rancid] .cloginrc pass in cleartext? Message-ID: <009701d97eb5$4f752d40$ee5f87c0$@gmx.ch> Hello I have now spent some time looking for the file encryption so that my password is not lying around in plain text. Please, what options do I have here? I mean, nowadays there are no more files that contain passwords in plain text. $ clogin -V rancid 3.13 thanks for any update -------------- next part -------------- An HTML attachment was scrubbed... URL: From jethro.binks at strath.ac.uk Fri May 5 09:43:35 2023 From: jethro.binks at strath.ac.uk (Jethro Binks) Date: Fri, 5 May 2023 09:43:35 +0000 Subject: [rancid] .cloginrc pass in cleartext? In-Reply-To: <009701d97eb5$4f752d40$ee5f87c0$@gmx.ch> References: <009701d97eb5$4f752d40$ee5f87c0$@gmx.ch> Message-ID: Use public keys to log in instead. That meets your goal of not having the password stored, but isn't necessarily any more secure, if the concern is the security of your equipment. If your equipment allows it, have the keys log in to accounts that have just enough privilege to execute the (ideally read-only) commands rancid needs and no more (that can be difficult). At the end of the day, rancid is an automated solution trying to connect to devices that require authentication. The details need to be stored somewhere on the system that runs rancid, and if they are available to rancid, they are available to anyone who can gain rancid's permissions on that system. You will probably also want to ensure that you have rancid configured to obscure passwords. Jethro. . . . . . . . . . . . . . . . . . . . . . . . . . Jethro R Binks, Network Manager, Information Services Directorate, University Of Strathclyde, Glasgow, UK The University of Strathclyde is a charitable body, registered in Scotland, number SC015263. ________________________________ From: Rancid-discuss on behalf of mauric at gmx.ch Sent: 04 May 2023 19:21 To: rancid-discuss at www.shrubbery.net Subject: [rancid] .cloginrc pass in cleartext? Hello I have now spent some time looking for the file encryption so that my password is not lying around in plain text. Please, what options do I have here? I mean, nowadays there are no more files that contain passwords in plain text. $ clogin -V rancid 3.13 thanks for any update -------------- next part -------------- An HTML attachment was scrubbed... URL: From heas at shrubbery.net Fri May 5 11:32:49 2023 From: heas at shrubbery.net (heasley) Date: Fri, 5 May 2023 11:32:49 +0000 Subject: [rancid] .cloginrc pass in cleartext? In-Reply-To: References: <009701d97eb5$4f752d40$ee5f87c0$@gmx.ch> Message-ID: > At the end of the day, rancid is an automated solution trying to connect to devices that require authentication. The details need to be stored somewhere on the system that runs rancid, and if they are available to rancid, they are available to anyone who can gain rancid's permissions on that system. You will probably also want to ensure that you have rancid configured to obscure passwords. Other options, used in combination with command authorization, are to add an external password method to cloginrc that retrieves an OTP or password storage. Per-device passwords, in a password store, are another. None of which really improve the security, IMO. command authorization is the best improvement. From Christian.Garling at Nordfrost.de Fri May 19 08:26:16 2023 From: Christian.Garling at Nordfrost.de (Garling, Christian) Date: Fri, 19 May 2023 08:26:16 +0000 Subject: [rancid] Backup LANCOM Switches Message-ID: Hello list, is there any chance to backup LANCOM switches with Rancid? I did not find any syntax file for this brand. Regards, Christian Garling [cid:NORDFROST_E-MailSignatur_RZ_6a9e56f1-f6a2-40ce-b766-0e3a28292c10.jpg] NORDFROST GmbH & Co. KG: Sitz der Gesellschaft: Nordfrost-Ring 1, 26419 Schortens Amtsgericht Oldenburg: HRA 130108 Pers?nlich haftend: NORDFROST Verwaltungs-GmbH Postanschrift der generellen Gesch?ftst?tigkeit: Nordfrost-Ring 1, 26419 Schortens Gesch?ftsf?hrer: Dr. Falk Bartels, Dipl.-Kffr. Britta Bartels Amtsgericht Oldenburg: HRB 130054 F?r s?mtliche Gesch?fte gelten die Allgemeinen Gesch?ftsbedingungen (NF AGB) in der jeweils aktuellen Fassung, welche in den Gesch?ftsr?umen der NORDFROST und im Internet unter www.nordfrost.de einzusehen sind. -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: NORDFROST_E-MailSignatur_RZ_6a9e56f1-f6a2-40ce-b766-0e3a28292c10.jpg Type: image/jpeg Size: 54503 bytes Desc: NORDFROST_E-MailSignatur_RZ_6a9e56f1-f6a2-40ce-b766-0e3a28292c10.jpg URL: