[rancid] .cloginrc pass in cleartext?

[Jethro Binks]

Use public keys to log in instead.  That meets your goal of not having the password stored, but isn't necessarily any more secure, if the concern is the security of your equipment.

If your equipment allows it, have the keys log in to accounts that have just enough privilege to execute the (ideally read-only) commands rancid needs and no more (that can be difficult).

At the end of the day, rancid is an automated solution trying to connect to devices that require authentication.  The details need to be stored somewhere on the system that runs rancid, and if they are available to rancid, they are available to anyone who can gain rancid's permissions on that system.  You will probably also want to ensure that you have rancid configured to obscure passwords.

Jethro.


.  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .

Jethro R Binks, Network Manager,

Information Services Directorate, University Of Strathclyde, Glasgow, UK


The University of Strathclyde is a charitable body, registered in Scotland, number SC015263.

________________________________
From: Rancid-discuss <rancid-discuss-bounces at www.shrubbery.net> on behalf of mauric at gmx.ch <mauric at gmx.ch>
Sent: 04 May 2023 19:21
To: rancid-discuss at www.shrubbery.net <rancid-discuss at www.shrubbery.net>
Subject: [rancid] .cloginrc pass in cleartext?


Hello



I have now spent some time looking for the file encryption so that my password is not lying around in plain text.

Please, what options do I have here? I mean, nowadays there are no more files that contain passwords in plain text.



$ clogin -V

rancid 3.13



thanks for any update


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20230505/c726c80d/attachment.htm>