Rancid with Zebra

From owner-rancid-discuss@shrubbery.net Tue Oct 2 22:24:21 2001 Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (8.11.3/8.11.1) with ESMTP id f92MOLf23582 for ; Tue, 2 Oct 2001 22:24:21 GMT Received: from localhost (localhost [[UNIX: localhost]]) by guelah.shrubbery.net (8.11.4/8.11.1) id f92ML7324093 for rancid-discuss-outgoing; Tue, 2 Oct 2001 22:21:07 GMT Received: from sled.gsfc.nasa.gov (sled.gsfc.nasa.gov [198.119.28.21]) by guelah.shrubbery.net (8.11.4/8.11.1) with ESMTP id f92ML4c24089 for ; Tue, 2 Oct 2001 22:21:04 GMT Received: from frakir.gsfc.nasa.gov (frakir.gsfc.nasa.gov [198.119.28.35]) by sled.gsfc.nasa.gov (8.11.6/8.11.6) with ESMTP id f92ML2v01156; Tue, 2 Oct 2001 18:21:02 -0400 (EDT) Received: (from morty@localhost) by frakir.gsfc.nasa.gov (8.11.6/8.11.6) id f92ML1t26208; Tue, 2 Oct 2001 18:21:01 -0400 Date: Tue, 2 Oct 2001 18:21:01 -0400 From: "Mordechai T. Abzug" To: rancid-discuss@shrubbery.net Cc: Andy Operchuck Subject: rancid patches for BayRS 14.x and for encrypted .cloginrc Message-ID: <20011002182101.A26185@frakir.gsfc.nasa.gov> Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="liOOAslEiF7prFVr" Content-Disposition: inline User-Agent: Mutt/1.2.5i Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk --liOOAslEiF7prFVr Content-Type: text/plain; charset=us-ascii Content-Disposition: inline The attached patch: - fixes assorted issues with brancid for BayRS 14.0.2.1, including the changing description issue. - adds two new env vars, CLOGIN_KEY (allows .cloginrc to be encrypted via "crypt") and CLOGIN_ASK (if set, do-diffs will prompt for and set CLOGIN_KEY.) For the *login scripts, I've only modified blogin and clogin, since those are the ones I can test. In theory, the exact same code should suffice for the others. This patch is relative to a clean 2.2b7. Thanks! Morty --liOOAslEiF7prFVr Content-Type: text/plain; charset=us-ascii Content-Disposition: attachment; filename="rancid.patch" *** blogin.dist Tue Oct 2 18:03:24 2001 --- blogin Tue Oct 2 17:17:35 2001 *************** *** 262,270 **** send_user "\nError: $password_file must not be world readable/writable\n" exit 1 } ! if [ catch {source $password_file} reason ] { ! send_user "\nError: $reason\n" ! exit 1 } } --- 262,278 ---- send_user "\nError: $password_file must not be world readable/writable\n" exit 1 } ! if {[info exists env(CLOGIN_KEY)]} { ! set clogin_fd [open "|crypt $env(CLOGIN_KEY) < $password_file" ] ! if [ catch {eval [read $clogin_fd]} reason ] { ! send_user "\nError: $reason\n" ! exit 1 ! } ! } else { ! if [ catch {source $password_file} reason ] { ! send_user "\nError: $reason\n" ! exit 1 ! } } } *** brancid.dist Tue Sep 25 16:54:22 2001 --- brancid Tue Oct 2 17:47:00 2001 *************** *** 140,145 **** --- 140,148 ---- last if (/^$prompt/); next if (/^(\s*|\s*$cmd\s*)$/); next if (/^Reading configuration information/); + next if (/^\# *uptime +\d+\s*$/); + next if (/^Can\'t find object or class named \"\-all\"\s*$/); + s{^(\# *description \{.* )Created on .*(\}\s*)$}{$1$2}; if (/community label /) { if (defined($ENV{'NOCOMMSTR'})) { $_ =~ s/community label .*$/community label /; *************** *** 178,186 **** # Main %commands=( ! 'bcc' => "RunCommand", ! 'show config' => "ShowConfig", ! 'exit' => "RunCommand" ); # keys() doesnt return things in the order entered and the order of the # cmds is important (show version first and write term last). pita --- 181,190 ---- # Main %commands=( ! 'bcc' => "RunCommand", ! 'show config' => "ShowConfig", ! 'show config -all' => "ShowConfig", ! 'exit' => "RunCommand" ); # keys() doesnt return things in the order entered and the order of the # cmds is important (show version first and write term last). pita *************** *** 187,192 **** --- 191,197 ---- @commands=( "bcc", "show config", + "show config -all", "exit" ); $cisco_cmds=join(";",@commands); *** clogin.dist Tue Sep 25 16:54:20 2001 --- clogin Tue Oct 2 17:17:27 2001 *************** *** 271,279 **** send_user "\nError: $password_file must not be world readable/writable\n" exit 1 } ! if [ catch {source $password_file} reason ] { ! send_user "\nError: $reason\n" ! exit 1 } } --- 271,287 ---- send_user "\nError: $password_file must not be world readable/writable\n" exit 1 } ! if {[info exists env(CLOGIN_KEY)]} { ! set clogin_fd [open "|crypt $env(CLOGIN_KEY) < $password_file" ] ! if [ catch {eval [read $clogin_fd]} reason ] { ! send_user "\nError: $reason\n" ! exit 1 ! } ! } else { ! if [ catch {source $password_file} reason ] { ! send_user "\nError: $reason\n" ! exit 1 ! } } } *** do-diffs.dist Tue Oct 2 17:31:14 2001 --- do-diffs Tue Oct 2 17:35:32 2001 *************** *** 32,38 **** --- 32,47 ---- mkdir $BASEDIR/logs fi + if [ "x$CLOGIN_ASK" != "x" ]; then + printf 'Could you type in the clogin key, please? ' + stty -echo + read CLOGIN_KEY + stty echo + export CLOGIN_KEY + echo + fi + for GROUP in $LIST_OF_GROUPS do --liOOAslEiF7prFVr-- From owner-rancid-discuss@shrubbery.net Tue Oct 9 09:57:53 2001 Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (8.11.6/8.11.1) with ESMTP id f999vrx18570 for ; Tue, 9 Oct 2001 09:57:53 GMT Received: by guelah.shrubbery.net (8.11.4/8.11.1) id f999tKP07765 for rancid-discuss-outgoing; Tue, 9 Oct 2001 09:55:20 GMT Received: from fire.jasonlewis.net (diablo.jasonlewis.net [216.181.64.130]) by guelah.shrubbery.net (8.11.4/8.11.1) with ESMTP id f999tFc07761 for ; Tue, 9 Oct 2001 09:55:16 GMT Received: from spinalcord (spinalcord.jasonlewis.net [192.168.120.77]) by fire.jasonlewis.net (Postfix) with SMTP id C332D952C for ; Tue, 9 Oct 2001 05:56:38 -0400 (EDT) Reply-To: From: "Jason Lewis" To: Subject: Using RANCID for *NIX Date: Tue, 9 Oct 2001 05:57:27 -0400 Message-ID: <000a01c150a8$ce60e930$4d78a8c0@spinalcord> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook CWS, Build 9.0.2416 (9.0.2910.0) X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Importance: Normal Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk This has come up before and I wanted to check again to see if anyone was using RANCID with *NIX. I am interested in putting files like /etc/hosts, /etc/fstab, etc into CVS with RANCID. It already has a nice format and seems like it would be easy to hack the current scripts to do what I need. Is anyone else already doing this? I haven't found any other tools that would do what I want. I am not looking for a backup as much as I am looking for the diffs and an email with the changes. On a side note, I have noticed a behaviour change since implementing RANCID. The entire NOC team gets an email when a config change is made. The result is everyone is cautious about making changes on the fly, and any changes that are made are quickly explained by the changer. Before, changes would be made and if it broke something.....silence. So, at the very least we have fewer **problems** that magically appear. Jason Lewis http://www.packetnexus.com It's not secure "Because they told me it was secure". The people at the other end of the link know less about security than you do. And that's scary. From owner-rancid-discuss@shrubbery.net Tue Oct 9 16:33:28 2001 Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (8.11.6/8.11.1) with ESMTP id f99GXSx18802 for ; Tue, 9 Oct 2001 16:33:28 GMT Received: by guelah.shrubbery.net (8.11.4/8.11.1) id f99GVqo16785 for rancid-discuss-outgoing; Tue, 9 Oct 2001 16:31:52 GMT Received: (from heas@localhost) by guelah.shrubbery.net (8.11.4/8.11.1) id f99GVl516780; Tue, 9 Oct 2001 16:31:48 GMT Date: Tue, 9 Oct 2001 09:31:47 -0700 From: john heasley To: Jason Lewis Cc: rancid-discuss@shrubbery.net Subject: Re: Using RANCID for *NIX Message-ID: <20011009093147.B15961@shrubbery.net> References: <000a01c150a8$ce60e930$4d78a8c0@spinalcord> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <000a01c150a8$ce60e930$4d78a8c0@spinalcord>; from jlewis@packetnexus.com on Tue, Oct 09, 2001 at 05:57:27AM -0400 X-note: live free, or die! X-homer: ralph, jesus did not have wheels. Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk Tue, Oct 09, 2001 at 05:57:27AM -0400, Jason Lewis: > This has come up before and I wanted to check again to see if anyone was > using RANCID with *NIX. I am interested in putting files like /etc/hosts, > /etc/fstab, etc into CVS with RANCID. It already has a nice format and > seems like it would be easy to hack the current scripts to do what I need. > > Is anyone else already doing this? I haven't found any other tools that > would do what I want. I am not looking for a backup as much as I am looking > for the diffs and an email with the changes. i have started, but have some other pressing issues that should pass soon. welcome any comments on what folks would like to see in such an addition. > On a side note, I have noticed a behaviour change since implementing RANCID. > The entire NOC team gets an email when a config change is made. The result > is everyone is cautious about making changes on the fly, and any changes > that are made are quickly explained by the changer. Before, changes would > be made and if it broke something.....silence. So, at the very least we > have fewer **problems** that magically appear. > > Jason Lewis > http://www.packetnexus.com > It's not secure "Because they told me it was secure". > The people at the other end of the link know less > about security than you do. And that's scary. > > > > From owner-rancid-discuss@shrubbery.net Tue Oct 9 20:05:17 2001 Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (8.11.6/8.11.1) with ESMTP id f99K5Hx18947 for ; Tue, 9 Oct 2001 20:05:17 GMT Received: by guelah.shrubbery.net (8.11.4/8.11.1) id f99K4AV22177 for rancid-discuss-outgoing; Tue, 9 Oct 2001 20:04:10 GMT Received: from bnc.powerup.com.au (bnc.webcentral.com.au [202.139.236.123]) by guelah.shrubbery.net (8.11.4/8.11.1) with ESMTP id f99K46c22170 for ; Tue, 9 Oct 2001 20:04:07 GMT Received: by bnc.webcentral.com.au with Internet Mail Service (5.5.2653.19) id ; Wed, 10 Oct 2001 06:03:59 +1000 Message-ID: <415DD4BF903BD311A3D900A0C99F9022096072E1@bnc.webcentral.com.au> From: Andrew Fort To: "'jlewis@packetnexus.com'" , rancid-discuss@shrubbery.net Subject: RE: Using RANCID for *NIX Date: Wed, 10 Oct 2001 06:03:49 +1000 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk Jason lewis wrote, >On a side note, I have noticed a behaviour change since >implementing RANCID. >The entire NOC team gets an email when a config change is >made. The result >is everyone is cautious about making changes on the fly, and >any changes >that are made are quickly explained by the changer. Before, >changes would >be made and if it broke something.....silence. So, at the >very least we >have fewer **problems** that magically appear. heh. no more magical configuration "cleanups" :) From owner-rancid-discuss@shrubbery.net Wed Oct 10 11:53:13 2001 Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (8.11.6/8.11.1) with ESMTP id f9ABrDx01023 for ; Wed, 10 Oct 2001 11:53:13 GMT Received: by guelah.shrubbery.net (8.11.4/8.11.1) id f9ABoxD12434 for rancid-discuss-outgoing; Wed, 10 Oct 2001 11:50:59 GMT Received: from fire.jasonlewis.net (diablo.jasonlewis.net [216.181.64.130]) by guelah.shrubbery.net (8.11.4/8.11.1) with ESMTP id f9ABooc12424; Wed, 10 Oct 2001 11:50:50 GMT Received: from spinalcord (spinalcord.jasonlewis.net [192.168.120.77]) by fire.jasonlewis.net (Postfix) with SMTP id 07FD8952C; Wed, 10 Oct 2001 07:52:13 -0400 (EDT) Reply-To: From: "Jason Lewis" To: "'john heasley'" Cc: Subject: RE: Using RANCID for *NIX Date: Wed, 10 Oct 2001 07:53:01 -0400 Message-ID: <003301c15182$1d944860$4d78a8c0@spinalcord> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook CWS, Build 9.0.2416 (9.0.2910.0) X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Importance: Normal In-Reply-To: <20011009093147.B15961@shrubbery.net> Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk Anything scripted you want to share? I was also thinking it would be easy to have a text file that contained all the files that the user wanted to diff. Then I could modify the base list to add scripts etc that I have written. Some issues that might come up. Root can only connect from the console on my servers, maybe an account on each box for RANCID? A few of the files I am looking to monitor crontabs /etc/hosts /etc/passwd /etc/resolv.conf /etc/mnttab /etc/aliases /etc/group /etc/ftpusers /etc/default/* i have started, but have some other pressing issues that should pass soon. welcome any comments on what folks would like to see in such an addition. From owner-rancid-discuss@shrubbery.net Wed Oct 10 14:55:36 2001 Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (8.11.6/8.11.1) with ESMTP id f9AEtax04380 for ; Wed, 10 Oct 2001 14:55:36 GMT Received: by guelah.shrubbery.net (8.11.4/8.11.1) id f9AEs4015866 for rancid-discuss-outgoing; Wed, 10 Oct 2001 14:54:04 GMT Received: from yosemite.rwc.gnac.net (yosemite.rwc.gnac.net [198.151.248.221]) by guelah.shrubbery.net (8.11.4/8.11.1) with ESMTP id f9AEs0c15859; Wed, 10 Oct 2001 14:54:00 GMT Received: by yosemite.rwc.gnac.net; id HAA13476; Wed, 10 Oct 2001 07:53:56 -0700 (PDT) Received: from unknown(192.168.1.21) by yosemite.rwc.gnac.net via smap (V5.0) id xma013470; Wed, 10 Oct 01 07:53:54 -0700 Received: from tweety.main.gnac.com (localhost.main.gnac.com [127.0.0.1]) by pepe.corp.gnac.com (8.11.0/8.8.7/GNAC-GW-2.1) with ESMTP id f9AErfH06801; Wed, 10 Oct 2001 07:53:41 -0700 (PDT) Received: (from davidw@localhost) by tweety.main.gnac.com (8.9.3/8.7.3/GNAC-COM-1.1) id HAA02954; Wed, 10 Oct 2001 07:53:53 -0700 (PDT) Date: Wed, 10 Oct 2001 07:53:53 -0700 From: David Williamson To: Jason Lewis Cc: "'john heasley'" , rancid-discuss@shrubbery.net Subject: Re: Using RANCID for *NIX Message-ID: <20011010075353.W19505@tweety.main.gnac.com> References: <20011009093147.B15961@shrubbery.net> <003301c15182$1d944860$4d78a8c0@spinalcord> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0.1i In-Reply-To: <003301c15182$1d944860$4d78a8c0@spinalcord>; from jlewis@packetnexus.com on Wed, Oct 10, 2001 at 07:53:01AM -0400 Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk On Wed, Oct 10, 2001 at 07:53:01AM -0400, Jason Lewis wrote: > I was also thinking it would be easy to have a text file that contained all > the files that the user wanted to diff. Then I could modify the base list > to add scripts etc that I have written. Some issues that might come up. > Root can only connect from the console on my servers, maybe an account on > each box for RANCID? That would fit the current model. I don't think I'd use it if it required root access. A special user is just fine, but otherwise..forget it! I'll add that a file containing a list of files would be helpful. Otherwise, rancid will have to know an awful lot about all the various unixes. I do a lot of solaris, so things like /etc/vfstab would be nice to keep an eye on, although other systems call it something else. Some folks use sudo, others don't. Should /etc/sudoers be included? Maybe. The list goes on and on ad naseum. With a unix version of rancid, you'd almost need a directory per host, rather than a single config file per host. It's just so much more complicated. I'm looking forward to it, but it's a hell of a challenge. Good luck to everyone who's coding on this project! -David From owner-rancid-discuss@shrubbery.net Wed Oct 10 18:25:30 2001 Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (8.11.6/8.11.1) with ESMTP id f9AIPUx08015 for ; Wed, 10 Oct 2001 18:25:30 GMT Received: by guelah.shrubbery.net (8.11.4/8.11.1) id f9AINoP20335 for rancid-discuss-outgoing; Wed, 10 Oct 2001 18:23:50 GMT Received: (from heas@localhost) by guelah.shrubbery.net (8.11.4/8.11.1) id f9AINjZ20327; Wed, 10 Oct 2001 18:23:45 GMT Date: Wed, 10 Oct 2001 11:23:44 -0700 From: "'john heasley'" To: Jason Lewis Cc: "'john heasley'" , rancid-discuss@shrubbery.net Subject: Re: Using RANCID for *NIX Message-ID: <20011010112344.B18366@shrubbery.net> References: <20011009093147.B15961@shrubbery.net> <003301c15182$1d944860$4d78a8c0@spinalcord> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <003301c15182$1d944860$4d78a8c0@spinalcord>; from jlewis@packetnexus.com on Wed, Oct 10, 2001 at 07:53:01AM -0400 X-note: live free, or die! X-homer: ralph, jesus did not have wheels. Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk Wed, Oct 10, 2001 at 07:53:01AM -0400, Jason Lewis: > Anything scripted you want to share? > > I was also thinking it would be easy to have a text file that contained all > the files that the user wanted to diff. Then I could modify the base list > to add scripts etc that I have written. Some issues that might come up. > Root can only connect from the console on my servers, maybe an account on > each box for RANCID? > > A few of the files I am looking to monitor > crontabs > > /etc/hosts > /etc/passwd > /etc/resolv.conf > /etc/mnttab > /etc/aliases > /etc/group > /etc/ftpusers > /etc/default/* what i had in mind was a device type "unix" and an additional field file foo/router.db: foo.unix.net:unix:up:netbsd specifying the type (or uname -s, but the former seem more flexible) referring to a per-type configuration file within which file pathnames and/or commands could be listed along with filtering functions file netbsd: file::/etc/hosts cmd:FilterIfconfig:/sbin/ifconfig -a to keep the file heirarchy and ordering of diff entries sane, unix hosts could be represented as directories foo/configs/somerouter.unix.net foo/configs/foo.unix.net/etc.hosts foo/configs/foo.unix.net/sbin.ifconfig as for the user, it doesnt (shouldnt) matter to rancid what user you use, as long as it can read/run the file/command. its just a .cloginrc entry. > > i have started, but have some other pressing issues that should pass soon. > welcome any comments on what folks would like to see in such an addition. > From owner-rancid-discuss@shrubbery.net Wed Oct 10 23:52:12 2001 Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (8.11.6/8.11.1) with ESMTP id f9ANqBx14072 for ; Wed, 10 Oct 2001 23:52:11 GMT Received: by guelah.shrubbery.net (8.11.4/8.11.1) id f9ANoP725757 for rancid-discuss-outgoing; Wed, 10 Oct 2001 23:50:25 GMT Received: from tower.partan.com (tower.partan.com [198.6.255.248]) by guelah.shrubbery.net (8.11.4/8.11.1) with ESMTP id f9ANoJc25751 for ; Wed, 10 Oct 2001 23:50:19 GMT Received: (from asp@localhost) by tower.partan.com (8.9.3/8.9.3) id TAA11387; Wed, 10 Oct 2001 19:50:21 -0400 (EDT) Date: Wed, 10 Oct 2001 19:50:21 -0400 From: Andrew Partan To: Jason Lewis Cc: rancid-discuss@shrubbery.net Subject: Re: Using RANCID for *NIX Message-ID: <20011010195021.B9218@partan.com> References: <000a01c150a8$ce60e930$4d78a8c0@spinalcord> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0i In-Reply-To: <000a01c150a8$ce60e930$4d78a8c0@spinalcord>; from jlewis@packetnexus.com on Tue, Oct 09, 2001 at 05:57:27AM -0400 Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk On Tue, Oct 09, 2001 at 05:57:27AM -0400, Jason Lewis wrote: > Is anyone else already doing this? I haven't found any other tools that > would do what I want. I am not looking for a backup as much as I am looking > for the diffs and an email with the changes. I have some not-very-bullet-proof scripts that I used to monitor approx 70 files on junipers (which are sorta unix boxes). I started with an earlier copy of rancid & did a pile of quick hacking to get them into the state they are in today. Most of the work that needs doing is the part that detects host down vs file not found & does the appropriate thing. There is also work needed in doing the cvs stuff better & deaing with changes to the router.db file (delete/add hosts & the like). [Most of this is probably easily adaptible from the current rancid scripts.] I did find that I needed to split the files to be monitored into files that only root can read vs everything else. I did use the trick of a subdir per host. [I also have another set of rancid-like scripts that monitor whois info for domains. Again there is work needed to better bullet-proof them.] I'd gladly offer either set of scripts as a starting point to what is really needed. --asp From owner-rancid-discuss@shrubbery.net Thu Oct 11 00:42:00 2001 Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (8.11.6/8.11.1) with ESMTP id f9B0g0x15017 for ; Thu, 11 Oct 2001 00:42:00 GMT Received: by guelah.shrubbery.net (8.11.4/8.11.1) id f9B0ecW26578 for rancid-discuss-outgoing; Thu, 11 Oct 2001 00:40:38 GMT Received: from sfoexh01.yipes.com (sfo002ns01.yipes.com [209.213.212.199]) by guelah.shrubbery.net (8.11.4/8.11.1) with ESMTP id f9B0eYc26573 for ; Thu, 11 Oct 2001 00:40:34 GMT Received: by sfoexh01.yipes.com with Internet Mail Service (5.5.2653.19) id <42SLTZH3>; Wed, 10 Oct 2001 17:40:27 -0700 Message-ID: <65988049D870C042BD59CF516556134A14D27A@sfoexh01.yipes.com> From: Alex Bochannek To: "'rancid-discuss@shrubbery.net'" Subject: Who uses Rancid for Extreme? Date: Wed, 10 Oct 2001 17:40:18 -0700 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk Quick question: Who on this list uses Rancid for Extreme switches? Alex Bochannek Senior Unix/Network Engineer Yipes ... that's fast! (415) 901-2000 (415) 901-2090 (direct) www.yipes.com Yipes is the defining provider of fully scalable bandwidth for businesses. We offer fully-managed high speed Internet and Nationwide LAN-to-LAN services at speeds ranging from 1 Mbps to 1 Gbps, in 1 Mbps increments. Yipes delivers this uniquely flexible service over the first nationwide system of optical IP networks. From owner-rancid-discuss@shrubbery.net Fri Oct 12 00:09:17 2001 Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (8.11.6/8.11.1) with ESMTP id f9C09Dx02215 for ; Fri, 12 Oct 2001 00:09:17 GMT Received: by guelah.shrubbery.net (8.11.4/8.11.1) id f9C06Z003603 for rancid-discuss-outgoing; Fri, 12 Oct 2001 00:06:35 GMT Received: by guelah.shrubbery.net (8.11.4/8.11.1) id f9C06XW03598 for rancid-discuss@shrubbery.net; Fri, 12 Oct 2001 00:06:33 GMT Received: from mail.epost.de (mail.epost.de [64.39.38.76] (may be forged)) by guelah.shrubbery.net (8.11.4/8.11.1) with ESMTP id f9BM8jI02469 for ; Thu, 11 Oct 2001 22:08:45 GMT Received: from catweasel (213.20.224.215) by mail.epost.de (5.5.044.1) (authenticated as jan.czmok@epost.de) id 3BB906170007C4D8; Fri, 12 Oct 2001 00:08:33 +0200 Date: Fri, 12 Oct 2001 00:16:22 +0200 From: Jan-Ahrent Czmok To: Alex Bochannek Cc: rancid-discuss@shrubbery.net Subject: Re: Who uses Rancid for Extreme? Message-Id: <20011012001622.225c230b.czmok@lambda-solutions.de> In-Reply-To: <65988049D870C042BD59CF516556134A14D27A@sfoexh01.yipes.com> References: <65988049D870C042BD59CF516556134A14D27A@sfoexh01.yipes.com> X-Mailer: stuphead ver. 0.5.3 (Wiskas) (GTK+ 1.2.10; Linux 2.4.9; i686) Organization: Lambda Solutions Mime-Version: 1.0 Content-Type: text/plain; charset="ISO-8859-15" Content-Transfer-Encoding: 8bit Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk On Wed, 10 Oct 2001 17:40:18 -0700 Alex Bochannek wrote: > Quick question: Who on this list uses Rancid for Extreme switches? > Alex Bochannek > Senior Unix/Network Engineer > Yipes ... that's fast! > (415) 901-2000 > (415) 901-2090 (direct) > www.yipes.com > Yipes is the defining provider of fully scalable bandwidth for businesses. > We offer fully-managed > high speed Internet and Nationwide LAN-to-LAN services at speeds ranging > from 1 Mbps to 1 Gbps, > in 1 Mbps increments. > Yipes delivers this uniquely flexible service over the first nationwide > system of optical IP networks. IF it would work, i would use it... -- Jan-Ahrent Czmok http://www.lambda-solutions.de Technical Advisor ISP Hof�cker Str. 14, 65207 Wiesbaden Tel. +49-(0)-174-3074404 From owner-rancid-discuss@shrubbery.net Fri Oct 12 00:14:37 2001 Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (8.11.6/8.11.1) with ESMTP id f9C0Ebx02272 for ; Fri, 12 Oct 2001 00:14:37 GMT Received: by guelah.shrubbery.net (8.11.4/8.11.1) id f9C0DJw03679 for rancid-discuss-outgoing; Fri, 12 Oct 2001 00:13:19 GMT Received: (from heas@localhost) by guelah.shrubbery.net (8.11.4/8.11.1) id f9C0DEO03674; Fri, 12 Oct 2001 00:13:14 GMT Date: Fri, 12 Oct 2001 00:13:13 +0000 From: john heasley To: Jan-Ahrent Czmok Cc: Alex Bochannek , rancid-discuss@shrubbery.net Subject: Re: Who uses Rancid for Extreme? Message-ID: <20011012001313.I268@shrubbery.net> References: <65988049D870C042BD59CF516556134A14D27A@sfoexh01.yipes.com> <20011012001622.225c230b.czmok@lambda-solutions.de> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20011012001622.225c230b.czmok@lambda-solutions.de>; from czmok@lambda-solutions.de on Fri, Oct 12, 2001 at 12:16:22AM +0200 X-note: live free, or die! X-homer: ralph, jesus did not have wheels. Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk Fri, Oct 12, 2001 at 12:16:22AM +0200, Jan-Ahrent Czmok: > On Wed, 10 Oct 2001 17:40:18 -0700 > Alex Bochannek wrote: > > > Quick question: Who on this list uses Rancid for Extreme switches? > > > Alex Bochannek > > Senior Unix/Network Engineer > > Yipes ... that's fast! > > (415) 901-2000 > > (415) 901-2090 (direct) > > www.yipes.com > > > Yipes is the defining provider of fully scalable bandwidth for businesses. > > We offer fully-managed > > high speed Internet and Nationwide LAN-to-LAN services at speeds ranging > > from 1 Mbps to 1 Gbps, > > in 1 Mbps increments. > > Yipes delivers this uniquely flexible service over the first nationwide > > system of optical IP networks. > > IF it would work, i would use it... i dont have any myself, but someone was kind enough to loan me one. if its any consulation, i intend to work on the extreme stuff this or tomorrow evening. From owner-rancid-discuss@shrubbery.net Fri Oct 12 13:28:44 2001 Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (8.11.6/8.11.1) with ESMTP id f9CDSix15914 for ; Fri, 12 Oct 2001 13:28:44 GMT Received: by guelah.shrubbery.net (8.11.4/8.11.1) id f9CDR7p11276 for rancid-discuss-outgoing; Fri, 12 Oct 2001 13:27:07 GMT Received: from smtp1.mts.net (smtp1.mts.net [205.200.16.74]) by guelah.shrubbery.net (8.11.4/8.11.1) with ESMTP id f9CDR3I11272 for ; Fri, 12 Oct 2001 13:27:03 GMT Received: from mikes (ops-mike.mts.net [192.168.253.224]) by smtp1.mts.net (8.11.3/8.8.8) with SMTP id f9CDQlK03333 for ; Fri, 12 Oct 2001 08:26:48 -0500 (CDT) From: "Mike Hyde" To: Subject: Rancid and Cisco 2820 Date: Fri, 12 Oct 2001 08:30:09 -0500 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0) In-Reply-To: <20011012001313.I268@shrubbery.net> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Importance: Normal Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk Has anyone tried to get rancid to work with a cisco 2820 switch yet? Just wondering before I make an attempt. Mike From owner-rancid-discuss@shrubbery.net Fri Oct 12 18:20:11 2001 Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (8.11.6/8.11.1) with ESMTP id f9CIKBx20910 for ; Fri, 12 Oct 2001 18:20:11 GMT Received: by guelah.shrubbery.net (8.11.4/8.11.1) id f9CIIlo13887 for rancid-discuss-outgoing; Fri, 12 Oct 2001 18:18:48 GMT Received: (from heas@localhost) by guelah.shrubbery.net (8.11.4/8.11.1) id f9CIIjl13882 for rancid-discuss; Fri, 12 Oct 2001 18:18:45 GMT Date: Fri, 12 Oct 2001 11:18:44 -0700 From: john heasley To: rancid-discuss@guelah.shrubbery.net Subject: rancid hangs on linux [fwd: rancid] Message-ID: <20011012111844.H13370@shrubbery.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i X-note: live free, or die! X-homer: ralph, jesus did not have wheels. Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk i havent tested this myself, but the source is reliable. ----- Forwarded message Subject: rancid Date: Fri, 12 Oct 2001 12:20:34 -0400 rancid-2.2b7 appears to work on on linux kernel 2.4.11 w/ expect-5.32.2-62 tcl-8.3.3-65 fyi. ----- End forwarded message ----- From owner-rancid-discuss@shrubbery.net Fri Oct 12 19:17:31 2001 Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (8.11.6/8.11.1) with ESMTP id f9CJHVx21878 for ; Fri, 12 Oct 2001 19:17:31 GMT Received: by guelah.shrubbery.net (8.11.4/8.11.1) id f9CJGDV14452 for rancid-discuss-outgoing; Fri, 12 Oct 2001 19:16:13 GMT Received: (from heas@localhost) by guelah.shrubbery.net (8.11.4/8.11.1) id f9CJGAJ14447 for rancid-discuss; Fri, 12 Oct 2001 19:16:10 GMT Date: Fri, 12 Oct 2001 12:16:09 -0700 From: john heasley To: rancid-discuss@guelah.shrubbery.net Subject: extreme kernel Message-ID: <20011012121609.M13370@shrubbery.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i X-note: live free, or die! X-homer: ralph, jesus did not have wheels. Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk the summit 24 i have is running Image : Extremeware Version 4.1.8 (Build 1) by Release_Master Fri 06/11/1999 4:20p the latest s/w for switches with the "i" asic, which the summit 24 apparently is not, appear to be 6.x. does anyone know what the latest version is for non-i switches? apparently a web login is needed to download never s/w; so, if the latest is more recent than 4.1.8, could someone share? From owner-rancid-discuss@shrubbery.net Fri Oct 12 19:34:20 2001 Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (8.11.6/8.11.1) with ESMTP id f9CJYKx22422 for ; Fri, 12 Oct 2001 19:34:20 GMT Received: by guelah.shrubbery.net (8.11.4/8.11.1) id f9CJWnA14596 for rancid-discuss-outgoing; Fri, 12 Oct 2001 19:32:49 GMT Received: from sfoexh01.yipes.com (sfo002ns01.yipes.com [209.213.212.199]) by guelah.shrubbery.net (8.11.4/8.11.1) with ESMTP id f9CJWjI14588 for ; Fri, 12 Oct 2001 19:32:45 GMT Received: by sfoexh01.yipes.com with Internet Mail Service (5.5.2653.19) id <4VT2ZZY5>; Fri, 12 Oct 2001 12:32:36 -0700 Message-ID: <65988049D870C042BD59CF516556134A14D289@sfoexh01.yipes.com> From: Alex Bochannek To: "'john heasley'" Cc: rancid-discuss@guelah.shrubbery.net Subject: RE: extreme kernel Date: Fri, 12 Oct 2001 12:32:35 -0700 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk The latest ExtremeWare build, which support non-inferno chipset switches is 4.1.19b2. Alex Bochannek Senior Unix/Network Engineer Yipes ... that's fast! (415) 901-2000 (415) 901-2090 (direct) www.yipes.com -----Original Message----- From: john heasley [mailto:heas@shrubbery.net] Sent: Friday, October 12, 2001 12:16 PM To: rancid-discuss@guelah.shrubbery.net Subject: extreme kernel the summit 24 i have is running Image : Extremeware Version 4.1.8 (Build 1) by Release_Master Fri 06/11/1999 4:20p the latest s/w for switches with the "i" asic, which the summit 24 apparently is not, appear to be 6.x. does anyone know what the latest version is for non-i switches? apparently a web login is needed to download never s/w; so, if the latest is more recent than 4.1.8, could someone share? From owner-rancid-discuss@shrubbery.net Mon Oct 15 23:02:22 2001 Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (8.11.6/8.11.1) with ESMTP id f9FN2Mx11790 for ; Mon, 15 Oct 2001 23:02:22 GMT Received: from localhost (localhost [[UNIX: localhost]]) by guelah.shrubbery.net (8.11.4/8.11.1) id f9FMxr421658 for rancid-discuss-outgoing; Mon, 15 Oct 2001 22:59:53 GMT Received: from paeroa.ipg.tsnz.net (paeroa.ipg.tsnz.net [203.97.244.50]) by guelah.shrubbery.net (8.11.4/8.11.1) with ESMTP id f9FMxmI21654 for ; Mon, 15 Oct 2001 22:59:49 GMT Received: from bamboo.ipg.tsnz.net ([203.97.244.25] helo=tsnz.net) by paeroa.ipg.tsnz.net with esmtp (Exim 3.32 #9) id 15tGhs-0005Et-00 for rancid-discuss@shrubbery.net; Tue, 16 Oct 2001 11:59:36 +1300 Message-ID: <3BCB6A58.7DC11847@tsnz.net> Date: Tue, 16 Oct 2001 11:59:36 +1300 From: Dylan Hall Organization: TelstraSaturn X-Mailer: Mozilla 4.77 [en] (X11; U; Linux 2.4.9 i686) X-Accept-Language: en MIME-Version: 1.0 To: "rancid-discuss@shrubbery.net" Subject: Problems with RE matching in .cloginrc Content-Type: multipart/mixed; boundary="------------DEB35D85F29D4E318B15A839" Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk This is a multi-part message in MIME format. --------------DEB35D85F29D4E318B15A839 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit We're having some problems getting the .cloginrc file to do what we want. Below is an extract from the file (passwords changed). The idea is that we have some wildcard entries to catch most of our switches, but a couple of more specific matches where they differ. # # Edge Switches..... # add method s3-BNZW01-r01.engops.tsnz.net {ssh} add user s3-BNZW01-r01.engops.tsnz.net rancid add password s3-BNZW01-r01.engops.tsnz.net 12345 add method *-r01.engops.tsnz.net {ssh} add user *-r01.engops.tsnz.net admin add password *-r01.engops.tsnz.net abcde When we use xlogin (a hack of clogin or jlogin to work with Extremes - I can't remember which) the following happens % ./xlogin -c "show version" s3-BNZW01-r01.engops.tsnz.net s3-bnzw01-r01.engops.tsnz.net spawn ssh -c 3des -x -l admin s3-bnzw01-r01.engops.tsnz.net xlogin seems to be getting the wrong username. if I change the case of entries in .cloginrc so everything is lowercase as follows: # # Edge Switches..... # add method s3-bnzw01-r01.engops.tsnz.net {ssh} add user s3-bnzw01-r01.engops.tsnz.net rancid add password s3-bnzw01-r01.engops.tsnz.net 12345 add method *-r01.engops.tsnz.net {ssh} add user *-r01.engops.tsnz.net admin add password *-r01.engops.tsnz.net abcde % ./xlogin -c "show version" s3-bnzw01-r01.engops.tsnz.net s3-bnzw01-r01.engops.tsnz.net spawn ssh -c 3des -x -l rancid s3-bnzw01-r01.engops.tsnz.net rancid@s3-bnzw01-r01.engops.tsnz.net's password: Permission denied, please try again. xlogin seems to get the right username now, but is still getting the wrong password. Can anyone explain/fix this? Are we using wildcards in the wrong way? I have attached xlogin, although the functions that match passwords are unaltered. This problems exists on my linux box with expect version 5.31.8 and on my freebsd box with expect version 5.32.1 Thanks for your help, -- Dylan Hall IP Engineer TelstraSaturn Ltd Ph: +64 4 9395000 Fax: +64 4 9228555 --------------DEB35D85F29D4E318B15A839 Content-Type: text/plain; charset=us-ascii; name="xlogin" Content-Transfer-Encoding: 7bit Content-Disposition: inline; filename="xlogin" #!/usr/local/bin/expect -- ## ## ## Copyright (C) 1997 by Henry Kilmer, Erik Sherk and Pete Whiting. ## All rights reserved. ## ## This software may be freely copied, modified and redistributed without ## fee for non-commerical purposes provided that this copyright notice is ## preserved intact on all copies and modified copies. ## ## There is no warranty or other guarantee of fitness of this software. ## It is provided solely "as is". The author(s) disclaim(s) all ## responsibility and liability with respect to this software's usage ## or its effect upon hardware, computer systems, other software, or ## anything else. ## ## # # xlogin - extreme ssh login # ## Most options are intuitive for logging into a Cisco router. ## The default username password is the same as the vty password. # # Usage line set usage "Usage: $argv0 \[-c command\] \[-f cloginrc-file\] \ \[-p user-password\] \[-r passphrase\] \[-s script-file\] \[-v save\] \ \[-u username\] \[-t timeout\] \[-x command-file\] \[-y ssh_cypher_type\] \ router \[router...\]\n" # env(CLOGIN) may contain the following chars: # x == do not set xterm banner or name # Password file set password_file $env(HOME)/.cloginrc # Default is to login to the router set do_command 0 set do_script 0 # The default is to automatically enable set enable 1 # The default is to look in the password file to find the passwords. This # tracks if we receive them on the command line. set do_passwd 1 # No passphrase by default set passphrase "" # Don't save changes by default set saveyn "n" # Find the user in the ENV, or use the unix userid. if {[ info exists env(CISCO_USER) ] } { set default_user $env(CISCO_USER) } elseif {[ info exists env(USER) ]} { set default_user $env(USER) } else { # This uses "id" which I think is portable. At least it has existed # (without options) on all machines/OSes I've been on recently - # unlike whoami or id -nu. if [ catch {exec id} reason ] { send_error "Error: could not exec id: $reason\n" exit 1 } regexp {\(([^)]*)} "$reason" junk default_user } # Sometimes routers take awhile to answer (the default is 10 sec) set timeout 120 # Process the command line for {set i 0} {$i < $argc} {incr i} { set arg [lindex $argv $i] switch -glob -- $arg { # Command to run. -c* - -C* { if {! [ regexp .\[cC\](.+) $arg ignore command]} { incr i set command [ lindex $argv $i ] } set do_command 1 # alternate cloginrc file } -f* - -F* { if {! [ regexp .\[fF\](.+) $arg ignore password_file]} { incr i set password_file [ lindex $argv $i ] } # user Password } -p* - -P* { if {! [ regexp .\[pP\](.+) $arg ignore userpswd]} { incr i set userpswd [ lindex $argv $i ] } set do_passwd 0 # passphrase } -r* - -R* { if {! [ regexp .\[rR\](.+) $arg ignore passphrase]} { incr i set passphrase [ lindex $argv $i ] } # Expect script to run. } -s* - -S* { if {! [ regexp .\[sS\](.+) $arg ignore sfile]} { incr i set sfile [ lindex $argv $i ] } if { ! [ file readable $sfile ] } { send_user "Error: Can't read $sfile\n" exit 1 } set do_script 1 # Timeout } -t* - -T* { if {! [ regexp .\[tT\](.+) $arg ignore timeout]} { incr i set timeout [ lindex $argv $i ] } # Username } -u* - -U* { if {! [ regexp .\[uU\](.+) $arg ignore user]} { incr i set username [ lindex $argv $i ] } # Save changes } -v* - -V* { if {! [ regexp .\[vV\](.+) $arg ignore saveyn]} { incr i set saveyn [ lindex $argv $i ] } # command file } -x* - -X* { if {! [ regexp .\[xX\](.+) $arg ignore cmd_file]} { incr i set cmd_file [ lindex $argv $i ] } set cmd_fd [open $cmd_file r] set cmd_text [read $cmd_fd] close $cmd_fd set command [join [split $cmd_text \n] \;] set do_command 1 # 'ssh -c' cypher type } -y* - -Y* { if {! [ regexp .\[yY\](.+) $arg ignore cypher]} { incr i set cypher [ lindex $argv $i ] } } -* { send_user "Error: Unknown argument! $arg\n" send_user $usage exit 1 } default { break } } } # Process routers...no routers listed is an error. if { $i == $argc } { send_user "Error: $usage" } # Only be quiet if we are running a script (it can log its output # on its own) if { $do_script } { log_user 0 } else { log_user 1 } # # Done configuration/variable setting. Now run with it... # # Sets Xterm title if interactive...if its an xterm and the user cares proc label { host } { global env # if CLOGIN has an 'x' in it, don't set the xterm name/banner if [info exists env(CLOGIN)] { if {[string first "x" $env(CLOGIN)] != -1} { return } } # take host from ENV(TERM) if [info exists env(TERM)] { if [regexp \^(xterm|vs) $env(TERM) ignore ] { send_user "\033]1;[lindex [split $host "."] 0]\a" send_user "\033]2;$host\a" } } } # This is a helper function to make the password file easier to # maintain. Using this the password file has the form: # add password sl* pete cow # add password at* steve # add password * hanky-pie proc add {var args} { global int_$var ; lappend int_$var $args} proc include {args} { global env regsub -all "(^{|}$)" $args {} args if { [ regexp "^/" $args ignore ] == 0 } { set args $env(HOME)/$args } source_password_file $args } proc find {var router} { upvar int_$var list if { [info exists list] } { foreach line $list { if { [string match [lindex $line 0] $router ] } { return [lrange $line 1 end] } } } return {} } # Loads the password file. Note that as this file is tcl, and that # it is sourced, the user better know what to put in there, as it # could install more than just password info... I will assume however, # that a "bad guy" could just as easy put such code in the clogin # script, so I will leave .cloginrc as just an extention of that script proc source_password_file { password_file } { global env if { ! [file exists $password_file] } { send_user "Error: password file ($password_file) does not exist\n" exit 1 } file stat $password_file fileinfo if { [expr ($fileinfo(mode) & 007)] != 0000 } { send_user "Error: $password_file must not be world readable/writable\n" exit 1 } if [ catch {source $password_file} reason ] { send_user "Error: $reason\n" exit 1 } } # Log into the router. proc login { router user passwd prompt cmethod cyphertype identfile} { global spawn_id in_proc do_command do_script passphrase set in_proc 1 # try each of the connection methods in $cmethod until one is successful set progs [llength $cmethod] foreach prog [lrange $cmethod 0 end] { if ![string compare $prog "telnet"] { if [ catch {spawn telnet $router} reason ] { send_user "Error: telnet failed: $reason\n" exit 1 } } elseif ![string compare $prog "ssh"] { # ssh to the router & try to login with or without an identfile. # We use two calls to spawn since spawn does not seem to parse # spaces correctly. if {$identfile != ""} { if [ catch {spawn ssh -c $cyphertype -x -l $user -i $identfile $router} reason ] { send_user "Error: failed to ssh: $reason\n" exit 1 } } else { if [ catch {spawn ssh -c $cyphertype -x -l $user $router} reason ] { send_user "Error: failed to ssh: $reason\n" exit 1 } } } elseif ![string compare $prog "rsh"] { if [ catch {spawn rsh -l $user $router} reason ] { send_user "Error: rsh failed: $reason\n" exit 1 } } else { puts "ERROR: unknown connection method: $prog" return 1 } incr progs -1 sleep 0.3 # This helps cleanup each expect clause. expect_after { timeout { send_user "\nError: TIMEOUT reached\n" catch {close}; wait if { $in_proc} { return 1 } else { continue } } eof { send_user "\nError: EOF received\n" catch {close}; wait if { $in_proc} { return 1 } else { continue } } } # Here we get a little tricky. There are several possibilities: # the router can ask for a username and passwd and then # talk to the TACACS server to authenticate you, or if the # TACACS server is not working, then it will use the enable # passwd. Or, the router might not have TACACS turned on, # then it will just send the passwd. expect { -re "(Connection refused|Secure connection \[^\n\r]+ refused|Connectionclosed by)" { catch {close}; wait if !$progs { send_user "\nError: Connection Refused ($prog)\n"; return 1 } } eof { send_user "Error: Couldn't login\n"; wait; return 1 } -nocase "unknown host\r\n" { catch {close}; send_user "Error: Unknown host\n"; wait; return 1 } "Host is unreachable" { catch {close}; send_user "Error: Host Unreachable!\n"; wait; return 1 } "No address associated with name" { catch {close}; send_user "Error: Unknown host\n"; wait; return 1 } -re "Enter passphrase for RSA key '\[^'\]*': " { send_user "\nKey has passphrase!\n" send "$passphrase\r" exp_continue } -re "Host key not found .* $yes\/no$\?" { send "yes\r" send_user "Host $router added to the list of known hosts.\n" exp_continue } -re "HOST IDENTIFICATION HAS CHANGED.* $yes\/no$\?" { send "no\r" send_user "Error: The host key for $router has changed. update the known_hosts file accordingly.\n" return 1 } -re "(Username|\[\r\n]login):" { send "$user\r" expect { eof { send_user "Error: Couldn't login\n"; wait; return 1 } -re "\[Pp]assword:" { send "$passwd\r" } "$prompt" { set in_proc 0; return 0 } } exp_continue } "\[Pp]assword:" { send "$passwd\r" expect { eof { send_user "Error: Couldn't login\n"; wait; return 1 } "$prompt" { set in_proc 0; return 0 } } exp_continue } "$prompt" { break; } denied { send_user "Error: Check your passwd for $router\n" if { $do_command || $do_script } { send "quit" wait return 1 } else { return 1 } } "% Bad passwords" {send_user "Error: Check your passwd for $router\n"; return 1 } } } set in_proc 0 return 0 } # Run commands given on the command line. proc run_commands { prompt command saveyn } { global in_proc set in_proc 1 send "disable clipaging\r" expect $prompt {} # send "set cli screen-length 0\r" # expect $prompt {} # Is this a multi-command? if [ string match "*\;*" "$command" ] { set commands [split $command \;] set num_commands [llength $commands] for {set i 0} {$i < $num_commands} { incr i} { send "[lindex $commands $i]\r" expect { -re "^\[^\n\r]*$prompt $" {} -re "^\[^\n\r]*$prompt." { exp_continue } -re "(\r\n|\n)" { exp_continue } } } } else { send "$command\r" expect { -re "^\[^\n\r]*$prompt $" {} -re "^\[^\n\r]*$prompt." { exp_continue } -re "(\r\n|\n)" { exp_continue } } } send "enable clipaging\r" expect $prompt {} send "exit\r" expect { "Do you wish to save your configuration changes? (y/n)" { send "$saveyn\r" exp_continue } "\n" { exp_continue } timeout { return 0 } eof { return 0 } } set in_proc 0 } # # For each router... (this is main loop) # source_password_file $password_file set in_proc 0 foreach router [lrange $argv $i end] { set router [string tolower $router] send_user "$router\n" set prompt ">" # Figure out username if {[info exists username]} { # command line username set loginname $username } else { set loginname [find user $router] if { "$loginname" == "" } { set loginname $default_user } } # Figure out loginname's password (if different from the vty password) if {[info exists userpswd]} { # command line passwd set passwd $userpswd } else { set passwd [lindex [find password $loginname@$router] 0] if { "$passwd" == "" } { set passwd [lindex [find password $router] 0] } } # figure out identity file to use set identfile "" if {[info exists identity]} { set identfile [lindex [find identity $router] 0] } # Figure out ssh cypher type if {[info exists cypher]} { # command line ssh cypher type set cyphertype $cypher } else { set cyphertype [find cyphertype $router] if { "$cyphertype" == "" } { set cyphertype "3des" } } # Figure out connection method set cmethod [find method $router] if { "$cmethod" == "" } { set cmethod {{telnet} {ssh}} } # Login to the router if {[login $router $loginname $passwd $prompt $cmethod $cyphertype $identfile]} { continue } if { $do_command } { if {[run_commands $prompt $command $saveyn]} { continue } } elseif { $do_script } { send "disable clipaging\r" expect $prompt {} # send "set cli screen-length 0\r" # expect $prompt {} source $sfile close } else { label $router log_user 1 interact } # End of for each router wait sleep 0.3 } exit 0 --------------DEB35D85F29D4E318B15A839-- From owner-rancid-discuss@shrubbery.net Tue Oct 16 03:27:33 2001 Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (8.11.6/8.11.1) with ESMTP id f9G3RXx14731 for ; Tue, 16 Oct 2001 03:27:33 GMT Received: by guelah.shrubbery.net (8.11.4/8.11.1) id f9G3Q6423837 for rancid-discuss-outgoing; Tue, 16 Oct 2001 03:26:06 GMT Received: by guelah.shrubbery.net (8.11.4/8.11.1) id f9G3Q4D23832 for rancid-discuss@shrubbery.net; Tue, 16 Oct 2001 03:26:04 GMT Received: (from heas@localhost) by guelah.shrubbery.net (8.11.4/8.11.1) id f9G3Oep23786; Tue, 16 Oct 2001 03:24:40 GMT Date: Mon, 15 Oct 2001 20:24:40 -0700 From: "'john heasley'" To: Alex Bochannek Cc: rancid-discuss@guelah.shrubbery.net Subject: Re: Proposed Extreme changes. Message-ID: <20011015202439.A23441@shrubbery.net> References: <65988049D870C042BD59CF516556134A14D293@sfoexh01.yipes.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <65988049D870C042BD59CF516556134A14D293@sfoexh01.yipes.com>; from ABochannek@yipes.com on Mon, Oct 15, 2001 at 03:58:12PM -0700 X-note: live free, or die! X-homer: ralph, jesus did not have wheels. Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk Mon, Oct 15, 2001 at 03:58:12PM -0700, Alex Bochannek: > Did you update the image on your server with this new clogin? i just have, 2.2b8. i know that collection of extreme fails if the config has been changed but not saved. have not worked that out yet. CHANGES: 2.2b8 add PAR_COUNT variable to bin/env for adjusting the number of simultaneous collections. see bin/env (or bin/env.new for those with previous installation) and the env(5) manpage. more work on extreme switch bits + fixes from Alex Bochannek. jlogin: add 1s sleeps to avoid passwords being echo'd before tty noecho is set. richard doty few looking glass fixes brancid: filter uptime and add -all option to config for bayrs version 14. from mordechai abzug jrancid: m160 measured chassis clock MHz fluctuates, trim the decimal places. from Mark A Gebert. par: -x fix for log file monitoring killing xterms. from rdrake. From owner-rancid-discuss@shrubbery.net Tue Oct 16 03:32:39 2001 Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (8.11.6/8.11.1) with ESMTP id f9G3Wdx14933 for ; Tue, 16 Oct 2001 03:32:39 GMT Received: from localhost (localhost [[UNIX: localhost]]) by guelah.shrubbery.net (8.11.4/8.11.1) id f9G3VMf23898 for rancid-discuss-outgoing; Tue, 16 Oct 2001 03:31:22 GMT Received: (from heas@localhost) by guelah.shrubbery.net (8.11.4/8.11.1) id f9G3VF723893; Tue, 16 Oct 2001 03:31:15 GMT Date: Mon, 15 Oct 2001 20:31:15 -0700 From: john heasley To: Dylan Hall Cc: "rancid-discuss@shrubbery.net" Subject: Re: Problems with RE matching in .cloginrc Message-ID: <20011015203114.B23441@shrubbery.net> References: <3BCB6A58.7DC11847@tsnz.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <3BCB6A58.7DC11847@tsnz.net>; from dylan.hall@tsnz.net on Tue, Oct 16, 2001 at 11:59:36AM +1300 X-note: live free, or die! X-homer: ralph, jesus did not have wheels. Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk this is for extreme switches? if so, please try clogin in 2.2b8. Tue, Oct 16, 2001 at 11:59:36AM +1300, Dylan Hall: > We're having some problems getting the .cloginrc file to do what we want. Below is an extract from the file (passwords changed). The idea is that we have some wildcard entries to catch most of our switches, but a couple of more specific matches where they differ. > > # > # Edge Switches..... > # > add method s3-BNZW01-r01.engops.tsnz.net {ssh} > add user s3-BNZW01-r01.engops.tsnz.net rancid > add password s3-BNZW01-r01.engops.tsnz.net 12345 > > > add method *-r01.engops.tsnz.net {ssh} > add user *-r01.engops.tsnz.net admin > add password *-r01.engops.tsnz.net abcde > > > When we use xlogin (a hack of clogin or jlogin to work with Extremes - I can't remember which) the following happens > > % ./xlogin -c "show version" s3-BNZW01-r01.engops.tsnz.net > s3-bnzw01-r01.engops.tsnz.net > spawn ssh -c 3des -x -l admin s3-bnzw01-r01.engops.tsnz.net > > xlogin seems to be getting the wrong username. > > if I change the case of entries in .cloginrc so everything is lowercase as follows: > > # > # Edge Switches..... > # > add method s3-bnzw01-r01.engops.tsnz.net {ssh} > add user s3-bnzw01-r01.engops.tsnz.net rancid > add password s3-bnzw01-r01.engops.tsnz.net 12345 > > > add method *-r01.engops.tsnz.net {ssh} > add user *-r01.engops.tsnz.net admin > add password *-r01.engops.tsnz.net abcde > > > % ./xlogin -c "show version" s3-bnzw01-r01.engops.tsnz.net > s3-bnzw01-r01.engops.tsnz.net > spawn ssh -c 3des -x -l rancid s3-bnzw01-r01.engops.tsnz.net > rancid@s3-bnzw01-r01.engops.tsnz.net's password: > Permission denied, please try again. > > xlogin seems to get the right username now, but is still getting the wrong password. > > Can anyone explain/fix this? Are we using wildcards in the wrong way? > > I have attached xlogin, although the functions that match passwords are unaltered. > > This problems exists on my linux box with expect version 5.31.8 and on my freebsd box with expect version 5.32.1 > > Thanks for your help, > > -- > Dylan Hall > IP Engineer > TelstraSaturn Ltd > Ph: +64 4 9395000 Fax: +64 4 9228555 > #!/usr/local/bin/expect -- > ## > ## > ## Copyright (C) 1997 by Henry Kilmer, Erik Sherk and Pete Whiting. > ## All rights reserved. > ## > ## This software may be freely copied, modified and redistributed without > ## fee for non-commerical purposes provided that this copyright notice is > ## preserved intact on all copies and modified copies. > ## > ## There is no warranty or other guarantee of fitness of this software. > ## It is provided solely "as is". The author(s) disclaim(s) all > ## responsibility and liability with respect to this software's usage > ## or its effect upon hardware, computer systems, other software, or > ## anything else. > ## > ## > # > # xlogin - extreme ssh login > # > ## Most options are intuitive for logging into a Cisco router. > ## The default username password is the same as the vty password. > # > > # Usage line > set usage "Usage: $argv0 \[-c command\] \[-f cloginrc-file\] \ > \[-p user-password\] \[-r passphrase\] \[-s script-file\] \[-v save\] \ > \[-u username\] \[-t timeout\] \[-x command-file\] \[-y ssh_cypher_type\] \ > router \[router...\]\n" > > # env(CLOGIN) may contain the following chars: > # x == do not set xterm banner or name > > # Password file > set password_file $env(HOME)/.cloginrc > # Default is to login to the router > set do_command 0 > set do_script 0 > # The default is to automatically enable > set enable 1 > # The default is to look in the password file to find the passwords. This > # tracks if we receive them on the command line. > set do_passwd 1 > # No passphrase by default > set passphrase "" > # Don't save changes by default > set saveyn "n" > > # Find the user in the ENV, or use the unix userid. > if {[ info exists env(CISCO_USER) ] } { > set default_user $env(CISCO_USER) > } elseif {[ info exists env(USER) ]} { > set default_user $env(USER) > } else { > # This uses "id" which I think is portable. At least it has existed > # (without options) on all machines/OSes I've been on recently - > # unlike whoami or id -nu. > if [ catch {exec id} reason ] { > send_error "Error: could not exec id: $reason\n" > exit 1 > } > regexp {\(([^)]*)} "$reason" junk default_user > } > > # Sometimes routers take awhile to answer (the default is 10 sec) > set timeout 120 > > # Process the command line > for {set i 0} {$i < $argc} {incr i} { > set arg [lindex $argv $i] > > switch -glob -- $arg { > # Command to run. > -c* - > -C* { > if {! [ regexp .\[cC\](.+) $arg ignore command]} { > incr i > set command [ lindex $argv $i ] > } > set do_command 1 > # alternate cloginrc file > } -f* - > -F* { > if {! [ regexp .\[fF\](.+) $arg ignore password_file]} { > incr i > set password_file [ lindex $argv $i ] > } > # user Password > } -p* - > -P* { > if {! [ regexp .\[pP\](.+) $arg ignore userpswd]} { > incr i > set userpswd [ lindex $argv $i ] > } > set do_passwd 0 > # passphrase > } -r* - > -R* { > if {! [ regexp .\[rR\](.+) $arg ignore passphrase]} { > incr i > set passphrase [ lindex $argv $i ] > } > # Expect script to run. > } -s* - > -S* { > if {! [ regexp .\[sS\](.+) $arg ignore sfile]} { > incr i > set sfile [ lindex $argv $i ] > } > if { ! [ file readable $sfile ] } { > send_user "Error: Can't read $sfile\n" > exit 1 > } > set do_script 1 > # Timeout > } -t* - > -T* { > if {! [ regexp .\[tT\](.+) $arg ignore timeout]} { > incr i > set timeout [ lindex $argv $i ] > } > # Username > } -u* - > -U* { > if {! [ regexp .\[uU\](.+) $arg ignore user]} { > incr i > set username [ lindex $argv $i ] > } > # Save changes > } -v* - > -V* { > if {! [ regexp .\[vV\](.+) $arg ignore saveyn]} { > incr i > set saveyn [ lindex $argv $i ] > } > # command file > } -x* - > -X* { > if {! [ regexp .\[xX\](.+) $arg ignore cmd_file]} { > incr i > set cmd_file [ lindex $argv $i ] > } > set cmd_fd [open $cmd_file r] > set cmd_text [read $cmd_fd] > close $cmd_fd > set command [join [split $cmd_text \n] \;] > set do_command 1 > # 'ssh -c' cypher type > } -y* - > -Y* { > if {! [ regexp .\[yY\](.+) $arg ignore cypher]} { > incr i > set cypher [ lindex $argv $i ] > } > } -* { > send_user "Error: Unknown argument! $arg\n" > send_user $usage > exit 1 > } default { > break > } > } > } > # Process routers...no routers listed is an error. > if { $i == $argc } { > send_user "Error: $usage" > } > > # Only be quiet if we are running a script (it can log its output > # on its own) > if { $do_script } { > log_user 0 > } else { > log_user 1 > } > > # > # Done configuration/variable setting. Now run with it... > # > > # Sets Xterm title if interactive...if its an xterm and the user cares > proc label { host } { > global env > # if CLOGIN has an 'x' in it, don't set the xterm name/banner > if [info exists env(CLOGIN)] { > if {[string first "x" $env(CLOGIN)] != -1} { return } > } > # take host from ENV(TERM) > if [info exists env(TERM)] { > if [regexp \^(xterm|vs) $env(TERM) ignore ] { > send_user "\033]1;[lindex [split $host "."] 0]\a" > send_user "\033]2;$host\a" > } > } > } > > # This is a helper function to make the password file easier to > # maintain. Using this the password file has the form: > # add password sl* pete cow > # add password at* steve > # add password * hanky-pie > proc add {var args} { global int_$var ; lappend int_$var $args} > proc include {args} { > global env > regsub -all "(^{|}$)" $args {} args > if { [ regexp "^/" $args ignore ] == 0 } { > set args $env(HOME)/$args > } > source_password_file $args > } > > proc find {var router} { > upvar int_$var list > if { [info exists list] } { > foreach line $list { > if { [string match [lindex $line 0] $router ] } { > return [lrange $line 1 end] > } > } > } > return {} > } > > # Loads the password file. Note that as this file is tcl, and that > # it is sourced, the user better know what to put in there, as it > # could install more than just password info... I will assume however, > # that a "bad guy" could just as easy put such code in the clogin > # script, so I will leave .cloginrc as just an extention of that script > proc source_password_file { password_file } { > global env > if { ! [file exists $password_file] } { > send_user "Error: password file ($password_file) does not exist\n" > exit 1 > } > file stat $password_file fileinfo > if { [expr ($fileinfo(mode) & 007)] != 0000 } { > send_user "Error: $password_file must not be world readable/writable\n" > exit 1 > } > if [ catch {source $password_file} reason ] { > send_user "Error: $reason\n" > exit 1 > } > } > > # Log into the router. > proc login { router user passwd prompt cmethod cyphertype identfile} { > global spawn_id in_proc do_command do_script passphrase > set in_proc 1 > > # try each of the connection methods in $cmethod until one is successful > set progs [llength $cmethod] > foreach prog [lrange $cmethod 0 end] { > if ![string compare $prog "telnet"] { > if [ catch {spawn telnet $router} reason ] { > send_user "Error: telnet failed: $reason\n" > exit 1 > } > } elseif ![string compare $prog "ssh"] { > # ssh to the router & try to login with or without an identfile. > # We use two calls to spawn since spawn does not seem to parse > # spaces correctly. > if {$identfile != ""} { > if [ catch {spawn ssh -c $cyphertype -x -l $user -i $identfile $router} reason ] { > send_user "Error: failed to ssh: $reason\n" > exit 1 > } > } else { > if [ catch {spawn ssh -c $cyphertype -x -l $user $router} reason ] { > send_user "Error: failed to ssh: $reason\n" > exit 1 > } > } > } elseif ![string compare $prog "rsh"] { > if [ catch {spawn rsh -l $user $router} reason ] { > send_user "Error: rsh failed: $reason\n" > exit 1 > } > } else { > puts "ERROR: unknown connection method: $prog" > return 1 > } > incr progs -1 > sleep 0.3 > > # This helps cleanup each expect clause. > expect_after { > timeout { > send_user "\nError: TIMEOUT reached\n" > catch {close}; wait > if { $in_proc} { > return 1 > } else { > continue > } > } eof { > send_user "\nError: EOF received\n" > catch {close}; wait > if { $in_proc} { > return 1 > } else { > continue > } > } > } > > # Here we get a little tricky. There are several possibilities: > # the router can ask for a username and passwd and then > # talk to the TACACS server to authenticate you, or if the > # TACACS server is not working, then it will use the enable > # passwd. Or, the router might not have TACACS turned on, > # then it will just send the passwd. > expect { > -re "(Connection refused|Secure connection \[^\n\r]+ refused|Connectionclosed by)" { > catch {close}; wait > if !$progs { > send_user "\nError: Connection Refused ($prog)\n"; return 1 > } > } > eof { send_user "Error: Couldn't login\n"; wait; return 1 > } -nocase "unknown host\r\n" { > catch {close}; > send_user "Error: Unknown host\n"; wait; return 1 > } "Host is unreachable" { > catch {close}; > send_user "Error: Host Unreachable!\n"; wait; return 1 > } "No address associated with name" { > catch {close}; > send_user "Error: Unknown host\n"; wait; return 1 > } > -re "Enter passphrase for RSA key '\[^'\]*': " { > send_user "\nKey has passphrase!\n" > send "$passphrase\r" > exp_continue } > -re "Host key not found .* $yes\/no$\?" { > send "yes\r" > send_user "Host $router added to the list of known hosts.\n" > exp_continue } > -re "HOST IDENTIFICATION HAS CHANGED.* $yes\/no$\?" { > send "no\r" > send_user "Error: The host key for $router has changed. update the known_hosts file accordingly.\n" > return 1 } > -re "(Username|\[\r\n]login):" { send "$user\r" > expect { > eof { send_user "Error: Couldn't login\n"; > wait; return 1 } > -re "\[Pp]assword:" { send "$passwd\r" } > "$prompt" { set in_proc 0; return 0 } > } > exp_continue > } > "\[Pp]assword:" { send "$passwd\r" > > expect { > eof { send_user "Error: Couldn't login\n"; wait; return 1 } > "$prompt" { set in_proc 0; return 0 } > } > exp_continue > } > "$prompt" { break; } > denied { send_user "Error: Check your passwd for $router\n" > if { $do_command || $do_script } { > send "quit" > wait > return 1 > } else { > return 1 > } > } > "% Bad passwords" {send_user "Error: Check your passwd for $router\n"; return 1 } > } > } > set in_proc 0 > return 0 > } > > # Run commands given on the command line. > proc run_commands { prompt command saveyn } { > global in_proc > set in_proc 1 > > send "disable clipaging\r" > expect $prompt {} > # send "set cli screen-length 0\r" > # expect $prompt {} > > # Is this a multi-command? > if [ string match "*\;*" "$command" ] { > set commands [split $command \;] > set num_commands [llength $commands] > > for {set i 0} {$i < $num_commands} { incr i} { > send "[lindex $commands $i]\r" > expect { > -re "^\[^\n\r]*$prompt $" {} > -re "^\[^\n\r]*$prompt." { exp_continue } > -re "(\r\n|\n)" { exp_continue } > } > } > } else { > send "$command\r" > expect { > -re "^\[^\n\r]*$prompt $" {} > -re "^\[^\n\r]*$prompt." { exp_continue } > -re "(\r\n|\n)" { exp_continue } > } > } > send "enable clipaging\r" > expect $prompt {} > > send "exit\r" > expect { > "Do you wish to save your configuration changes? (y/n)" { > send "$saveyn\r" > exp_continue > } > > > "\n" { exp_continue } > timeout { return 0 } > eof { return 0 } > } > set in_proc 0 > } > > # > # For each router... (this is main loop) > # > source_password_file $password_file > set in_proc 0 > foreach router [lrange $argv $i end] { > set router [string tolower $router] > send_user "$router\n" > > set prompt ">" > > # Figure out username > if {[info exists username]} { > # command line username > set loginname $username > } else { > set loginname [find user $router] > if { "$loginname" == "" } { set loginname $default_user } > } > > # Figure out loginname's password (if different from the vty password) > if {[info exists userpswd]} { > # command line passwd > set passwd $userpswd > } else { > set passwd [lindex [find password $loginname@$router] 0] > if { "$passwd" == "" } { set passwd [lindex [find password $router] 0] } > } > > # figure out identity file to use > set identfile "" > if {[info exists identity]} { > set identfile [lindex [find identity $router] 0] > } > > # Figure out ssh cypher type > if {[info exists cypher]} { > # command line ssh cypher type > set cyphertype $cypher > } else { > set cyphertype [find cyphertype $router] > if { "$cyphertype" == "" } { set cyphertype "3des" } > } > > # Figure out connection method > set cmethod [find method $router] > if { "$cmethod" == "" } { set cmethod {{telnet} {ssh}} } > > # Login to the router > if {[login $router $loginname $passwd $prompt $cmethod $cyphertype $identfile]} { > continue > } > > if { $do_command } { > if {[run_commands $prompt $command $saveyn]} { > continue > } > } elseif { $do_script } { > send "disable clipaging\r" > expect $prompt {} > # send "set cli screen-length 0\r" > # expect $prompt {} > source $sfile > close > } else { > label $router > log_user 1 > interact > } > > # End of for each router > wait > sleep 0.3 > } > exit 0 From owner-rancid-discuss@shrubbery.net Tue Oct 16 04:15:21 2001 Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (8.11.6/8.11.1) with ESMTP id f9G4FLx15350 for ; Tue, 16 Oct 2001 04:15:21 GMT Received: by guelah.shrubbery.net (8.11.4/8.11.1) id f9G4Dxu24181 for rancid-discuss-outgoing; Tue, 16 Oct 2001 04:13:59 GMT Received: from bnc.webcentral.com.au (bnc.webcentral.com.au [202.139.236.123]) by guelah.shrubbery.net (8.11.4/8.11.1) with ESMTP id f9G4DtI24177 for ; Tue, 16 Oct 2001 04:13:55 GMT Received: by bnc.webcentral.com.au with Internet Mail Service (5.5.2653.19) id <47PFY3BB>; Tue, 16 Oct 2001 14:13:53 +1000 Message-ID: <415DD4BF903BD311A3D900A0C99F90220960730C@bnc.webcentral.com.au> From: Andrew Fort To: rancid-discuss@shrubbery.net Subject: patch to identify new "calhoun" platform C2950 uniquely Date: Tue, 16 Oct 2001 14:13:51 +1000 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk the new catalyst 2950 switch uses a new hardware platform (called CALHOUN). this patch (against 2.2b5 sources), makes rancid identify the new box as a "2950" (it calls itself C2950 as opposed to C2900XL for the older model). otherwise, the new switch is very similar to the old (more switchplane bandwidth, no ISL trunks!), but I'd like it to be identified seperately in my network (so I can grep rancid files to find the new babies for my live inventory reports) with the patch, the new switch diffs in like.. Index: configs/sw150.bne =================================================================== retrieving revision 1.1 diff -u -4 -r1.1 sw150.bne @@ -0,0 +1,305 @@ + !RANCID-CONTENT-TYPE: cisco + ! + !Chassis type: WS-C2950-24 - a 2950 switch --diff-- --- rancid Wed Aug 8 13:08:42 2001 +++ /usr/local/rancid/bin/rancid Tue Oct 16 13:36:06 2001 @@ -212,6 +212,9 @@ $type = "12000"; } elsif ( $1 =~ /1201[26]-8R\/GRP/) { $type = "12000"; + } elsif ( $1 =~ /WS-C2950/) { + $type = "2950"; + $device = "switch"; } elsif ( $1 =~ /WS-C29/) { $type = "2900XL"; $device = "switch"; --diff-- -amf From owner-rancid-discuss@shrubbery.net Tue Oct 16 05:33:13 2001 Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (8.11.6/8.11.1) with ESMTP id f9G5XCx16305 for ; Tue, 16 Oct 2001 05:33:12 GMT Received: from localhost (localhost [[UNIX: localhost]]) by guelah.shrubbery.net (8.11.4/8.11.1) id f9G5Vl424821 for rancid-discuss-outgoing; Tue, 16 Oct 2001 05:31:47 GMT Received: from paeroa.ipg.tsnz.net (paeroa.ipg.tsnz.net [203.97.244.50]) by guelah.shrubbery.net (8.11.4/8.11.1) with ESMTP id f9G5VhI24814; Tue, 16 Oct 2001 05:31:43 GMT Received: from bamboo.ipg.tsnz.net ([203.97.244.25] helo=tsnz.net) by paeroa.ipg.tsnz.net with esmtp (Exim 3.32 #9) id 15tMpE-000ArY-00; Tue, 16 Oct 2001 18:31:36 +1300 Message-ID: <3BCBC638.4B5B5BE@tsnz.net> Date: Tue, 16 Oct 2001 18:31:36 +1300 From: Dylan Hall Organization: TelstraSaturn X-Mailer: Mozilla 4.77 [en] (X11; U; Linux 2.4.9 i686) X-Accept-Language: en MIME-Version: 1.0 To: john heasley CC: "rancid-discuss@shrubbery.net" Subject: Re: Problems with RE matching in .cloginrc References: <3BCB6A58.7DC11847@tsnz.net> <20011015203114.B23441@shrubbery.net> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk The problem also occurs with jlogin 2.1 and 2.2b8 (my xlogin was derived from jlogin 2.1). I beleave the problem is the way that jlogin looks up the password. From jlogin 2.1: 1 # Figure out loginname's password (if different from the vty password) 2 if {[info exists userpswd]} { 3 # command line passwd 4 set passwd $userpswd 5 } else { 6 set passwd [lindex [find password $loginname@$router] 0] 7 if { "$passwd" == "" } { set passwd [lindex [find password $router] 0] } 8 } The find on line 6 matches the wildcard in .cloginrc instead of the match on line 7. The workaround is to remove the check for $loginname@$router from jlogin. Can you suggest a more elegant fix? Thanks, -- Dylan Hall IP Engineer TelstraSaturn Ltd Ph: +64 4 9395000 Fax: +64 4 9228555 john heasley wrote: > > this is for extreme switches? if so, please try clogin in 2.2b8. > > Tue, Oct 16, 2001 at 11:59:36AM +1300, Dylan Hall: > > We're having some problems getting the .cloginrc file to do what we want. Below is an extract from the file (passwords changed). The idea is that we have some wildcard entries to catch most of our switches, but a couple of more specific matches where they differ. > > > > # > > # Edge Switches..... > > # > > add method s3-BNZW01-r01.engops.tsnz.net {ssh} > > add user s3-BNZW01-r01.engops.tsnz.net rancid > > add password s3-BNZW01-r01.engops.tsnz.net 12345 > > > > > > add method *-r01.engops.tsnz.net {ssh} > > add user *-r01.engops.tsnz.net admin > > add password *-r01.engops.tsnz.net abcde > > > > > > When we use xlogin (a hack of clogin or jlogin to work with Extremes - I can't remember which) the following happens > > > > % ./xlogin -c "show version" s3-BNZW01-r01.engops.tsnz.net > > s3-bnzw01-r01.engops.tsnz.net > > spawn ssh -c 3des -x -l admin s3-bnzw01-r01.engops.tsnz.net > > > > xlogin seems to be getting the wrong username. > > > > if I change the case of entries in .cloginrc so everything is lowercase as follows: > > > > # > > # Edge Switches..... > > # > > add method s3-bnzw01-r01.engops.tsnz.net {ssh} > > add user s3-bnzw01-r01.engops.tsnz.net rancid > > add password s3-bnzw01-r01.engops.tsnz.net 12345 > > > > > > add method *-r01.engops.tsnz.net {ssh} > > add user *-r01.engops.tsnz.net admin > > add password *-r01.engops.tsnz.net abcde > > > > > > % ./xlogin -c "show version" s3-bnzw01-r01.engops.tsnz.net > > s3-bnzw01-r01.engops.tsnz.net > > spawn ssh -c 3des -x -l rancid s3-bnzw01-r01.engops.tsnz.net > > rancid@s3-bnzw01-r01.engops.tsnz.net's password: > > Permission denied, please try again. > > > > xlogin seems to get the right username now, but is still getting the wrong password. > > > > Can anyone explain/fix this? Are we using wildcards in the wrong way? > > > > I have attached xlogin, although the functions that match passwords are unaltered. > > > > This problems exists on my linux box with expect version 5.31.8 and on my freebsd box with expect version 5.32.1 > > > > Thanks for your help, > > From owner-rancid-discuss@shrubbery.net Wed Oct 17 03:11:28 2001 Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (8.11.6/8.11.1) with ESMTP id f9H3BRx06279 for ; Wed, 17 Oct 2001 03:11:27 GMT Received: by guelah.shrubbery.net (8.11.4/8.11.1) id f9H39WF07250 for rancid-discuss-outgoing; Wed, 17 Oct 2001 03:09:32 GMT Received: from tower.partan.com (tower.partan.com [198.6.255.248]) by guelah.shrubbery.net (8.11.4/8.11.1) with ESMTP id f9H39OI07246 for ; Wed, 17 Oct 2001 03:09:24 GMT Received: (from asp@localhost) by tower.partan.com (8.9.3/8.9.3) id XAA13014; Tue, 16 Oct 2001 23:09:08 -0400 (EDT) Date: Tue, 16 Oct 2001 23:09:08 -0400 From: Andrew Partan To: Dylan Hall Cc: rancid-discuss@shrubbery.net Subject: Re: Problems with RE matching in .cloginrc Message-ID: <20011016230908.D12784@partan.com> References: <3BCB6A58.7DC11847@tsnz.net> <20011015203114.B23441@shrubbery.net> <3BCBC638.4B5B5BE@tsnz.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0i In-Reply-To: <3BCBC638.4B5B5BE@tsnz.net>; from dylan.hall@tsnz.net on Tue, Oct 16, 2001 at 06:31:36PM +1300 Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk On Tue, Oct 16, 2001 at 06:31:36PM +1300, Dylan Hall wrote: > The workaround is to remove the check for $loginname@$router from > jlogin. Can you suggest a more elegant fix? Hmm; I think that jlogin is the only *login that has this login@router stuff. I think that this bit should be removed. Is anyone using it? --asp@partan.com (Andrew Partan) From owner-rancid-discuss@shrubbery.net Wed Oct 17 20:42:52 2001 Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (8.11.6/8.11.1) with ESMTP id f9HKgqx23531 for ; Wed, 17 Oct 2001 20:42:52 GMT Received: by guelah.shrubbery.net (8.11.4/8.11.1) id f9HKfAE16368 for rancid-discuss-outgoing; Wed, 17 Oct 2001 20:41:10 GMT Received: from sfoexh01.yipes.com (sfo002ns01.yipes.com [209.213.212.199]) by guelah.shrubbery.net (8.11.4/8.11.1) with ESMTP id f9HKf7I16364 for ; Wed, 17 Oct 2001 20:41:07 GMT Received: by sfoexh01.yipes.com with Internet Mail Service (5.5.2653.19) id <4Z3FWMCT>; Wed, 17 Oct 2001 13:40:59 -0700 Message-ID: <65988049D870C042BD59CF516556134A14D2AE@sfoexh01.yipes.com> From: Alex Bochannek To: "'rancid-discuss@shrubbery.net'" Subject: RANCID and TFTP. Date: Wed, 17 Oct 2001 13:40:57 -0700 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk I was wondering what everybody else does to make configs, which RANCID pulled from the device, available for TFTP downloads. Symlinks from /configs? Separate CVS checkouts to /tftpboot? Also, does anybody have experience with utftpd? I am wondering about using utftpd's revision control interface to check files out from RANCID. Alex Bochannek Senior Unix/Network Engineer Yipes ... that's fast! (415) 901-2000 (415) 901-2090 (direct) www.yipes.com Yipes is the defining provider of fully scalable bandwidth for businesses. We offer fully-managed high speed Internet and Nationwide LAN-to-LAN services at speeds ranging from 1 Mbps to 1 Gbps, in 1 Mbps increments. Yipes delivers this uniquely flexible service over the first nationwide system of optical IP networks. From owner-rancid-discuss@shrubbery.net Wed Oct 17 21:33:02 2001 Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (8.11.6/8.11.1) with ESMTP id f9HLX2x24154 for ; Wed, 17 Oct 2001 21:33:02 GMT Received: by guelah.shrubbery.net (8.11.4/8.11.1) id f9HLVh216928 for rancid-discuss-outgoing; Wed, 17 Oct 2001 21:31:43 GMT Received: from sfoexh01.yipes.com (sfo002ns01.yipes.com [209.213.212.199]) by guelah.shrubbery.net (8.11.4/8.11.1) with ESMTP id f9HLVdI16920 for ; Wed, 17 Oct 2001 21:31:39 GMT Received: by sfoexh01.yipes.com with Internet Mail Service (5.5.2653.19) id <4Z3FWM4Y>; Wed, 17 Oct 2001 14:31:31 -0700 Message-ID: <65988049D870C042BD59CF516556134A14D2B2@sfoexh01.yipes.com> From: Alex Bochannek To: "'john heasley'" Cc: rancid-discuss@guelah.shrubbery.net Subject: RE: Proposed Extreme changes. Date: Wed, 17 Oct 2001 14:31:25 -0700 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk OK, I am testing the new version and have a couple of problems with it. I am working on trying to figure out why "show config" on Extreme doesn't seem to complete sometimes and I will probably have some time to look into this tomorrow. The other issue is "show diagnostics" on Extreme. Apparently this command does not exist on Alpines or pre-6.1.7 BDs. It does exist on all Extreme devices supported in 6.2.0 and pre-inferno devices. So, it works with non-I Summits and current rev BDs. John, how do you want to handle this? Alex Bochannek Senior Unix/Network Engineer Yipes ... that's fast! (415) 901-2000 (415) 901-2090 (direct) www.yipes.com -----Original Message----- From: 'john heasley' [mailto:heas@shrubbery.net] Sent: Monday, October 15, 2001 8:25 PM To: Alex Bochannek Cc: rancid-discuss@guelah.shrubbery.net Subject: Re: Proposed Extreme changes. Mon, Oct 15, 2001 at 03:58:12PM -0700, Alex Bochannek: > Did you update the image on your server with this new clogin? i just have, 2.2b8. i know that collection of extreme fails if the config has been changed but not saved. have not worked that out yet. CHANGES: 2.2b8 add PAR_COUNT variable to bin/env for adjusting the number of simultaneous collections. see bin/env (or bin/env.new for those with previous installation) and the env(5) manpage. more work on extreme switch bits + fixes from Alex Bochannek. jlogin: add 1s sleeps to avoid passwords being echo'd before tty noecho is set. richard doty few looking glass fixes brancid: filter uptime and add -all option to config for bayrs version 14. from mordechai abzug jrancid: m160 measured chassis clock MHz fluctuates, trim the decimal places. from Mark A Gebert. par: -x fix for log file monitoring killing xterms. from rdrake. From owner-rancid-discuss@shrubbery.net Thu Oct 18 00:10:09 2001 Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (8.11.6/8.11.1) with ESMTP id f9I0A9x25979 for ; Thu, 18 Oct 2001 00:10:09 GMT Received: by guelah.shrubbery.net (8.11.4/8.11.1) id f9I08IY18325 for rancid-discuss-outgoing; Thu, 18 Oct 2001 00:08:18 GMT Received: from bnc.webcentral.com.au (bnc.webcentral.com.au [202.139.236.123]) by guelah.shrubbery.net (8.11.4/8.11.1) with ESMTP id f9I08FI18320 for ; Thu, 18 Oct 2001 00:08:15 GMT Received: by bnc.webcentral.com.au with Internet Mail Service (5.5.2653.19) id <47PFYX30>; Thu, 18 Oct 2001 10:08:08 +1000 Message-ID: <415DD4BF903BD311A3D900A0C99F902209607315@bnc.webcentral.com.au> From: Andrew Fort To: "'Alex Bochannek'" , "'rancid-discuss@shrubbery.net'" Subject: RE: RANCID and TFTP. Date: Thu, 18 Oct 2001 10:08:04 +1000 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk >I was wondering what everybody else does to make configs, which RANCID >pulled from the device, available for TFTP downloads. Symlinks from >/configs? Separate CVS checkouts to /tftpboot? Also, >does anybody >have experience with utftpd? I am wondering about using >utftpd's revision >control interface to check files out from RANCID. Alex, I've recently been thinking alot about this, also; and I'm sure the more experienced ops folks in the list would have come up with some better solutions than mine :). I presume you want to use your saved configurations for disaster recovery ("plug in a new one and say ahhh!") -- at the moment I pull the file over to a temporary in the tftp path that only the "build" devices have access to (using utftpd ACLs). To upload to the device i'm just using the expect scripts recently posted to the list; e.g. clogin -s ./cisco-load.exp blah and then clogin -s ./cisco-reload.exp blah I manually replace the passwords in the device, usually in the temporary file before its uploaded. If not, I usually forget to put the BGP md5 auth passwords in, think "ugh, why doesn't the thing bring up adjacen... doh!" and then get with the program, so a script to regexp the ! password stuff with the users' input would be a useful thing, also (or more coffee). Since utftpd uses RCS (or SCCS?) only, how would you plan to do this with RANCID, which is a CVS tool? I remember Uwe saying adding CVS support would not be easy.. -amf From owner-rancid-discuss@shrubbery.net Thu Oct 18 02:20:58 2001 Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (8.11.6/8.11.1) with ESMTP id f9I2Kwx27443 for ; Thu, 18 Oct 2001 02:20:58 GMT Received: by guelah.shrubbery.net (8.11.4/8.11.1) id f9I2JSK19345 for rancid-discuss-outgoing; Thu, 18 Oct 2001 02:19:28 GMT Received: (from heas@localhost) by guelah.shrubbery.net (8.11.4/8.11.1) id f9I2JOt19337; Thu, 18 Oct 2001 02:19:24 GMT Date: Wed, 17 Oct 2001 19:19:24 -0700 From: "'john heasley'" To: Alex Bochannek Cc: "'john heasley'" , rancid-discuss@guelah.shrubbery.net Subject: Re: Proposed Extreme changes. Message-ID: <20011017191924.C19164@shrubbery.net> References: <65988049D870C042BD59CF516556134A14D2B2@sfoexh01.yipes.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <65988049D870C042BD59CF516556134A14D2B2@sfoexh01.yipes.com>; from ABochannek@yipes.com on Wed, Oct 17, 2001 at 02:31:25PM -0700 X-note: live free, or die! X-homer: ralph, jesus did not have wheels. Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk Wed, Oct 17, 2001 at 02:31:25PM -0700, Alex Bochannek: > OK, I am testing the new version and have a couple of problems with it. I am > working on trying to figure out why "show config" on Extreme doesn't seem to > complete sometimes and I will probably have some time to look into this > tomorrow. > > The other issue is "show diagnostics" on Extreme. Apparently this command > does not exist on Alpines or pre-6.1.7 BDs. It does exist on all Extreme > devices supported in 6.2.0 and pre-inferno devices. So, it works with non-I > Summits and current rev BDs. John, how do you want to handle this? this shouldnt cause a problem, though some of the useful data may be missing. why is it a problem? for example #RANCID-CONTENT-TYPE: extreme # #Chassis type: Alpine3804 # #System Serial Number: 802009-01 0022X-00030 #CPU Serial Number: 702001-05 0021S-01000 CPLD Rev 03 #Baseboard Serial Number: 702008-03 0025B-00022 CPLD Rev 03 # #Memory: 268435456 (256MB) # #Power: Upper (PSU-A) 45012 4300-00007 03 0022J-01355 #Power: Lower (PSU-B) # #Image: Extremeware Version 6.2.0 (Build 60) #Image: License: Full L3 + Security. #Image: selected: secondary #Image: booted: secondary #Image: Primary Software version: x.x #Image: Secondary software version: x.x # #Bootrom: 7.2 # # # #Slot 1: type GM4SX, GM4X/GM4SX #Slot 1: serial 702005-06-0025S00877 #Slot 1: state Operational # #Slot 2: type GM4SX, GM4X/GM4SX #Slot 2: serial 702005-06-0021S00131 #Slot 2: state Operational # #Slot 3: type FM32, FM32 #Slot 3: serial 702009-06-0024S00170 #Slot 3: state Operational # #Slot 4: type FM32, FM32 #Slot 4: serial 702009-06-0024S00319 #Slot 4: state Operational # configure slot 1 module gm4x configure slot 2 module gm4x configure slot 3 module fm32t configure slot 4 module fm32t # From owner-rancid-discuss@shrubbery.net Thu Oct 18 07:00:53 2001 Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (8.11.6/8.11.1) with ESMTP id f9I70qx01563 for ; Thu, 18 Oct 2001 07:00:52 GMT Received: by guelah.shrubbery.net (8.11.4/8.11.1) id f9I704o21480 for rancid-discuss-outgoing; Thu, 18 Oct 2001 07:00:04 GMT Received: from yosemite.rwc.gnac.net (yosemite.rwc.gnac.net [198.151.248.221]) by guelah.shrubbery.net (8.11.4/8.11.1) with ESMTP id f9I6xvI21459 for ; Thu, 18 Oct 2001 06:59:57 GMT Received: by yosemite.rwc.gnac.net; id XAA11185; Wed, 17 Oct 2001 23:59:56 -0700 (PDT) Received: from unknown(192.168.1.21) by yosemite.rwc.gnac.net via smap (V5.0) id xma011181; Wed, 17 Oct 01 23:59:44 -0700 Received: from tweety.main.gnac.com (localhost.main.gnac.com [127.0.0.1]) by pepe.corp.gnac.com (8.11.0/8.8.7/GNAC-GW-2.1) with ESMTP id f9I6xQ308209; Wed, 17 Oct 2001 23:59:26 -0700 (PDT) Received: (from davidw@localhost) by tweety.main.gnac.com (8.9.3/8.7.3/GNAC-COM-1.1) id XAA14603; Wed, 17 Oct 2001 23:59:43 -0700 (PDT) Date: Wed, 17 Oct 2001 23:59:43 -0700 From: David Williamson To: Andrew Fort Cc: "'Alex Bochannek'" , "'rancid-discuss@shrubbery.net'" Subject: Re: RANCID and TFTP. Message-ID: <20011017235943.M25041@tweety.main.gnac.com> References: <415DD4BF903BD311A3D900A0C99F902209607315@bnc.webcentral.com.au> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0.1i In-Reply-To: <415DD4BF903BD311A3D900A0C99F902209607315@bnc.webcentral.com.au>; from afort@staff.webcentral.com.au on Thu, Oct 18, 2001 at 10:08:04AM +1000 Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk On Thu, Oct 18, 2001 at 10:08:04AM +1000, Andrew Fort wrote: > I manually replace the passwords in the device, usually in the temporary > file before its uploaded. If not, I usually forget to put the BGP md5 auth > passwords in, think "ugh, why doesn't the thing bring up adjacen... doh!" > and then get with the program, so a script to regexp the ! password > stuff with the users' input would be a useful thing, also (or more > coffee). An option to not strip the passwords would also be useful, although I admit I wouldn't use it. Given a decent password storage mechanism (you all have one, right?), it's pretty much a little perl to put the config file back to 'reality' before shoving it onto the router. Or more caffeine, as suggested. -David From owner-rancid-discuss@shrubbery.net Thu Oct 18 16:09:37 2001 Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (8.11.6/8.11.1) with ESMTP id f9IG9bx08212 for ; Thu, 18 Oct 2001 16:09:37 GMT Received: by guelah.shrubbery.net (8.11.4/8.11.1) id f9IG9AM26632 for rancid-discuss-outgoing; Thu, 18 Oct 2001 16:09:10 GMT Received: (from heas@localhost) by guelah.shrubbery.net (8.11.4/8.11.1) id f9IG97126627 for rancid-discuss@shrubbery.net; Thu, 18 Oct 2001 16:09:07 GMT Date: Thu, 18 Oct 2001 09:09:07 -0700 From: john heasley To: rancid-discuss@shrubbery.net Subject: Re: RANCID and TFTP. Message-ID: <20011018090907.B26260@shrubbery.net> References: <415DD4BF903BD311A3D900A0C99F902209607315@bnc.webcentral.com.au> <20011017235943.M25041@tweety.main.gnac.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20011017235943.M25041@tweety.main.gnac.com>; from davidw@certaintysolutions.com on Wed, Oct 17, 2001 at 11:59:43PM -0700 X-note: live free, or die! X-homer: ralph, jesus did not have wheels. Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk Wed, Oct 17, 2001 at 11:59:43PM -0700, David Williamson: > On Thu, Oct 18, 2001 at 10:08:04AM +1000, Andrew Fort wrote: > > I manually replace the passwords in the device, usually in the temporary > > file before its uploaded. If not, I usually forget to put the BGP md5 auth > > passwords in, think "ugh, why doesn't the thing bring up adjacen... doh!" > > and then get with the program, so a script to regexp the ! password > > stuff with the users' input would be a useful thing, also (or more > > coffee). > > An option to not strip the passwords would also be useful, although I is this something folks really want? > admit I wouldn't use it. Given a decent password storage mechanism > (you all have one, right?), it's pretty much a little perl to put the > config file back to 'reality' before shoving it onto the router. > > Or more caffeine, as suggested. > > -David From owner-rancid-discuss@shrubbery.net Thu Oct 18 16:19:24 2001 Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (8.11.6/8.11.1) with ESMTP id f9IGJNx08304 for ; Thu, 18 Oct 2001 16:19:23 GMT Received: by guelah.shrubbery.net (8.11.4/8.11.1) id f9IGJQo26741 for rancid-discuss-outgoing; Thu, 18 Oct 2001 16:19:26 GMT Received: from yosemite.rwc.gnac.net (yosemite.rwc.gnac.net [198.151.248.221]) by guelah.shrubbery.net (8.11.4/8.11.1) with ESMTP id f9IGJMI26734; Thu, 18 Oct 2001 16:19:22 GMT Received: by yosemite.rwc.gnac.net; id JAA25951; Thu, 18 Oct 2001 09:19:21 -0700 (PDT) Received: from unknown(192.168.1.21) by yosemite.rwc.gnac.net via smap (V5.0) id xma025944; Thu, 18 Oct 01 09:19:12 -0700 Received: from tweety.main.gnac.com (localhost.main.gnac.com [127.0.0.1]) by pepe.corp.gnac.com (8.11.0/8.8.7/GNAC-GW-2.1) with ESMTP id f9IGIsA13121; Thu, 18 Oct 2001 09:18:54 -0700 (PDT) Received: (from davidw@localhost) by tweety.main.gnac.com (8.9.3/8.7.3/GNAC-COM-1.1) id JAA16490; Thu, 18 Oct 2001 09:19:12 -0700 (PDT) Date: Thu, 18 Oct 2001 09:19:11 -0700 From: David Williamson To: john heasley Cc: rancid-discuss@shrubbery.net Subject: Re: RANCID and TFTP. Message-ID: <20011018091911.R25041@tweety.main.gnac.com> References: <415DD4BF903BD311A3D900A0C99F902209607315@bnc.webcentral.com.au> <20011017235943.M25041@tweety.main.gnac.com> <20011018090907.B26260@shrubbery.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0.1i In-Reply-To: <20011018090907.B26260@shrubbery.net>; from heas@shrubbery.net on Thu, Oct 18, 2001 at 09:09:07AM -0700 Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk On Thu, Oct 18, 2001 at 09:09:07AM -0700, john heasley wrote: > > An option to not strip the passwords would also be useful, although I > > is this something folks really want? Having suggested it, I'd admit that I'm not certain it's what I want. I have some network gear that's not currently watched by rancid. Some of that gear is so far out of production that I really don't care about tracking actual config changes. It would be nice to have a repository of those configs, however, for disaster recovery. And for that, it would be nice to have the whole config, intact, including passwords. This hasn't bitten me with the access or enable passwords, but having the tacacs+ key stripped out has bitten me a couple of times during a recovery. It would probably be ideal if there was an option to encrypt rancid's output, rather than stripping anything our of the config. Of course, the key would probably have to go into .cloginrc, which defeats the point. There's probably not a better solution to this problem than simply stripping the passwords, as is done now. Sorry to ramble on, but I'm really on the fence on this topic. Sometimes I think it would be nice to have everything directly in the stored config. Other times I think it's very very good to not have the passwords exposed. For those who don't know why it's a good thing to keep the passwords stripped, here's a perl script to decrypt your console and tty passwords: perl -ne 'if (/^(.* password )7 ([0-9A-F]*)$/) { print $1; $enc = substr("dsfd;k foA,.iyewrkldJKDHSUB",substr($2,0,2)); $pw = substr($2,2); foreach $i (0 .. (len gth($pw)/2)-1) { print pack("c",hex(substr($pw,$i*2,2))^unpack("c",substr($enc,$ i,1))); } print "\n"; } else { print; }' It's that easy. (Okay, I got that from someone..I don't speak perl that well. :) Hmm...what to do...what to do.... -David From owner-rancid-discuss@shrubbery.net Thu Oct 18 16:30:25 2001 Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (8.11.6/8.11.1) with ESMTP id f9IGUPx08592 for ; Thu, 18 Oct 2001 16:30:25 GMT Received: by guelah.shrubbery.net (8.11.4/8.11.1) id f9IGUHw26882 for rancid-discuss-outgoing; Thu, 18 Oct 2001 16:30:17 GMT Received: (from heas@localhost) by guelah.shrubbery.net (8.11.4/8.11.1) id f9IGUA026872; Thu, 18 Oct 2001 16:30:10 GMT Date: Thu, 18 Oct 2001 09:30:09 -0700 From: john heasley To: David Williamson Cc: john heasley , rancid-discuss@shrubbery.net Subject: Re: RANCID and TFTP. Message-ID: <20011018093009.C26260@shrubbery.net> References: <415DD4BF903BD311A3D900A0C99F902209607315@bnc.webcentral.com.au> <20011017235943.M25041@tweety.main.gnac.com> <20011018090907.B26260@shrubbery.net> <20011018091911.R25041@tweety.main.gnac.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20011018091911.R25041@tweety.main.gnac.com>; from davidw@certaintysolutions.com on Thu, Oct 18, 2001 at 09:19:11AM -0700 X-note: live free, or die! X-homer: ralph, jesus did not have wheels. Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk Thu, Oct 18, 2001 at 09:19:11AM -0700, David Williamson: > On Thu, Oct 18, 2001 at 09:09:07AM -0700, john heasley wrote: > > > An option to not strip the passwords would also be useful, although I > > > > is this something folks really want? > > Having suggested it, I'd admit that I'm not certain it's what I want. > I have some network gear that's not currently watched by rancid. Some of > that gear is so far out of production that I really don't care about > tracking actual config changes. It would be nice to have a repository > of those configs, however, for disaster recovery. And for that, it > would be nice to have the whole config, intact, including passwords. > > This hasn't bitten me with the access or enable passwords, but having > the tacacs+ key stripped out has bitten me a couple of times during a > recovery. It would probably be ideal if there was an option to encrypt > rancid's output, rather than stripping anything our of the config. > Of course, the key would probably have to go into .cloginrc, which defeats > the point. There's probably not a better solution to this problem than > simply stripping the passwords, as is done now. suppose it might be possible to strip them only for the diff mail. think that might be a pita, needing to be generic. > Sorry to ramble on, but I'm really on the fence on this topic. Sometimes > I think it would be nice to have everything directly in the stored config. > Other times I think it's very very good to not have the passwords exposed. > > For those who don't know why it's a good thing to keep the passwords > stripped, here's a perl script to decrypt your console and tty passwords: > > perl -ne 'if (/^(.* password )7 ([0-9A-F]*)$/) { print $1; $enc = substr("dsfd;k > foA,.iyewrkldJKDHSUB",substr($2,0,2)); $pw = substr($2,2); foreach $i (0 .. (len > gth($pw)/2)-1) { print pack("c",hex(substr($pw,$i*2,2))^unpack("c",substr($enc,$ > i,1))); } print "\n"; } else { print; }' > > It's that easy. (Okay, I got that from someone..I don't speak perl that > well. :) cisco has added md5 pwds for local username configs to recent S images and, of course, enable has had md5 option for quite some time. i dont believe this was done for ttys. shaggy(config)#user foo sec ? 0 Specifies an UNENCRYPTED secret will follow 5 Specifies a HIDDEN secret will follow LINE The UNENCRYPTED (cleartext) user secret > Hmm...what to do...what to do.... > > -David From owner-rancid-discuss@shrubbery.net Thu Oct 18 16:56:46 2001 Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (8.11.6/8.11.1) with ESMTP id f9IGukx08816 for ; Thu, 18 Oct 2001 16:56:46 GMT Received: from localhost (localhost [[UNIX: localhost]]) by guelah.shrubbery.net (8.11.4/8.11.1) id f9IGuli27282 for rancid-discuss-outgoing; Thu, 18 Oct 2001 16:56:47 GMT Received: from outbound.ea.com (outbound.ea.com [12.35.91.3]) by guelah.shrubbery.net (8.11.4/8.11.1) with ESMTP id f9IGuiI27278 for ; Thu, 18 Oct 2001 16:56:44 GMT Received: from eahq-bh1.rws.ad.ea.com (eahq-bh1.ea.com [10.14.204.31]) by outbound.ea.com (Switch-2.1.3/Switch-2.1.0) with ESMTP id f9IGvMV07056 for ; Thu, 18 Oct 2001 09:57:23 -0700 (PDT) Received: by eahq-bh1 with Internet Mail Service (5.5.2653.19) id <4VKXN5TX>; Thu, 18 Oct 2001 09:56:41 -0700 Message-ID: From: "Rizzo, Joe" To: rancid-discuss@shrubbery.net Subject: Rancid with Zebra Date: Thu, 18 Oct 2001 09:56:40 -0700 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01C157F5.DB75F7B0" Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk This message is in MIME format. Since your mail reader does not understand this format, some or all of this message may not be legible. ------_=_NextPart_001_01C157F5.DB75F7B0 Content-Type: text/plain Is anyone using rancid with zebra (www.zebra.org )? The interface looks and feels like Cisco IOS. The problem is that zebra listens on tcp port 2601. Each routing protocol daemon listens on a unique port as well. Example: ospfd listens on 2604. To completely pull the zebra configs, rancid would need to login to the same system on multiple ports. I could make zebra listen on port 23, but then ospfd, ripd, bgpd, etc would have to listen on another port. I could have 2 hostnames for the system: 10.1.1.1 vpn01_zebra vpn01_ospfd Then have multiple entries in router.db: vpn01_zebra:cisco:up vpn01_ospfd:cisco:up But, how could I tell rancid to use port 2601 rather that port 23 to telnet to certain hosts? Thanks, Joe ------_=_NextPart_001_01C157F5.DB75F7B0 Content-Type: text/html Content-Transfer-Encoding: quoted-printable Rancid with Zebra

Is anyone using = rancid with zebra (www.zebra.org)?

The interface looks = and feels like Cisco IOS. = The problem is that zebra listens = on tcp port 2601. = Each routing protocol daemon = listens on a unique port as well. Example: ospfd listens on = 2604.

To completely pull the = zebra configs, rancid would need = to login to the same system on multiple = ports.

I could make zebra listen = on port 23, but then = ospfd, ripd, bgpd, etc would have = to listen on another port.

I could have 2 hostnames for the system:

10.1.1.1 vpn01_zebra = vpn01_ospfd

Then have multiple = entries in router.db:

vpn01_zebra:cisco:up

vpn01_ospfd:cisco:up

But, how could I tell rancid to = use port 2601 rather that port 23 to telnet to certain = hosts?

Thanks,

Joe

------_=_NextPart_001_01C157F5.DB75F7B0-- From owner-rancid-discuss@shrubbery.net Thu Oct 18 17:03:10 2001 Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (8.11.6/8.11.1) with ESMTP id f9IH39x08870 for ; Thu, 18 Oct 2001 17:03:09 GMT Received: by guelah.shrubbery.net (8.11.4/8.11.1) id f9IH3Dl27399 for rancid-discuss-outgoing; Thu, 18 Oct 2001 17:03:13 GMT Received: (from heas@localhost) by guelah.shrubbery.net (8.11.4/8.11.1) id f9IH36t27388; Thu, 18 Oct 2001 17:03:06 GMT Date: Thu, 18 Oct 2001 10:03:06 -0700 From: john heasley To: "Rizzo, Joe" Cc: rancid-discuss@shrubbery.net Subject: Re: Rancid with Zebra Message-ID: <20011018100305.N26260@shrubbery.net> References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: ; from JRizzo@ea.com on Thu, Oct 18, 2001 at 09:56:40AM -0700 X-note: live free, or die! X-homer: ralph, jesus did not have wheels. Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk Thu, Oct 18, 2001 at 09:56:40AM -0700, Rizzo, Joe: > Is anyone using rancid with zebra (www.zebra.org )? > > The interface looks and feels like Cisco IOS. The problem is that zebra > listens on tcp port 2601. Each routing protocol daemon listens on a unique > port as well. Example: ospfd listens on 2604. > > To completely pull the zebra configs, rancid would need to login to the same > system on multiple ports. > > I could make zebra listen on port 23, but then ospfd, ripd, bgpd, etc would > have to listen on another port. havent used it; but that's nasty. i've used mrt, but didnt occur to me to run rancid against since it did poorly with heavy bgp load. mrt should collect as :cisco:, since iirc it's identical to the cisco ui. > I could have 2 hostnames for the system: > 10.1.1.1 vpn01_zebra vpn01_ospfd > > Then have multiple entries in router.db: > vpn01_zebra:cisco:up > vpn01_ospfd:cisco:up > > But, how could I tell rancid to use port 2601 rather that port 23 to telnet > to certain hosts? can't at the moment. suspect something like .cloginrc: add method * {telnet:24} {ssh:19} would be a good way to deal with it. From owner-rancid-discuss@shrubbery.net Thu Oct 18 21:19:24 2001 Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (8.11.6/8.11.1) with ESMTP id f9ILJOx11947 for ; Thu, 18 Oct 2001 21:19:24 GMT Received: by guelah.shrubbery.net (8.11.4/8.11.1) id f9ILJHc00659 for rancid-discuss-outgoing; Thu, 18 Oct 2001 21:19:17 GMT Received: from sfoexh01.yipes.com (sfo002ns01.yipes.com [209.213.212.199]) by guelah.shrubbery.net (8.11.4/8.11.1) with ESMTP id f9ILJEI00655 for ; Thu, 18 Oct 2001 21:19:14 GMT Received: by sfoexh01.yipes.com with Internet Mail Service (5.5.2653.19) id <4Z3FW4T0>; Thu, 18 Oct 2001 14:19:04 -0700 Message-ID: <65988049D870C042BD59CF516556134A14D2BF@sfoexh01.yipes.com> From: Alex Bochannek To: "'john heasley'" Cc: rancid-discuss@guelah.shrubbery.net Subject: RE: Proposed Extreme changes. Date: Thu, 18 Oct 2001 14:19:02 -0700 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk It's not causing any problems (that I know of), but I just don't like sending invalid commands to devices :) Alex Bochannek Senior Unix/Network Engineer Yipes ... that's fast! (415) 901-2000 (415) 901-2090 (direct) www.yipes.com -----Original Message----- From: 'john heasley' [mailto:heas@shrubbery.net] Sent: Wednesday, October 17, 2001 7:19 PM To: Alex Bochannek Cc: 'john heasley'; rancid-discuss@guelah.shrubbery.net Subject: Re: Proposed Extreme changes. Wed, Oct 17, 2001 at 02:31:25PM -0700, Alex Bochannek: > OK, I am testing the new version and have a couple of problems with it. I am > working on trying to figure out why "show config" on Extreme doesn't seem to > complete sometimes and I will probably have some time to look into this > tomorrow. > > The other issue is "show diagnostics" on Extreme. Apparently this command > does not exist on Alpines or pre-6.1.7 BDs. It does exist on all Extreme > devices supported in 6.2.0 and pre-inferno devices. So, it works with non-I > Summits and current rev BDs. John, how do you want to handle this? this shouldnt cause a problem, though some of the useful data may be missing. why is it a problem? for example #RANCID-CONTENT-TYPE: extreme # #Chassis type: Alpine3804 # #System Serial Number: 802009-01 0022X-00030 #CPU Serial Number: 702001-05 0021S-01000 CPLD Rev 03 #Baseboard Serial Number: 702008-03 0025B-00022 CPLD Rev 03 # #Memory: 268435456 (256MB) # #Power: Upper (PSU-A) 45012 4300-00007 03 0022J-01355 #Power: Lower (PSU-B) # #Image: Extremeware Version 6.2.0 (Build 60) #Image: License: Full L3 + Security. #Image: selected: secondary #Image: booted: secondary #Image: Primary Software version: x.x #Image: Secondary software version: x.x # #Bootrom: 7.2 # # # #Slot 1: type GM4SX, GM4X/GM4SX #Slot 1: serial 702005-06-0025S00877 #Slot 1: state Operational # #Slot 2: type GM4SX, GM4X/GM4SX #Slot 2: serial 702005-06-0021S00131 #Slot 2: state Operational # #Slot 3: type FM32, FM32 #Slot 3: serial 702009-06-0024S00170 #Slot 3: state Operational # #Slot 4: type FM32, FM32 #Slot 4: serial 702009-06-0024S00319 #Slot 4: state Operational # configure slot 1 module gm4x configure slot 2 module gm4x configure slot 3 module fm32t configure slot 4 module fm32t # From owner-rancid-discuss@shrubbery.net Thu Oct 18 21:43:21 2001 Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (8.11.6/8.11.1) with ESMTP id f9ILhLx12326 for ; Thu, 18 Oct 2001 21:43:21 GMT Received: by guelah.shrubbery.net (8.11.4/8.11.1) id f9ILhKU00911 for rancid-discuss-outgoing; Thu, 18 Oct 2001 21:43:20 GMT Received: (from heas@localhost) by guelah.shrubbery.net (8.11.4/8.11.1) id f9ILhGF00903; Thu, 18 Oct 2001 21:43:16 GMT Date: Thu, 18 Oct 2001 14:43:16 -0700 From: "'john heasley'" To: Alex Bochannek Cc: "'john heasley'" , rancid-discuss@guelah.shrubbery.net Subject: Re: Proposed Extreme changes. Message-ID: <20011018144316.K28083@shrubbery.net> References: <65988049D870C042BD59CF516556134A14D2BF@sfoexh01.yipes.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <65988049D870C042BD59CF516556134A14D2BF@sfoexh01.yipes.com>; from ABochannek@yipes.com on Thu, Oct 18, 2001 at 02:19:02PM -0700 X-note: live free, or die! X-homer: ralph, jesus did not have wheels. Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk Thu, Oct 18, 2001 at 02:19:02PM -0700, Alex Bochannek: > It's not causing any problems (that I know of), but I just don't like > sending invalid commands to devices :) i dont believe this is problematic, though we should recognize the "bad cmd" response which i believe is: /^Syntax error at token/ if they've managed to keep at least that much consistent. without doing such commands, we'd need sparate scripts for every family and each OS revision just to collect the info; eg: for cisco we'd need cat 5000, cat 4000, gsr, 7200, 36xx, 7[05]xx, .... > Alex Bochannek > Senior Unix/Network Engineer > Yipes ... that's fast! > (415) 901-2000 > (415) 901-2090 (direct) > www.yipes.com > > > -----Original Message----- > From: 'john heasley' [mailto:heas@shrubbery.net] > Sent: Wednesday, October 17, 2001 7:19 PM > To: Alex Bochannek > Cc: 'john heasley'; rancid-discuss@guelah.shrubbery.net > Subject: Re: Proposed Extreme changes. > > Wed, Oct 17, 2001 at 02:31:25PM -0700, Alex Bochannek: > > OK, I am testing the new version and have a couple of problems with it. I > am > > working on trying to figure out why "show config" on Extreme doesn't seem > to > > complete sometimes and I will probably have some time to look into this > > tomorrow. > > > > The other issue is "show diagnostics" on Extreme. Apparently this command > > does not exist on Alpines or pre-6.1.7 BDs. It does exist on all Extreme > > devices supported in 6.2.0 and pre-inferno devices. So, it works with > non-I > > Summits and current rev BDs. John, how do you want to handle this? > > this shouldnt cause a problem, though some of the useful data may be > missing. why is it a problem? for example > > #RANCID-CONTENT-TYPE: extreme > # > #Chassis type: Alpine3804 > # > #System Serial Number: 802009-01 0022X-00030 > #CPU Serial Number: 702001-05 0021S-01000 CPLD Rev 03 > #Baseboard Serial Number: 702008-03 0025B-00022 CPLD Rev 03 > # > #Memory: 268435456 (256MB) > # > #Power: Upper (PSU-A) 45012 4300-00007 03 0022J-01355 > #Power: Lower (PSU-B) > # > #Image: Extremeware Version 6.2.0 (Build 60) > #Image: License: Full L3 + Security. > #Image: selected: secondary > #Image: booted: secondary > #Image: Primary Software version: x.x > #Image: Secondary software version: x.x > # > #Bootrom: 7.2 > # > # > # > #Slot 1: type GM4SX, GM4X/GM4SX > #Slot 1: serial 702005-06-0025S00877 > #Slot 1: state Operational > # > #Slot 2: type GM4SX, GM4X/GM4SX > #Slot 2: serial 702005-06-0021S00131 > #Slot 2: state Operational > # > #Slot 3: type FM32, FM32 > #Slot 3: serial 702009-06-0024S00170 > #Slot 3: state Operational > # > #Slot 4: type FM32, FM32 > #Slot 4: serial 702009-06-0024S00319 > #Slot 4: state Operational > # > configure slot 1 module gm4x > configure slot 2 module gm4x > configure slot 3 module fm32t > configure slot 4 module fm32t > # From owner-rancid-discuss@shrubbery.net Thu Oct 18 22:00:57 2001 Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (8.11.6/8.11.1) with ESMTP id f9IM0vx12528 for ; Thu, 18 Oct 2001 22:00:57 GMT Received: by guelah.shrubbery.net (8.11.4/8.11.1) id f9IM0uj01223 for rancid-discuss-outgoing; Thu, 18 Oct 2001 22:00:56 GMT Received: from sfoexh01.yipes.com (sfo002ns01.yipes.com [209.213.212.199]) by guelah.shrubbery.net (8.11.4/8.11.1) with ESMTP id f9IM0qh01216; Thu, 18 Oct 2001 22:00:52 GMT Received: by sfoexh01.yipes.com with Internet Mail Service (5.5.2653.19) id <4Z3FWVC3>; Thu, 18 Oct 2001 15:00:46 -0700 Message-ID: <65988049D870C042BD59CF516556134A14D2C0@sfoexh01.yipes.com> From: Alex Bochannek To: "'john heasley'" , "Rizzo, Joe" Cc: rancid-discuss@shrubbery.net Subject: RE: Rancid with Zebra Date: Thu, 18 Oct 2001 15:00:38 -0700 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk How about this: bash-2.03$ diff -c clogin clogin.new *** clogin Wed Oct 17 13:23:17 2001 --- clogin.new Thu Oct 18 14:58:23 2001 *************** *** 286,295 **** # try each of the connection methods in $cmethod until one is successful set progs [llength $cmethod] foreach prog [lrange $cmethod 0 end] { ! if ![string compare $prog "telnet"] { ! if [ catch {spawn telnet $router} reason ] { ! send_user "\nError: telnet failed: $reason\n" ! exit 1 } } elseif ![string compare $prog "ssh"] { if [ catch {spawn ssh -c $cyphertype -x -l $user $router} reason ] { --- 286,297 ---- # try each of the connection methods in $cmethod until one is successful set progs [llength $cmethod] foreach prog [lrange $cmethod 0 end] { ! if [string match "telnet*" $prog] { ! regexp {telnet(:(\d+))*} $prog command suffix port ! if {$port == ""} { set port 23 } ! if [ catch {spawn telnet $router $port} reason ] { ! send_user "\nError: telnet failed: $reason\n" ! exit 1 } } elseif ![string compare $prog "ssh"] { if [ catch {spawn ssh -c $cyphertype -x -l $user $router} reason ] { Alex Bochannek Senior Unix/Network Engineer Yipes ... that's fast! (415) 901-2000 (415) 901-2090 (direct) www.yipes.com -----Original Message----- From: john heasley [mailto:heas@shrubbery.net] Sent: Thursday, October 18, 2001 10:03 AM To: Rizzo, Joe Cc: rancid-discuss@shrubbery.net Subject: Re: Rancid with Zebra Thu, Oct 18, 2001 at 09:56:40AM -0700, Rizzo, Joe: > Is anyone using rancid with zebra (www.zebra.org )? > > The interface looks and feels like Cisco IOS. The problem is that zebra > listens on tcp port 2601. Each routing protocol daemon listens on a unique > port as well. Example: ospfd listens on 2604. > > To completely pull the zebra configs, rancid would need to login to the same > system on multiple ports. > > I could make zebra listen on port 23, but then ospfd, ripd, bgpd, etc would > have to listen on another port. havent used it; but that's nasty. i've used mrt, but didnt occur to me to run rancid against since it did poorly with heavy bgp load. mrt should collect as :cisco:, since iirc it's identical to the cisco ui. > I could have 2 hostnames for the system: > 10.1.1.1 vpn01_zebra vpn01_ospfd > > Then have multiple entries in router.db: > vpn01_zebra:cisco:up > vpn01_ospfd:cisco:up > > But, how could I tell rancid to use port 2601 rather that port 23 to telnet > to certain hosts? can't at the moment. suspect something like .cloginrc: add method * {telnet:24} {ssh:19} would be a good way to deal with it. From owner-rancid-discuss@shrubbery.net Fri Oct 19 01:35:17 2001 Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (8.11.6/8.11.1) with ESMTP id f9J1ZHx15059 for ; Fri, 19 Oct 2001 01:35:17 GMT Received: by guelah.shrubbery.net (8.11.4/8.11.1) id f9J1Z0R03254 for rancid-discuss-outgoing; Fri, 19 Oct 2001 01:35:00 GMT Received: (from heas@localhost) by guelah.shrubbery.net (8.11.4/8.11.1) id f9J1Yrl03249; Fri, 19 Oct 2001 01:34:53 GMT Date: Thu, 18 Oct 2001 18:34:53 -0700 From: john heasley To: Andrew Partan Cc: Dylan Hall , rancid-discuss@shrubbery.net Subject: Re: Problems with RE matching in .cloginrc Message-ID: <20011018183453.K2307@shrubbery.net> References: <3BCB6A58.7DC11847@tsnz.net> <20011015203114.B23441@shrubbery.net> <3BCBC638.4B5B5BE@tsnz.net> <20011016230908.D12784@partan.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20011016230908.D12784@partan.com>; from asp@partan.com on Tue, Oct 16, 2001 at 11:09:08PM -0400 X-note: live free, or die! X-homer: ralph, jesus did not have wheels. Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk Tue, Oct 16, 2001 at 11:09:08PM -0400, Andrew Partan: > On Tue, Oct 16, 2001 at 06:31:36PM +1300, Dylan Hall wrote: > > The workaround is to remove the check for $loginname@$router from > > jlogin. Can you suggest a more elegant fix? > > Hmm; I think that jlogin is the only *login that has this login@router > stuff. I think that this bit should be removed. Is anyone using it? > --asp@partan.com (Andrew Partan) i put that in there a _long_ time ago. i can't remember why and (grumble) the cvs note is empty, but suspect it was a stepping stone. however, i see how it might be useful for a passphrase, granted "user@host" probably isnt the right thing. comments? otherwise, it should go. From owner-rancid-discuss@shrubbery.net Fri Oct 19 05:53:45 2001 Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (8.11.6/8.11.1) with ESMTP id f9J5rjx19539 for ; Fri, 19 Oct 2001 05:53:45 GMT Received: by guelah.shrubbery.net (8.11.4/8.11.1) id f9J5raI05456 for rancid-discuss-outgoing; Fri, 19 Oct 2001 05:53:36 GMT Received: from tower.partan.com (tower.partan.com [198.6.255.248]) by guelah.shrubbery.net (8.11.4/8.11.1) with ESMTP id f9J5rXh05452 for ; Fri, 19 Oct 2001 05:53:33 GMT Received: (from asp@localhost) by tower.partan.com (8.9.3/8.9.3) id BAA09661; Fri, 19 Oct 2001 01:53:22 -0400 (EDT) Date: Fri, 19 Oct 2001 01:53:22 -0400 From: Andrew Partan To: "Rizzo, Joe" Cc: rancid-discuss@shrubbery.net Subject: Re: Rancid with Zebra Message-ID: <20011019015322.A9599@partan.com> References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0i In-Reply-To: ; from JRizzo@ea.com on Thu, Oct 18, 2001 at 09:56:40AM -0700 Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk On Thu, Oct 18, 2001 at 09:56:40AM -0700, Rizzo, Joe wrote: > Is anyone using rancid with zebra (www.zebra.org )? Are there any commands you can use from the shell to get into these various parts of zebra? Then you could do something like: % ssh unix-host unix-host% zebra_cli zebra> show conf zebra> quit unix-host% ospfd_cli ospfd> show conf ospfd> quit unix-host% exit --asp From owner-rancid-discuss@shrubbery.net Fri Oct 19 05:59:41 2001 Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (8.11.6/8.11.1) with ESMTP id f9J5xex19586 for ; Fri, 19 Oct 2001 05:59:40 GMT Received: by guelah.shrubbery.net (8.11.4/8.11.1) id f9J5xi705528 for rancid-discuss-outgoing; Fri, 19 Oct 2001 05:59:44 GMT Received: from bnc.webcentral.com.au (bnc.webcentral.com.au [202.139.236.123]) by guelah.shrubbery.net (8.11.4/8.11.1) with ESMTP id f9J5xeh05524 for ; Fri, 19 Oct 2001 05:59:41 GMT Received: by bnc.webcentral.com.au with Internet Mail Service (5.5.2653.19) id <47PFY93M>; Fri, 19 Oct 2001 15:59:33 +1000 Message-ID: <415DD4BF903BD311A3D900A0C99F902209607320@bnc.webcentral.com.au> From: Andrew Fort To: "'Rizzo, Joe'" , rancid-discuss@shrubbery.net Subject: RE: Rancid with Zebra Date: Fri, 19 Oct 2001 15:59:32 +1000 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk >From: Rizzo, Joe [mailto:JRizzo@ea.com] >Is anyone using rancid with zebra (www.zebra.org)? >The interface looks and feels like Cisco IOS. The problem is that zebra listens on tcp port 2601. Each routing protocol daemon listens on >a unique port as well. Example: ospfd listens on 2604. Joe, doesn't the zebra vtysh daemon provide the ability to get to all the routing protocol daemon cli from a single interface (listening on a single port)? it's been awhile since i looked at zebra, but the last i remembered, someone was asking for zebra to include "end" at the end of "write term", so that RANCID would treat it like a cisco; presumably they were not having problems getting RANCID to talk to zebra's CLI, so perhaps they were using vtysh to do this. -amf From owner-rancid-discuss@shrubbery.net Fri Oct 19 13:45:29 2001 Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (8.11.6/8.11.1) with ESMTP id f9JDjTx28705 for ; Fri, 19 Oct 2001 13:45:29 GMT Received: by guelah.shrubbery.net (8.11.4/8.11.1) id f9JDiQ409913 for rancid-discuss-outgoing; Fri, 19 Oct 2001 13:44:26 GMT Received: from outbound.ea.com (outbound.ea.com [12.35.91.3]) by guelah.shrubbery.net (8.11.4/8.11.1) with ESMTP id f9JDiMh09909 for ; Fri, 19 Oct 2001 13:44:22 GMT Received: from eahq-bh2.rws.ad.ea.com (eahq-bh2.ea.com [10.14.204.33]) by outbound.ea.com (Switch-2.1.3/Switch-2.1.0) with ESMTP id f9JDixV07297; Fri, 19 Oct 2001 06:45:00 -0700 (PDT) content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Subject: RE: Rancid with Zebra X-MimeOLE: Produced By Microsoft Exchange V6.0.4712.0 Date: Fri, 19 Oct 2001 06:44:08 -0700 Message-ID: X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: Rancid with Zebra Thread-Index: AcFYY0LTasB0J//PSMeuGV+Eq9ljfQAQA6ew From: "Rizzo, Joe" To: "Andrew Fort" , "Rizzo, Joe" , Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by guelah.shrubbery.net id f9JDiNh09910 Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk I will have to verify. Maybe that is the way to go. Thanks for the advice. Joe -----Original Message----- From: Andrew Fort [mailto:afort@staff.webcentral.com.au] Sent: Friday, October 19, 2001 1:00 AM To: 'Rizzo, Joe'; rancid-discuss@shrubbery.net Subject: RE: Rancid with Zebra >From: Rizzo, Joe [mailto:JRizzo@ea.com] >Is anyone using rancid with zebra (www.zebra.org)? >The interface looks and feels like Cisco IOS. The problem is that zebra listens on tcp port 2601. Each routing protocol daemon listens on >a unique port as well. Example: ospfd listens on 2604. Joe, doesn't the zebra vtysh daemon provide the ability to get to all the routing protocol daemon cli from a single interface (listening on a single port)? it's been awhile since i looked at zebra, but the last i remembered, someone was asking for zebra to include "end" at the end of "write term", so that RANCID would treat it like a cisco; presumably they were not having problems getting RANCID to talk to zebra's CLI, so perhaps they were using vtysh to do this. -amf From owner-rancid-discuss@shrubbery.net Fri Oct 19 20:29:07 2001 Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (8.11.6/8.11.1) with ESMTP id f9JKT7x05785 for ; Fri, 19 Oct 2001 20:29:07 GMT Received: by guelah.shrubbery.net (8.11.4/8.11.1) id f9JKT3O13821 for rancid-discuss-outgoing; Fri, 19 Oct 2001 20:29:03 GMT Received: from corral.thewebzone.net (corral.thewebzone.net [66.7.131.193]) by guelah.shrubbery.net (8.11.4/8.11.1) with ESMTP id f9JKT0h13816 for ; Fri, 19 Oct 2001 20:29:00 GMT Received: by CORRAL with Internet Mail Service (5.5.2653.19) id <4ZJQ3ANP>; Fri, 19 Oct 2001 13:28:56 -0700 Message-ID: <65988049D870C042BD59CF516556134A14D2CE@sfoexh01.yipes.com> From: Alex Bochannek To: "'john heasley'" Cc: rancid-discuss@guelah.shrubbery.net Subject: RE: Proposed Extreme changes. Date: Fri, 19 Oct 2001 10:26:18 -0700 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk One more diff: bash-2.03$ diff -c clogin clogin.new *** clogin Fri Oct 19 10:20:07 2001 --- clogin.new Fri Oct 19 10:21:21 2001 *************** *** 491,497 **** exp_continue } -re "\[^\r\n]*Press to cont\[^\r\n]*" { send " " expect { ! -re "\[\r\n]*\r\r" {} } exp_continue } --- 491,499 ---- exp_continue } -re "\[^\r\n]*Press to cont\[^\r\n]*" { send " " expect { ! # gag, 2 more prompts ! -re "\[\r\n]*\r" {} ! -re "\[^\r\n]*Press to cont\[^\r\n]*" { send " "; exp_continue } } exp_continue } Also, has anybody seen the problem where an Extreme pauses in the middle of the banner when doing a show config? I rather would not have to undo expect_after to get timeout to match in run_commands. Alex Bochannek Senior Unix/Network Engineer Yipes ... that's fast! (415) 901-2000 (415) 901-2090 (direct) www.yipes.com From owner-rancid-discuss@shrubbery.net Fri Oct 19 20:40:45 2001 Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (8.11.6/8.11.1) with ESMTP id f9JKejx06182 for ; Fri, 19 Oct 2001 20:40:45 GMT Received: from localhost (localhost [[UNIX: localhost]]) by guelah.shrubbery.net (8.11.4/8.11.1) id f9JKejm13978 for rancid-discuss-outgoing; Fri, 19 Oct 2001 20:40:45 GMT Received: from corral.thewebzone.net (corral.thewebzone.net [66.7.131.193]) by guelah.shrubbery.net (8.11.4/8.11.1) with ESMTP id f9JKedh13966 for ; Fri, 19 Oct 2001 20:40:40 GMT Received: by CORRAL with Internet Mail Service (5.5.2653.19) id <4ZJQ3A44>; Fri, 19 Oct 2001 13:40:31 -0700 Message-ID: <65988049D870C042BD59CF516556134A14D2C9@sfoexh01.yipes.com> From: Alex Bochannek To: "'john heasley'" Cc: rancid-discuss@guelah.shrubbery.net Subject: RE: Proposed Extreme changes. Date: Thu, 18 Oct 2001 19:11:40 -0700 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk Yes, it does still say that: Syntax error at token diagnostics I am just a bit worried that in future versions the expected behavior may change. A mapping table of commands to hardware/software revs would be nice, but since this particular command doesn't cause any harm, I am happy to live with the way it is. Alex Bochannek Senior Unix/Network Engineer Yipes ... that's fast! (415) 901-2000 (415) 901-2090 (direct) www.yipes.com -----Original Message----- From: 'john heasley' [mailto:heas@shrubbery.net] Sent: Thursday, October 18, 2001 2:43 PM To: Alex Bochannek Cc: 'john heasley'; rancid-discuss@guelah.shrubbery.net Subject: Re: Proposed Extreme changes. Thu, Oct 18, 2001 at 02:19:02PM -0700, Alex Bochannek: > It's not causing any problems (that I know of), but I just don't like > sending invalid commands to devices :) i dont believe this is problematic, though we should recognize the "bad cmd" response which i believe is: /^Syntax error at token/ if they've managed to keep at least that much consistent. without doing such commands, we'd need sparate scripts for every family and each OS revision just to collect the info; eg: for cisco we'd need cat 5000, cat 4000, gsr, 7200, 36xx, 7[05]xx, .... > Alex Bochannek > Senior Unix/Network Engineer > Yipes ... that's fast! > (415) 901-2000 > (415) 901-2090 (direct) > www.yipes.com > > > -----Original Message----- > From: 'john heasley' [mailto:heas@shrubbery.net] > Sent: Wednesday, October 17, 2001 7:19 PM > To: Alex Bochannek > Cc: 'john heasley'; rancid-discuss@guelah.shrubbery.net > Subject: Re: Proposed Extreme changes. > > Wed, Oct 17, 2001 at 02:31:25PM -0700, Alex Bochannek: > > OK, I am testing the new version and have a couple of problems with it. I > am > > working on trying to figure out why "show config" on Extreme doesn't seem > to > > complete sometimes and I will probably have some time to look into this > > tomorrow. > > > > The other issue is "show diagnostics" on Extreme. Apparently this command > > does not exist on Alpines or pre-6.1.7 BDs. It does exist on all Extreme > > devices supported in 6.2.0 and pre-inferno devices. So, it works with > non-I > > Summits and current rev BDs. John, how do you want to handle this? > > this shouldnt cause a problem, though some of the useful data may be > missing. why is it a problem? for example > > #RANCID-CONTENT-TYPE: extreme > # > #Chassis type: Alpine3804 > # > #System Serial Number: 802009-01 0022X-00030 > #CPU Serial Number: 702001-05 0021S-01000 CPLD Rev 03 > #Baseboard Serial Number: 702008-03 0025B-00022 CPLD Rev 03 > # > #Memory: 268435456 (256MB) > # > #Power: Upper (PSU-A) 45012 4300-00007 03 0022J-01355 > #Power: Lower (PSU-B) > # > #Image: Extremeware Version 6.2.0 (Build 60) > #Image: License: Full L3 + Security. > #Image: selected: secondary > #Image: booted: secondary > #Image: Primary Software version: x.x > #Image: Secondary software version: x.x > # > #Bootrom: 7.2 > # > # > # > #Slot 1: type GM4SX, GM4X/GM4SX > #Slot 1: serial 702005-06-0025S00877 > #Slot 1: state Operational > # > #Slot 2: type GM4SX, GM4X/GM4SX > #Slot 2: serial 702005-06-0021S00131 > #Slot 2: state Operational > # > #Slot 3: type FM32, FM32 > #Slot 3: serial 702009-06-0024S00170 > #Slot 3: state Operational > # > #Slot 4: type FM32, FM32 > #Slot 4: serial 702009-06-0024S00319 > #Slot 4: state Operational > # > configure slot 1 module gm4x > configure slot 2 module gm4x > configure slot 3 module fm32t > configure slot 4 module fm32t > # From owner-rancid-discuss@shrubbery.net Fri Oct 19 20:40:52 2001 Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (8.11.6/8.11.1) with ESMTP id f9JKeqx06188 for ; Fri, 19 Oct 2001 20:40:52 GMT Received: by guelah.shrubbery.net (8.11.4/8.11.1) id f9JKeka13979 for rancid-discuss-outgoing; Fri, 19 Oct 2001 20:40:47 GMT Received: from corral.thewebzone.net (corral.thewebzone.net [66.7.131.193]) by guelah.shrubbery.net (8.11.4/8.11.1) with ESMTP id f9JKeeh13968 for ; Fri, 19 Oct 2001 20:40:40 GMT Received: by CORRAL with Internet Mail Service (5.5.2653.19) id <4ZJQ3A4T>; Fri, 19 Oct 2001 13:40:31 -0700 Message-ID: <65988049D870C042BD59CF516556134A14D2CA@sfoexh01.yipes.com> From: Alex Bochannek To: "'Andrew Fort'" Cc: "'rancid-discuss@shrubbery.net'" Subject: RE: RANCID and TFTP. Date: Thu, 18 Oct 2001 19:15:48 -0700 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk One comment about utftpd and CVS: Since CVS is based on RCS, you can certainly check out a file from a CVS repository with co, do rlog, etc. Somewhat rudimentary, but it works. Alex Bochannek Senior Unix/Network Engineer Yipes ... that's fast! (415) 901-2000 (415) 901-2090 (direct) www.yipes.com From owner-rancid-discuss@shrubbery.net Thu Oct 25 16:49:57 2001 Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (8.11.6/8.11.1) with ESMTP id f9PGnvI21944 for ; Thu, 25 Oct 2001 16:49:57 GMT Received: by guelah.shrubbery.net (8.11.4/8.11.1) id f9PGmIU08600 for rancid-discuss-outgoing; Thu, 25 Oct 2001 16:48:18 GMT Received: from outbound.ea.com (outbound.ea.com [12.35.91.3]) by guelah.shrubbery.net (8.11.4/8.11.1) with ESMTP id f9PGmEC08596 for ; Thu, 25 Oct 2001 16:48:14 GMT Received: from eahq-bh1.rws.ad.ea.com (eahq-bh1.ea.com [10.14.204.31]) by outbound.ea.com (Switch-2.1.3/Switch-2.1.0) with ESMTP id f9PGmlV08159 for ; Thu, 25 Oct 2001 09:48:48 -0700 (PDT) Received: by eahq-bh1 with Internet Mail Service (5.5.2653.19) id ; Thu, 25 Oct 2001 09:48:07 -0700 Message-ID: From: "Rizzo, Joe" To: "'rancid-discuss@shrubbery.net'" Subject: removing enable secret password - cisco Date: Thu, 25 Oct 2001 09:48:06 -0700 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: text/plain Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk I hope this is not a stupid question... I like how Rancid removes the encrypted passwords from the config, however if "enable secret" is used, the encrypted password is not removed. For a quick fix I modified line 880 of rancid(2.2b5). from: /^(enable )?(password|passwd) / && to: /^(enable )?(password|passwd|secret) / && Am I overlooking a reason that the "enable secret" password should not be removed from the configs? If not can the enable secret password be removed in future versions of rancid? Thanks, Joe From owner-rancid-discuss@shrubbery.net Thu Oct 25 17:58:15 2001 Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (8.11.6/8.11.1) with ESMTP id f9PHwEI23100 for ; Thu, 25 Oct 2001 17:58:14 GMT Received: by guelah.shrubbery.net (8.11.4/8.11.1) id f9PHvo508946 for rancid-discuss-outgoing; Thu, 25 Oct 2001 17:57:50 GMT Received: (from heas@localhost) by guelah.shrubbery.net (8.11.4/8.11.1) id f9PHvgY08941; Thu, 25 Oct 2001 17:57:43 GMT Date: Thu, 25 Oct 2001 10:57:42 -0700 From: john heasley To: "Rizzo, Joe" Cc: "'rancid-discuss@shrubbery.net'" Subject: Re: removing enable secret password - cisco Message-ID: <20011025105742.E8744@shrubbery.net> References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: ; from JRizzo@ea.com on Thu, Oct 25, 2001 at 09:48:06AM -0700 X-note: live free, or die! X-homer: ralph, jesus did not have wheels. Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk Thu, Oct 25, 2001 at 09:48:06AM -0700, Rizzo, Joe: > I hope this is not a stupid question... > > I like how Rancid removes the encrypted passwords from the config, however > if "enable secret" is used, the encrypted password is not removed. > > For a quick fix I modified line 880 of rancid(2.2b5). > from: /^(enable )?(password|passwd) / && > to: /^(enable )?(password|passwd|secret) / && > > Am I overlooking a reason that the "enable secret" password should not be > removed from the configs? it is not a reversable format, hence we did not see the need to remove it. a brute force method can be applied (there was one done in ~97 w/ N machines that took months). > If not can the enable secret password be removed in future versions of > rancid? an option could be provided. say PASSWORDS=(YES | PARANOID) filtering just reversable or all. if folks want or think that would be useful. From owner-rancid-discuss@shrubbery.net Tue Oct 30 22:39:44 2001 Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (8.11.6/8.11.1) with ESMTP id f9UMdiI12372 for ; Tue, 30 Oct 2001 22:39:44 GMT Received: by guelah.shrubbery.net (8.11.4/8.11.1) id f9UNDDA23323 for rancid-discuss-outgoing; Tue, 30 Oct 2001 23:13:13 GMT Received: from sfoexh01.yipes.com (sfo002ns01.yipes.com [209.213.212.199]) by guelah.shrubbery.net (8.11.4/8.11.1) with ESMTP id f9UNDAm23319 for ; Tue, 30 Oct 2001 23:13:10 GMT Received: by sfoexh01.yipes.com with Internet Mail Service (5.5.2653.19) id ; Tue, 30 Oct 2001 15:12:51 -0800 Message-ID: <65988049D870C042BD59CF516556134A14D324@sfoexh01.yipes.com> From: Alex Bochannek To: rancid-discuss@guelah.shrubbery.net Cc: "'john heasley'" , Alex Bochannek Subject: RE: Proposed Extreme changes. Date: Tue, 30 Oct 2001 15:12:48 -0800 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk This turns out to be a bug with Extreme and SSH only (telnet just briefly pauses). I reported it to Exreme and it's fairly low on their priority list. I may have to change expect_after unless someone has a better idea. Alex. > Also, has anybody seen the problem where an Extreme pauses in the middle of > the banner when doing a show config? I rather would not have to undo > expect_after to get timeout to match in run_commands.