From: "Zhang, Anchi" Subject: for those with problems with cat5rancid over ssh Date: Wed, 8 Jan 2003 09:39:29 -0600 Message-ID: <4542F75EC5DC2E44AA0B648E20D00E3504C70E@rriexmb10.services.reinternal.com> To: I made the following change and now collections on all my Cat5 devices successful: log2% diff cat5rancid cat5rancid.orig 977d976 < $clean_run = 1; Anchi -----Original Message----- From: Zhang, Anchi Sent: Tuesday, December 31, 2002 4:16 PM To: 'Andrew Partan' Cc: rancid-discuss@shrubbery.net Subject: RE: rancid hangs due to expect, ssh, or cisco? Yes, 'term len 0' works on my router. However strange, the workaround does work for me. I was hoping others who have similar problems would try it and confirm. Anchi -----Original Message----- From: Andrew Partan [mailto:asp@partan.com] Sent: Tuesday, December 31, 2002 4:08 PM To: Zhang, Anchi Cc: rancid-discuss@shrubbery.net Subject: Re: rancid hangs due to expect, ssh, or cisco? On Tue, Dec 31, 2002 at 02:49:48PM -0600, Zhang, Anchi wrote: > My temporary workaround to this problem is > > log2# diff clogin clogin.orig > 457c457 > < send "term length 100\r" > --- > > send "term length 0\r" Well that is whacko. Is 'term length 0' not working on your router? --asp From: "Zhang, Anchi" To: Subject: changing passwords on cat5 devices Date: Mon, 13 Jan 2003 09:21:16 -0600 Message-ID: <4542F75EC5DC2E44AA0B648E20D00E3504C713@rriexmb10.services.reinternal.com> Greetings, In trying to change the enable password on about 100 CatOS devices, I have a bourn shell script calling clogin -c "set enablepass $2$UTXb$gcYEfPcOCt0Ths6szOXc0" $hostname However, no matter how I quote the encrypted password and/or escape meta character $, clogin either fails or executes with an empty password. Using "clogin -x " produces the same effect. Your pointers, please. Anchi From: john heasley To: "Zhang, Anchi" Date: Mon, 13 Jan 2003 11:19:19 -0800 Cc: rancid-discuss@shrubbery.net Subject: Re: changing passwords on cat5 devices Message-ID: <20030113191919.GH5714@shrubbery.net> References: <4542F75EC5DC2E44AA0B648E20D00E3504C713@rriexmb10.services.reinternal.com> Mon, Jan 13, 2003 at 09:21:16AM -0600, Zhang, Anchi: > Greetings, > > In trying to change the enable password on about 100 CatOS devices, I have a bourn shell script calling > > clogin -c "set enablepass $2$UTXb$gcYEfPcOCt0Ths6szOXc0" $hostname > > However, no matter how I quote the encrypted password and/or escape meta character $, clogin either fails or executes with an empty password. Using "clogin -x " produces the same effect. > > Your pointers, please. > > Anchi $ identifies a variable in shell(s) and expect/tcl. if you single quote the command, it will be protected from shell expansion. and, without try it myself, expect may double-eval the command resulting in variable expansion which could be protected by escaping the $s, as in \$. clogin -c 'set enablepass \$2\$UTXb\$gcYEfPcOCt0Ths6szOXc0' $hostname try this with caution. you should have an enable'd login in another window. From: "Zhang, Anchi" To: "john heasley" Subject: RE: changing passwords on cat5 devices Date: Mon, 13 Jan 2003 14:30:51 -0600 Message-ID: <4542F75EC5DC2E44AA0B648E20D00E3504C716@rriexmb10.services.reinternal.com> Cc: That works beautifully. Many thanks. How would you rely on Rancid to add the following to IOS devices? banner motd ^ ************************************************************************ THIS IS A PRIVATE COMPUTING SYSTEM, RESTRICTED TO AUTHORIZED USERS ONLY. IF YOU DO NOT HAVE AUTHORIZATION, YOU ARE WARNED TO DISCONNECT AT ONCE. ************************************************************************^ -----Original Message----- From: john heasley [mailto:heas@shrubbery.net] Sent: Monday, January 13, 2003 1:19 PM To: Zhang, Anchi Cc: rancid-discuss@shrubbery.net Subject: Re: changing passwords on cat5 devices Mon, Jan 13, 2003 at 09:21:16AM -0600, Zhang, Anchi: > Greetings, > > In trying to change the enable password on about 100 CatOS devices, I have a bourn shell script calling > > clogin -c "set enablepass $2$UTXb$gcYEfPcOCt0Ths6szOXc0" $hostname > > However, no matter how I quote the encrypted password and/or escape meta character $, clogin either fails or executes with an empty password. Using "clogin -x " produces the same effect. > > Your pointers, please. > > Anchi $ identifies a variable in shell(s) and expect/tcl. if you single quote the command, it will be protected from shell expansion. and, without try it myself, expect may double-eval the command resulting in variable expansion which could be protected by escaping the $s, as in \$. clogin -c 'set enablepass \$2\$UTXb\$gcYEfPcOCt0Ths6szOXc0' $hostname try this with caution. you should have an enable'd login in another window. To: "Zhang, Anchi" Cc: rancid-discuss@shrubbery.net Subject: Re: changing passwords on cat5 devices Date: Mon, 13 Jan 2003 15:34:42 -0500 From: Andrew Partan Message-ID: <20030113203442.GA28683@partan.com> References: <4542F75EC5DC2E44AA0B648E20D00E3504C716@rriexmb10.services.reinternal.com> On Mon, Jan 13, 2003 at 02:30:51PM -0600, Zhang, Anchi wrote: > How would you rely on Rancid to add the following to IOS devices? > > banner motd ^ > ************************************************************************ > > THIS IS A PRIVATE COMPUTING SYSTEM, RESTRICTED TO AUTHORIZED USERS ONLY. > IF YOU DO NOT HAVE AUTHORIZATION, YOU ARE WARNED TO DISCONNECT AT ONCE. > > ************************************************************************^ Stick it into a file on your tftp server & use a modification of util/cisco-load.exp to load it. --asp From: "JamesGEF" To: Subject: Can't seem to view configs Message-ID: <007801c2c799$ce717160$4232a8c0@diablo.com> Date: Wed, 29 Jan 2003 08:24:52 -0500 MIME-Version: 1.0 Sorry for the ignorance, but I installed rancid per the README, created = a rancid user & group, gave it rights to the /usr/local/rancid = directory. Could login to all my cisco nodes just fine with the clogin = command. However, how do I view the information that rancid has = downloaded after executing a do-diffs? I know I have to run the cvs = checkout command (i think), but it asks for a module??? Thanks in advance! James From: john heasley To: JamesGEF Cc: rancid-discuss@shrubbery.net Subject: Re: Can't seem to view configs Date: Wed, 29 Jan 2003 18:34:28 +0000 Message-ID: <20030129183428.GE20942@shrubbery.net> References: <007801c2c799$ce717160$4232a8c0@diablo.com> Wed, Jan 29, 2003 at 08:24:52AM -0500, JamesGEF: > Sorry for the ignorance, but I installed rancid per the README, created a rancid user & group, gave it rights to the /usr/local/rancid directory. Could login to all my cisco nodes just fine with the clogin command. However, how do I view the information that rancid has downloaded after executing a do-diffs? > > Thanks in advance! > > James i suspect you missed item #6 of the quick start guide. after rancid collection of a group completes, the files for successfully collected hosts are renamed to that of the first field in the router.db file for that group. eg: router.shrubbery.net.new -> router.shrubbery.net a cvs diff is run and the output is mailed to rancid-. this alias needs to appear in your MTA's aliases file. alternatively, you can use the --enable-mail-plus option of configure at build-time, then the mail-to will become rancid+ and the rancid user can either just forward all with a .forward or use procmail. those files/changes are then committed to the cvs repository. the full configs are available in /usr/local/rancid//configs/ > I know I have to run the cvs checkout command (i think), but it asks for a module??? first off, i suggest that no changes (ie: commits) be made to the cvs repository by any user other than the one who runs rancid. checkouts are fine. a module, in this case, equates to a group. eg: group fubar cvs -rd /usr/local/rancid/CVS co fubar the FAQ contains a reference to a decent cvs guide/faq. i suggest that you check it out.