From owner-rancid-discuss-outgoing@shrubbery.net Wed May 4 19:44:12 2005 Return-Path: X-Original-To: rancid-discuss-archive@ni.shrubbery.net Delivered-To: rancid-discuss-archive@ni.shrubbery.net Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (Postfix) with ESMTP id 9686411CE2F for ; Wed, 4 May 2005 19:44:12 +0000 (UTC) Received: by guelah.shrubbery.net (Postfix) id CFC3486491; Wed, 4 May 2005 19:44:11 +0000 (UTC) Delivered-To: rancid-discuss-outgoing@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 10007) id C4DC786494; Wed, 4 May 2005 19:44:11 +0000 (UTC) X-Original-To: rancid-discuss@shrubbery.net Delivered-To: rancid-discuss@shrubbery.net Received: from brutus.noc.iu.edu (brutus.noc.iu.edu [134.68.14.199]) by guelah.shrubbery.net (Postfix) with ESMTP id EF59886490 for ; Wed, 4 May 2005 19:43:54 +0000 (UTC) Received: by brutus.noc.iu.edu (Postfix, from userid 1000) id 31A4314080; Wed, 4 May 2005 14:43:53 -0500 (EST) Received: from localhost (localhost [127.0.0.1]) by brutus.noc.iu.edu (Postfix) with ESMTP id 30E8324002 for ; Wed, 4 May 2005 14:43:53 -0500 (EST) Date: Wed, 4 May 2005 14:43:53 -0500 (EST) From: Chris Gallardo X-X-Sender: wcgallar@brutus.noc.iu.edu To: rancid-discuss@shrubbery.net Subject: rancid and HP 410x switches using ssh Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk Is there a way to use the HP driver in rancid to make an ssh connection to an HP switch instead of telnet? -- Chris Gallardo Network Services 278-9067 From owner-rancid-discuss-outgoing@shrubbery.net Wed May 4 23:15:36 2005 Return-Path: X-Original-To: rancid-discuss-archive@ni.shrubbery.net Delivered-To: rancid-discuss-archive@ni.shrubbery.net Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (Postfix) with ESMTP id 73B3011CE2F for ; Wed, 4 May 2005 23:15:36 +0000 (UTC) Received: by guelah.shrubbery.net (Postfix) id C0A0186490; Wed, 4 May 2005 23:15:35 +0000 (UTC) Delivered-To: rancid-discuss-outgoing@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 10007) id B835486496; Wed, 4 May 2005 23:15:35 +0000 (UTC) X-Original-To: rancid-discuss@shrubbery.net Delivered-To: rancid-discuss@shrubbery.net Received: from S4.cableone.net (smtp4.cableone.net [24.116.0.230]) by guelah.shrubbery.net (Postfix) with ESMTP id 9AFF186490 for ; Wed, 4 May 2005 23:15:33 +0000 (UTC) Received: from authmail.cableone.net (unverified [24.116.0.62]) by S4.cableone.net (CableOne SMTP Service S4) with ESMTP id 18480160 for multiple; Wed, 04 May 2005 16:31:17 -0700 Received: from [132.178.171.138] ([132.178.171.138]) by authmail.cableone.net with Microsoft SMTPSVC(5.5.1877.447.44); Wed, 4 May 2005 16:15:40 -0700 Message-ID: <427956EC.6050505@grote.name> Date: Wed, 04 May 2005 17:12:44 -0600 From: Justin Grote User-Agent: Mozilla Thunderbird 1.0 (X11/20041209) X-Accept-Language: en-us, en MIME-Version: 1.0 To: Chris Gallardo Cc: rancid-discuss@shrubbery.net Subject: Re: rancid and HP 410x switches using ssh References: In-Reply-To: X-Enigmail-Version: 0.89.5.0 X-Enigmail-Supports: pgp-inline, pgp-mime Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg=sha1; boundary="------------ms080805020803030807000701" X-IP-stats: Incoming Last 0, First 187, in=64745, out=0, spam=0 X-External-IP: 24.116.0.62 X-Abuse-Info: Send abuse complaints to abuse@cableone.net Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk This is a cryptographically signed message in MIME format. --------------ms080805020803030807000701 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Chris Gallardo wrote: > Is there a way to use the HP driver in rancid to make an ssh connection > to an HP switch instead of telnet? > In your configuration file, do: add method ssh telnet where router name glob matches your HP switches. This will make them use SSH first, then failover to telnet if SSH doesn't work. This information is in man .cloginrc _____________________ Justin Grote Network Architect JWG Networks --------------ms080805020803030807000701 Content-Type: application/x-pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" Content-Description: S/MIME Cryptographic Signature MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIH4TCC AkswggG0oAMCAQICAw42LDANBgkqhkiG9w0BAQQFADBiMQswCQYDVQQGEwJaQTElMCMGA1UE ChMcVGhhd3RlIENvbnN1bHRpbmcgKFB0eSkgTHRkLjEsMCoGA1UEAxMjVGhhd3RlIFBlcnNv bmFsIEZyZWVtYWlsIElzc3VpbmcgQ0EwHhcNMDUwMzA4MTM1MTE1WhcNMDYwMzA4MTM1MTE1 WjBDMR8wHQYDVQQDExZUaGF3dGUgRnJlZW1haWwgTWVtYmVyMSAwHgYJKoZIhvcNAQkBFhFq dXN0aW5AZ3JvdGUubmFtZTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAutQqzFrfSmOU 35//szKNQ2UnvIH8eeb45ch1TM23m2Qp48hYjwzLcR+RZgDBLu3pX9eA33UUKACWxCZLMumT OCT8RrHVIcYPISxoBIXzkqElU2JE+ROoB1nk3B0cC3QWjV6Y4PJfZT0Y1dYKfxV2wpSGDcDe pN52h0bo9FCW+WMCAwEAAaMuMCwwHAYDVR0RBBUwE4ERanVzdGluQGdyb3RlLm5hbWUwDAYD VR0TAQH/BAIwADANBgkqhkiG9w0BAQQFAAOBgQCYrErHf8k+ilkVIikXrzBr3iGSP5zcr11/ fe06atR/i+xORUOBkoEEnTos2aAyAdhvof602gOIhc0H698g0kbC2G6WBVUvDynVFjpD8ipL dazYsqe1xvgz58cOhW/vSDArZ5sRlEl9eiYVZ8p0nTu9sBah/gvbQdx1mmpJneTamjCCAksw ggG0oAMCAQICAw42LDANBgkqhkiG9w0BAQQFADBiMQswCQYDVQQGEwJaQTElMCMGA1UEChMc VGhhd3RlIENvbnN1bHRpbmcgKFB0eSkgTHRkLjEsMCoGA1UEAxMjVGhhd3RlIFBlcnNvbmFs IEZyZWVtYWlsIElzc3VpbmcgQ0EwHhcNMDUwMzA4MTM1MTE1WhcNMDYwMzA4MTM1MTE1WjBD MR8wHQYDVQQDExZUaGF3dGUgRnJlZW1haWwgTWVtYmVyMSAwHgYJKoZIhvcNAQkBFhFqdXN0 aW5AZ3JvdGUubmFtZTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAutQqzFrfSmOU35// szKNQ2UnvIH8eeb45ch1TM23m2Qp48hYjwzLcR+RZgDBLu3pX9eA33UUKACWxCZLMumTOCT8 RrHVIcYPISxoBIXzkqElU2JE+ROoB1nk3B0cC3QWjV6Y4PJfZT0Y1dYKfxV2wpSGDcDepN52 h0bo9FCW+WMCAwEAAaMuMCwwHAYDVR0RBBUwE4ERanVzdGluQGdyb3RlLm5hbWUwDAYDVR0T AQH/BAIwADANBgkqhkiG9w0BAQQFAAOBgQCYrErHf8k+ilkVIikXrzBr3iGSP5zcr11/fe06 atR/i+xORUOBkoEEnTos2aAyAdhvof602gOIhc0H698g0kbC2G6WBVUvDynVFjpD8ipLdazY sqe1xvgz58cOhW/vSDArZ5sRlEl9eiYVZ8p0nTu9sBah/gvbQdx1mmpJneTamjCCAz8wggKo oAMCAQICAQ0wDQYJKoZIhvcNAQEFBQAwgdExCzAJBgNVBAYTAlpBMRUwEwYDVQQIEwxXZXN0 ZXJuIENhcGUxEjAQBgNVBAcTCUNhcGUgVG93bjEaMBgGA1UEChMRVGhhd3RlIENvbnN1bHRp bmcxKDAmBgNVBAsTH0NlcnRpZmljYXRpb24gU2VydmljZXMgRGl2aXNpb24xJDAiBgNVBAMT G1RoYXd0ZSBQZXJzb25hbCBGcmVlbWFpbCBDQTErMCkGCSqGSIb3DQEJARYccGVyc29uYWwt ZnJlZW1haWxAdGhhd3RlLmNvbTAeFw0wMzA3MTcwMDAwMDBaFw0xMzA3MTYyMzU5NTlaMGIx CzAJBgNVBAYTAlpBMSUwIwYDVQQKExxUaGF3dGUgQ29uc3VsdGluZyAoUHR5KSBMdGQuMSww KgYDVQQDEyNUaGF3dGUgUGVyc29uYWwgRnJlZW1haWwgSXNzdWluZyBDQTCBnzANBgkqhkiG 9w0BAQEFAAOBjQAwgYkCgYEAxKY8VXNV+065yplaHmjAdQRwnd/p/6Me7L3N9VvyGna9fww6 YfK/Uc4B1OVQCjDXAmNaLIkVcI7dyfArhVqqP3FWy688Cwfn8R+RNiQqE88r1fOCdz0Dviv+ uxg+B79AgAJk16emu59l0cUqVIUPSAR/p7bRPGEEQB5kGXJgt/sCAwEAAaOBlDCBkTASBgNV HRMBAf8ECDAGAQH/AgEAMEMGA1UdHwQ8MDowOKA2oDSGMmh0dHA6Ly9jcmwudGhhd3RlLmNv bS9UaGF3dGVQZXJzb25hbEZyZWVtYWlsQ0EuY3JsMAsGA1UdDwQEAwIBBjApBgNVHREEIjAg pB4wHDEaMBgGA1UEAxMRUHJpdmF0ZUxhYmVsMi0xMzgwDQYJKoZIhvcNAQEFBQADgYEASIzR UIPqCy7MDaNmrGcPf6+svsIXoUOWlJ1/TCG4+DYfqi2fNi/A9BxQIJNwPP2t4WFiw9k6GX6E sZkbAMUaC4J0niVQlGLH2ydxVyWN3amcOY6MIE9lX5Xa9/eH1sYITq726jTlEBpbNU1341Yh eILcIRk13iSx0x1G/11fZU8xggK6MIICtgIBATBpMGIxCzAJBgNVBAYTAlpBMSUwIwYDVQQK ExxUaGF3dGUgQ29uc3VsdGluZyAoUHR5KSBMdGQuMSwwKgYDVQQDEyNUaGF3dGUgUGVyc29u YWwgRnJlZW1haWwgSXNzdWluZyBDQQIDDjYsMAkGBSsOAwIaBQCgggGnMBgGCSqGSIb3DQEJ AzELBgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8XDTA1MDUwNDIzMTI0NFowIwYJKoZIhvcN AQkEMRYEFGpP+FfkIysux8+Uj0TpZJ3KMHM4MFIGCSqGSIb3DQEJDzFFMEMwCgYIKoZIhvcN AwcwDgYIKoZIhvcNAwICAgCAMA0GCCqGSIb3DQMCAgFAMAcGBSsOAwIHMA0GCCqGSIb3DQMC AgEoMHgGCSsGAQQBgjcQBDFrMGkwYjELMAkGA1UEBhMCWkExJTAjBgNVBAoTHFRoYXd0ZSBD b25zdWx0aW5nIChQdHkpIEx0ZC4xLDAqBgNVBAMTI1RoYXd0ZSBQZXJzb25hbCBGcmVlbWFp bCBJc3N1aW5nIENBAgMONiwwegYLKoZIhvcNAQkQAgsxa6BpMGIxCzAJBgNVBAYTAlpBMSUw IwYDVQQKExxUaGF3dGUgQ29uc3VsdGluZyAoUHR5KSBMdGQuMSwwKgYDVQQDEyNUaGF3dGUg UGVyc29uYWwgRnJlZW1haWwgSXNzdWluZyBDQQIDDjYsMA0GCSqGSIb3DQEBAQUABIGAUoLy h57/cjjz2j4sduSMmti++HLMqwC4aDTxo2m8dB1RN4rfvwUFy5z78gdWezK7B2xLiG+Ui51C YUm5yLjcmQZdrftPE65Q63s2dwRiXurj2zHFteuZjvvlXHfFXwhVOJK5jjyIhBT9LTk3UXO/ 4WtPr9X1EOdAh5S8ZtTby3gAAAAAAAA= --------------ms080805020803030807000701-- From owner-rancid-discuss-outgoing@shrubbery.net Thu May 5 16:55:31 2005 Return-Path: X-Original-To: rancid-discuss-archive@ni.shrubbery.net Delivered-To: rancid-discuss-archive@ni.shrubbery.net Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (Postfix) with ESMTP id D9A4311CE32 for ; Thu, 5 May 2005 16:55:30 +0000 (UTC) Received: by guelah.shrubbery.net (Postfix) id E1CA986498; Thu, 5 May 2005 16:55:20 +0000 (UTC) Delivered-To: rancid-discuss-outgoing@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 10007) id D61C486499; Thu, 5 May 2005 16:55:20 +0000 (UTC) X-Original-To: rancid-discuss@shrubbery.net Delivered-To: rancid-discuss@shrubbery.net Received: from web32002.mail.mud.yahoo.com (web32002.mail.mud.yahoo.com [68.142.207.99]) by guelah.shrubbery.net (Postfix) with SMTP id F374A86497 for ; Thu, 5 May 2005 16:55:17 +0000 (UTC) Received: (qmail 73920 invoked by uid 60001); 5 May 2005 16:55:15 -0000 Comment: DomainKeys? See http://antispam.yahoo.com/domainkeys DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; b=4M+kCJDPUhQoNDViedjD+l/JEwh1/9SZHKCNsIWntFXvWoK+7zgQaEyxvV3uS9jiOIzY+vjm9orBtNNT8Dxp8QhfIPhasEZYwr4mVqa5E7WV2eYonAsag0EKm+nr2AEf2hvj0Lk7vEINZ76Hys2rSxR8TR6F2EiEojGZi6XLT1Y= ; Message-ID: <20050505165515.73918.qmail@web32002.mail.mud.yahoo.com> Received: from [64.60.80.254] by web32002.mail.mud.yahoo.com via HTTP; Thu, 05 May 2005 09:55:14 PDT Date: Thu, 5 May 2005 09:55:14 -0700 (PDT) From: funraps too Subject: Cisco 1900's, did anyone get a resolution? To: rancid-discuss@shrubbery.net MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="0-499767060-1115312114=:72880" Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk --0-499767060-1115312114=:72880 Content-Type: text/plain; charset=us-ascii Hello Everyone, I'm still facing the issue on how to use Rancid to log in to Cisco 1900's since at login it asks for Command line or menu... Does anyone have a sample .clogin? 1 user(s) now active on Management Console. User Interface Menu [M] Menus [K] Command Line Enter Selection: Thanks! --------------------------------- Yahoo! Mail Stay connected, organized, and protected. Take the tour --0-499767060-1115312114=:72880 Content-Type: text/html; charset=us-ascii
Hello Everyone,
 
I'm still facing the issue on how to use Rancid to log in to Cisco 1900's since at login it asks for Command line or menu...
Does anyone have a sample .clogin?
1 user(s) now active on Management Console.
        User Interface Menu
     [M] Menus
     [K] Command Line
Enter Selection:
Thanks!

Yahoo! Mail
Stay connected, organized, and protected. Take the tour --0-499767060-1115312114=:72880-- From owner-rancid-discuss-outgoing@shrubbery.net Thu May 5 16:58:31 2005 Return-Path: X-Original-To: rancid-discuss-archive@ni.shrubbery.net Delivered-To: rancid-discuss-archive@ni.shrubbery.net Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (Postfix) with ESMTP id 1EEF411CE32 for ; Thu, 5 May 2005 16:58:31 +0000 (UTC) Received: by guelah.shrubbery.net (Postfix) id 18D2F8649B; Thu, 5 May 2005 16:58:30 +0000 (UTC) Delivered-To: rancid-discuss-outgoing@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 10007) id 118328649D; Thu, 5 May 2005 16:58:30 +0000 (UTC) X-Original-To: rancid-discuss@shrubbery.net Delivered-To: rancid-discuss@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 7053) id 63A838649C; Thu, 5 May 2005 16:58:29 +0000 (UTC) Date: Thu, 5 May 2005 09:58:29 -0700 From: john heasley To: funraps too Cc: rancid-discuss@shrubbery.net Subject: Re: Cisco 1900's, did anyone get a resolution? Message-ID: <20050505165829.GB5208@shrubbery.net> References: <20050505165515.73918.qmail@web32002.mail.mud.yahoo.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20050505165515.73918.qmail@web32002.mail.mud.yahoo.com> User-Agent: Mutt/1.4.2.1i X-PGPkey: http://www.shrubbery.net/~heas/public-key.asc X-note: live free, or die! X-homer: i just want to have a beer while i am caring. Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk please try 2.3.2a, several have reported success. Thu, May 05, 2005 at 09:55:14AM -0700, funraps too: > Hello Everyone, > > I'm still facing the issue on how to use Rancid to log in to Cisco 1900's since at login it asks for Command line or menu... > Does anyone have a sample .clogin? > 1 user(s) now active on Management Console. > User Interface Menu > [M] Menus > [K] Command Line > Enter Selection: > > Thanks! > > > --------------------------------- > Yahoo! Mail > Stay connected, organized, and protected. Take the tour From owner-rancid-discuss-outgoing@shrubbery.net Thu May 5 17:33:38 2005 Return-Path: X-Original-To: rancid-discuss-archive@ni.shrubbery.net Delivered-To: rancid-discuss-archive@ni.shrubbery.net Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (Postfix) with ESMTP id 8382F11CE32 for ; Thu, 5 May 2005 17:33:38 +0000 (UTC) Received: by guelah.shrubbery.net (Postfix) id 945798649C; Thu, 5 May 2005 17:33:37 +0000 (UTC) Delivered-To: rancid-discuss-outgoing@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 10007) id 8E9EE8649F; Thu, 5 May 2005 17:33:37 +0000 (UTC) X-Original-To: rancid-discuss@shrubbery.net Delivered-To: rancid-discuss@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 7053) id D7C378649E; Thu, 5 May 2005 17:33:36 +0000 (UTC) Date: Thu, 5 May 2005 10:33:36 -0700 From: john heasley To: Justin Grote Cc: Chris Gallardo , rancid-discuss@shrubbery.net Subject: Re: rancid and HP 410x switches using ssh Message-ID: <20050505173336.GD5208@shrubbery.net> References: <427956EC.6050505@grote.name> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <427956EC.6050505@grote.name> User-Agent: Mutt/1.4.2.1i X-PGPkey: http://www.shrubbery.net/~heas/public-key.asc X-note: live free, or die! X-homer: i just want to have a beer while i am caring. Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk It is a little more complex than that; hrancid uses hpuifilter to filter the screen handling control characters/esc seqs. It needs additional code to handle ptys and /dev/tty for ssh. Alternatively, I finally figured out how to make expect (tcl) match escapes - reliably...just havent had time to work on it. Wed, May 04, 2005 at 05:12:44PM -0600, Justin Grote: > Chris Gallardo wrote: > > > Is there a way to use the HP driver in rancid to make an ssh connection > > to an HP switch instead of telnet? > > > In your configuration file, do: > > add method ssh telnet > > where router name glob matches your HP switches. This will make them use > SSH first, then failover to telnet if SSH doesn't work. > > This information is in man .cloginrc > > _____________________ > Justin Grote > Network Architect > JWG Networks From owner-rancid-discuss-outgoing@shrubbery.net Thu May 5 18:19:49 2005 Return-Path: X-Original-To: rancid-discuss-archive@ni.shrubbery.net Delivered-To: rancid-discuss-archive@ni.shrubbery.net Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (Postfix) with ESMTP id B42B011CE32 for ; Thu, 5 May 2005 18:19:49 +0000 (UTC) Received: by guelah.shrubbery.net (Postfix) id C5565864A0; Thu, 5 May 2005 18:19:48 +0000 (UTC) Delivered-To: rancid-discuss-outgoing@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 10007) id BD71E864A2; Thu, 5 May 2005 18:19:48 +0000 (UTC) X-Original-To: rancid-discuss@shrubbery.net Delivered-To: rancid-discuss@shrubbery.net Received: from S4.cableone.net (smtp4.cableone.net [24.116.0.230]) by guelah.shrubbery.net (Postfix) with ESMTP id A786E864A0 for ; Thu, 5 May 2005 18:19:47 +0000 (UTC) Received: from [192.168.1.100] (unverified [24.116.146.115]) by S4.cableone.net (CableOne SMTP Service S4) with ESMTP id 18568374 for ; Thu, 05 May 2005 11:35:50 -0700 Message-ID: <427A63B7.7040109@grote.name> Date: Thu, 05 May 2005 12:19:35 -0600 From: Justin Grote User-Agent: Mozilla Thunderbird 1.0.2 (Windows/20050317) X-Accept-Language: en-us, en MIME-Version: 1.0 To: rancid-discuss@shrubbery.net Subject: Re: rancid and HP 410x switches using ssh References: <427956EC.6050505@grote.name> <20050505173336.GD5208@shrubbery.net> In-Reply-To: <20050505173336.GD5208@shrubbery.net> Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg=sha1; boundary="------------ms060107070002040705020003" X-IP-stats: Incoming Last 1, First 5, in=8, out=0, spam=0 X-External-IP: 24.116.146.115 X-Abuse-Info: Send abuse complaints to abuse@cableone.net Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk This is a cryptographically signed message in MIME format. --------------ms060107070002040705020003 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit And you should certainly trust john over me, seeing as I haven't ever had to use it on an HP 4100 :) john heasley wrote: >It is a little more complex than that; hrancid uses hpuifilter to filter >the screen handling control characters/esc seqs. It needs additional >code to handle ptys and /dev/tty for ssh. Alternatively, I finally >figured out how to make expect (tcl) match escapes - reliably...just >havent had time to work on it. > > -- __________________________ Justin Grote Network Architect JWG Networks --------------ms060107070002040705020003 Content-Type: application/x-pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" Content-Description: S/MIME Cryptographic Signature MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIH4TCC AkswggG0oAMCAQICAw42LDANBgkqhkiG9w0BAQQFADBiMQswCQYDVQQGEwJaQTElMCMGA1UE ChMcVGhhd3RlIENvbnN1bHRpbmcgKFB0eSkgTHRkLjEsMCoGA1UEAxMjVGhhd3RlIFBlcnNv bmFsIEZyZWVtYWlsIElzc3VpbmcgQ0EwHhcNMDUwMzA4MTM1MTE1WhcNMDYwMzA4MTM1MTE1 WjBDMR8wHQYDVQQDExZUaGF3dGUgRnJlZW1haWwgTWVtYmVyMSAwHgYJKoZIhvcNAQkBFhFq dXN0aW5AZ3JvdGUubmFtZTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAutQqzFrfSmOU 35//szKNQ2UnvIH8eeb45ch1TM23m2Qp48hYjwzLcR+RZgDBLu3pX9eA33UUKACWxCZLMumT OCT8RrHVIcYPISxoBIXzkqElU2JE+ROoB1nk3B0cC3QWjV6Y4PJfZT0Y1dYKfxV2wpSGDcDe pN52h0bo9FCW+WMCAwEAAaMuMCwwHAYDVR0RBBUwE4ERanVzdGluQGdyb3RlLm5hbWUwDAYD VR0TAQH/BAIwADANBgkqhkiG9w0BAQQFAAOBgQCYrErHf8k+ilkVIikXrzBr3iGSP5zcr11/ fe06atR/i+xORUOBkoEEnTos2aAyAdhvof602gOIhc0H698g0kbC2G6WBVUvDynVFjpD8ipL dazYsqe1xvgz58cOhW/vSDArZ5sRlEl9eiYVZ8p0nTu9sBah/gvbQdx1mmpJneTamjCCAksw ggG0oAMCAQICAw42LDANBgkqhkiG9w0BAQQFADBiMQswCQYDVQQGEwJaQTElMCMGA1UEChMc VGhhd3RlIENvbnN1bHRpbmcgKFB0eSkgTHRkLjEsMCoGA1UEAxMjVGhhd3RlIFBlcnNvbmFs IEZyZWVtYWlsIElzc3VpbmcgQ0EwHhcNMDUwMzA4MTM1MTE1WhcNMDYwMzA4MTM1MTE1WjBD MR8wHQYDVQQDExZUaGF3dGUgRnJlZW1haWwgTWVtYmVyMSAwHgYJKoZIhvcNAQkBFhFqdXN0 aW5AZ3JvdGUubmFtZTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAutQqzFrfSmOU35// szKNQ2UnvIH8eeb45ch1TM23m2Qp48hYjwzLcR+RZgDBLu3pX9eA33UUKACWxCZLMumTOCT8 RrHVIcYPISxoBIXzkqElU2JE+ROoB1nk3B0cC3QWjV6Y4PJfZT0Y1dYKfxV2wpSGDcDepN52 h0bo9FCW+WMCAwEAAaMuMCwwHAYDVR0RBBUwE4ERanVzdGluQGdyb3RlLm5hbWUwDAYDVR0T AQH/BAIwADANBgkqhkiG9w0BAQQFAAOBgQCYrErHf8k+ilkVIikXrzBr3iGSP5zcr11/fe06 atR/i+xORUOBkoEEnTos2aAyAdhvof602gOIhc0H698g0kbC2G6WBVUvDynVFjpD8ipLdazY sqe1xvgz58cOhW/vSDArZ5sRlEl9eiYVZ8p0nTu9sBah/gvbQdx1mmpJneTamjCCAz8wggKo oAMCAQICAQ0wDQYJKoZIhvcNAQEFBQAwgdExCzAJBgNVBAYTAlpBMRUwEwYDVQQIEwxXZXN0 ZXJuIENhcGUxEjAQBgNVBAcTCUNhcGUgVG93bjEaMBgGA1UEChMRVGhhd3RlIENvbnN1bHRp bmcxKDAmBgNVBAsTH0NlcnRpZmljYXRpb24gU2VydmljZXMgRGl2aXNpb24xJDAiBgNVBAMT G1RoYXd0ZSBQZXJzb25hbCBGcmVlbWFpbCBDQTErMCkGCSqGSIb3DQEJARYccGVyc29uYWwt ZnJlZW1haWxAdGhhd3RlLmNvbTAeFw0wMzA3MTcwMDAwMDBaFw0xMzA3MTYyMzU5NTlaMGIx CzAJBgNVBAYTAlpBMSUwIwYDVQQKExxUaGF3dGUgQ29uc3VsdGluZyAoUHR5KSBMdGQuMSww KgYDVQQDEyNUaGF3dGUgUGVyc29uYWwgRnJlZW1haWwgSXNzdWluZyBDQTCBnzANBgkqhkiG 9w0BAQEFAAOBjQAwgYkCgYEAxKY8VXNV+065yplaHmjAdQRwnd/p/6Me7L3N9VvyGna9fww6 YfK/Uc4B1OVQCjDXAmNaLIkVcI7dyfArhVqqP3FWy688Cwfn8R+RNiQqE88r1fOCdz0Dviv+ uxg+B79AgAJk16emu59l0cUqVIUPSAR/p7bRPGEEQB5kGXJgt/sCAwEAAaOBlDCBkTASBgNV HRMBAf8ECDAGAQH/AgEAMEMGA1UdHwQ8MDowOKA2oDSGMmh0dHA6Ly9jcmwudGhhd3RlLmNv bS9UaGF3dGVQZXJzb25hbEZyZWVtYWlsQ0EuY3JsMAsGA1UdDwQEAwIBBjApBgNVHREEIjAg pB4wHDEaMBgGA1UEAxMRUHJpdmF0ZUxhYmVsMi0xMzgwDQYJKoZIhvcNAQEFBQADgYEASIzR UIPqCy7MDaNmrGcPf6+svsIXoUOWlJ1/TCG4+DYfqi2fNi/A9BxQIJNwPP2t4WFiw9k6GX6E sZkbAMUaC4J0niVQlGLH2ydxVyWN3amcOY6MIE9lX5Xa9/eH1sYITq726jTlEBpbNU1341Yh eILcIRk13iSx0x1G/11fZU8xggK6MIICtgIBATBpMGIxCzAJBgNVBAYTAlpBMSUwIwYDVQQK ExxUaGF3dGUgQ29uc3VsdGluZyAoUHR5KSBMdGQuMSwwKgYDVQQDEyNUaGF3dGUgUGVyc29u YWwgRnJlZW1haWwgSXNzdWluZyBDQQIDDjYsMAkGBSsOAwIaBQCgggGnMBgGCSqGSIb3DQEJ AzELBgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8XDTA1MDUwNTE4MTkzNVowIwYJKoZIhvcN AQkEMRYEFB44n11uTuVHNPb6qVlyGzrVy7U5MFIGCSqGSIb3DQEJDzFFMEMwCgYIKoZIhvcN AwcwDgYIKoZIhvcNAwICAgCAMA0GCCqGSIb3DQMCAgFAMAcGBSsOAwIHMA0GCCqGSIb3DQMC AgEoMHgGCSsGAQQBgjcQBDFrMGkwYjELMAkGA1UEBhMCWkExJTAjBgNVBAoTHFRoYXd0ZSBD b25zdWx0aW5nIChQdHkpIEx0ZC4xLDAqBgNVBAMTI1RoYXd0ZSBQZXJzb25hbCBGcmVlbWFp bCBJc3N1aW5nIENBAgMONiwwegYLKoZIhvcNAQkQAgsxa6BpMGIxCzAJBgNVBAYTAlpBMSUw IwYDVQQKExxUaGF3dGUgQ29uc3VsdGluZyAoUHR5KSBMdGQuMSwwKgYDVQQDEyNUaGF3dGUg UGVyc29uYWwgRnJlZW1haWwgSXNzdWluZyBDQQIDDjYsMA0GCSqGSIb3DQEBAQUABIGAedgd YVBhh2oMUogKRKVuICpTVU3qNPiTCSVKNySDpXonNn5VYZPjDbKxccEhfcQKpMpNKWp+rUY5 EbFXPbSwnBK8uIme3DehWLwYaoTVCFTe/Xc+LifiYBHXOgK0KRO6OsNQElvVofd0hv5fTHmY tieDl3JcscqH/3L9LeODwiwAAAAAAAA= --------------ms060107070002040705020003-- From owner-rancid-discuss-outgoing@shrubbery.net Tue May 10 00:21:27 2005 Return-Path: X-Original-To: rancid-discuss-archive@ni.shrubbery.net Delivered-To: rancid-discuss-archive@ni.shrubbery.net Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (Postfix) with ESMTP id B463011CE32 for ; Tue, 10 May 2005 00:21:27 +0000 (UTC) Received: by guelah.shrubbery.net (Postfix) id 77C72864A2; Tue, 10 May 2005 00:21:26 +0000 (UTC) Delivered-To: rancid-discuss-outgoing@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 10007) id 71D4986490; Tue, 10 May 2005 00:21:26 +0000 (UTC) X-Original-To: rancid-discuss@shrubbery.net Delivered-To: rancid-discuss@shrubbery.net Received: from mail1.panix.com (mail1.panix.com [166.84.1.72]) by guelah.shrubbery.net (Postfix) with ESMTP id 68BB786497 for ; Tue, 10 May 2005 00:21:25 +0000 (UTC) Received: from panix5.panix.com (panix5.panix.com [166.84.1.5]) by mail1.panix.com (Postfix) with ESMTP id E0C525966B for ; Mon, 9 May 2005 20:21:14 -0400 (EDT) Received: (from eravin@localhost) by panix5.panix.com (8.11.6p3/8.8.8/PanixN1.1) id j4A0LEi25116 for rancid-discuss@shrubbery.net; Mon, 9 May 2005 20:21:14 -0400 (EDT) Date: Mon, 9 May 2005 20:21:14 -0400 From: Ed Ravin To: rancid-discuss@shrubbery.net Subject: How to use "rancid -f file" option? Message-ID: <20050510002114.GA23390@panix.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.4.2.1i X-Y-Z: 1, 2, 3? Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk I'm trying to set up rancid for the first time. We already have a job that fetches configs from our routers and I'd like to have rancid work with those files. I see I can invoke rancid with "-f filename", but it doesn't look like there's a way to fit that into the "normal" rancid setup with rancid_run. Do I need to set up all my batch jobs for those routers separately? From owner-rancid-discuss-outgoing@shrubbery.net Tue May 10 02:16:28 2005 Return-Path: X-Original-To: rancid-discuss-archive@ni.shrubbery.net Delivered-To: rancid-discuss-archive@ni.shrubbery.net Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (Postfix) with ESMTP id 71EDB11CE32 for ; Tue, 10 May 2005 02:16:26 +0000 (UTC) Received: by guelah.shrubbery.net (Postfix) id 39336864A3; Tue, 10 May 2005 02:16:25 +0000 (UTC) Delivered-To: rancid-discuss-outgoing@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 10007) id 2C860864A6; Tue, 10 May 2005 02:16:25 +0000 (UTC) X-Original-To: rancid-discuss@shrubbery.net Delivered-To: rancid-discuss@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 7053) id 7371B864A5; Tue, 10 May 2005 02:16:24 +0000 (UTC) Date: Mon, 9 May 2005 19:16:24 -0700 From: john heasley To: Ed Ravin Cc: rancid-discuss@shrubbery.net Subject: Re: How to use "rancid -f file" option? Message-ID: <20050510021624.GE7840@shrubbery.net> References: <20050510002114.GA23390@panix.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20050510002114.GA23390@panix.com> User-Agent: Mutt/1.4.2.1i X-PGPkey: http://www.shrubbery.net/~heas/public-key.asc X-note: live free, or die! X-homer: i just want to have a beer while i am caring. Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk Mon, May 09, 2005 at 08:21:14PM -0400, Ed Ravin: > I'm trying to set up rancid for the first time. We already > have a job that fetches configs from our routers and I'd like to > have rancid work with those files. I see I can invoke rancid with > "-f filename", but it doesn't look like there's a way to fit > that into the "normal" rancid setup with rancid_run. Do I need to > set up all my batch jobs for those routers separately? -f is more a debugging tool than anything else. eg: % clogin -c 'cmds that;rancid;would;run' foo > foo % rancid -dlf foo many have written (see ISC.org) tools that grovel rancid's outputs; perhaps you want the paradigm the other way or just build the router.db's from your tools. From owner-rancid-discuss-outgoing@shrubbery.net Tue May 10 02:47:20 2005 Return-Path: X-Original-To: rancid-discuss-archive@ni.shrubbery.net Delivered-To: rancid-discuss-archive@ni.shrubbery.net Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (Postfix) with ESMTP id 753D111CE32 for ; Tue, 10 May 2005 02:47:18 +0000 (UTC) Received: by guelah.shrubbery.net (Postfix) id 5F4E2864A8; Tue, 10 May 2005 02:47:17 +0000 (UTC) Delivered-To: rancid-discuss-outgoing@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 10007) id 52D30864A9; Tue, 10 May 2005 02:47:17 +0000 (UTC) X-Original-To: rancid-discuss@shrubbery.net Delivered-To: rancid-discuss@shrubbery.net Received: from root.ucsc.edu (root.ucsc.edu [128.114.2.225]) by guelah.shrubbery.net (Postfix) with ESMTP id 4C212864A6 for ; Tue, 10 May 2005 02:47:16 +0000 (UTC) Received: from root.ucsc.edu (localhost.ucsc.edu [127.0.0.1]) by root.ucsc.edu (8.12.11/8.12.11) with ESMTP id j4A2lDkU000363 for ; Mon, 9 May 2005 19:47:13 -0700 (PDT) (envelope-from booloo@root.ucsc.edu) Received: (from booloo@localhost) by root.ucsc.edu (8.12.11/8.12.11/Submit) id j4A2lD1n000362 for rancid-discuss@shrubbery.net; Mon, 9 May 2005 19:47:13 -0700 (PDT) (envelope-from booloo) Date: Mon, 9 May 2005 19:47:13 -0700 From: Mark Boolootian To: rancid-discuss@shrubbery.net Subject: can you use SecurID with rancid? Message-ID: <20050510024713.GB245@root.ucsc.edu> Reply-To: booloo@ucsc.edu Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.4.2.1i Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk Is it possible to integrate any of the one-time password systems (RSA, Secure Computing, Cryptocard, etc) with rancid? mb From owner-rancid-discuss-outgoing@shrubbery.net Tue May 10 02:54:51 2005 Return-Path: X-Original-To: rancid-discuss-archive@ni.shrubbery.net Delivered-To: rancid-discuss-archive@ni.shrubbery.net Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (Postfix) with ESMTP id 7EFD611CE32 for ; Tue, 10 May 2005 02:54:51 +0000 (UTC) Received: by guelah.shrubbery.net (Postfix) id 97BB2864AB; Tue, 10 May 2005 02:54:50 +0000 (UTC) Delivered-To: rancid-discuss-outgoing@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 10007) id 8AE82864AD; Tue, 10 May 2005 02:54:50 +0000 (UTC) X-Original-To: rancid-discuss@shrubbery.net Delivered-To: rancid-discuss@shrubbery.net Received: from server.tmk.com (server.tmk.com [204.141.35.63]) by guelah.shrubbery.net (Postfix) with ESMTP id C5255864AB for ; Tue, 10 May 2005 02:54:49 +0000 (UTC) Received: from tmk.com by tmk.com (PMDF V6.2-X27 #37010) id <01LO2KF4Q33K000BOY@tmk.com> for rancid-discuss@shrubbery.net; Mon, 09 May 2005 22:54:41 -0400 (EDT) Date: Mon, 09 May 2005 22:48:42 -0400 (EDT) From: Terry Kennedy Subject: Re: can you use SecurID with rancid? In-reply-to: "Your message dated Mon, 09 May 2005 19:47:13 -0700" <20050510024713.GB245@root.ucsc.edu> To: Mark Boolootian Cc: rancid-discuss@shrubbery.net Message-id: <01LO2KMMDRQE000BOY@tmk.com> MIME-version: 1.0 Content-type: TEXT/PLAIN; CHARSET=us-ascii Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk > Is it possible to integrate any of the one-time password systems > (RSA, Secure Computing, Cryptocard, etc) with rancid? Even if this could be done, would you really want to? It would involve having a challenge responder which had full knowledge of the private keys, etc. used by the one-time password system. Much of the appeal of the one-time password system is that users can't easily leave the password laying around - they carry a token on their per- son. Leaving the algorithm and keys on the RANCID box might be more of a risk than some admins might want. Also, depending on what underlying method is used (telnet, for example), regular RANCID sessions to a box would let an attacker build up a nice set of challenge/response pairs, which might make an attack easier. In the case of a single host, the attacker gets 24 known-good challenge/response pairs per day. If multiple boxes share the same algorithm / keys, the number of good pairs goes up very rapidly. I'm not saying it isn't a good idea for your specific application, I'm just explaining why I never bothered to add CRYPTOCard support to it (we're a heavy user of these cards here). Terry Kennedy http://www.tmk.com terry@tmk.com New York, NY USA From owner-rancid-discuss-outgoing@shrubbery.net Tue May 10 03:23:05 2005 Return-Path: X-Original-To: rancid-discuss-archive@ni.shrubbery.net Delivered-To: rancid-discuss-archive@ni.shrubbery.net Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (Postfix) with ESMTP id EBAFF11CE32 for ; Tue, 10 May 2005 03:23:04 +0000 (UTC) Received: by guelah.shrubbery.net (Postfix) id D65E7864AA; Tue, 10 May 2005 03:23:03 +0000 (UTC) Delivered-To: rancid-discuss-outgoing@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 10007) id C92D0864AF; Tue, 10 May 2005 03:23:03 +0000 (UTC) X-Original-To: rancid-discuss@shrubbery.net Delivered-To: rancid-discuss@shrubbery.net Received: from root.ucsc.edu (root.ucsc.edu [128.114.2.225]) by guelah.shrubbery.net (Postfix) with ESMTP id B90E1864AA for ; Tue, 10 May 2005 03:23:02 +0000 (UTC) Received: from root.ucsc.edu (localhost.ucsc.edu [127.0.0.1]) by root.ucsc.edu (8.12.11/8.12.11) with ESMTP id j4A3N1Lt000544; Mon, 9 May 2005 20:23:01 -0700 (PDT) (envelope-from booloo@root.ucsc.edu) Received: (from booloo@localhost) by root.ucsc.edu (8.12.11/8.12.11/Submit) id j4A3N1wJ000543; Mon, 9 May 2005 20:23:01 -0700 (PDT) (envelope-from booloo) Date: Mon, 9 May 2005 20:23:01 -0700 From: Mark Boolootian To: Terry Kennedy Cc: Mark Boolootian , rancid-discuss@shrubbery.net Subject: Re: can you use SecurID with rancid? Message-ID: <20050510032301.GA504@root.ucsc.edu> Reply-To: booloo@ucsc.edu References: <20050510024713.GB245@root.ucsc.edu> <01LO2KMMDRQE000BOY@tmk.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <01LO2KMMDRQE000BOY@tmk.com> User-Agent: Mutt/1.4.2.1i Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk Hi Terry, Thanks for the note. Was just showing your media system web page to someone this afternoon. > Also, depending on what underlying method is used (telnet, for example), > regular RANCID sessions to a box would let an attacker build up a nice set > of challenge/response pairs, which might make an attack easier. In the case > of a single host, the attacker gets 24 known-good challenge/response pairs > per day. If multiple boxes share the same algorithm / keys, the number of > good pairs goes up very rapidly. All good points, but where am I left if I want to protect my network gear with OTPs and still run rancid? It seems they are mutually incompatible. I can create a single instance of a reusable password to be used for rancid logins, but that doesn't improve the situation. > I'm not saying it isn't a good idea for your specific application, I'm > just explaining why I never bothered to add CRYPTOCard support to it (we're > a heavy user of these cards here). So what do you do? best, mb --- Mark Boolootian UC Santa Cruz From owner-rancid-discuss-outgoing@shrubbery.net Tue May 10 03:29:43 2005 Return-Path: X-Original-To: rancid-discuss-archive@ni.shrubbery.net Delivered-To: rancid-discuss-archive@ni.shrubbery.net Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (Postfix) with ESMTP id 7254C11CE32 for ; Tue, 10 May 2005 03:29:43 +0000 (UTC) Received: by guelah.shrubbery.net (Postfix) id 92C00864B1; Tue, 10 May 2005 03:29:42 +0000 (UTC) Delivered-To: rancid-discuss-outgoing@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 10007) id 87253864B2; Tue, 10 May 2005 03:29:42 +0000 (UTC) X-Original-To: rancid-discuss@shrubbery.net Delivered-To: rancid-discuss@shrubbery.net Received: from server.tmk.com (server.tmk.com [204.141.35.63]) by guelah.shrubbery.net (Postfix) with ESMTP id C6B16864B0 for ; Tue, 10 May 2005 03:29:41 +0000 (UTC) Received: from tmk.com by tmk.com (PMDF V6.2-X27 #37010) id <01LO2LM2MSFK000BOY@tmk.com> for rancid-discuss@shrubbery.net; Mon, 09 May 2005 23:29:39 -0400 (EDT) Date: Mon, 09 May 2005 23:23:48 -0400 (EDT) From: Terry Kennedy Subject: Re: can you use SecurID with rancid? In-reply-to: "Your message dated Mon, 09 May 2005 20:23:01 -0700" <20050510032301.GA504@root.ucsc.edu> To: Mark Boolootian Cc: Terry Kennedy , Mark Boolootian , rancid-discuss@shrubbery.net Message-id: <01LO2LU0AZN2000BOY@tmk.com> MIME-version: 1.0 Content-type: TEXT/PLAIN; CHARSET=us-ascii References: <20050510024713.GB245@root.ucsc.edu> <01LO2KMMDRQE000BOY@tmk.com> Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk > Thanks for the note. Was just showing your media system web page to > someone this afternoon. 8-} [snip] > All good points, but where am I left if I want to protect my network > gear with OTPs and still run rancid? It seems they are mutually > incompatible. I can create a single instance of a reusable password to be > used for rancid logins, but that doesn't improve the situation. > > > I'm not saying it isn't a good idea for your specific application, I'm > > just explaining why I never bothered to add CRYPTOCard support to it (we're > > a heavy user of these cards here). > > So what do you do? We ("real people") use CRYPTOCard access to our various devices (via the TACACS+ hooks). SSH is encouraged, but in cases where it isn't available, on the trusted parts of our network, there's an occasional Telnet session. RANCID uses a fixed (per-device) password and always accesses the devices via SSH, as long as the devices are SSH-capable. There are some older boxes that don't do SSH, but as we control the infrastructure between the RANCID box and those devices, we grin and bear it. SSH is a must-have on any new device purchases, however. Terry Kennedy http://www.tmk.com terry@tmk.com New York, NY USA From owner-rancid-discuss-outgoing@shrubbery.net Tue May 10 03:54:42 2005 Return-Path: X-Original-To: rancid-discuss-archive@ni.shrubbery.net Delivered-To: rancid-discuss-archive@ni.shrubbery.net Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (Postfix) with ESMTP id 7832311CE32 for ; Tue, 10 May 2005 03:54:42 +0000 (UTC) Received: by guelah.shrubbery.net (Postfix) id E89A3864B2; Tue, 10 May 2005 03:54:40 +0000 (UTC) Delivered-To: rancid-discuss-outgoing@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 10007) id D9571864B4; Tue, 10 May 2005 03:54:40 +0000 (UTC) X-Original-To: rancid-discuss@shrubbery.net Delivered-To: rancid-discuss@shrubbery.net Received: from S4.cableone.net (smtp4.cableone.net [24.116.0.230]) by guelah.shrubbery.net (Postfix) with ESMTP id C1763864B2 for ; Tue, 10 May 2005 03:54:39 +0000 (UTC) Received: from [192.168.1.100] (unverified [24.116.146.115]) by S4.cableone.net (CableOne SMTP Service S4) with ESMTP id 19007131 for multiple; Mon, 09 May 2005 21:11:19 -0700 Message-ID: <42803051.5070202@grote.name> Date: Mon, 09 May 2005 21:53:53 -0600 From: Justin Grote User-Agent: Mozilla Thunderbird 1.0.2 (Windows/20050317) X-Accept-Language: en-us, en MIME-Version: 1.0 To: booloo@ucsc.edu Cc: rancid-discuss@shrubbery.net Subject: Re: can you use SecurID with rancid? References: <20050510024713.GB245@root.ucsc.edu> <01LO2KMMDRQE000BOY@tmk.com> <01LO2LU0AZN2000BOY@tmk.com> In-Reply-To: <01LO2LU0AZN2000BOY@tmk.com> Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg=sha1; boundary="------------ms010603080807000708090302" X-IP-stats: Incoming Last 0, First 10, in=12, out=0, spam=0 X-External-IP: 24.116.146.115 X-Abuse-Info: Send abuse complaints to abuse@cableone.net Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk This is a cryptographically signed message in MIME format. --------------ms010603080807000708090302 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit > We ("real people") use CRYPTOCard access to our various devices (via the >TACACS+ hooks). SSH is encouraged, but in cases where it isn't available, >on the trusted parts of our network, there's an occasional Telnet session. >RANCID uses a fixed (per-device) password and always accesses the devices >via SSH, as long as the devices are SSH-capable. There are some older boxes >that don't do SSH, but as we control the infrastructure between the RANCID >box and those devices, we grin and bear it. SSH is a must-have on any new >device purchases, however. > We do similar for rancid: A few of our Cisco edge routers run IOS 12.4 now, which has SSHv2 support (including RSA keypairs, finally). These get connected to with rancid using individual public keys for each router. Our Quagga (Cisco-like Linux routers) also use SSHv2. For the non-SSH routers, we use telnet and a TACACS username that is restricted to the rancid host's IP only, and is only allowed to run the show commands required by clogin and the "show run | exclude" password command (which we modified clogin to run instead of show run), which removes the easily breakable password lines since we have a per-device password as a failsafe if our TACACS is down. I'm so glad Cisco finally got a good implementation of SSH into 12.4. I know they have two-year release cycles as a rule, but this was so badly needed in 12.3. -- __________________________ Justin Grote Network Architect JWG Networks --------------ms010603080807000708090302 Content-Type: application/x-pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" Content-Description: S/MIME Cryptographic Signature MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIH4TCC AkswggG0oAMCAQICAw42LDANBgkqhkiG9w0BAQQFADBiMQswCQYDVQQGEwJaQTElMCMGA1UE ChMcVGhhd3RlIENvbnN1bHRpbmcgKFB0eSkgTHRkLjEsMCoGA1UEAxMjVGhhd3RlIFBlcnNv bmFsIEZyZWVtYWlsIElzc3VpbmcgQ0EwHhcNMDUwMzA4MTM1MTE1WhcNMDYwMzA4MTM1MTE1 WjBDMR8wHQYDVQQDExZUaGF3dGUgRnJlZW1haWwgTWVtYmVyMSAwHgYJKoZIhvcNAQkBFhFq dXN0aW5AZ3JvdGUubmFtZTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAutQqzFrfSmOU 35//szKNQ2UnvIH8eeb45ch1TM23m2Qp48hYjwzLcR+RZgDBLu3pX9eA33UUKACWxCZLMumT OCT8RrHVIcYPISxoBIXzkqElU2JE+ROoB1nk3B0cC3QWjV6Y4PJfZT0Y1dYKfxV2wpSGDcDe pN52h0bo9FCW+WMCAwEAAaMuMCwwHAYDVR0RBBUwE4ERanVzdGluQGdyb3RlLm5hbWUwDAYD VR0TAQH/BAIwADANBgkqhkiG9w0BAQQFAAOBgQCYrErHf8k+ilkVIikXrzBr3iGSP5zcr11/ fe06atR/i+xORUOBkoEEnTos2aAyAdhvof602gOIhc0H698g0kbC2G6WBVUvDynVFjpD8ipL dazYsqe1xvgz58cOhW/vSDArZ5sRlEl9eiYVZ8p0nTu9sBah/gvbQdx1mmpJneTamjCCAksw ggG0oAMCAQICAw42LDANBgkqhkiG9w0BAQQFADBiMQswCQYDVQQGEwJaQTElMCMGA1UEChMc VGhhd3RlIENvbnN1bHRpbmcgKFB0eSkgTHRkLjEsMCoGA1UEAxMjVGhhd3RlIFBlcnNvbmFs IEZyZWVtYWlsIElzc3VpbmcgQ0EwHhcNMDUwMzA4MTM1MTE1WhcNMDYwMzA4MTM1MTE1WjBD MR8wHQYDVQQDExZUaGF3dGUgRnJlZW1haWwgTWVtYmVyMSAwHgYJKoZIhvcNAQkBFhFqdXN0 aW5AZ3JvdGUubmFtZTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAutQqzFrfSmOU35// szKNQ2UnvIH8eeb45ch1TM23m2Qp48hYjwzLcR+RZgDBLu3pX9eA33UUKACWxCZLMumTOCT8 RrHVIcYPISxoBIXzkqElU2JE+ROoB1nk3B0cC3QWjV6Y4PJfZT0Y1dYKfxV2wpSGDcDepN52 h0bo9FCW+WMCAwEAAaMuMCwwHAYDVR0RBBUwE4ERanVzdGluQGdyb3RlLm5hbWUwDAYDVR0T AQH/BAIwADANBgkqhkiG9w0BAQQFAAOBgQCYrErHf8k+ilkVIikXrzBr3iGSP5zcr11/fe06 atR/i+xORUOBkoEEnTos2aAyAdhvof602gOIhc0H698g0kbC2G6WBVUvDynVFjpD8ipLdazY sqe1xvgz58cOhW/vSDArZ5sRlEl9eiYVZ8p0nTu9sBah/gvbQdx1mmpJneTamjCCAz8wggKo oAMCAQICAQ0wDQYJKoZIhvcNAQEFBQAwgdExCzAJBgNVBAYTAlpBMRUwEwYDVQQIEwxXZXN0 ZXJuIENhcGUxEjAQBgNVBAcTCUNhcGUgVG93bjEaMBgGA1UEChMRVGhhd3RlIENvbnN1bHRp bmcxKDAmBgNVBAsTH0NlcnRpZmljYXRpb24gU2VydmljZXMgRGl2aXNpb24xJDAiBgNVBAMT G1RoYXd0ZSBQZXJzb25hbCBGcmVlbWFpbCBDQTErMCkGCSqGSIb3DQEJARYccGVyc29uYWwt ZnJlZW1haWxAdGhhd3RlLmNvbTAeFw0wMzA3MTcwMDAwMDBaFw0xMzA3MTYyMzU5NTlaMGIx CzAJBgNVBAYTAlpBMSUwIwYDVQQKExxUaGF3dGUgQ29uc3VsdGluZyAoUHR5KSBMdGQuMSww KgYDVQQDEyNUaGF3dGUgUGVyc29uYWwgRnJlZW1haWwgSXNzdWluZyBDQTCBnzANBgkqhkiG 9w0BAQEFAAOBjQAwgYkCgYEAxKY8VXNV+065yplaHmjAdQRwnd/p/6Me7L3N9VvyGna9fww6 YfK/Uc4B1OVQCjDXAmNaLIkVcI7dyfArhVqqP3FWy688Cwfn8R+RNiQqE88r1fOCdz0Dviv+ uxg+B79AgAJk16emu59l0cUqVIUPSAR/p7bRPGEEQB5kGXJgt/sCAwEAAaOBlDCBkTASBgNV HRMBAf8ECDAGAQH/AgEAMEMGA1UdHwQ8MDowOKA2oDSGMmh0dHA6Ly9jcmwudGhhd3RlLmNv bS9UaGF3dGVQZXJzb25hbEZyZWVtYWlsQ0EuY3JsMAsGA1UdDwQEAwIBBjApBgNVHREEIjAg pB4wHDEaMBgGA1UEAxMRUHJpdmF0ZUxhYmVsMi0xMzgwDQYJKoZIhvcNAQEFBQADgYEASIzR UIPqCy7MDaNmrGcPf6+svsIXoUOWlJ1/TCG4+DYfqi2fNi/A9BxQIJNwPP2t4WFiw9k6GX6E sZkbAMUaC4J0niVQlGLH2ydxVyWN3amcOY6MIE9lX5Xa9/eH1sYITq726jTlEBpbNU1341Yh eILcIRk13iSx0x1G/11fZU8xggK6MIICtgIBATBpMGIxCzAJBgNVBAYTAlpBMSUwIwYDVQQK ExxUaGF3dGUgQ29uc3VsdGluZyAoUHR5KSBMdGQuMSwwKgYDVQQDEyNUaGF3dGUgUGVyc29u YWwgRnJlZW1haWwgSXNzdWluZyBDQQIDDjYsMAkGBSsOAwIaBQCgggGnMBgGCSqGSIb3DQEJ AzELBgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8XDTA1MDUxMDAzNTM1M1owIwYJKoZIhvcN AQkEMRYEFAiz0T2KZ3nQ81hJlZI5XmD+h83zMFIGCSqGSIb3DQEJDzFFMEMwCgYIKoZIhvcN AwcwDgYIKoZIhvcNAwICAgCAMA0GCCqGSIb3DQMCAgFAMAcGBSsOAwIHMA0GCCqGSIb3DQMC AgEoMHgGCSsGAQQBgjcQBDFrMGkwYjELMAkGA1UEBhMCWkExJTAjBgNVBAoTHFRoYXd0ZSBD b25zdWx0aW5nIChQdHkpIEx0ZC4xLDAqBgNVBAMTI1RoYXd0ZSBQZXJzb25hbCBGcmVlbWFp bCBJc3N1aW5nIENBAgMONiwwegYLKoZIhvcNAQkQAgsxa6BpMGIxCzAJBgNVBAYTAlpBMSUw IwYDVQQKExxUaGF3dGUgQ29uc3VsdGluZyAoUHR5KSBMdGQuMSwwKgYDVQQDEyNUaGF3dGUg UGVyc29uYWwgRnJlZW1haWwgSXNzdWluZyBDQQIDDjYsMA0GCSqGSIb3DQEBAQUABIGAhXjC mEHnP8XnOGuA96bhithS1cHsJZ6fmFoyNER11mchojmMitOWLjme45g5gsvI58w05mefgd2x Tgx0G5gqGXsVE5c/rZMyGvYf6htVLEB+5xVCR6wmuSbe8eNrE52NPkZUJyVNwcq8GGKeItKm yCYqD8t7J6djGjhbY1xXjs4AAAAAAAA= --------------ms010603080807000708090302-- From owner-rancid-discuss-outgoing@shrubbery.net Tue May 10 07:34:15 2005 Return-Path: X-Original-To: rancid-discuss-archive@ni.shrubbery.net Delivered-To: rancid-discuss-archive@ni.shrubbery.net Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (Postfix) with ESMTP id C2D6211CE33 for ; Tue, 10 May 2005 07:34:14 +0000 (UTC) Received: by guelah.shrubbery.net (Postfix) id A393D864B6; Tue, 10 May 2005 07:34:13 +0000 (UTC) Delivered-To: rancid-discuss-outgoing@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 10007) id 9783F864B7; Tue, 10 May 2005 07:34:13 +0000 (UTC) X-Original-To: rancid-discuss@shrubbery.net Delivered-To: rancid-discuss@shrubbery.net Received: from byron.heanet.ie (byron.heanet.ie [193.1.219.90]) by guelah.shrubbery.net (Postfix) with ESMTP id A3CAE864B5 for ; Tue, 10 May 2005 07:34:09 +0000 (UTC) Received: from aine.heanet.ie ([2001:770:18:10:210:18ff:fe06:9bb0] ident=Debian-exim) by byron.heanet.ie with esmtpsa (TLSv1:DES-CBC3-SHA:168) (Exim 4.50) id 1DVPFe-0003yy-Cq for rancid-discuss@shrubbery.net; Tue, 10 May 2005 08:33:58 +0100 Received: from colin by aine.heanet.ie with local (Exim 4.50) id 1DVPFd-0000H7-GN for rancid-discuss@shrubbery.net; Tue, 10 May 2005 08:33:57 +0100 Date: Tue, 10 May 2005 08:33:57 +0100 From: Colin Whittaker To: rancid-discuss@shrubbery.net Subject: Re: can you use SecurID with rancid? Message-ID: <20050510073357.GA828@aine.heanet.ie> Reply-To: Colin Whittaker Mail-Followup-To: Colin Whittaker , rancid-discuss@shrubbery.net References: <20050510024713.GB245@root.ucsc.edu> <01LO2KMMDRQE000BOY@tmk.com> <20050510032301.GA504@root.ucsc.edu> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20050510032301.GA504@root.ucsc.edu> User-Agent: Mutt/1.5.8i Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk On Mon, May 09, 2005 at 08:23:01PM -0700, Mark Boolootian wrote: > All good points, but where am I left if I want to protect my network > gear with OTPs and still run rancid? It seems they are mutually > incompatible. I can create a single instance of a reusable password to be > used for rancid logins, but that doesn't improve the situation. Hi Mark, We use RSASecurIDs and Ciscos ACS TACACS+ software to do OTP passwords for all of our networking device. Rancid uses a fixed password account on ACS but is restricted to excuting only those commands it needs and as soon as I get arround to it I will also use ACS to restrict where the rancid user can login from. Colin -- Colin Whittaker colin.whittaker@heanet.ie Tel: +353 1 6609040 HEAnet NOC noc@heanet.ie iNOC-DBA: 1213*752 From owner-rancid-discuss-outgoing@shrubbery.net Tue May 10 11:57:32 2005 Return-Path: X-Original-To: rancid-discuss-archive@ni.shrubbery.net Delivered-To: rancid-discuss-archive@ni.shrubbery.net Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (Postfix) with ESMTP id DFA5311CE33 for ; Tue, 10 May 2005 11:57:31 +0000 (UTC) Received: by guelah.shrubbery.net (Postfix) id BD47C864B9; Tue, 10 May 2005 11:57:30 +0000 (UTC) Delivered-To: rancid-discuss-outgoing@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 10007) id B1ACF864BA; Tue, 10 May 2005 11:57:30 +0000 (UTC) X-Original-To: rancid-discuss@shrubbery.net Delivered-To: rancid-discuss@shrubbery.net Received: from eagle.aitken.com (eagle.aitken.com [198.137.194.213]) by guelah.shrubbery.net (Postfix) with ESMTP id EA917864B8 for ; Tue, 10 May 2005 11:57:29 +0000 (UTC) Received: by eagle.aitken.com (Postfix, from userid 1000) id 927D8B2475; Tue, 10 May 2005 07:57:17 -0400 (EDT) Date: Tue, 10 May 2005 07:57:17 -0400 From: Jeff Aitken To: Mark Boolootian Cc: rancid-discuss@shrubbery.net Subject: Re: can you use SecurID with rancid? Message-ID: <20050510115717.GA31430@eagle.aitken.com> References: <20050510024713.GB245@root.ucsc.edu> <01LO2KMMDRQE000BOY@tmk.com> <20050510032301.GA504@root.ucsc.edu> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20050510032301.GA504@root.ucsc.edu> User-Agent: Mutt/1.4.2i Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk On Mon, May 09, 2005 at 08:23:01PM -0700, Mark Boolootian wrote: > All good points, but where am I left if I want to protect my network > gear with OTPs and still run rancid? It seems they are mutually > incompatible. I can create a single instance of a reusable password to be > used for rancid logins, but that doesn't improve the situation. Presumably rancid won't be the only tool for which you'll need to solve this problem, so you do want to consider just how many holes and backdoors you go poking in things. For example, do you script config changes? What about allowing access by third parties (contractors, vendors, whatever)? How will you roll out a global network change if you have to do an OTP dance to get into each and every router? As you note, if you have a user who doesn't have to use OTPs, then this becomes a security through obscurity exercise (i.e., hope the attacker doesn't guess/find out about your "special" account). An alternative method is to limit VTY access to network devices to only a few trusted hosts, then make those hosts "more" secure. Use ACLs to limit VTY access to network devices to only two hosts, A and B. Next, require that users pass an OTP challenge, as well as supply a standard password, in order to access A or B. Then run rancid and whatever other tools you need on host A or host B. Ultimately, this means your network security depends on the integrity of the two hosts, which might be a better approach for you (or might not be, I don't know). Obviously, there are a lot of things you'll need to do in order to secure & maintain hosts A & B (firewalls, IDSes, having mroe than two hosts, and so on). --Jeff From owner-rancid-discuss-outgoing@shrubbery.net Tue May 10 13:33:09 2005 Return-Path: X-Original-To: rancid-discuss-archive@ni.shrubbery.net Delivered-To: rancid-discuss-archive@ni.shrubbery.net Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (Postfix) with ESMTP id 294B111CE33 for ; Tue, 10 May 2005 13:33:09 +0000 (UTC) Received: by guelah.shrubbery.net (Postfix) id 63841864BB; Tue, 10 May 2005 13:33:08 +0000 (UTC) Delivered-To: rancid-discuss-outgoing@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 10007) id 57A74864BC; Tue, 10 May 2005 13:33:08 +0000 (UTC) X-Original-To: rancid-discuss@shrubbery.net Delivered-To: rancid-discuss@shrubbery.net Received: from mail2.panix.com (mail2.panix.com [166.84.1.73]) by guelah.shrubbery.net (Postfix) with ESMTP id 87BDA864BA for ; Tue, 10 May 2005 13:33:07 +0000 (UTC) Received: from panix5.panix.com (panix5.panix.com [166.84.1.5]) by mail2.panix.com (Postfix) with ESMTP id 7842FA706A; Tue, 10 May 2005 09:33:06 -0400 (EDT) Received: (from eravin@localhost) by panix5.panix.com (8.11.6p3/8.8.8/PanixN1.1) id j4ADX2U09428; Tue, 10 May 2005 09:33:02 -0400 (EDT) Date: Tue, 10 May 2005 09:33:02 -0400 From: Ed Ravin To: Justin Grote Cc: booloo@ucsc.edu, rancid-discuss@shrubbery.net Subject: Re: can you use SecurID with rancid? Message-ID: <20050510133301.GD29597@panix.com> References: <20050510024713.GB245@root.ucsc.edu> <01LO2KMMDRQE000BOY@tmk.com> <01LO2LU0AZN2000BOY@tmk.com> <42803051.5070202@grote.name> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <42803051.5070202@grote.name> User-Agent: Mutt/1.4.2.1i X-Y-Z: 1, 2, 3? Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk On Mon, May 09, 2005 at 09:53:53PM -0600, Justin Grote wrote: ... > For the non-SSH routers, we use telnet and a TACACS username that is > restricted to the rancid host's IP only, and is only allowed to run the > show commands required by clogin and the "show run | exclude" password > command (which we modified clogin to run instead of show run), Could you go into more detail on your config for restricting the username to the rancid host? I haven't been able to figure that out yet. -- Ed From owner-rancid-discuss-outgoing@shrubbery.net Tue May 10 13:45:02 2005 Return-Path: X-Original-To: rancid-discuss-archive@ni.shrubbery.net Delivered-To: rancid-discuss-archive@ni.shrubbery.net Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (Postfix) with ESMTP id 160B711CE33 for ; Tue, 10 May 2005 13:45:01 +0000 (UTC) Received: by guelah.shrubbery.net (Postfix) id 8A9A5864BD; Tue, 10 May 2005 13:45:00 +0000 (UTC) Delivered-To: rancid-discuss-outgoing@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 10007) id 7ED63864BE; Tue, 10 May 2005 13:45:00 +0000 (UTC) X-Original-To: rancid-discuss@shrubbery.net Delivered-To: rancid-discuss@shrubbery.net Received: from mail3.panix.com (mail3.panix.com [166.84.1.74]) by guelah.shrubbery.net (Postfix) with ESMTP id AB917864BC for ; Tue, 10 May 2005 13:44:59 +0000 (UTC) Received: from panix5.panix.com (panix5.panix.com [166.84.1.5]) by mail3.panix.com (Postfix) with ESMTP id A0CD313A84A for ; Tue, 10 May 2005 09:44:58 -0400 (EDT) Received: (from eravin@localhost) by panix5.panix.com (8.11.6p3/8.8.8/PanixN1.1) id j4ADiwx22623 for rancid-discuss@shrubbery.net; Tue, 10 May 2005 09:44:58 -0400 (EDT) Date: Tue, 10 May 2005 09:44:58 -0400 From: Ed Ravin To: rancid-discuss@shrubbery.net Subject: hlogin and hp2424/4000/8000 ? Message-ID: <20050510134458.GF29597@panix.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.4.2.1i X-Y-Z: 1, 2, 3? Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk Has anyone got hrancid/hlogin working with the Procurve 2424/4000/8000 switches? It looks like hlogin is meant for a newer switch that has a more command-line like interface and an extra command or two. To get to the command prompt, you have to enter a couple of menu choices after logging in ("5", then "4", no carriage returns, then get a line with a VLAN prompt and enter a CR), and there's no router prompt to speak of because the telnet interface keeps sending cursor control characters to show you the current time in the upper right corner. From owner-rancid-discuss-outgoing@shrubbery.net Tue May 10 13:46:06 2005 Return-Path: X-Original-To: rancid-discuss-archive@ni.shrubbery.net Delivered-To: rancid-discuss-archive@ni.shrubbery.net Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (Postfix) with ESMTP id 1C0C211CE33 for ; Tue, 10 May 2005 13:46:06 +0000 (UTC) Received: by guelah.shrubbery.net (Postfix) id 5954B864C0; Tue, 10 May 2005 13:46:05 +0000 (UTC) Delivered-To: rancid-discuss-outgoing@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 10007) id 5308B864C1; Tue, 10 May 2005 13:46:05 +0000 (UTC) X-Original-To: rancid-discuss@shrubbery.net Delivered-To: rancid-discuss@shrubbery.net Received: from vmx50.multikabel.net (vmx50.multikabel.net [212.127.254.140]) by guelah.shrubbery.net (Postfix) with ESMTP id 36327864BF for ; Tue, 10 May 2005 13:46:03 +0000 (UTC) Received: from vmx100.multikabel.net ([212.127.254.147]) by vmx50.multikabel.net with esmtp (Exim 4.44) id 1DVV3C-0005ZG-TG for rancid-discuss@shrubbery.net; Tue, 10 May 2005 15:45:30 +0200 Received: from mackerel.Multikabel.nl (nl-alk1-rv-03.multikabel.net [213.132.174.10]) by vmx100.multikabel.net (8.13.3/8.13.3) with ESMTP id j4ADjMSp003193; Tue, 10 May 2005 15:45:28 +0200 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.132 Received: from [10.148.5.42] ([10.148.5.42]) by mackerel.Multikabel.nl with Microsoft SMTPSVC(6.0.3790.0); Tue, 10 May 2005 15:46:34 +0200 Message-ID: <4280BB3A.7060306@multikabel.nl> Date: Tue, 10 May 2005 15:46:34 +0200 From: Bas Haakman User-Agent: Mozilla Thunderbird 1.0 (Windows/20041206) X-Accept-Language: en-us, en MIME-Version: 1.0 To: Ed Ravin Cc: Justin Grote , booloo@ucsc.edu, rancid-discuss@shrubbery.net Subject: Re: can you use SecurID with rancid? References: <20050510024713.GB245@root.ucsc.edu> <01LO2KMMDRQE000BOY@tmk.com> <01LO2LU0AZN2000BOY@tmk.com> <42803051.5070202@grote.name> <20050510133301.GD29597@panix.com> In-Reply-To: <20050510133301.GD29597@panix.com> Content-Type: text/plain; charset="ISO-8859-1"; format=flowed Content-Transfer-Encoding: quoted-printable X-OriginalArrivalTime: 10 May 2005 13:46:34.0402 (UTC) FILETIME=[ADFD7020:01C55566] X-MultiKabel-MailScanner-Information: Please contact helpdesk@quicknet.nl for more information X-MultiKabel-MailScanner: Found to be clean X-MultiKabel-MailScanner-SpamCheck: X-MultiKabel-MX-MailScanner-Information: Please contact helpdesk@quicknet.nl for more information X-MultiKabel-MX-MailScanner: Found to be clean X-MultiKabel-MX-MailScanner-SpamCheck: X-MailScanner-From: bas.haakman@multikabel.nl Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk Hi, I can imagine that you can use the radius attribute "Calling-Station-Id" (which seems to be the host you login from on a cisco). bash Ed Ravin wrote: > On Mon, May 09, 2005 at 09:53:53PM -0600, Justin Grote wrote: > ... >=20 >>For the non-SSH routers, we use telnet and a TACACS username that is >>restricted to the rancid host's IP only, and is only allowed to run = the >>show commands required by clogin and the "show run | exclude" password >>command (which we modified clogin to run instead of show run), >=20 >=20 > Could you go into more detail on your config for restricting the > username to the rancid host? I haven't been able to figure that out = yet. >=20 > -- Ed *************************************************************************= ************************************ =20 Op deze e-mail is een disclaimer van toepassing, ga naar = http://www.multikabel.nl/emaildisclaimer =20 A disclaimer is applicable to this email, please refer to = http://www.multikabel.nl/emaildisclaimer =20 *************************************************************************= ************************************ From owner-rancid-discuss-outgoing@shrubbery.net Tue May 10 20:22:55 2005 Return-Path: X-Original-To: rancid-discuss-archive@ni.shrubbery.net Delivered-To: rancid-discuss-archive@ni.shrubbery.net Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (Postfix) with ESMTP id 3F80311CE33 for ; Tue, 10 May 2005 20:22:55 +0000 (UTC) Received: by guelah.shrubbery.net (Postfix) id 68CE9864AC; Tue, 10 May 2005 20:22:54 +0000 (UTC) Delivered-To: rancid-discuss-outgoing@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 10007) id 5C6FA864AF; Tue, 10 May 2005 20:22:54 +0000 (UTC) X-Original-To: rancid-discuss@shrubbery.net Delivered-To: rancid-discuss@shrubbery.net Received: from mgic.com (nexus1.mgic.com [199.244.166.1]) by guelah.shrubbery.net (Postfix) with ESMTP id 4D7DD864A0 for ; Tue, 10 May 2005 20:22:52 +0000 (UTC) Received: from WLNSMAIL1.mgic.com (wlnsmail1.mgic.com [144.122.202.114]) by mgic.com with ESMTP id j4AKMhn07869 for ; Tue, 10 May 2005 15:22:43 -0500 (CDT) X-MGIC-Received-Date: Tue, 10 May 2005 15:22:43 -0500 (CDT) To: rancid-discuss@shrubbery.net Subject: Rancid Access-lists MIME-Version: 1.0 X-Mailer: Lotus Notes Release 6.5.1 January 21, 2004 Message-ID: From: Mark Scheuber Date: Tue, 10 May 2005 15:22:43 -0500 X-MIMETrack: Serialize by Router on MGIC-MailSrv01/MGIC(Release 6.5.3|September 14, 2004) at 05/10/2005 03:22:43 PM, Serialize complete at 05/10/2005 03:22:43 PM Content-Type: text/plain; charset="US-ASCII" Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk Hi, I'm having a rather odd problem with RANCID. It's apparently sorting my Cisco ACL's by IP which is bad to say the least. I'm just wondering if anyone else has experienced this or knew of a way to shut this off? Thanks, Mark From owner-rancid-discuss-outgoing@shrubbery.net Tue May 10 20:23:49 2005 Return-Path: X-Original-To: rancid-discuss-archive@ni.shrubbery.net Delivered-To: rancid-discuss-archive@ni.shrubbery.net Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (Postfix) with ESMTP id 7E00111CE33 for ; Tue, 10 May 2005 20:23:49 +0000 (UTC) Received: by guelah.shrubbery.net (Postfix) id A4FEA864AF; Tue, 10 May 2005 20:23:48 +0000 (UTC) Delivered-To: rancid-discuss-outgoing@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 10007) id 9E3E2864BA; Tue, 10 May 2005 20:23:48 +0000 (UTC) X-Original-To: rancid-discuss@shrubbery.net Delivered-To: rancid-discuss@shrubbery.net Received: from rproxy.gmail.com (rproxy.gmail.com [64.233.170.193]) by guelah.shrubbery.net (Postfix) with ESMTP id AA7E2864AF for ; Tue, 10 May 2005 20:23:47 +0000 (UTC) Received: by rproxy.gmail.com with SMTP id 34so24705rns for ; Tue, 10 May 2005 13:23:44 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:reply-to:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition; b=TZQDbSUya/7SZ0pSYPJ0VUq/3vwB0Opo2TznA+p6f4SXBGLNp3zlODIlqkH5vlLKAGJjYMYIaINZHzTtZ3pP2Wy3vcrTb3yIskcYLs6ygiJIEadIQ7Abt41ZZvpL1xOVmZcd/QgxCuXg9qmuU17ZkKgXDCRNyrTYPbhe2IgjFOY= Received: by 10.38.8.33 with SMTP id 33mr14713rnh; Tue, 10 May 2005 13:23:44 -0700 (PDT) Received: by 10.38.8.43 with HTTP; Tue, 10 May 2005 13:23:44 -0700 (PDT) Message-ID: <5471c93d0505101323aaac3ec@mail.gmail.com> Date: Tue, 10 May 2005 16:23:44 -0400 From: Chris Stave Reply-To: Chris Stave To: Rancid Discussion List Subject: Adding cisco cluster support for RANCID Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Content-Disposition: inline Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk I am NOT including patches or anything here, but following my description you should be able to do everything I have done, probably better. I have enjoyed RANCID since I first installed it, it is nice, but it didn't get information from cluster members (many of the switches that I am dealing with are interfaceless cluster members accessable through the cluster commander by typing (eg.) rcommand 1) ... I initially tried to add an extra flag for cluster member to various parts of rancid, but after some progress I eventually ran into the fact that I had forgotten: I don't actually know expect, tcl, perl, or really any other scripting language enough to extend the scripts in the way that I was thinking of. Then the issue of cluster member configs was brought up again and I thought about the problem again. I now have rancid collecting configurations and information from my cluster member switches. What follows is how I did it (okay, this is how I should have done it, a few things have been added in where they should have been done rather than at later points in the process when i realized something was wrong and did them): While working on rancid it is a good idea to stop it from running every hour ... I got this all working on a test system rather than a production system, but it was still running every hour... that can cause strangeness when you've only changed some things that need to be changed, not all of them... I made three copies of clogin -- cm1login, cm2login, and cm3login, to log into cluster member 1, 2, and 3, respectively (if you have any 5+ member clusters then you will have to make more cmXlogins). I edited these to include include sending "rcommand 1(or 2, or 3)" to the switch (I tacked this on to the enable section for quickness and I figured it would work there) -- I also had to include an extra "quit" at the end of the process so that when leaving the cluster member it did not get stuck at the cluster commander. I then had to make three new versions of rancid (cm1rancid, cm2rancid, and cm3rancid), based upon the original rancid. These changes were easy, just search and replace clogin with the appropriate new cm1login (or cm2login, etc.)... Then I edited rancid-fe to include three new device types, ccm1, ccm2, and ccm3, each pointing to the appropriate edited rancid. Finally, I had to add three new groups (one for each cluster member type), since if they were all in one router.db like so: 10.0.0.x:cisco:up 10.0.0.x:ccm1:up it didn't work, as the information from the cluster member overwrote the information from the cluster commander. So I made 3 new groups (and associated aliases) for cluster member 1s, cluster member 2s, and cluster member 3s, respectively. I populated their router.db lists and all was well. It was pretty easy, required no specific knowledge of scripting beyond looking up a few surrounding commands and matching syntax within files, and worked. It is not elegant, pretty, well documented, error-resistant, or even non-horrible (rcommand in the enable section?!), but it seems to be working (I haven't had it going for long, it might be overly error-prone or generally unreliable) Comments? Questions? From owner-rancid-discuss-outgoing@shrubbery.net Wed May 11 03:22:06 2005 Return-Path: X-Original-To: rancid-discuss-archive@ni.shrubbery.net Delivered-To: rancid-discuss-archive@ni.shrubbery.net Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (Postfix) with ESMTP id E1EEA11CE33 for ; Wed, 11 May 2005 03:22:05 +0000 (UTC) Received: by guelah.shrubbery.net (Postfix) id 0C883864BE; Wed, 11 May 2005 03:22:05 +0000 (UTC) Delivered-To: rancid-discuss-outgoing@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 10007) id 008FB864C1; Wed, 11 May 2005 03:22:05 +0000 (UTC) X-Original-To: rancid-discuss@shrubbery.net Delivered-To: rancid-discuss@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 7053) id 541A7864BF; Wed, 11 May 2005 03:22:04 +0000 (UTC) Date: Tue, 10 May 2005 20:22:04 -0700 From: john heasley To: Mark Scheuber Cc: rancid-discuss@shrubbery.net Subject: Re: Rancid Access-lists Message-ID: <20050511032204.GD26198@shrubbery.net> References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.4.2.1i X-PGPkey: http://www.shrubbery.net/~heas/public-key.asc X-note: live free, or die! X-homer: i just want to have a beer while i am caring. Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk Tue, May 10, 2005 at 03:22:43PM -0500, Mark Scheuber: > Hi, I'm having a rather odd problem with RANCID. It's apparently sorting > my Cisco ACL's by IP which is bad to say the least. I'm just wondering > if anyone else has experienced this or knew of a way to shut this off? rancid sorts a few of the ACL "types", but not all. there are no knobs to adjust this behavior. I thought that we only adjusted those which could be without buggering it. example, please? From owner-rancid-discuss-outgoing@shrubbery.net Wed May 11 14:09:28 2005 Return-Path: X-Original-To: rancid-discuss-archive@ni.shrubbery.net Delivered-To: rancid-discuss-archive@ni.shrubbery.net Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (Postfix) with ESMTP id F010411CE33 for ; Wed, 11 May 2005 14:09:27 +0000 (UTC) Received: by guelah.shrubbery.net (Postfix) id 0CB74864C3; Wed, 11 May 2005 14:09:27 +0000 (UTC) Delivered-To: rancid-discuss-outgoing@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 10007) id 0726C864C4; Wed, 11 May 2005 14:09:27 +0000 (UTC) X-Original-To: rancid-discuss@shrubbery.net Delivered-To: rancid-discuss@shrubbery.net Received: from mgic.com (nexus1.mgic.com [199.244.166.1]) by guelah.shrubbery.net (Postfix) with ESMTP id 55E55864C1; Wed, 11 May 2005 14:09:25 +0000 (UTC) Received: from WLNSMAIL1.mgic.com (wlnsmail1.mgic.com [144.122.202.114]) by mgic.com with ESMTP id j4BE9In12092 ; Wed, 11 May 2005 09:09:18 -0500 (CDT) X-MGIC-Received-Date: Wed, 11 May 2005 09:09:18 -0500 (CDT) In-Reply-To: <20050511032204.GD26198@shrubbery.net> To: john heasley Cc: owner-rancid-discuss@shrubbery.net, rancid-discuss@shrubbery.net Subject: Re: Rancid Access-lists MIME-Version: 1.0 X-Mailer: Lotus Notes Release 6.5.1 January 21, 2004 Message-ID: From: Mark Scheuber Date: Wed, 11 May 2005 09:09:17 -0500 X-MIMETrack: Serialize by Router on MGIC-MailSrv01/MGIC(Release 6.5.3|September 14, 2004) at 05/11/2005 09:09:18 AM, Serialize complete at 05/11/2005 09:09:18 AM Content-Type: text/plain; charset="US-ASCII" Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk John - Spending more time looking at this, the config lines could be moved without impacting any functionality. Due to the nature of the router it has several locations that if it receives traffic from it drops it, if it has any other traffic it's supposed to log. This is simply in place to reduce log volume. It's currently not having that much of an impact other than sending an auditor scrambling and causing a caveat for router restores. access-list 122 deny ip any any log access-list 122 deny ip any access-list 122 deny ip any access-list 122 deny ip any access-list 122 deny ip any access-list 122 deny ip any access-list 122 deny ip any access-list 122 deny ip any I also have several ACL's that are optimized by packet hits given the large amount of traffic and RANCID sorts those as well. So these aren't necessarily functional problems so much as performance and audit issues. I suppose I can hack up the script to turn this off, but I'd imagine other people might possibly run into the same problem. Thanks, Mark mark_scheuber@mgic.com john heasley Sent by: owner-rancid-discuss@shrubbery.net 05/10/2005 10:22 PM To Mark Scheuber cc rancid-discuss@shrubbery.net Subject Re: Rancid Access-lists Tue, May 10, 2005 at 03:22:43PM -0500, Mark Scheuber: > Hi, I'm having a rather odd problem with RANCID. It's apparently sorting > my Cisco ACL's by IP which is bad to say the least. I'm just wondering > if anyone else has experienced this or knew of a way to shut this off? rancid sorts a few of the ACL "types", but not all. there are no knobs to adjust this behavior. I thought that we only adjusted those which could be without buggering it. example, please? From owner-rancid-discuss-outgoing@shrubbery.net Wed May 11 17:57:12 2005 Return-Path: X-Original-To: rancid-discuss-archive@ni.shrubbery.net Delivered-To: rancid-discuss-archive@ni.shrubbery.net Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (Postfix) with ESMTP id 76ADC11CE33 for ; Wed, 11 May 2005 17:57:12 +0000 (UTC) Received: by guelah.shrubbery.net (Postfix) id 785D9864C4; Wed, 11 May 2005 17:57:11 +0000 (UTC) Delivered-To: rancid-discuss-outgoing@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 10007) id 729E7864C6; Wed, 11 May 2005 17:57:11 +0000 (UTC) X-Original-To: rancid-discuss@shrubbery.net Delivered-To: rancid-discuss@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 7053) id BA94C864C5; Wed, 11 May 2005 17:57:10 +0000 (UTC) Date: Wed, 11 May 2005 10:57:10 -0700 From: john heasley To: Ed Ravin Cc: rancid-discuss@shrubbery.net Subject: Re: hlogin and hp2424/4000/8000 ? Message-ID: <20050511175710.GD3704@shrubbery.net> References: <20050510134458.GF29597@panix.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20050510134458.GF29597@panix.com> User-Agent: Mutt/1.4.2.1i X-PGPkey: http://www.shrubbery.net/~heas/public-key.asc X-note: live free, or die! X-homer: i just want to have a beer while i am caring. Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk Tue, May 10, 2005 at 09:44:58AM -0400, Ed Ravin: > Has anyone got hrancid/hlogin working with the Procurve 2424/4000/8000 > switches? It looks like hlogin is meant for a newer switch that has > a more command-line like interface and an extra command or two. To > get to the command prompt, you have to enter a couple of menu choices > after logging in ("5", then "4", no carriage returns, then get a line > with a VLAN prompt and enter a CR), and there's no router prompt to speak > of because the telnet interface keeps sending cursor control characters > to show you the current time in the upper right corner. I'm not really keen on supporting such platforms. Changes to the menus are very likely, such that those selections no longer invoke the CLI. To handle that in a reasonable way, hlogin would have to grovel the menu and pick out the selections - not pleasant. HP is a particular PITA, as their interface produces gobs of vt screen handling codes that are a real bugger to filter. % script hplog % telnet switch will give you a good idea. you're welcome to send the log; maybe these actually have clean output. From owner-rancid-discuss-outgoing@shrubbery.net Thu May 12 01:20:49 2005 Return-Path: X-Original-To: rancid-discuss-archive@ni.shrubbery.net Delivered-To: rancid-discuss-archive@ni.shrubbery.net Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (Postfix) with ESMTP id 75C2211CE2F for ; Thu, 12 May 2005 01:20:49 +0000 (UTC) Received: by guelah.shrubbery.net (Postfix) id 327FA864C7; Thu, 12 May 2005 01:20:48 +0000 (UTC) Delivered-To: rancid-discuss-outgoing@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 10007) id 2CA78864C8; Thu, 12 May 2005 01:20:48 +0000 (UTC) X-Original-To: rancid-discuss@shrubbery.net Delivered-To: rancid-discuss@shrubbery.net Received: from mail2.panix.com (mail2.panix.com [166.84.1.73]) by guelah.shrubbery.net (Postfix) with ESMTP id 06A59864C6; Thu, 12 May 2005 01:20:42 +0000 (UTC) Received: from panix5.panix.com (panix5.panix.com [166.84.1.5]) by mail2.panix.com (Postfix) with ESMTP id ED7E6A70A5; Wed, 11 May 2005 21:20:41 -0400 (EDT) Received: (from eravin@localhost) by panix5.panix.com (8.11.6p3/8.8.8/PanixN1.1) id j4C1KfY03422; Wed, 11 May 2005 21:20:41 -0400 (EDT) Date: Wed, 11 May 2005 21:20:41 -0400 From: Ed Ravin To: john heasley Cc: rancid-discuss@shrubbery.net Subject: Re: hlogin and hp2424/4000/8000 ? Message-ID: <20050512012041.GA11438@panix.com> References: <20050510134458.GF29597@panix.com> <20050511175710.GD3704@shrubbery.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20050511175710.GD3704@shrubbery.net> User-Agent: Mutt/1.4.2.1i X-Y-Z: 1, 2, 3? Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk On Wed, May 11, 2005 at 10:57:10AM -0700, john heasley wrote: > Tue, May 10, 2005 at 09:44:58AM -0400, Ed Ravin: > > Has anyone got hrancid/hlogin working with the Procurve 2424/4000/8000 > > switches? It looks like hlogin is meant for a newer switch that has > > a more command-line like interface and an extra command or two. To > > get to the command prompt, you have to enter a couple of menu choices > > after logging in ("5", then "4", no carriage returns, then get a line > > with a VLAN prompt and enter a CR), and there's no router prompt to speak > > of because the telnet interface keeps sending cursor control characters > > to show you the current time in the upper right corner. > > I'm not really keen on supporting such platforms. Changes to the menus > are very likely, such that those selections no longer invoke the CLI. This particular platform hasn't changed its top-level menu for years, and the boxes are getting old enough that I doubt HP will do anything other than fix bugs in future firmware revs. > HP is a particular PITA, as their interface produces gobs of vt screen > handling codes that are a real bugger to filter. > > % script hplog > % telnet switch > > will give you a good idea. you're welcome to send the log; maybe these > actually have clean output. No, the input is extremely ugly, although once you get to command line mode and start dumping things it's not too horrid (you still have to hit space at each "MORE" prompt). I'll send in a sample. From owner-rancid-discuss-outgoing@shrubbery.net Thu May 12 22:12:08 2005 Return-Path: X-Original-To: rancid-discuss-archive@ni.shrubbery.net Delivered-To: rancid-discuss-archive@ni.shrubbery.net Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (Postfix) with ESMTP id D861511CE32 for ; Thu, 12 May 2005 22:12:07 +0000 (UTC) Received: by guelah.shrubbery.net (Postfix) id C532D86490; Thu, 12 May 2005 22:12:06 +0000 (UTC) Delivered-To: rancid-discuss-outgoing@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 10007) id BD7E786498; Thu, 12 May 2005 22:12:06 +0000 (UTC) X-Original-To: rancid-discuss@shrubbery.net Delivered-To: rancid-discuss@shrubbery.net Received: from mgic.com (nexus1.mgic.com [199.244.166.1]) by guelah.shrubbery.net (Postfix) with ESMTP id D9D2186490 for ; Thu, 12 May 2005 22:12:05 +0000 (UTC) Received: from WLNSMAIL1.mgic.com (wlnsmail1.mgic.com [144.122.202.114]) by mgic.com with ESMTP id j4CMBwn08446 for ; Thu, 12 May 2005 17:11:58 -0500 (CDT) X-MGIC-Received-Date: Thu, 12 May 2005 17:11:58 -0500 (CDT) To: rancid-discuss@shrubbery.net Subject: Cisco/EMC 9500 Series Switches MIME-Version: 1.0 X-Mailer: Lotus Notes Release 6.5.1 January 21, 2004 Message-ID: From: Mark Scheuber Date: Thu, 12 May 2005 17:11:57 -0500 X-MIMETrack: Serialize by Router on MGIC-MailSrv01/MGIC(Release 6.5.3|September 14, 2004) at 05/12/2005 05:11:58 PM, Serialize complete at 05/12/2005 05:11:58 PM Content-Type: text/plain; charset="US-ASCII" Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk Just wondering if anyone has had any experience using RANCID with the Cisco SAN switches? I'm specifically looking at using it with the 9500 series. Thanks, Mark Scheuber OS Analyst 270 E. Kilbourn Ave. Milwaukee, WI 53202 414.347.6899 800.558.9900 x6899 mark_scheuber@mgic.com From owner-rancid-discuss-outgoing@shrubbery.net Thu May 12 23:08:20 2005 Return-Path: X-Original-To: rancid-discuss-archive@ni.shrubbery.net Delivered-To: rancid-discuss-archive@ni.shrubbery.net Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (Postfix) with ESMTP id 4F9EF11CE32 for ; Thu, 12 May 2005 23:08:20 +0000 (UTC) Received: by guelah.shrubbery.net (Postfix) id 4D40E864CC; Thu, 12 May 2005 23:08:19 +0000 (UTC) Delivered-To: rancid-discuss-outgoing@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 10007) id 405EA864CD; Thu, 12 May 2005 23:08:19 +0000 (UTC) X-Original-To: rancid-discuss@shrubbery.net Delivered-To: rancid-discuss@shrubbery.net Received: from ram.onthenet.com.au (ram.OntheNet.com.au [203.13.70.53]) by guelah.shrubbery.net (Postfix) with ESMTP id 19469864CB for ; Thu, 12 May 2005 23:08:13 +0000 (UTC) Received: from tankengine (nws.austar.com.au [203.22.17.242]) (authenticated bits=0) by ram.onthenet.com.au (8.12.9 - 20030918/8.12.9) with ESMTP id j4CN7xjr006765 for ; Fri, 13 May 2005 09:08:03 +1000 (EST) (envelope-from th@layer7.com.au) Message-Id: <200505122308.j4CN7xjr006765@ram.onthenet.com.au> From: To: Subject: All supported devices Date: Fri, 13 May 2005 09:07:53 +1000 MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit X-Mailer: Microsoft Office Outlook, Build 11.0.6353 Thread-Index: AcVXR20BJAz9mDo4ScGzDNR3EHooEw== X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2527 Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk Hi All, I've recently installed RANCID and have it collecting configs from Cisco switches and routers and PIX firewalls. I'd like to know if there is a full list of supported devices, both "out of the box" and any addon modules that people might have hacked up, as I'd really like to go "RANCID mad" and add as many devices as possible. Thanks, Thomas From owner-rancid-discuss-outgoing@shrubbery.net Thu May 12 23:55:34 2005 Return-Path: X-Original-To: rancid-discuss-archive@ni.shrubbery.net Delivered-To: rancid-discuss-archive@ni.shrubbery.net Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (Postfix) with ESMTP id 4304111CE32 for ; Thu, 12 May 2005 23:55:34 +0000 (UTC) Received: by guelah.shrubbery.net (Postfix) id 594AA864CE; Thu, 12 May 2005 23:55:33 +0000 (UTC) Delivered-To: rancid-discuss-outgoing@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 10007) id 4D570864D0; Thu, 12 May 2005 23:55:33 +0000 (UTC) X-Original-To: rancid-discuss@shrubbery.net Delivered-To: rancid-discuss@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 7053) id A6D09864CF; Thu, 12 May 2005 23:55:32 +0000 (UTC) Date: Thu, 12 May 2005 16:55:32 -0700 From: john heasley To: Mark Scheuber Cc: rancid-discuss@shrubbery.net Subject: Re: Cisco/EMC 9500 Series Switches Message-ID: <20050512235532.GI28606@shrubbery.net> References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.4.2.1i X-PGPkey: http://www.shrubbery.net/~heas/public-key.asc X-note: live free, or die! X-homer: i just want to have a beer while i am caring. Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk Thu, May 12, 2005 at 05:11:57PM -0500, Mark Scheuber: > Just wondering if anyone has had any experience using RANCID with the > Cisco SAN switches? I'm specifically looking at using it with the 9500 > series. Thanks, I'm not familiar with that platform. try it and post if it doesnt work or if some data is missing. From owner-rancid-discuss-outgoing@shrubbery.net Fri May 13 00:01:04 2005 Return-Path: X-Original-To: rancid-discuss-archive@ni.shrubbery.net Delivered-To: rancid-discuss-archive@ni.shrubbery.net Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (Postfix) with ESMTP id 2E7B711CE32 for ; Fri, 13 May 2005 00:01:04 +0000 (UTC) Received: by guelah.shrubbery.net (Postfix) id 58BEF864D0; Fri, 13 May 2005 00:01:03 +0000 (UTC) Delivered-To: rancid-discuss-outgoing@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 10007) id 4BFF2864D2; Fri, 13 May 2005 00:01:03 +0000 (UTC) X-Original-To: rancid-discuss@shrubbery.net Delivered-To: rancid-discuss@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 7053) id 9E85E864D1; Fri, 13 May 2005 00:01:02 +0000 (UTC) Date: Thu, 12 May 2005 17:01:02 -0700 From: john heasley To: rancid@layer7.com.au Cc: rancid-discuss@shrubbery.net Subject: Re: All supported devices Message-ID: <20050513000102.GL28606@shrubbery.net> References: <200505122308.j4CN7xjr006765@ram.onthenet.com.au> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <200505122308.j4CN7xjr006765@ram.onthenet.com.au> User-Agent: Mutt/1.4.2.1i X-PGPkey: http://www.shrubbery.net/~heas/public-key.asc X-note: live free, or die! X-homer: i just want to have a beer while i am caring. Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk Fri, May 13, 2005 at 09:07:53AM +1000, rancid@layer7.com.au: > Hi All, > > I've recently installed RANCID and have it collecting configs from Cisco > switches and routers and PIX firewalls. > > I'd like to know if there is a full list of supported devices, both "out of > the box" and any addon modules that people might have hacked up, as I'd > really like to go "RANCID mad" and add as many devices as possible. see rancid(1). it doesnt list every possible model, but most work. From owner-rancid-discuss-outgoing@shrubbery.net Fri May 13 16:19:40 2005 Return-Path: X-Original-To: rancid-discuss-archive@ni.shrubbery.net Delivered-To: rancid-discuss-archive@ni.shrubbery.net Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (Postfix) with ESMTP id B27A211CE32 for ; Fri, 13 May 2005 16:19:40 +0000 (UTC) Received: by guelah.shrubbery.net (Postfix) id EC0D8864D3; Fri, 13 May 2005 16:19:39 +0000 (UTC) Delivered-To: rancid-discuss-outgoing@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 10007) id E0551864D4; Fri, 13 May 2005 16:19:39 +0000 (UTC) X-Original-To: rancid-discuss@shrubbery.net Delivered-To: rancid-discuss@shrubbery.net Received: from rproxy.gmail.com (rproxy.gmail.com [64.233.170.200]) by guelah.shrubbery.net (Postfix) with ESMTP id F24D7864D2 for ; Fri, 13 May 2005 16:19:38 +0000 (UTC) Received: by rproxy.gmail.com with SMTP id 34so130167rns for ; Fri, 13 May 2005 09:19:35 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:reply-to:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition; b=VpJUGbNEfsfT4tBsFzrMIopPwYy1pkROCfPj5lj9476XwV33t18xcv+KCCk+4fXplMpVMGmnrwLsiLuK5uF23PprSoF+z7BCXAd26LqId0wCFSkJN/VMk7WaDQDtkpNwaC5bD3eQiElQ04jyKf0LK63+1Yc6dTROxD3T3UMjQG8= Received: by 10.38.6.14 with SMTP id 14mr9269rnf; Tue, 10 May 2005 08:37:08 -0700 (PDT) Received: by 10.38.8.43 with HTTP; Tue, 10 May 2005 08:37:08 -0700 (PDT) Message-ID: <5471c93d050510083736e22032@mail.gmail.com> Date: Tue, 10 May 2005 11:37:08 -0400 From: Chris Stave Reply-To: Chris Stave To: Rancid Discussion List Subject: trying to add Cisco clustering support to rancid -- almost done Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Content-Disposition: inline Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk I'm trying to add support for clustering into rancid, I'm on my second attempt, and this time I'm almost done (I'll describe the process and provide code when I'm done)... I've just got one question/problem to solve before it is done (or at least testable): at the end of processing a switch rancid logs out of the switch; where is this done? I need to add a second 'exit' command there, but I'm not sure where it does this. (a line number would be completely ideal, since my knowledge of scripting is a bit questionable) Any advice on this would be great... From owner-rancid-discuss-outgoing@shrubbery.net Fri May 13 18:29:43 2005 Return-Path: X-Original-To: rancid-discuss-archive@ni.shrubbery.net Delivered-To: rancid-discuss-archive@ni.shrubbery.net Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (Postfix) with ESMTP id CBF0B11CE32 for ; Fri, 13 May 2005 18:29:43 +0000 (UTC) Received: by guelah.shrubbery.net (Postfix) id BFE54864D6; Fri, 13 May 2005 18:29:42 +0000 (UTC) Delivered-To: rancid-discuss-outgoing@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 10007) id B441F864D7; Fri, 13 May 2005 18:29:42 +0000 (UTC) X-Original-To: rancid-discuss@shrubbery.net Delivered-To: rancid-discuss@shrubbery.net Received: from tower.partan.com (tower.partan.com [198.6.255.248]) by guelah.shrubbery.net (Postfix) with ESMTP id DEE9C864D4 for ; Fri, 13 May 2005 18:29:41 +0000 (UTC) Received: from tower.partan.com (localhost.partan.com [127.0.0.1]) by tower.partan.com (8.12.9p2/8.12.9) with ESMTP id j4DITckD034191; Fri, 13 May 2005 14:29:38 -0400 (EDT) (envelope-from asp@tower.partan.com) Received: (from asp@localhost) by tower.partan.com (8.12.9p2/8.12.9/Submit) id j4DITb5f034188; Fri, 13 May 2005 14:29:37 -0400 (EDT) (envelope-from asp) Date: Fri, 13 May 2005 14:29:37 -0400 From: Andrew Partan To: Chris Stave Cc: Rancid Discussion List Subject: Re: trying to add Cisco clustering support to rancid -- almost done Message-ID: <20050513182937.GA33986@partan.com> References: <5471c93d050510083736e22032@mail.gmail.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <5471c93d050510083736e22032@mail.gmail.com> User-Agent: Mutt/1.4.2.1i Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk On Tue, May 10, 2005 at 11:37:08AM -0400, Chris Stave wrote: > at the end of processing a switch rancid logs out of the switch; where > is this done? I need to add a second 'exit' command there, but I'm > not sure where it does this. (a line number would be completely > ideal, since my knowledge of scripting is a bit questionable) Its in clogin; look for this line: send "exit\r" Or you could add it to the list of commands in bin/rancid; I'd try adding it to the end of $cisco_cmds. This may be harder, since rancid looks for 'quit' to see if its done running all of the commands; if it sees 'quit', than rancid figures its done with all of its work and stops. I'm not quite sure what needs to be changed so that you can have quit commands to log out of parts of the cluster, but then still have more commands left. I don't know what cisco cluster stuff looks like, but for HFR support, we had to add commands like these: admin show diag - which means to run show diag in admin mode. Does cisco support anything sorta like run_on cluster_node 3 show something ? If so, adding commands like these to the list of commands would be trivial. I just think that we are going to run into problems with rancid's control logic if we want to spit a serias of commands like this to some cluster: show version show diag login cluster_node 1 show version show diag exit login cluster_node 2 show version show diag exit show running-config exit These embedded 'exit' commands are really going to mess things up. rancid's control logic is really very simple right now; all that it knows is that is runs a series of commands and that the last command is 'exit', and that when it sees 'exit', its done & its an error if there are commands left over. --asp From owner-rancid-discuss-outgoing@shrubbery.net Fri May 13 18:32:27 2005 Return-Path: X-Original-To: rancid-discuss-archive@ni.shrubbery.net Delivered-To: rancid-discuss-archive@ni.shrubbery.net Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (Postfix) with ESMTP id 828CE11CE32 for ; Fri, 13 May 2005 18:32:27 +0000 (UTC) Received: by guelah.shrubbery.net (Postfix) id BFCC3864D9; Fri, 13 May 2005 18:32:26 +0000 (UTC) Delivered-To: rancid-discuss-outgoing@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 10007) id B5848864DB; Fri, 13 May 2005 18:32:26 +0000 (UTC) X-Original-To: rancid-discuss@shrubbery.net Delivered-To: rancid-discuss@shrubbery.net Received: from S2.cableone.net (smtp2.cableone.net [24.116.0.228]) by guelah.shrubbery.net (Postfix) with ESMTP id 81B89864D9 for ; Fri, 13 May 2005 18:32:25 +0000 (UTC) Received: from [192.168.1.100] (unverified [24.116.146.115]) by S2.cableone.net (CableOne SMTP Service S2) with ESMTP id 19766337 for multiple; Fri, 13 May 2005 12:02:58 -0700 Message-ID: <4284F29E.20307@grote.name> Date: Fri, 13 May 2005 12:31:58 -0600 From: Justin Grote User-Agent: Mozilla Thunderbird 1.0.2 (Windows/20050317) X-Accept-Language: en-us, en MIME-Version: 1.0 To: Andrew Partan Cc: rancid-discuss@shrubbery.net Subject: Re: trying to add Cisco clustering support to rancid -- almost done References: <5471c93d050510083736e22032@mail.gmail.com> <20050513182937.GA33986@partan.com> In-Reply-To: <20050513182937.GA33986@partan.com> Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg=sha1; boundary="------------ms020204010803020002000102" X-IP-stats: Incoming Last 0, First 15, in=9, out=0, spam=0 X-External-IP: 24.116.146.115 X-Abuse-Info: Send abuse complaints to abuse@cableone.net Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk This is a cryptographically signed message in MIME format. --------------ms020204010803020002000102 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Andrew Partan wrote: >On Tue, May 10, 2005 at 11:37:08AM -0400, Chris Stave wrote: > > >>at the end of processing a switch rancid logs out of the switch; where >>is this done? I need to add a second 'exit' command there, but I'm >>not sure where it does this. (a line number would be completely >>ideal, since my knowledge of scripting is a bit questionable) >> >> Just out of curiosity, is there some reason you can't just assign IP addresses to the VLAN interface of the individual switches and capture normally? I know that it's not the most elegant solution, but you sure do seem to be going to a lot of work to achieve a goal that can be accomplished otherwise rather simply (plus you get the added granularity of one config per switch, rather than a giant cluster config). -- __________________________ Justin Grote Network Architect JWG Networks --------------ms020204010803020002000102 Content-Type: application/x-pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" Content-Description: S/MIME Cryptographic Signature MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIH4TCC AkswggG0oAMCAQICAw42LDANBgkqhkiG9w0BAQQFADBiMQswCQYDVQQGEwJaQTElMCMGA1UE ChMcVGhhd3RlIENvbnN1bHRpbmcgKFB0eSkgTHRkLjEsMCoGA1UEAxMjVGhhd3RlIFBlcnNv bmFsIEZyZWVtYWlsIElzc3VpbmcgQ0EwHhcNMDUwMzA4MTM1MTE1WhcNMDYwMzA4MTM1MTE1 WjBDMR8wHQYDVQQDExZUaGF3dGUgRnJlZW1haWwgTWVtYmVyMSAwHgYJKoZIhvcNAQkBFhFq dXN0aW5AZ3JvdGUubmFtZTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAutQqzFrfSmOU 35//szKNQ2UnvIH8eeb45ch1TM23m2Qp48hYjwzLcR+RZgDBLu3pX9eA33UUKACWxCZLMumT OCT8RrHVIcYPISxoBIXzkqElU2JE+ROoB1nk3B0cC3QWjV6Y4PJfZT0Y1dYKfxV2wpSGDcDe pN52h0bo9FCW+WMCAwEAAaMuMCwwHAYDVR0RBBUwE4ERanVzdGluQGdyb3RlLm5hbWUwDAYD VR0TAQH/BAIwADANBgkqhkiG9w0BAQQFAAOBgQCYrErHf8k+ilkVIikXrzBr3iGSP5zcr11/ fe06atR/i+xORUOBkoEEnTos2aAyAdhvof602gOIhc0H698g0kbC2G6WBVUvDynVFjpD8ipL dazYsqe1xvgz58cOhW/vSDArZ5sRlEl9eiYVZ8p0nTu9sBah/gvbQdx1mmpJneTamjCCAksw ggG0oAMCAQICAw42LDANBgkqhkiG9w0BAQQFADBiMQswCQYDVQQGEwJaQTElMCMGA1UEChMc VGhhd3RlIENvbnN1bHRpbmcgKFB0eSkgTHRkLjEsMCoGA1UEAxMjVGhhd3RlIFBlcnNvbmFs IEZyZWVtYWlsIElzc3VpbmcgQ0EwHhcNMDUwMzA4MTM1MTE1WhcNMDYwMzA4MTM1MTE1WjBD MR8wHQYDVQQDExZUaGF3dGUgRnJlZW1haWwgTWVtYmVyMSAwHgYJKoZIhvcNAQkBFhFqdXN0 aW5AZ3JvdGUubmFtZTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAutQqzFrfSmOU35// szKNQ2UnvIH8eeb45ch1TM23m2Qp48hYjwzLcR+RZgDBLu3pX9eA33UUKACWxCZLMumTOCT8 RrHVIcYPISxoBIXzkqElU2JE+ROoB1nk3B0cC3QWjV6Y4PJfZT0Y1dYKfxV2wpSGDcDepN52 h0bo9FCW+WMCAwEAAaMuMCwwHAYDVR0RBBUwE4ERanVzdGluQGdyb3RlLm5hbWUwDAYDVR0T AQH/BAIwADANBgkqhkiG9w0BAQQFAAOBgQCYrErHf8k+ilkVIikXrzBr3iGSP5zcr11/fe06 atR/i+xORUOBkoEEnTos2aAyAdhvof602gOIhc0H698g0kbC2G6WBVUvDynVFjpD8ipLdazY sqe1xvgz58cOhW/vSDArZ5sRlEl9eiYVZ8p0nTu9sBah/gvbQdx1mmpJneTamjCCAz8wggKo oAMCAQICAQ0wDQYJKoZIhvcNAQEFBQAwgdExCzAJBgNVBAYTAlpBMRUwEwYDVQQIEwxXZXN0 ZXJuIENhcGUxEjAQBgNVBAcTCUNhcGUgVG93bjEaMBgGA1UEChMRVGhhd3RlIENvbnN1bHRp bmcxKDAmBgNVBAsTH0NlcnRpZmljYXRpb24gU2VydmljZXMgRGl2aXNpb24xJDAiBgNVBAMT G1RoYXd0ZSBQZXJzb25hbCBGcmVlbWFpbCBDQTErMCkGCSqGSIb3DQEJARYccGVyc29uYWwt ZnJlZW1haWxAdGhhd3RlLmNvbTAeFw0wMzA3MTcwMDAwMDBaFw0xMzA3MTYyMzU5NTlaMGIx CzAJBgNVBAYTAlpBMSUwIwYDVQQKExxUaGF3dGUgQ29uc3VsdGluZyAoUHR5KSBMdGQuMSww KgYDVQQDEyNUaGF3dGUgUGVyc29uYWwgRnJlZW1haWwgSXNzdWluZyBDQTCBnzANBgkqhkiG 9w0BAQEFAAOBjQAwgYkCgYEAxKY8VXNV+065yplaHmjAdQRwnd/p/6Me7L3N9VvyGna9fww6 YfK/Uc4B1OVQCjDXAmNaLIkVcI7dyfArhVqqP3FWy688Cwfn8R+RNiQqE88r1fOCdz0Dviv+ uxg+B79AgAJk16emu59l0cUqVIUPSAR/p7bRPGEEQB5kGXJgt/sCAwEAAaOBlDCBkTASBgNV HRMBAf8ECDAGAQH/AgEAMEMGA1UdHwQ8MDowOKA2oDSGMmh0dHA6Ly9jcmwudGhhd3RlLmNv bS9UaGF3dGVQZXJzb25hbEZyZWVtYWlsQ0EuY3JsMAsGA1UdDwQEAwIBBjApBgNVHREEIjAg pB4wHDEaMBgGA1UEAxMRUHJpdmF0ZUxhYmVsMi0xMzgwDQYJKoZIhvcNAQEFBQADgYEASIzR UIPqCy7MDaNmrGcPf6+svsIXoUOWlJ1/TCG4+DYfqi2fNi/A9BxQIJNwPP2t4WFiw9k6GX6E sZkbAMUaC4J0niVQlGLH2ydxVyWN3amcOY6MIE9lX5Xa9/eH1sYITq726jTlEBpbNU1341Yh eILcIRk13iSx0x1G/11fZU8xggK6MIICtgIBATBpMGIxCzAJBgNVBAYTAlpBMSUwIwYDVQQK ExxUaGF3dGUgQ29uc3VsdGluZyAoUHR5KSBMdGQuMSwwKgYDVQQDEyNUaGF3dGUgUGVyc29u YWwgRnJlZW1haWwgSXNzdWluZyBDQQIDDjYsMAkGBSsOAwIaBQCgggGnMBgGCSqGSIb3DQEJ AzELBgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8XDTA1MDUxMzE4MzE1OFowIwYJKoZIhvcN AQkEMRYEFLxTxeZL5M8Dtl17fpfodQ2rQx0DMFIGCSqGSIb3DQEJDzFFMEMwCgYIKoZIhvcN AwcwDgYIKoZIhvcNAwICAgCAMA0GCCqGSIb3DQMCAgFAMAcGBSsOAwIHMA0GCCqGSIb3DQMC AgEoMHgGCSsGAQQBgjcQBDFrMGkwYjELMAkGA1UEBhMCWkExJTAjBgNVBAoTHFRoYXd0ZSBD b25zdWx0aW5nIChQdHkpIEx0ZC4xLDAqBgNVBAMTI1RoYXd0ZSBQZXJzb25hbCBGcmVlbWFp bCBJc3N1aW5nIENBAgMONiwwegYLKoZIhvcNAQkQAgsxa6BpMGIxCzAJBgNVBAYTAlpBMSUw IwYDVQQKExxUaGF3dGUgQ29uc3VsdGluZyAoUHR5KSBMdGQuMSwwKgYDVQQDEyNUaGF3dGUg UGVyc29uYWwgRnJlZW1haWwgSXNzdWluZyBDQQIDDjYsMA0GCSqGSIb3DQEBAQUABIGABIgB I91wZvWJMkO8QTiRutiTpIG2v8g84mq5OExkgzBTP8mlrkpN8H6Q5JAzBLdWHpGIUza3BBMs 8U/OoojFh0pS89YWBalK9OHncbczooqLw7i+xXPi/f2xjtI2D7UCYwtVQsAU3pBbogS67m8y zcXZSPx1R3zK9Qne1PeVAVEAAAAAAAA= --------------ms020204010803020002000102-- From owner-rancid-discuss-outgoing@shrubbery.net Fri May 13 20:58:17 2005 Return-Path: X-Original-To: rancid-discuss-archive@ni.shrubbery.net Delivered-To: rancid-discuss-archive@ni.shrubbery.net Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (Postfix) with ESMTP id 5A0B411CE2D for ; Fri, 13 May 2005 20:58:17 +0000 (UTC) Received: by guelah.shrubbery.net (Postfix) id 7C487864DB; Fri, 13 May 2005 20:58:16 +0000 (UTC) Delivered-To: rancid-discuss-outgoing@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 10007) id 70EF3864DC; Fri, 13 May 2005 20:58:16 +0000 (UTC) X-Original-To: rancid-discuss@shrubbery.net Delivered-To: rancid-discuss@shrubbery.net Received: from NIHHUBIMS2.hub.nih.gov (nihhubims2.hub.nih.gov [128.231.90.112]) by guelah.shrubbery.net (Postfix) with ESMTP id 9FF08864DA for ; Fri, 13 May 2005 20:58:15 +0000 (UTC) Received: by nihhubims2.hub.nih.gov with Internet Mail Service (5.5.2658.27) id ; Fri, 13 May 2005 16:58:11 -0400 Message-ID: <71B0C9CB1FF4EA43BB48C08DCFF1A1FF1E26C0@NIHCESMLBX.nih.gov> From: "Gee-clough, Aaron (NIH/CIT)" To: 'Andrew Partan' , Chris Stave Cc: Rancid Discussion List Subject: RE: trying to add Cisco clustering support to rancid -- almost do ne Date: Fri, 13 May 2005 16:58:06 -0400 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2658.27) Content-Type: text/plain Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk > -----Original Message----- > From: Andrew Partan [mailto:asp@partan.com] > Sent: Friday, May 13, 2005 2:30 PM > To: Chris Stave > Cc: Rancid Discussion List > Subject: Re: trying to add Cisco clustering support to rancid (snip) > These embedded 'exit' commands are really going to mess things up. > rancid's control logic is really very simple right now; all that > it knows is that is runs a series of commands and that the last > command is 'exit', and that when it sees 'exit', its done & its an > error if there are commands left over. As a data point, I've used Rancid with embedded "exits" with the -c command and a bunch of semi-colons (like clogin -c "conf t; enable password blah;exit;write mem") with no problem. Perhaps it's parsing the -c options differently than its internal control logic...dunno. So far, though, I've found that as long as the end result of my string of commands is enable mode (not configure), rancid just handles it. Aaron ------------------ Aaron Gee-Clough DNST/CIT/NEB/NSS Contractor. Geek. From owner-rancid-discuss-outgoing@shrubbery.net Fri May 13 21:32:54 2005 Return-Path: X-Original-To: rancid-discuss-archive@ni.shrubbery.net Delivered-To: rancid-discuss-archive@ni.shrubbery.net Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (Postfix) with ESMTP id 3BAF711CE2D for ; Fri, 13 May 2005 21:32:54 +0000 (UTC) Received: by guelah.shrubbery.net (Postfix) id 6DFDC864DE; Fri, 13 May 2005 21:32:53 +0000 (UTC) Delivered-To: rancid-discuss-outgoing@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 10007) id 623C0864DF; Fri, 13 May 2005 21:32:53 +0000 (UTC) X-Original-To: rancid-discuss@shrubbery.net Delivered-To: rancid-discuss@shrubbery.net Received: from tower.partan.com (tower.partan.com [198.6.255.248]) by guelah.shrubbery.net (Postfix) with ESMTP id 8724C864DD for ; Fri, 13 May 2005 21:32:52 +0000 (UTC) Received: from tower.partan.com (localhost.partan.com [127.0.0.1]) by tower.partan.com (8.12.9p2/8.12.9) with ESMTP id j4DLWpkD052441; Fri, 13 May 2005 17:32:51 -0400 (EDT) (envelope-from asp@tower.partan.com) Received: (from asp@localhost) by tower.partan.com (8.12.9p2/8.12.9/Submit) id j4DLWoga052434; Fri, 13 May 2005 17:32:50 -0400 (EDT) (envelope-from asp) Date: Fri, 13 May 2005 17:32:50 -0400 From: Andrew Partan To: "Gee-clough, Aaron (NIH/CIT)" Cc: Rancid Discussion List Subject: Re: trying to add Cisco clustering support to rancid -- almost do ne Message-ID: <20050513213250.GA51988@partan.com> References: <71B0C9CB1FF4EA43BB48C08DCFF1A1FF1E26C0@NIHCESMLBX.nih.gov> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <71B0C9CB1FF4EA43BB48C08DCFF1A1FF1E26C0@NIHCESMLBX.nih.gov> User-Agent: Mutt/1.4.2.1i Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk On Fri, May 13, 2005 at 04:58:06PM -0400, Gee-clough, Aaron (NIH/CIT) wrote: > As a data point, I've used Rancid with embedded "exits" with the -c command > and a bunch of semi-colons (like clogin -c "conf t; enable password > blah;exit;write mem") with no problem. Perhaps it's parsing the -c options > differently than its internal control logic...dunno. So far, though, I've > found that as long as the end result of my string of commands is enable mode > (not configure), rancid just handles it. [Warning: rancid refers to the entire package and to one of the programs in the package; here I'm taking about the program in the package.] clogin -c "cmd;exit;cmd;exit;cmd" is not a problem. The problem is trying to do it in bin/rancid. [rancid internally calls clogin -c with a series of commands.] Look at bin/rancid and %commands and @commands. %commands takes a command and a subroutine to handle the output of that command. @commands is just the list of commands. Adding "exit" and a no-op subroutine to handle exit should be no problem, except that I think it will mess up the control loop - see the control loop that starts with TOP:. After rancid has run & parsed all of the commands in %commands/@commands, it looks for "exit" to make sure that everything has run correctly. I think that the control loop will get messed up if you try to have "exit" be a 'normal' command and the end-of-commands marker. Also you can't have repeated commands in %commands/@commands; I just tried modifying %commands/@commands to run show version twice and rancid died with: found unexpected command - "show version" So I think that if you want to have "exit" in the commands list, and to use "exit" as the end-of-commands marker, and to have "exit" in the commands list more than once, then the control loop in rancid will have to be rewritten. --asp From owner-rancid-discuss-outgoing@shrubbery.net Mon May 16 14:31:04 2005 Return-Path: X-Original-To: rancid-discuss-archive@ni.shrubbery.net Delivered-To: rancid-discuss-archive@ni.shrubbery.net Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (Postfix) with ESMTP id A593D11CE2D for ; Mon, 16 May 2005 14:31:04 +0000 (UTC) Received: by guelah.shrubbery.net (Postfix) id 73FBC864AC; Mon, 16 May 2005 14:31:03 +0000 (UTC) Delivered-To: rancid-discuss-outgoing@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 10007) id 683E9864AE; Mon, 16 May 2005 14:31:03 +0000 (UTC) X-Original-To: rancid-discuss@shrubbery.net Delivered-To: rancid-discuss@shrubbery.net Received: from merle.it.northwestern.edu (merle.it.northwestern.edu [129.105.16.57]) by guelah.shrubbery.net (Postfix) with ESMTP id 9AC52864AB for ; Mon, 16 May 2005 14:31:02 +0000 (UTC) Received: (from mailnull@localhost) by merle.it.northwestern.edu (8.12.10/8.12.10) id j4GEUxoq026815 for ; Mon, 16 May 2005 09:30:59 -0500 (CDT) Received: from [129.105.26.236] (dhcp026236.ittns.northwestern.edu [129.105.26.236]) by merle.it.northwestern.edu via smap (V2.0) id xma025866; Mon, 16 May 05 09:30:44 -0500 Mime-Version: 1.0 Message-Id: Date: Mon, 16 May 2005 09:30:35 -0500 To: rancid-discuss@shrubbery.net From: Matt Wilson Subject: write mem if running-config and startup-config are different? Content-Type: text/plain; charset="us-ascii" ; format="flowed" Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk Hi- We would like to catch and remedy situations where we have altered a switch's running-config, but then forget to write mem (weeks later, the switch reboots due to power outage, and suddenly vlans aren't working, etc). Is anyone using rancid to notice that running-config and startup-config are different, and if so, issue a write mem command? (or something else to address such an issue?) Would you be willing to share what you've done? Thanks- Matt -- -- Matt Wilson Systems Engineer, IT Telecomm and Network Services Northwestern University From owner-rancid-discuss-outgoing@shrubbery.net Mon May 16 15:05:58 2005 Return-Path: X-Original-To: rancid-discuss-archive@ni.shrubbery.net Delivered-To: rancid-discuss-archive@ni.shrubbery.net Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (Postfix) with ESMTP id 6160211CE2D for ; Mon, 16 May 2005 15:05:58 +0000 (UTC) Received: by guelah.shrubbery.net (Postfix) id 96D25864AE; Mon, 16 May 2005 15:05:57 +0000 (UTC) Delivered-To: rancid-discuss-outgoing@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 10007) id 90BA7864B1; Mon, 16 May 2005 15:05:57 +0000 (UTC) X-Original-To: rancid-discuss@shrubbery.net Delivered-To: rancid-discuss@shrubbery.net Received: from server.nipper.de (relay.nipper.de [212.86.201.222]) by guelah.shrubbery.net (Postfix) with ESMTP id ADD65864AE for ; Mon, 16 May 2005 15:05:56 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by server.nipper.de (Postfix on SuSE Linux 7.3 (i386)) with ESMTP id 85F4A4C2DB; Mon, 16 May 2005 17:05:49 +0200 (CEST) Received: from server.nipper.de ([127.0.0.1]) by localhost (server [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 00600-02; Mon, 16 May 2005 17:05:48 +0200 (CEST) Received: from [192.168.144.102] (pc102.nipper.de [192.168.144.102]) by server.nipper.de (Postfix on SuSE Linux 7.3 (i386)) with ESMTP id 9ED814B9C2; Mon, 16 May 2005 17:05:48 +0200 (CEST) Message-ID: <4288B6CC.9080800@nipper.de> Date: Mon, 16 May 2005 17:05:48 +0200 From: Arnold Nipper User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.6) Gecko/20050317 Thunderbird/1.0.2 Mnenhy/0.7 X-Accept-Language: en-us, en MIME-Version: 1.0 To: Matt Wilson Cc: rancid-discuss@shrubbery.net Subject: Re: write mem if running-config and startup-config are different? References: In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Scanned: by amavisd-new at nipper.de Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk On 16.05.2005 16:30 Matt Wilson wrote > Hi- > > We would like to catch and remedy situations where we have altered a > switch's running-config, but then forget to write mem (weeks later, > the switch reboots due to power outage, and suddenly vlans aren't > working, etc). > > Is anyone using rancid to notice that running-config and > startup-config are different, and if so, issue a write mem command? > (or something else to address such an issue?) Would you be willing > to share what you've done? > Why don't you run "write memory" every time you pick up the config? Arnold -- Arnold Nipper, AN45 From owner-rancid-discuss-outgoing@shrubbery.net Mon May 16 15:22:15 2005 Return-Path: X-Original-To: rancid-discuss-archive@ni.shrubbery.net Delivered-To: rancid-discuss-archive@ni.shrubbery.net Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (Postfix) with ESMTP id 63C6411CE2D for ; Mon, 16 May 2005 15:22:15 +0000 (UTC) Received: by guelah.shrubbery.net (Postfix) id CD68F8649A; Mon, 16 May 2005 15:22:13 +0000 (UTC) Delivered-To: rancid-discuss-outgoing@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 10007) id BCCA48649B; Mon, 16 May 2005 15:22:13 +0000 (UTC) X-Original-To: rancid-discuss@shrubbery.net Delivered-To: rancid-discuss@shrubbery.net Received: from rproxy.gmail.com (rproxy.gmail.com [64.233.170.202]) by guelah.shrubbery.net (Postfix) with ESMTP id C207786491 for ; Mon, 16 May 2005 15:22:12 +0000 (UTC) Received: by rproxy.gmail.com with SMTP id 34so268941rns for ; Mon, 16 May 2005 08:22:09 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:reply-to:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=ei1LPm3gr0GR+ZnhOnSa2LJgNLYyF25hyPDj2Fa2o/3jHHOYzlqcUqoRm708/YhwXS612gwMDRjHzF8KU/OZyWjo8h0DYefvfvgYGFhyA6pVp+vhrzhi1L/lVEQfZ6s1v0DB83GH1ejt+D8ANlxB1VlX7jrR61l9JrvNU1LqcbM= Received: by 10.38.8.8 with SMTP id 8mr121802rnh; Mon, 16 May 2005 08:22:09 -0700 (PDT) Received: by 10.38.8.43 with HTTP; Mon, 16 May 2005 08:22:09 -0700 (PDT) Message-ID: <5471c93d050516082212e680a8@mail.gmail.com> Date: Mon, 16 May 2005 11:22:09 -0400 From: Chris Stave Reply-To: Chris Stave To: rancid-discuss@shrubbery.net Subject: Re: trying to add Cisco clustering support to rancid -- almost done In-Reply-To: <4284F29E.20307@grote.name> Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Content-Disposition: inline References: <5471c93d050510083736e22032@mail.gmail.com> <20050513182937.GA33986@partan.com> <4284F29E.20307@grote.name> Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk I just realized that this didn't go out to the whole list... It was mostly a scope of control issue -- I'm not responsible for deciding that each switch gets an interface, but I am the one who sets up Rancid, so I did what I could where I could. Right now it's a little messy, with configs for one dorm going several places the 3550 group the clu1 group the clu2 group and the clu3 group because just listing them as seperate types, but with the same ip address ended up with configs being overwritten as it went down the list. but it seems to work for now (I'm missing 'write term' frequently, but by the 4th round of collection most of them get caught) clustering works as follows: there is pretty much only one command once it is setup -- rcommand, which connects to the cluster member, if enabled you stay enabled, if not you can still rcommand, but you need to enable on the cluster member. Once you're on the cluster member it is the same as being on the switch directly. From a cluster member you can't rcommand to anything else, you need to exit back to the cluster commander first. There is no way from the cluster member to completely drop the session, you can only go back to the commander. Besides hostname (here we use an _0, _1, _2, etc. at the end of the hostname) theres not much you can do to tell that you're on the clustermember. On 5/13/05, Justin Grote wrote: > Andrew Partan wrote: >=20 > >On Tue, May 10, 2005 at 11:37:08AM -0400, Chris Stave wrote: > > > > > >>at the end of processing a switch rancid logs out of the switch; where > >>is this done? I need to add a second 'exit' command there, but I'm > >>not sure where it does this. (a line number would be completely > >>ideal, since my knowledge of scripting is a bit questionable) > >> > >> > Just out of curiosity, is there some reason you can't just assign IP > addresses to the VLAN interface of the individual switches and capture > normally? I know that it's not the most elegant solution, but you sure > do seem to be going to a lot of work to achieve a goal that can be > accomplished otherwise rather simply (plus you get the added granularity > of one config per switch, rather than a giant cluster config). >=20 > -- > __________________________ > Justin Grote > Network Architect > JWG Networks >=20 >=20 >=20 > From owner-rancid-discuss-outgoing@shrubbery.net Mon May 16 21:00:02 2005 Return-Path: X-Original-To: rancid-discuss-archive@ni.shrubbery.net Delivered-To: rancid-discuss-archive@ni.shrubbery.net Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (Postfix) with ESMTP id 8B9C711CE2F for ; Mon, 16 May 2005 21:00:02 +0000 (UTC) Received: by guelah.shrubbery.net (Postfix) id 4C153864B6; Mon, 16 May 2005 21:00:01 +0000 (UTC) Delivered-To: rancid-discuss-outgoing@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 10007) id 3BE4D864BA; Mon, 16 May 2005 21:00:01 +0000 (UTC) X-Original-To: rancid-discuss@shrubbery.net Delivered-To: rancid-discuss@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 7053) id 4E1BC864B7; Mon, 16 May 2005 21:00:00 +0000 (UTC) Date: Mon, 16 May 2005 14:00:00 -0700 From: john heasley To: Arnold Nipper Cc: Matt Wilson , rancid-discuss@shrubbery.net Subject: Re: write mem if running-config and startup-config are different? Message-ID: <20050516210000.GG13308@shrubbery.net> References: <4288B6CC.9080800@nipper.de> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <4288B6CC.9080800@nipper.de> User-Agent: Mutt/1.4.2.1i X-PGPkey: http://www.shrubbery.net/~heas/public-key.asc X-note: live free, or die! X-homer: i just want to have a beer while i am caring. Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk Mon, May 16, 2005 at 05:05:48PM +0200, Arnold Nipper: > On 16.05.2005 16:30 Matt Wilson wrote > > >Hi- > > > >We would like to catch and remedy situations where we have altered a > >switch's running-config, but then forget to write mem (weeks later, > >the switch reboots due to power outage, and suddenly vlans aren't > >working, etc). > > > >Is anyone using rancid to notice that running-config and > >startup-config are different, and if so, issue a write mem command? > >(or something else to address such an issue?) Would you be willing > >to share what you've done? > > > > Why don't you run "write memory" every time you pick up the config? > or periodically, somethign like for r in `cat */router.db | egrep -i '(cisco|cat5)' | cut -f1 -d: `; do clogin -c 'write mem' $r done From owner-rancid-discuss-outgoing@shrubbery.net Mon May 16 21:25:43 2005 Return-Path: X-Original-To: rancid-discuss-archive@ni.shrubbery.net Delivered-To: rancid-discuss-archive@ni.shrubbery.net Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (Postfix) with ESMTP id 3814611CE2D for ; Mon, 16 May 2005 21:25:43 +0000 (UTC) Received: by guelah.shrubbery.net (Postfix) id 63073864BA; Mon, 16 May 2005 21:25:42 +0000 (UTC) Delivered-To: rancid-discuss-outgoing@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 10007) id 5B42A864C0; Mon, 16 May 2005 21:25:42 +0000 (UTC) X-Original-To: rancid-discuss@shrubbery.net Delivered-To: rancid-discuss@shrubbery.net Received: from server.nipper.de (relay.nipper.de [212.86.201.222]) by guelah.shrubbery.net (Postfix) with ESMTP id 1A99E864BA; Mon, 16 May 2005 21:25:40 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by server.nipper.de (Postfix on SuSE Linux 7.3 (i386)) with ESMTP id 0F8394C2E3; Mon, 16 May 2005 23:25:40 +0200 (CEST) Received: from server.nipper.de ([127.0.0.1]) by localhost (server [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 02374-02; Mon, 16 May 2005 23:25:39 +0200 (CEST) Received: from [192.168.144.102] (pc102.nipper.de [192.168.144.102]) by server.nipper.de (Postfix on SuSE Linux 7.3 (i386)) with ESMTP id 211B24C2B7; Mon, 16 May 2005 23:25:39 +0200 (CEST) Message-ID: <42890FD2.5040907@nipper.de> Date: Mon, 16 May 2005 23:25:38 +0200 From: Arnold Nipper User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.6) Gecko/20050317 Thunderbird/1.0.2 Mnenhy/0.7 X-Accept-Language: en-us, en MIME-Version: 1.0 To: john heasley Cc: Matt Wilson , rancid-discuss@shrubbery.net Subject: Re: write mem if running-config and startup-config are different? References: <4288B6CC.9080800@nipper.de> <20050516210000.GG13308@shrubbery.net> In-Reply-To: <20050516210000.GG13308@shrubbery.net> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Scanned: by amavisd-new at nipper.de Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk On 16.05.2005 23:00 john heasley wrote > Mon, May 16, 2005 at 05:05:48PM +0200, Arnold Nipper: >> On 16.05.2005 16:30 Matt Wilson wrote >> >> >Hi- >> > >> >We would like to catch and remedy situations where we have altered a >> >switch's running-config, but then forget to write mem (weeks later, >> >the switch reboots due to power outage, and suddenly vlans aren't >> >working, etc). >> > >> >Is anyone using rancid to notice that running-config and >> >startup-config are different, and if so, issue a write mem command? >> >(or something else to address such an issue?) Would you be willing >> >to share what you've done? >> > >> >> Why don't you run "write memory" every time you pick up the config? >> > > or periodically, somethign like > for r in `cat */router.db | egrep -i '(cisco|cat5)' | cut -f1 -d: `; do > clogin -c 'write mem' $r > done Be aware that this will fail as both cisco and cat5 expect confirmation of the write command. You have to add 2-3 new lines to make it work (2 for cisco and 3 for cat5 iirc) Arnold -- Arnold Nipper, AN45 From owner-rancid-discuss-outgoing@shrubbery.net Mon May 16 22:13:26 2005 Return-Path: X-Original-To: rancid-discuss-archive@ni.shrubbery.net Delivered-To: rancid-discuss-archive@ni.shrubbery.net Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (Postfix) with ESMTP id 09A6B11CE2D for ; Mon, 16 May 2005 22:13:25 +0000 (UTC) Received: by guelah.shrubbery.net (Postfix) id A7507864BF; Mon, 16 May 2005 22:13:24 +0000 (UTC) Delivered-To: rancid-discuss-outgoing@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 10007) id 9FE33864C0; Mon, 16 May 2005 22:13:24 +0000 (UTC) X-Original-To: rancid-discuss@shrubbery.net Delivered-To: rancid-discuss@shrubbery.net Received: from sled.gsfc.nasa.gov (sled.gsfc.nasa.gov [198.119.28.21]) by guelah.shrubbery.net (Postfix) with ESMTP id 5BA66864BE; Mon, 16 May 2005 22:13:23 +0000 (UTC) Received: from frakir.gsfc.nasa.gov (frakir.gsfc.nasa.gov [198.119.28.35]) by sled.gsfc.nasa.gov (8.12.11/8.12.11) with ESMTP id j4GMD9PH016617; Mon, 16 May 2005 18:13:09 -0400 (EDT) Received: from frakir.gsfc.nasa.gov (localhost [127.0.0.1]) by frakir.gsfc.nasa.gov (8.13.3/8.13.3/Debian-9) with ESMTP id j4GMD9gc030573; Mon, 16 May 2005 18:13:09 -0400 Received: (from morty@localhost) by frakir.gsfc.nasa.gov (8.13.3/8.13.3/Submit) id j4GMD9WC030571; Mon, 16 May 2005 18:13:09 -0400 From: Morty Abzug Date: Mon, 16 May 2005 18:13:09 -0400 To: john heasley Cc: "Mordechai T. Abzug" , rancid-discuss@shrubbery.net Subject: Re: rancid: mail filenames only, set max rounds Message-ID: <20050516221309.GM14554@frakir.gsfc.nasa.gov> References: <20050421010633.GK14554@frakir.gsfc.nasa.gov> <20050421172539.GC4566@shrubbery.net> <20050422211239.GI24171@shrubbery.net> Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="jTMWTj4UTAEmbWeb" Content-Disposition: inline In-Reply-To: <20050422211239.GI24171@shrubbery.net> User-Agent: Mutt/1.5.6+20040907i Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk --jTMWTj4UTAEmbWeb Content-Type: text/plain; charset=us-ascii Content-Disposition: inline [resending, because I haven't yet seen a reply.] On Fri, Apr 22, 2005 at 02:12:39PM -0700, john heasley wrote: > [ trying this again; first one bounced from verisign ] > > Thu, Apr 21, 2005 at 10:25:39AM -0700, john heasley: > > Wed, Apr 20, 2005 at 09:06:33PM -0400, Mordechai T. Abzug: > > > > > > The attached patch: > > > > > > - adds a "MAIL_FILENAME_ONLY" tunable to control whether entire diffs > > > are mailed as per the default, or only the filename is mailed. > > > > This is interesting. Perhaps it would be more interesting to generate the > > cvs command necessary to generate the diff? eg: > > cvs diff -r 1.1 -r 1.2 hostname > > OR > > cvs diff -r 1.1 -r 1.2 group/configs/hostname Hmm. I would prefer to just use the old version: cvs diff -r1.1 whatever/configs/hostname This is fairly necessary, since the next CVS version hasn't been assigned yet at this point, and guessing is perilous. Done, in attached patch. > > > - adds a "MAX_ROUNDS" tunable to control the maximum number of > > > rounds/passes. > > > > Added. I changed it just a little to ensure the floor of 1 itteration. > > Thanks! Thank you! The attached patch also includes a few minor tweaks to deal with Solaris systems that don't have GNU diff installed. Ie. do a straight diff instead of diff -c -4. In the contexts involved, the context options don't matter. [Patch also includes the MAX_ROUNDS patch that you've already accepted; don't know what your preferences are on patch submission.] - Morty --jTMWTj4UTAEmbWeb Content-Type: text/plain; charset=us-ascii Content-Disposition: attachment; filename="rancid-2.3.1-local-p2.patch" diff -cr rancid-2.3.1/bin/control_rancid.in rancid-2.3.1-local-p2/bin/control_rancid.in *** rancid-2.3.1/bin/control_rancid.in Fri Mar 12 23:13:09 2004 --- rancid-2.3.1-local-p2/bin/control_rancid.in Tue Apr 26 02:50:05 2005 *************** *** 138,152 **** sort -u > routers.db cut -d: -f1,2 routers.db > routers.all.new if [ ! -f routers.all ] ; then touch routers.all; fi ! @DIFF_CMD@ routers.all routers.all.new > /dev/null 2>&1; RALL=$? @PERLV@ -F: -ane '{($F[0] =~ tr@A-Z@a-z@,print $_) if ($F[2] !~ /^up$/i);}' routers.db > routers.down.new if [ ! -f routers.down ] ; then touch routers.down; fi ! @DIFF_CMD@ routers.down routers.down.new > /dev/null 2>&1; RDOWN=$? @PERLV@ -F: -ane '{($F[0] =~ tr@A-Z@a-z@,print "$F[0]:$F[1]\n") if ($F[2] =~ /^up$/i);}' routers.db > routers.up.new if [ ! -f routers.up ] ; then touch routers.up; fi ! @DIFF_CMD@ routers.up routers.up.new > /dev/null 2>&1; RUP=$? if [ $RALL -ne 0 -o $RDOWN -ne 0 -o $RUP -ne 0 ] then --- 138,152 ---- sort -u > routers.db cut -d: -f1,2 routers.db > routers.all.new if [ ! -f routers.all ] ; then touch routers.all; fi ! @DIFF@ routers.all routers.all.new > /dev/null 2>&1; RALL=$? @PERLV@ -F: -ane '{($F[0] =~ tr@A-Z@a-z@,print $_) if ($F[2] !~ /^up$/i);}' routers.db > routers.down.new if [ ! -f routers.down ] ; then touch routers.down; fi ! @DIFF@ routers.down routers.down.new > /dev/null 2>&1; RDOWN=$? @PERLV@ -F: -ane '{($F[0] =~ tr@A-Z@a-z@,print "$F[0]:$F[1]\n") if ($F[2] =~ /^up$/i);}' routers.db > routers.up.new if [ ! -f routers.up ] ; then touch routers.up; fi ! @DIFF@ routers.up routers.up.new > /dev/null 2>&1; RUP=$? if [ $RALL -ne 0 -o $RDOWN -ne 0 -o $RUP -ne 0 ] then *************** *** 308,315 **** # This section will generate a list of missed routers # and try to grab them again. It will run through ! # $pass times. ! pass=4 round=1 if [ -f $DIR/routers.up.missed ]; then rm -f $DIR/routers.up.missed --- 308,315 ---- # This section will generate a list of missed routers # and try to grab them again. It will run through ! # $pass times; tune with MAX_ROUNDS, default 4 ! pass=${MAX_ROUNDS:=4} round=1 if [ -f $DIR/routers.up.missed ]; then rm -f $DIR/routers.up.missed *************** *** 369,376 **** # Diff the directory and then checkin. trap 'rm -fr $TMP $TMP.diff $DIR/routers.single;' 1 2 15 cd $DIR ! cvs -f @DIFF_CMD@ | sed -e '/^RCS file: /d' -e '/^--- /d' \ ! -e '/^+++ /d' -e 's/^\([-+ ]\)/\1 /' >$TMP.diff if [ $alt_mailrcpt -eq 1 ] ; then subject="router config diffs - courtesy of $mailrcpt" --- 369,387 ---- # Diff the directory and then checkin. trap 'rm -fr $TMP $TMP.diff $DIR/routers.single;' 1 2 15 cd $DIR ! mail_filename_only=${MAIL_FILENAME_ONLY:=0} ! hostname=`hostname` ! if [ "$mail_filename_only" = "0" ]; then ! cvs -f @DIFF_CMD@ | sed -e '/^RCS file: /d' -e '/^--- /d' \ ! -e '/^+++ /d' -e 's/^\([-+ ]\)/\1 /' >$TMP.diff ! else ! cvs -f @DIFF_CMD@ | \ ! sed -ne 's,^Index:,Config changed:,p' \ ! -e "s/^======.*/ For recent changes, run on $hostname:/p" \ ! -e 's,^RCS file: \(.*\)/CVS\(/.*/\).*, cd \1\2 \&\&,p' \ ! -e 's,^diff, cvs diff,p' \ ! > $TMP.diff ! fi if [ $alt_mailrcpt -eq 1 ] ; then subject="router config diffs - courtesy of $mailrcpt" diff -cr rancid-2.3.1/etc/rancid.conf.sample.in rancid-2.3.1-local-p2/etc/rancid.conf.sample.in *** rancid-2.3.1/etc/rancid.conf.sample.in Sat Mar 13 00:17:50 2004 --- rancid-2.3.1-local-p2/etc/rancid.conf.sample.in Thu Apr 21 01:54:11 2005 *************** *** 49,54 **** --- 49,57 ---- # The number of devices to collect simultaneously. #PAR_COUNT=5; export PAR_COUNT # + # How many times should we try to reach devices? Minimum: one. + #MAX_ROUNDS=4; export MAX_ROUNDS + # # list of rancid groups #LIST_OF_GROUPS="sl joebobisp" # more groups... *************** *** 65,67 **** --- 68,74 ---- # included, as this is simply appended to the usual recipients. It is NOT # appended to recipients specified in rancid-run's -m option. #MAILDOMAIN="@example.com"; export MAILDOMAIN + # + # if you don't want to actually email the diffs, just the names of the files + # that changed, set the below to 1 + #MAIL_FILENAME_ONLY=0; export MAIL_FILENAME_ONLY diff -cr rancid-2.3.1/man/rancid.conf.5.in rancid-2.3.1-local-p2/man/rancid.conf.5.in *** rancid-2.3.1/man/rancid.conf.5.in Fri Mar 12 23:13:09 2004 --- rancid-2.3.1-local-p2/man/rancid.conf.5.in Thu Apr 21 01:54:11 2005 *************** *** 115,120 **** --- 115,126 ---- Default: $BASEDIR/logs .\" .TP + .B MAIL_FILENAME_ONLY + Control whether diff bodies are mailed or filenames that have changed + are mailed. The default, 0, is diff bodies. Set to any other value for + filenames only. + .\" + .TP .B MAILDOMAIN Define the domain part of addresses for administrative and diff e-mail. The value of this variable is simply appended to the normal mail addresses. *************** *** 123,128 **** --- 129,139 ---- had been set to "@example.com". .\" .TP + .B MAX_ROUNDS + Defines how many times rancid should use to reach devices. The minimum is + 1. The default is 4. + .\" + .TP .B NOCOMMSTR If set, .IR rancid (1) --jTMWTj4UTAEmbWeb-- From owner-rancid-discuss-outgoing@shrubbery.net Mon May 16 23:02:32 2005 Return-Path: X-Original-To: rancid-discuss-archive@ni.shrubbery.net Delivered-To: rancid-discuss-archive@ni.shrubbery.net Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (Postfix) with ESMTP id 8880211CE2D for ; Mon, 16 May 2005 23:02:32 +0000 (UTC) Received: by guelah.shrubbery.net (Postfix) id 633BE864C1; Mon, 16 May 2005 23:02:31 +0000 (UTC) Delivered-To: rancid-discuss-outgoing@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 10007) id 5D97F864C4; Mon, 16 May 2005 23:02:31 +0000 (UTC) X-Original-To: rancid-discuss@shrubbery.net Delivered-To: rancid-discuss@shrubbery.net Received: from mail2.panix.com (mail2.panix.com [166.84.1.73]) by guelah.shrubbery.net (Postfix) with ESMTP id 8EB1F864C1 for ; Mon, 16 May 2005 23:02:30 +0000 (UTC) Received: from panix5.panix.com (panix5.panix.com [166.84.1.5]) by mail2.panix.com (Postfix) with ESMTP id 57943A7058 for ; Mon, 16 May 2005 19:02:29 -0400 (EDT) Received: (from eravin@localhost) by panix5.panix.com (8.11.6p3/8.8.8/PanixN1.1) id j4GN2T903319 for rancid-discuss@shrubbery.net; Mon, 16 May 2005 19:02:29 -0400 (EDT) Date: Mon, 16 May 2005 19:02:29 -0400 From: Ed Ravin To: rancid-discuss@shrubbery.net Subject: Re: hlogin and hp2424/4000/8000 ? Message-ID: <20050516230229.GA20522@panix.com> References: <20050510134458.GF29597@panix.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20050510134458.GF29597@panix.com> User-Agent: Mutt/1.4.2.1i X-Y-Z: 1, 2, 3? Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk On Tue, May 10, 2005 at 09:44:58AM -0400, Ed Ravin wrote: > Has anyone got hrancid/hlogin working with the Procurve 2424/4000/8000 > switches? I just stumbled over a Perl/Expect.pm script that fetches the config file from an HP2424m/4000m/8000m - with a little bit of work it could be brought into rancid. I'm rather embarrassed, since it looks like I wrote this script three years ago and then promptly forgot about it. Based on my limited understanding of rancid so far, I think that the "little bit of work" means the following: * add a new device type to rancid-fe. * create a clone of hrancid to support this device. I'm not 100% clear on what needs to happen here, other than having hrancid call my new script rather than the hlogin / hpui combination which doesn't work for these devices. * teach the new login script how to parse cloginrc to get the username/password. Has anyone else done parsing of cloginrc in Perl? * teach the new login script how to accept arbitrary commands on the command line, instead of the hard coded "fetch config" task that it has now. Is there anything else I'd need to worry about? -- Ed From owner-rancid-discuss-outgoing@shrubbery.net Tue May 17 15:23:10 2005 Return-Path: X-Original-To: rancid-discuss-archive@ni.shrubbery.net Delivered-To: rancid-discuss-archive@ni.shrubbery.net Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (Postfix) with ESMTP id 1B79A11CE2F for ; Tue, 17 May 2005 15:23:09 +0000 (UTC) Received: by guelah.shrubbery.net (Postfix) id 021C4864C5; Tue, 17 May 2005 15:23:09 +0000 (UTC) Delivered-To: rancid-discuss-outgoing@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 10007) id EE5E5864C8; Tue, 17 May 2005 15:23:08 +0000 (UTC) X-Original-To: rancid-discuss@shrubbery.net Delivered-To: rancid-discuss@shrubbery.net Received: from merle.it.northwestern.edu (merle.it.northwestern.edu [129.105.16.57]) by guelah.shrubbery.net (Postfix) with ESMTP id 88CC5864C5; Tue, 17 May 2005 15:23:05 +0000 (UTC) Received: (from mailnull@localhost) by merle.it.northwestern.edu (8.12.10/8.12.10) id j4HFMw99027237; Tue, 17 May 2005 10:22:58 -0500 (CDT) Received: from [129.105.26.236] (dhcp026236.ittns.northwestern.edu [129.105.26.236]) by merle.it.northwestern.edu via smap (V2.0) id xma026314; Tue, 17 May 05 10:22:39 -0500 Mime-Version: 1.0 Message-Id: In-Reply-To: <42890FD2.5040907@nipper.de> References: <4288B6CC.9080800@nipper.de> <20050516210000.GG13308@shrubbery.net> <42890FD2.5040907@nipper.de> Date: Tue, 17 May 2005 10:13:47 -0500 To: Arnold Nipper , john heasley From: Matt Wilson Subject: Re: write mem if running-config and startup-config are different? Cc: rancid-discuss@shrubbery.net Content-Type: text/plain; charset="us-ascii" ; format="flowed" Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk At 11:25 PM +0200 5/16/05, Arnold Nipper wrote: >On 16.05.2005 23:00 john heasley wrote >>> >Is anyone using rancid to notice that running-config >>>and >startup-config are different, and if so, issue a write mem >>>command? >(or something else to address such an issue?) Would you >>>be willing >to share what you've done? >>>> >>> >>>Why don't you run "write memory" every time you pick up the config? >>> >> >>or periodically, somethign like >> for r in `cat */router.db | egrep -i '(cisco|cat5)' | cut -f1 -d: `; do >> clogin -c 'write mem' $r >> done > >Be aware that this will fail as both cisco and cat5 expect >confirmation of the write command. You have to add 2-3 new lines to >make it work (2 for cisco and 3 for cat5 iirc) Hi- Thanks for the replies -- our experience seems to indicate that doing a wr mem will often make NVRAM look different even if the configs are the same. We want to avoid lots of extraneous NVRAM diffs on every rancid run. We're still looking into why this seems to be happening for us. Running a separate script to wr mem against all devices sounds good though -- thanks for the help! Regarding sending newlines clogin -c 'wr mem' $router seems to work without problems at our site (rancid v2.3.1) -Matt From owner-rancid-discuss-outgoing@shrubbery.net Tue May 24 02:10:29 2005 Return-Path: X-Original-To: rancid-discuss-archive@ni.shrubbery.net Delivered-To: rancid-discuss-archive@ni.shrubbery.net Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (Postfix) with ESMTP id D797E11CE2D for ; Tue, 24 May 2005 02:10:28 +0000 (UTC) Received: by guelah.shrubbery.net (Postfix) id EF3DB86498; Tue, 24 May 2005 02:10:27 +0000 (UTC) Delivered-To: rancid-discuss-outgoing@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 10007) id E28A48649A; Tue, 24 May 2005 02:10:27 +0000 (UTC) X-Original-To: rancid-discuss@shrubbery.net Delivered-To: rancid-discuss@shrubbery.net Received: from sled.gsfc.nasa.gov (sled.gsfc.nasa.gov [198.119.28.21]) by guelah.shrubbery.net (Postfix) with ESMTP id CE87586490 for ; Tue, 24 May 2005 02:10:26 +0000 (UTC) Received: from frakir.gsfc.nasa.gov (frakir.gsfc.nasa.gov [198.119.28.35]) by sled.gsfc.nasa.gov (8.12.11/8.12.11) with ESMTP id j4O2AFID006766 for ; Mon, 23 May 2005 22:10:15 -0400 (EDT) Received: from frakir.gsfc.nasa.gov (localhost [127.0.0.1]) by frakir.gsfc.nasa.gov (8.13.3/8.13.3/Debian-9) with ESMTP id j4O2AFUQ014934 for ; Mon, 23 May 2005 22:10:15 -0400 Received: (from morty@localhost) by frakir.gsfc.nasa.gov (8.13.3/8.13.3/Submit) id j4O2AE38014932 for rancid-discuss@shrubbery.net; Mon, 23 May 2005 22:10:14 -0400 Date: Mon, 23 May 2005 22:10:14 -0400 From: "Mordechai T. Abzug" To: rancid-discuss@shrubbery.net Subject: rancid: ciscos, clogin and AAA Message-ID: <20050524021014.GA11342@frakir.gsfc.nasa.gov> Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="liOOAslEiF7prFVr" Content-Disposition: inline User-Agent: Mutt/1.5.6+20040907i X-Virus-Scanned: clamd / ClamAV version 0.75.1, clamav-milter version 0.75c on sled X-Virus-Status: Clean Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk --liOOAslEiF7prFVr Content-Type: text/plain; charset=us-ascii Content-Disposition: inline If one has a device that logs one in at Cisco level 2 rather than 1 or 15, the prompt has "#" but clogin still needs to run enable to achieve level 15. autoenable won't help because it assumes you're at enable 15. The attached (trivial) patch deals with this. I'm fairly sure it doesn't break backwards compatibility. Thanks! - Morty --liOOAslEiF7prFVr Content-Type: text/plain; charset=us-ascii Content-Disposition: attachment; filename="rancid-2.3.1-local-p3.patch" *** rancid/bin/clogin.dist Tue Apr 26 03:14:41 2005 --- rancid/bin/clogin.in Tue May 24 02:00:23 2005 *************** *** 634,640 **** } else { set autoenable 0 set enable $avenable ! set prompt ">" } } --- 634,640 ---- } else { set autoenable 0 set enable $avenable ! set prompt "(>|#)" } } --liOOAslEiF7prFVr-- From owner-rancid-discuss-outgoing@shrubbery.net Tue May 24 03:58:53 2005 Return-Path: X-Original-To: rancid-discuss-archive@ni.shrubbery.net Delivered-To: rancid-discuss-archive@ni.shrubbery.net Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (Postfix) with ESMTP id B528311CE2D for ; Tue, 24 May 2005 03:58:53 +0000 (UTC) Received: by guelah.shrubbery.net (Postfix) id E49968649B; Tue, 24 May 2005 03:58:52 +0000 (UTC) Delivered-To: rancid-discuss-outgoing@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 10007) id DB94A8649F; Tue, 24 May 2005 03:58:52 +0000 (UTC) X-Original-To: rancid-discuss@shrubbery.net Delivered-To: rancid-discuss@shrubbery.net Received: from LE-EXCH02.focalsolutions.net (le-exch02.lightedge.com [216.81.128.120]) by guelah.shrubbery.net (Postfix) with ESMTP id 03E018649B for ; Tue, 24 May 2005 03:58:47 +0000 (UTC) X-MimeOLE: Produced By Microsoft Exchange V6.5.7226.0 Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01C56014.E1AB8247" Subject: Rivlogin modifications Date: Mon, 23 May 2005 22:58:44 -0500 Message-ID: X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: Rivlogin modifications Thread-Index: AcVgFOFTF5L8fVWpQnihS+4uLFy+QQ== From: "Mike McHenry" To: Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk This is a multi-part message in MIME format. ------_=_NextPart_001_01C56014.E1AB8247 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Rivlogin is currently in a sad state of functionality that doesn't support many of the things the newer clogin does; most notably SSH logins. =20 I've remedied this on my systems by hacking up the latest version of clogin to support Riverstone equipment. The new expect script can be found here http://colossus.lh.net/rivlogin =20 Also a patch in "diff -uNr" context http://colossus.lh.net/rivlogin-vs-clogin.patch =20 Treat this code as beta quality. However it is working well on my network of RS3000s/RS38000s running 9.1 code. Any chance we can get this script into the mainline code releases? =20 Mike McHenry (612) 252-2340=20 mmchenry@lightedge.com Senior Network Engineer LightEdge Solutions =20 "This message may contain confidential and/or privileged information. If you are not the addressee or authorized to receive this for the addressee, you must not use, copy, disclose, or take any action based on this message or any information herein. If you have received this message in error, please advise the sender immediately by reply e-mail and delete this message. Thank you for your cooperation." =20 ------_=_NextPart_001_01C56014.E1AB8247 Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable

Rivlogin is currently in a sad state of functionality = that doesn’t support many of the things the newer clogin does; most = notably SSH logins.

 

I’ve remedied this on my systems by hacking up = the latest version of clogin to support Riverstone equipment. The new expect = script can be found here

http://colossus.lh.net/rivlogin<= /a>

 

Also a patch in “diff –uNr” = context

http://colossus.= lh.net/rivlogin-vs-clogin.patch

 

Treat this code as beta quality. However it is = working well on my network of RS3000s/RS38000s running 9.1 code. Any chance we can = get this script into the mainline code releases?

 

Mike McHenry  (612) 252-2340

 mmchenry@lightedge.com

 Senior Network Engineer

 LightEdge Solutions

 

"This message may contain confidential and/or privileged information. If you = are not the addressee or authorized to receive this for the addressee, you must not = use, copy, disclose, or take any action based on this message or any = information herein. If you have received this message in error, please advise the = sender immediately by reply e-mail and delete this message. Thank you for your cooperation."

 

------_=_NextPart_001_01C56014.E1AB8247-- From owner-rancid-discuss-outgoing@shrubbery.net Tue May 24 06:20:54 2005 Return-Path: X-Original-To: rancid-discuss-archive@ni.shrubbery.net Delivered-To: rancid-discuss-archive@ni.shrubbery.net Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (Postfix) with ESMTP id 94C0311CE2D for ; Tue, 24 May 2005 06:20:54 +0000 (UTC) Received: by guelah.shrubbery.net (Postfix) id 968B6864A1; Tue, 24 May 2005 06:20:53 +0000 (UTC) Delivered-To: rancid-discuss-outgoing@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 10007) id 90725864A3; Tue, 24 May 2005 06:20:53 +0000 (UTC) X-Original-To: rancid-discuss@shrubbery.net Delivered-To: rancid-discuss@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 7053) id DAD57864A2; Tue, 24 May 2005 06:20:52 +0000 (UTC) Date: Mon, 23 May 2005 23:20:52 -0700 From: john heasley To: "Mordechai T. Abzug" Cc: rancid-discuss@shrubbery.net Subject: Re: rancid: ciscos, clogin and AAA Message-ID: <20050524062052.GZ8640@shrubbery.net> References: <20050524021014.GA11342@frakir.gsfc.nasa.gov> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20050524021014.GA11342@frakir.gsfc.nasa.gov> User-Agent: Mutt/1.4.2.1i X-PGPkey: http://www.shrubbery.net/~heas/public-key.asc X-note: live free, or die! X-homer: i just want to have a beer while i am caring. Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk Mon, May 23, 2005 at 10:10:14PM -0400, Mordechai T. Abzug: > > If one has a device that logs one in at Cisco level 2 rather than 1 or > 15, the prompt has "#" but clogin still needs to run enable to achieve > level 15. autoenable won't help because it assumes you're at enable > 15. > > The attached (trivial) patch deals with this. I'm fairly sure it > doesn't break backwards compatibility. I do not think that will work. can you try clogin with an incorrect enable password? it might fail; as in not return an error. Meaning that the matches might need adjustment in do_enable(). > Thanks! > > - Morty > *** rancid/bin/clogin.dist Tue Apr 26 03:14:41 2005 > --- rancid/bin/clogin.in Tue May 24 02:00:23 2005 > *************** > *** 634,640 **** > } else { > set autoenable 0 > set enable $avenable > ! set prompt ">" > } > } > > --- 634,640 ---- > } else { > set autoenable 0 > set enable $avenable > ! set prompt "(>|#)" > } > } > From owner-rancid-discuss-outgoing@shrubbery.net Tue May 24 06:48:42 2005 Return-Path: X-Original-To: rancid-discuss-archive@ni.shrubbery.net Delivered-To: rancid-discuss-archive@ni.shrubbery.net Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (Postfix) with ESMTP id 34A5811CE2D for ; Tue, 24 May 2005 06:48:41 +0000 (UTC) Received: by guelah.shrubbery.net (Postfix) id D0F76864A6; Tue, 24 May 2005 06:48:40 +0000 (UTC) Delivered-To: rancid-discuss-outgoing@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 10007) id CB420864A8; Tue, 24 May 2005 06:48:40 +0000 (UTC) X-Original-To: rancid-discuss@shrubbery.net Delivered-To: rancid-discuss@shrubbery.net Received: from sled.gsfc.nasa.gov (sled.gsfc.nasa.gov [198.119.28.21]) by guelah.shrubbery.net (Postfix) with ESMTP id 56386864A3; Tue, 24 May 2005 06:48:38 +0000 (UTC) Received: from frakir.gsfc.nasa.gov (frakir.gsfc.nasa.gov [198.119.28.35]) by sled.gsfc.nasa.gov (8.12.11/8.12.11) with ESMTP id j4O6mTfj008503; Tue, 24 May 2005 02:48:29 -0400 (EDT) Received: from frakir.gsfc.nasa.gov (localhost [127.0.0.1]) by frakir.gsfc.nasa.gov (8.13.3/8.13.3/Debian-9) with ESMTP id j4O6mTNj016949; Tue, 24 May 2005 02:48:29 -0400 Received: (from morty@localhost) by frakir.gsfc.nasa.gov (8.13.3/8.13.3/Submit) id j4O6mTH3016947; Tue, 24 May 2005 02:48:29 -0400 From: Morty Abzug Date: Tue, 24 May 2005 02:48:29 -0400 To: john heasley Cc: "Mordechai T. Abzug" , rancid-discuss@shrubbery.net Subject: Re: rancid: ciscos, clogin and AAA Message-ID: <20050524064829.GG11366@frakir.gsfc.nasa.gov> References: <20050524021014.GA11342@frakir.gsfc.nasa.gov> <20050524062052.GZ8640@shrubbery.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20050524062052.GZ8640@shrubbery.net> User-Agent: Mutt/1.5.6+20040907i X-Virus-Scanned: clamd / ClamAV version 0.75.1, clamav-milter version 0.75c on sled X-Virus-Status: Clean Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk On Mon, May 23, 2005 at 11:20:52PM -0700, john heasley wrote: > Mon, May 23, 2005 at 10:10:14PM -0400, Mordechai T. Abzug: > > > > If one has a device that logs one in at Cisco level 2 rather than 1 or > > 15, the prompt has "#" but clogin still needs to run enable to achieve > > level 15. autoenable won't help because it assumes you're at enable > > 15. > > > > The attached (trivial) patch deals with this. I'm fairly sure it > > doesn't break backwards compatibility. > > I do not think that will work. can you try clogin with an incorrect > enable password? it might fail; as in not return an error. Meaning > that the matches might need adjustment in do_enable(). Gah. As you said, that goes from being overly paranoid to overly lax. One Cisco-centric solution could be to run "disable" -- at which point we're busted down to priv 1 with a ">" prompt -- and then run enable. disable is a no-op if you're already at priv 1. On another device type, this might be a harmless no-op. Another solution -- unfortunately, even more cisco-centric, might break other devices type for which you use clogin -- could be for enable to run "show priv" and make sure we're actually at privilege level 15. - Morty From owner-rancid-discuss-outgoing@shrubbery.net Tue May 24 06:52:40 2005 Return-Path: X-Original-To: rancid-discuss-archive@ni.shrubbery.net Delivered-To: rancid-discuss-archive@ni.shrubbery.net Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (Postfix) with ESMTP id 8B61E11CE2D for ; Tue, 24 May 2005 06:52:40 +0000 (UTC) Received: by guelah.shrubbery.net (Postfix) id CEFAE864AA; Tue, 24 May 2005 06:52:39 +0000 (UTC) Delivered-To: rancid-discuss-outgoing@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 10007) id C92AF864AE; Tue, 24 May 2005 06:52:39 +0000 (UTC) X-Original-To: rancid-discuss@shrubbery.net Delivered-To: rancid-discuss@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 7053) id 17D11864AC; Tue, 24 May 2005 06:52:39 +0000 (UTC) Date: Mon, 23 May 2005 23:52:39 -0700 From: john heasley To: Mike McHenry , afort@shrubbery.net Cc: rancid-discuss@shrubbery.net Subject: Re: Rivlogin modifications Message-ID: <20050524065239.GA8640@shrubbery.net> References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.4.2.1i X-PGPkey: http://www.shrubbery.net/~heas/public-key.asc X-note: live free, or die! X-homer: i just want to have a beer while i am caring. Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk Nice. Changes to login scripts always seems a lot like screwing with nature - one wrong move and there is a pestilence upon the land, so ... not being keen on riverstone myself and since rivlogin was contributed, I am curious about it's relation to "Enterasys". It's not clear to me what enterasys is; or if changes to rivlogin will alienate it. Andrew (fort), perhaps you can take this? Mon, May 23, 2005 at 10:58:44PM -0500, Mike McHenry: > Rivlogin is currently in a sad state of functionality that doesn't > support many of the things the newer clogin does; most notably SSH > logins. > > > > I've remedied this on my systems by hacking up the latest version of > clogin to support Riverstone equipment. The new expect script can be > found here > > http://colossus.lh.net/rivlogin > > > > Also a patch in "diff -uNr" context > > http://colossus.lh.net/rivlogin-vs-clogin.patch > > > > Treat this code as beta quality. However it is working well on my > network of RS3000s/RS38000s running 9.1 code. Any chance we can get this > script into the mainline code releases? > > > > Mike McHenry (612) 252-2340 > > mmchenry@lightedge.com > > Senior Network Engineer > > LightEdge Solutions > > > > "This message may contain confidential and/or privileged information. If > you are not the addressee or authorized to receive this for the > addressee, you must not use, copy, disclose, or take any action based on > this message or any information herein. If you have received this > message in error, please advise the sender immediately by reply e-mail > and delete this message. Thank you for your cooperation." > > > From owner-rancid-discuss-outgoing@shrubbery.net Tue May 24 07:02:36 2005 Return-Path: X-Original-To: rancid-discuss-archive@ni.shrubbery.net Delivered-To: rancid-discuss-archive@ni.shrubbery.net Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (Postfix) with ESMTP id 319F911CE2D for ; Tue, 24 May 2005 07:02:36 +0000 (UTC) Received: by guelah.shrubbery.net (Postfix) id 796D3864B2; Tue, 24 May 2005 07:02:35 +0000 (UTC) Delivered-To: rancid-discuss-outgoing@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 10007) id 7374B864B4; Tue, 24 May 2005 07:02:35 +0000 (UTC) X-Original-To: rancid-discuss@shrubbery.net Delivered-To: rancid-discuss@shrubbery.net Received: from mel1.unite.net.au (mel1.uecomm.net.au [203.94.129.130]) by guelah.shrubbery.net (Postfix) with ESMTP id E1E36864B1; Tue, 24 May 2005 07:02:32 +0000 (UTC) Received: from [10.190.3.21] ([203.94.135.59]) by mel1.unite.net.au (8.12.10/8.12.10) with ESMTP id j4O72447027703; Tue, 24 May 2005 17:02:11 +1000 (EST) Message-ID: <4292D1A7.8090409@choqolat.org> Date: Tue, 24 May 2005 17:03:03 +1000 From: Andrew Fort User-Agent: Mozilla Thunderbird 0.8 (Windows/20040913) X-Accept-Language: en-us, en MIME-Version: 1.0 To: john heasley Cc: Mike McHenry , afort@shrubbery.net, rancid-discuss@shrubbery.net Subject: Re: Rivlogin modifications References: <20050524065239.GA8640@shrubbery.net> In-Reply-To: <20050524065239.GA8640@shrubbery.net> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk john heasley wrote: > Nice. Changes to login scripts always seems a lot like screwing with > nature - one wrong move and there is a pestilence upon the land, so ... > not being keen on riverstone myself and since rivlogin was contributed, > I am curious about it's relation to "Enterasys". It's not clear to me > what enterasys is; or if changes to rivlogin will alienate it. > > Andrew (fort), perhaps you can take this? sure thing.. thanks for the updates and i'll test them here. -andrew From owner-rancid-discuss-outgoing@shrubbery.net Tue May 24 07:35:20 2005 Return-Path: X-Original-To: rancid-discuss-archive@ni.shrubbery.net Delivered-To: rancid-discuss-archive@ni.shrubbery.net Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (Postfix) with ESMTP id 721FA11CE2D for ; Tue, 24 May 2005 07:35:20 +0000 (UTC) Received: by guelah.shrubbery.net (Postfix) id 8171D864B6; Tue, 24 May 2005 07:35:19 +0000 (UTC) Delivered-To: rancid-discuss-outgoing@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 10007) id 6A393864BA; Tue, 24 May 2005 07:35:19 +0000 (UTC) X-Original-To: rancid-discuss@shrubbery.net Delivered-To: rancid-discuss@shrubbery.net Received: from mail.ki.iif.hu (mignon.ki.iif.hu [193.6.222.240]) by guelah.shrubbery.net (Postfix) with ESMTP id 1607D864B6; Tue, 24 May 2005 07:35:17 +0000 (UTC) Received: by mail.ki.iif.hu (Postfix, from userid 1003) id 74C8855AD; Tue, 24 May 2005 09:35:09 +0200 (CEST) Received: from localhost (localhost [127.0.0.1]) by mail.ki.iif.hu (Postfix) with ESMTP id 724C35592; Tue, 24 May 2005 09:35:09 +0200 (CEST) Date: Tue, 24 May 2005 09:35:09 +0200 (CEST) From: Mohacsi Janos X-X-Sender: mohacsi@mignon.ki.iif.hu To: john heasley Cc: "Mordechai T. Abzug" , rancid-discuss@shrubbery.net Subject: Re: rancid: ciscos, clogin and AAA In-Reply-To: <20050524062052.GZ8640@shrubbery.net> Message-ID: <20050524092305.C14455@mignon.ki.iif.hu> References: <20050524021014.GA11342@frakir.gsfc.nasa.gov> <20050524062052.GZ8640@shrubbery.net> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk On Mon, 23 May 2005, john heasley wrote: > Mon, May 23, 2005 at 10:10:14PM -0400, Mordechai T. Abzug: >> >> If one has a device that logs one in at Cisco level 2 rather than 1 or >> 15, the prompt has "#" but clogin still needs to run enable to achieve >> level 15. autoenable won't help because it assumes you're at enable >> 15. >> >> The attached (trivial) patch deals with this. I'm fairly sure it >> doesn't break backwards compatibility. > > I do not think that will work. can you try clogin with an incorrect > enable password? it might fail; as in not return an error. Meaning > that the matches might need adjustment in do_enable(). I think this might work, if you use autoenable 1 . This is waht I do in my environment. Regards, Janos Mohacsi Network Engineer, Research Associate NIIF/HUNGARNET, HUNGARY Key 00F9AF98: 8645 1312 D249 471B DBAE 21A2 9F52 0D1F 00F9 AF98 > >> Thanks! >> >> - Morty > >> *** rancid/bin/clogin.dist Tue Apr 26 03:14:41 2005 >> --- rancid/bin/clogin.in Tue May 24 02:00:23 2005 >> *************** >> *** 634,640 **** >> } else { >> set autoenable 0 >> set enable $avenable >> ! set prompt ">" >> } >> } >> >> --- 634,640 ---- >> } else { >> set autoenable 0 >> set enable $avenable >> ! set prompt "(>|#)" >> } >> } >> > > From owner-rancid-discuss-outgoing@shrubbery.net Tue May 24 15:09:14 2005 Return-Path: X-Original-To: rancid-discuss-archive@ni.shrubbery.net Delivered-To: rancid-discuss-archive@ni.shrubbery.net Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (Postfix) with ESMTP id C187511CE2D for ; Tue, 24 May 2005 15:09:13 +0000 (UTC) Received: by guelah.shrubbery.net (Postfix) id A910A864BF; Tue, 24 May 2005 15:09:12 +0000 (UTC) Delivered-To: rancid-discuss-outgoing@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 10007) id 9D997864C0; Tue, 24 May 2005 15:09:12 +0000 (UTC) X-Original-To: rancid-discuss@shrubbery.net Delivered-To: rancid-discuss@shrubbery.net Received: from mail2.panix.com (mail2.panix.com [166.84.1.73]) by guelah.shrubbery.net (Postfix) with ESMTP id A1C50864BB for ; Tue, 24 May 2005 15:09:09 +0000 (UTC) Received: from panix5.panix.com (panix5.panix.com [166.84.1.5]) by mail2.panix.com (Postfix) with ESMTP id D02EAA7015 for ; Tue, 24 May 2005 11:09:08 -0400 (EDT) Received: (from eravin@localhost) by panix5.panix.com (8.11.6p3/8.8.8/PanixN1.1) id j4OF98J16924 for rancid-discuss@shrubbery.net; Tue, 24 May 2005 11:09:08 -0400 (EDT) Date: Tue, 24 May 2005 11:09:08 -0400 From: Ed Ravin To: rancid-discuss@shrubbery.net Subject: Re: rancid: ciscos, clogin and AAA Message-ID: <20050524150908.GA6875@panix.com> References: <20050524021014.GA11342@frakir.gsfc.nasa.gov> <20050524062052.GZ8640@shrubbery.net> <20050524064829.GG11366@frakir.gsfc.nasa.gov> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20050524064829.GG11366@frakir.gsfc.nasa.gov> User-Agent: Mutt/1.4.2.1i X-Y-Z: 1, 2, 3? Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk On Tue, May 24, 2005 at 02:48:29AM -0400, Morty Abzug wrote: > On Mon, May 23, 2005 at 11:20:52PM -0700, john heasley wrote: > > Mon, May 23, 2005 at 10:10:14PM -0400, Mordechai T. Abzug: > > > > > > If one has a device that logs one in at Cisco level 2 rather than 1 or > > > 15, the prompt has "#" but clogin still needs to run enable to achieve > > > level 15. autoenable won't help because it assumes you're at enable > > > 15. > > > > > > The attached (trivial) patch deals with this. I'm fairly sure it > > > doesn't break backwards compatibility. > > > > I do not think that will work. can you try clogin with an incorrect > > enable password? it might fail; as in not return an error. Meaning > > that the matches might need adjustment in do_enable(). > > Gah. As you said, that goes from being overly paranoid to overly lax. > > One Cisco-centric solution could be to run "disable" -- at which point > we're busted down to priv 1 with a ">" prompt -- and then run enable. > disable is a no-op if you're already at priv 1. On another device > type, this might be a harmless no-op. Here's a less Cisco-centric solution - run the command requested, if you get back "Unrecognized command" or "Permission denied" etc., try to do the enable. If that doesn't work, game over. If the enable succeeds, run the command again. From owner-rancid-discuss-outgoing@shrubbery.net Tue May 24 15:27:08 2005 Return-Path: X-Original-To: rancid-discuss-archive@ni.shrubbery.net Delivered-To: rancid-discuss-archive@ni.shrubbery.net Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (Postfix) with ESMTP id 3CD7511CE2D for ; Tue, 24 May 2005 15:27:08 +0000 (UTC) Received: by guelah.shrubbery.net (Postfix) id 8CCB7864C0; Tue, 24 May 2005 15:27:07 +0000 (UTC) Delivered-To: rancid-discuss-outgoing@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 10007) id 8663E864C5; Tue, 24 May 2005 15:27:07 +0000 (UTC) X-Original-To: rancid-discuss@shrubbery.net Delivered-To: rancid-discuss@shrubbery.net Received: from LE-EXCH02.focalsolutions.net (le-exch02.lightedge.com [216.81.128.120]) by guelah.shrubbery.net (Postfix) with ESMTP id 2CC31864C0; Tue, 24 May 2005 15:27:05 +0000 (UTC) X-MimeOLE: Produced By Microsoft Exchange V6.5.7226.0 Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Subject: RE: Rivlogin modifications Date: Tue, 24 May 2005 10:27:05 -0500 Message-ID: X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: Rivlogin modifications Thread-Index: AcVgLojaeggnNQfGQEKYE/Ik+bSU/gARj2hA From: "Mike McHenry" To: "Andrew Fort" , "john heasley" Cc: , Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk Enterasys and Riverstone were both spun off divisions of Cabletron so they are somewhat similar but may not be identical anymore. I definitely don't think my rivlogin should replace the stock version without a good amount of testing. I would have rather patched the exiting rivlogin but it seemed like such a long road to go down when clogin was 95% of the way there. :) -----Original Message----- From: Andrew Fort [mailto:afort@choqolat.org]=20 Sent: Tuesday, May 24, 2005 2:03 AM To: john heasley Cc: Mike McHenry; afort@shrubbery.net; rancid-discuss@shrubbery.net Subject: Re: Rivlogin modifications john heasley wrote: > Nice. Changes to login scripts always seems a lot like screwing with > nature - one wrong move and there is a pestilence upon the land, so ... > not being keen on riverstone myself and since rivlogin was contributed, > I am curious about it's relation to "Enterasys". It's not clear to me > what enterasys is; or if changes to rivlogin will alienate it. >=20 > Andrew (fort), perhaps you can take this? sure thing.. thanks for the updates and i'll test them here. -andrew From owner-rancid-discuss-outgoing@shrubbery.net Tue May 24 22:18:14 2005 Return-Path: X-Original-To: rancid-discuss-archive@ni.shrubbery.net Delivered-To: rancid-discuss-archive@ni.shrubbery.net Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (Postfix) with ESMTP id EA93311CE2D for ; Tue, 24 May 2005 22:18:13 +0000 (UTC) Received: by guelah.shrubbery.net (Postfix) id F130A864C7; Tue, 24 May 2005 22:18:12 +0000 (UTC) Delivered-To: rancid-discuss-outgoing@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 10007) id E39A0864C8; Tue, 24 May 2005 22:18:12 +0000 (UTC) X-Original-To: rancid-discuss@shrubbery.net Delivered-To: rancid-discuss@shrubbery.net Received: from omta04ps.mx.bigpond.com (omta04ps.mx.bigpond.com [144.140.83.156]) by guelah.shrubbery.net (Postfix) with ESMTP id D12E9864C5 for ; Tue, 24 May 2005 22:18:11 +0000 (UTC) Received: from [192.168.1.113] (really [144.132.98.69]) by omta04ps.mx.bigpond.com with ESMTP id <20050524221805.TXIC27377.omta04ps.mx.bigpond.com@[192.168.1.113]>; Tue, 24 May 2005 22:18:05 +0000 In-Reply-To: References: Mime-Version: 1.0 (Apple Message framework v728) Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed Message-Id: <11FAC5DE-96DA-4B61-A47A-4159A6030A1A@choqolat.org> Cc: rancid-discuss@shrubbery.net Content-Transfer-Encoding: 7bit From: Andrew Fort Subject: Re: Rivlogin modifications Date: Wed, 25 May 2005 08:17:59 +1000 To: "Mike McHenry" X-Mailer: Apple Mail (2.728) Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk On 25/05/2005, at 1:27 AM, Mike McHenry wrote: > Enterasys and Riverstone were both spun off divisions of Cabletron so > they are somewhat similar but may not be identical anymore. > not to forget Aprisma, who were the division spun off for the Spectrum NMS. these unfortunate souls were snaffled up by Netcool who were snaffled up by Computer Associates. Riverstone is the NSP-focussed spin-off. Enterasys is the Enterprise-focussed spin-off. > I definitely don't think my rivlogin should replace the stock version > without a good amount of testing. I would have rather patched the > exiting rivlogin but it seemed like such a long road to go down when > clogin was 95% of the way there. :) it's actually preferred that all the *login programs are as similar as possible (i.e., it'd be really nice if there wasn't multiple login programs). i had tried to initially do that, but had had a lot of problems with the escape characters for the line wrapping in EOS/ROS; problems I haven't had with the initial testing I've done of your offered rivlogin sofar. I've run into a couple of things; - Do you use RADIUS for auth in your shop? The 'userpassword' variable doesn't seem to be consulted in the same way as the existing rivlogin. e.g. my .cloginrc stanzas look like add user host {afort} add userpassword host {radiuspass} add password host {initial_login_password} {last_resort_password} The initial password works, but when asked for RADIUS credentials after that, we send the username but not the correct password. It appears that the variable used for the 'last_resort_password', above, is being used for any 'Password:' prompt. I changed this behaviour a few releases back, because: - riverstone/enterasys CLI OSes ask for the initial_login_password BEFORE radius. - if radius is unreachable, you get a message indicating you need to use the last resort (enable) password now. - the user password for RADIUS is of course a seperate password. Thus I figured the most logical mapping was the one, above. So the logic changes to: - if we have seen a 'username' prompt, we're in radius/tac+ mode. - if we're in radius/tac+ mode, the password prompt is asking for the users' password. - if we see the message indicating we cannot reach radius, use the last_resort. However, SSH logins are probably different. Can you send me an example SSH login dialgoue with the switch so I can better understand the choices made in your patch? - On EOS 8.3 (we're running ancient code for stability reasons), there is a max login banner length which precludes us using our regular banner plus the "Press RETURN to Begin" prompt (it's like 4 lines, perhaps 255 chars). In any event, this means that our switches don't provide the initial prompt that is expected. So, I have removed the expect and just have the program sleep 0.3 and then send \r to the switch. Though this removes the stop-and-wait behaviour, I've never found it to cause problems, at least not with telnet. One last question - what is the length of your _longest_ hostname on your switches, in characters? The majority of terminal handling problems only appeared for me when using longer prompts (like, longer than about 9 characters, if my brain is working today). thanks again, -andrew From owner-rancid-discuss-outgoing@shrubbery.net Wed May 25 04:16:53 2005 Return-Path: X-Original-To: rancid-discuss-archive@ni.shrubbery.net Delivered-To: rancid-discuss-archive@ni.shrubbery.net Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (Postfix) with ESMTP id 1E96D11CE2D for ; Wed, 25 May 2005 04:16:52 +0000 (UTC) Received: by guelah.shrubbery.net (Postfix) id 0F00D864CC; Wed, 25 May 2005 04:16:52 +0000 (UTC) Delivered-To: rancid-discuss-outgoing@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 10007) id 031A7864CD; Wed, 25 May 2005 04:16:52 +0000 (UTC) X-Original-To: rancid-discuss@shrubbery.net Delivered-To: rancid-discuss@shrubbery.net Received: from LE-EXCH02.focalsolutions.net (le-exch02.lightedge.com [216.81.128.120]) by guelah.shrubbery.net (Postfix) with ESMTP id 21856864CA for ; Wed, 25 May 2005 04:16:46 +0000 (UTC) X-MimeOLE: Produced By Microsoft Exchange V6.5.7226.0 Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Subject: RE: Rivlogin modifications Date: Tue, 24 May 2005 23:16:39 -0500 Message-ID: X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: Rivlogin modifications Thread-Index: AcVgrnZmZZxjhXPTT4qEdgLbV1bBCQAMHizg From: "Mike McHenry" To: "Andrew Fort" Cc: Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk Andrew, We don't (as of yet) utilize Radius lookups on our Riverstone gear. Perhaps it would be more helpful for me to give you access to one of my pseudo-development Riverstone chassis so you can test out the SSH sequence yourself. Please reply to me offline if you feel this would be useful. Here is an example login sequence on a RS3000 chassis running 9.1.2.8 code. Anything in << brackets >> indicates something typed in. [mmchenry@unixhost]# << ssh -1 RIVERSTONEHOST >> ---------------------------------------------------------------------- RS 3000 System Software, Version 9.1.2.8 Copyright (c) 2000-2004 Riverstone Networks, Inc. System started on 2004-10-11 20:18:49 ---------------------------------------------------------------------- Press RETURN to activate console . . . << RETURN >> Password: << login password >> RIVERSTONEHOST> enable Password: << enable password >> RIVERSTONEHOST# Where the initial prompt for password is being pulled from=20 system set hashed-password login xxxxxxx and the secondary enable password is pulled from=20 system set hashed-password enable xxxxxxx >=20 > I've run into a couple of things; >=20 > - Do you use RADIUS for auth in your shop? The 'userpassword' > variable doesn't seem to be consulted in the same way as the existing > rivlogin. >=20 > e.g. my .cloginrc stanzas look like >=20 > add user host {afort} > add userpassword host {radiuspass} > add password host {initial_login_password} {last_resort_password} >=20 > The initial password works, but when asked for RADIUS credentials > after that, we send the username but not the correct password. >=20 > It appears that the variable used for the 'last_resort_password', > above, is being used for any 'Password:' prompt. >=20 > I changed this behaviour a few releases back, because: >=20 > - riverstone/enterasys CLI OSes ask for the initial_login_password > BEFORE radius. > - if radius is unreachable, you get a message indicating you need > to use the last resort (enable) password now. > - the user password for RADIUS is of course a seperate password. >=20 > Thus I figured the most logical mapping was the one, above. > So the logic changes to: > - if we have seen a 'username' prompt, we're in radius/tac+ mode. > - if we're in radius/tac+ mode, the password prompt is asking for > the users' password. > - if we see the message indicating we cannot reach radius, use the > last_resort. >=20 > However, SSH logins are probably different. Can you send me an > example SSH login dialgoue with the switch so I can better understand > the choices made in your patch? >=20 I never had problems in my testing either when I removed the "Press RETURN" expect sequence and I agree that it could probably be removed safely. > - On EOS 8.3 (we're running ancient code for stability reasons), > there is a max login banner length which precludes us using our > regular banner plus the "Press RETURN to Begin" prompt (it's like 4 > lines, perhaps 255 chars). In any event, this means that our > switches don't provide the initial prompt that is expected. So, I > have removed the expect and just have the program sleep 0.3 and then > send \r to the switch. Though this removes the stop-and-wait > behaviour, I've never found it to cause problems, at least not with > telnet. >=20 My longest hostname is 16 characters long and I haven't run into any apparent problems so far. > One last question - what is the length of your _longest_ hostname on > your switches, in characters? The majority of terminal handling > problems only appeared for me when using longer prompts (like, longer > than about 9 characters, if my brain is working today). >=20 > thanks again, > -andrew