[rancid] jlogin not using ssh key

Discussion:

Hinote, Willie Scott. (MSFC-IS40)[NICS]

2012-11-28 16:53:22 UTC

I have setup SSH keys on a Juniper device. The keys work when I SSH as the RANCID user to the Juniper but do not work when I execute rancid-run or execute jlogin without the -p flag. I have modified my .cloginrc to use an identity file.

.cloginrc
--
add identity X.X.X.X /opt/rancid/.ssh/id_rsa

Only the add identity line exists for this IP. No other add lines are in the .cloginrc.

When I execute:
/usr/libexec/rancid/jlogin -f /opt/rancid/.cloginrc X.X.X.X

I receive error:
Error: no password for router in /opt/rancid/.cloginrc. X.X.X.X

When I execute:
/usr/libexec/rancid/rancid-run JUNIPER

I see errors in logs:
X.X.X.X jlogin error: Error: no password for X.X.X.X in /opt/rancid/.cloginrc.
X.X.X.X: missed cmd(s) ***Lots of commands***
X.X.X.X: End of run not found

If I execute:
/usr/libexec/rancid/jlogin -p router X.X.X.X

It logs me in with no errors.

Are there any other options that need to be added to the .cloginrc file? Has anyone else successfully used SSH keys with Juniper devices?

I appreciate the assistance.

heasley

2012-11-28 17:15:43 UTC

Permalink

Post by Hinote, Willie Scott. (MSFC-IS40)[NICS]
I have setup SSH keys on a Juniper device. The keys work when I SSH as the RANCID user to the Juniper but do not work when I execute rancid-run or execute jlogin without the -p flag. I have modified my .cloginrc to use an identity file.
.cloginrc
--
add identity X.X.X.X /opt/rancid/.ssh/id_rsa
Only the add identity line exists for this IP. No other add lines are in the .cloginrc.
/usr/libexec/rancid/jlogin -f /opt/rancid/.cloginrc X.X.X.X
Error: no password for router in /opt/rancid/.cloginrc. X.X.X.X
/usr/libexec/rancid/rancid-run JUNIPER
X.X.X.X jlogin error: Error: no password for X.X.X.X in /opt/rancid/.cloginrc.
X.X.X.X: missed cmd(s) ***Lots of commands***
X.X.X.X: End of run not found
/usr/libexec/rancid/jlogin -p router X.X.X.X
It logs me in with no errors.
Are there any other options that need to be added to the .cloginrc file? Has anyone else successfully used SSH keys with Juniper devices?

it does insist on a pwd; just add an empty one
add password glob {}

Hinote, Willie Scott. (MSFC-IS40)[NICS]

2012-11-28 17:52:32 UTC

Permalink

I appreciate the reply. Unfortunately this did not work exactly as prescribed but I did find a solution. For anyone else who may be experiencing this issue you need to have at least one character entered on the add password line. During testing I tried a number of different letters, numbers and symbols; all worked. Even adding up to 6 characters worked with no errors (I am sure more would work but I did not test). If you add the braces you must include a character between the braces and spaces do not work with or without the braces. My test Juniper is running JUNOS 10.4R2.6. My lab equipment is limited so I am not able to test with other JUNOS versions to see if it is version specific.

I tested by executing:
/usr/libexec/rancid/rancid-run JUNIPER
/usr/libexec/rancid/jlogin router X.X.X.X
/usr/libexec/rancid/jlogin -f /opt/rancid/.cloginrc router X.X.X.X

All tests completed without errors.

.cloginrc
--
add identity X.X.X.X /opt/rancid/.ssh/id_rsa
add password X.X.X.X 1
add method X.X.X.X ssh

Hopefully this helps anyone else who may be stuck on this issue.

-----Original Message-----
From: heasley [mailto:***@shrubbery.net]
Sent: Wednesday, November 28, 2012 11:16 AM
To: Hinote, Willie Scott. (MSFC-IS40)[NICS]
Cc: rancid-***@shrubbery.net
Subject: Re: [rancid] jlogin not using ssh key

it does insist on a pwd; just add an empty one
add password glob {}