Oh, it also got onto the box before, it's just the enable part that seems to
be the problem.. This is without debug stuff:
Trying 192.168.1.2...
Connected to 192.168.1.2.
Escape character is '^]'.
Type help or '?' for a list of available commands.
so its getting onto the box now... but doesnt enable... whats the
output without all the debug junk?
It's like it never gets to the enable-part.. Here is the debug output of
a
10.10.1.2
spawn telnet 10.10.1.2
parent: waiting for sync byte
parent: telling child to go ahead
parent: now unsynchronized from child
spawn: returns {13658}
expect: does "" (spawn_id exp4) match regular expression "(Connection
refused|Secure connection [^\n\r]+ refused)"? no
"(Connection closed by|Connection to [^\n\r]+ closed)"? no
expect: does "" (spawn_id exp4) match glob pattern "unknown host\r"? no
expect: does "" (spawn_id exp4) match glob pattern "Host is unreachable"?
no
"No address associated with name"? no
"(Host key not found |The authenticity of host .* be
established).*(yes/no)?"? no
"HOST IDENTIFICATION HAS CHANGED.* (yes/no)?"? no
"Offending key for .* (yes/no)?"? no
"(denied|Sorry)"? no
"Login failed"? no
"% (Bad passwords|Authentication failed)"? no
"Press any key to continue"? no
"Enter Selection: "? no
"Last login:"? no
"pix"? no
"([Pp]assword|passwd):"? no
"(#| \(enable\))"? no
"Login invalid"? no
Trying 10.10.1.2...
Connected to 10.10.1.2.
Escape character is '^]'.
expect: does "Trying 10.10.1.2...\r\r\nConnected to
10.10.1.2.\r\r\nEscape
character is '^]'.\r\r\n" (spawn_id exp4) match regular expression
"(Connection refused|Secure connection [^\n\r]+ refused)"? no
"(Connection closed by|Connection to [^\n\r]+ closed)"? no
expect: does "Trying 10.10.1.2...\r\r\nConnected to
10.10.1.2.\r\r\nEscape
character is '^]'.\r\r\n" (spawn_id exp4) match glob pattern "unknown
host\r"? no
expect: does "Trying 10.10.1.2...\r\r\nConnected to
10.10.1.2.\r\r\nEscape
character is '^]'.\r\r\n" (spawn_id exp4) match glob pattern "Host is
unreachable"? no
"No address associated with name"? no
"(Host key not found |The authenticity of host .* be
established).*(yes/no)?"? no
"HOST IDENTIFICATION HAS CHANGED.* (yes/no)?"? no
"Offending key for .* (yes/no)?"? no
"(denied|Sorry)"? no
"Login failed"? no
"% (Bad passwords|Authentication failed)"? no
"Press any key to continue"? no
"Enter Selection: "? no
"Last login:"? no
"pix"? no
"([Pp]assword|passwd):"? no
"(#| \(enable\))"? no
"Login invalid"? no
User Access Verification
expect: does "Trying 10.10.1.2...\r\r\nConnected to
10.10.1.2.\r\r\nEscape
"
(spawn_id exp4) match regular expression "(Connection refused|Secure
connection [^\n\r]+ refused)"? no
"(Connection closed by|Connection to [^\n\r]+ closed)"? no
expect: does "Trying 10.10.1.2...\r\r\nConnected to
10.10.1.2.\r\r\nEscape
"
(spawn_id exp4) match glob pattern "unknown host\r"? no
expect: does "Trying 10.10.1.2...\r\r\nConnected to
10.10.1.2.\r\r\nEscape
"
(spawn_id exp4) match glob pattern "Host is unreachable"? no
"No address associated with name"? no
"(Host key not found |The authenticity of host .* be
established).*(yes/no)?"? no
"HOST IDENTIFICATION HAS CHANGED.* (yes/no)?"? no
"Offending key for .* (yes/no)?"? no
"(denied|Sorry)"? no
"Login failed"? no
"% (Bad passwords|Authentication failed)"? no
"Press any key to continue"? no
"Enter Selection: "? no
"Last login:"? no
"pix"? no
"([Pp]assword|passwd):"? yes
expect: set expect_out(0,string) "Password:"
expect: set expect_out(1,string) "Password"
expect: set expect_out(spawn_id) "exp4"
expect: set expect_out(buffer) "Trying 10.10.1.2...\r\r\nConnected to
10.10.1.2.\r\r\nEscape character is '^]'.\r\r\n\r\n\r\nUser Access
Verification\r\n\r\nPassword:"
send: sending "exec_pass\r" to { exp4 }
expect: continuing expect
expect: does " " (spawn_id exp4) match regular expression "(Connection
refused|Secure connection [^\n\r]+ refused)"? no
"(Connection closed by|Connection to [^\n\r]+ closed)"? no
expect: does " " (spawn_id exp4) match glob pattern "unknown host\r"? no
expect: does " " (spawn_id exp4) match glob pattern "Host is
unreachable"?
no
"No address associated with name"? no
"(Host key not found |The authenticity of host .* be
established).*(yes/no)?"? no
"HOST IDENTIFICATION HAS CHANGED.* (yes/no)?"? no
"Offending key for .* (yes/no)?"? no
"(denied|Sorry)"? no
"Login failed"? no
"% (Bad passwords|Authentication failed)"? no
"Press any key to continue"? no
"Enter Selection: "? no
"Last login:"? no
"pix"? no
"([Pp]assword|passwd):"? no
"(#| \(enable\))"? no
"Login invalid"? no
expect: does " \r\n" (spawn_id exp4) match regular expression
"(Connection
refused|Secure connection [^\n\r]+ refused)"? no
"(Connection closed by|Connection to [^\n\r]+ closed)"? no
expect: does " \r\n" (spawn_id exp4) match glob pattern "unknown host\r"?
no
expect: does " \r\n" (spawn_id exp4) match glob pattern "Host is
unreachable"? no
"No address associated with name"? no
"(Host key not found |The authenticity of host .* be
established).*(yes/no)?"? no
"HOST IDENTIFICATION HAS CHANGED.* (yes/no)?"? no
"Offending key for .* (yes/no)?"? no
"(denied|Sorry)"? no
"Login failed"? no
"% (Bad passwords|Authentication failed)"? no
"Press any key to continue"? no
"Enter Selection: "? no
"Last login:"? no
"pix"? no
"([Pp]assword|passwd):"? no
"(#| \(enable\))"? no
"Login invalid"? no
Type help or '?' for a list of available commands.
ASAFW01>
expect: does " \r\nType help or '?' for a list of available
commands.\r\n\rASAFW01> " (spawn_id exp4) match regular expression
"(Connection refused|Secure connection [^\n\r]+ refused)"? no
"(Connection closed by|Connection to [^\n\r]+ closed)"? no
expect: does " \r\nType help or '?' for a list of available
commands.\r\n\rASAFW01> " (spawn_id exp4) match glob pattern "unknown
host\r"? no
expect: does " \r\nType help or '?' for a list of available
commands.\r\n\rASAFW01> " (spawn_id exp4) match glob pattern "Host is
unreachable"? no
"No address associated with name"? no
"(Host key not found |The authenticity of host .* be
established).*(yes/no)?"? no
"HOST IDENTIFICATION HAS CHANGED.* (yes/no)?"? no
"Offending key for .* (yes/no)?"? no
"(denied|Sorry)"? no
"Login failed"? no
"% (Bad passwords|Authentication failed)"? no
"Press any key to continue"? no
"Enter Selection: "? no
"Last login:"? no
"pix"? no
"([Pp]assword|passwd):"? no
"(#| \(enable\))"? no
"Login invalid"? no
expect: timed out
Error: TIMEOUT reached
Post by WilliamRonni,
Try running the clogin program manually, for example type from the
clogin 10.10.1.2
and paste the output?
Cheers,
Post by Ronni JensenHi,
I tried with the example you wrote, but it didn't change anything.. I still
get the "clogin error: Error: TIMEOUT reached" errors in the logfile.
Any other suggestions how I can fix the error?
Best regards,
Ronni
Post by WilliamRonni,
According to your email when accessing the firewall manually there is
add userprompt 10.10.1.2 pix
add method 10.10.1.2 telnet
add password 10.10.1.2 {exec_pass} {enable_pass}
hope this helps.
Cheers,
Will
Post by Ronni JensenHi,
My rancid installation works perfectly for Cisco Catalyst switches and
other
stuff too.. but for the Cisco ASA firewalls it fails.. In the logs,
I
Post by WilliamPost by Ronni JensenPost by WilliamPost by Ronni Jensenget
the "clogin error: Error: TIMEOUT reached" error.
add password 10.10.1.2 {exec_pass} {enable_pass}
add method 10.10.1.2 telnet
add autoenable 10.10.1.2 {1}
I've also tried replacing IP-address with DNS hostname or just
using
Post by WilliamPost by Ronni JensenPost by WilliamPost by Ronni Jensena
wildcard star... no difference. When I telnet directly from the
server
to
Trying 10.10.1.2...
Connected to 10.10.1.2.
Escape character is '^]'.
User Access Verification
Password: <TYPING PASSWD>
Type help or '?' for a list of available commands.
UMUSASA01> <TYPING "ENABLE">
Password: *******
UMUSASA01#
Any ideas?
_______________________________________________
Rancid-discuss mailing list
http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss