Thanks for your replay and sorry for such a late response.
Does it make a difference what prompt it is? As long as what I have matches the prompt in the script? I don't know if I can get privileges on this box so I can get the # prompt.
The weird thing is the following:
FGT100A_VPN $
expect: does " \r\nFGT100A_VPN $ " (spawn_id exp6) match glob pattern "Connection refused"? no
"Unknown host\r\n"? no
"Host is unreachable"? no
"No address associated with name"? no
"Are you sure you want to continue connecting .*"? no
"Host key not found .* (yes/no)?"? no
"HOST IDENTIFICATION HAS CHANGED.* (yes/no)?"? no
"Offending key for .* (yes/no)?"? no
"denied"? no
" ### Login failed"? no
"(login:)"? no
"@[^\r\n]+[Pp]assword:"? no
"[Pp]assword:"? no
" $ "? yes
expect: set expect_out(0,string) " $ "
expect: set expect_out(spawn_id) "exp6"
expect: set expect_out(buffer) " \r\nFGT100A_VPN $ "
send: sending "\r" to { exp6 }
expect: does "" (spawn_id exp6) match regular expression "[\r\n]+"? no
"^(.+ $ )"? no
FGT100A_VPN $
expect: does "\r\r\nFGT100A_VPN $ " (spawn_id exp6) match regular expression "[\r\n]+"? yes
expect: set expect_out(0,string) "\r\r\n"
expect: set expect_out(spawn_id) "exp6"
expect: set expect_out(buffer) "\r\r\n"
expect: continuing expect
expect: does "FGT100A_VPN $ " (spawn_id exp6) match regular expression "[\r\n]+"? no
"^(.+ $ )"? no
expect: timed out
Error: TIMEOUT reached
write() failed to write anything - will sleep(1) and retry...
so it matches the modified prompt I made but then it fails after when it tries to match it with [\r\n]+
any ideas?
Mina Eskander
Perimeterwatch Technologies
Direct: +1 (347) 448-2845
Mobile: +1 (347) 510-4102
***@perimeterwatch.com<mailto:***@perimeterwatch.com>
Network Security | Disaster Recovery | Business Continuity | IT Projects | Application Development
_____________________________________________________________________
New York: (347) 448-2845 - 34-12 36th Street - 2nd Floor - Astoria, NY 11106
From: Jeff Moorse [mailto:***@gmail.com]
Sent: Tuesday, April 28, 2009 3:08 PM
To: john heasley
Cc: Mina Eskander; rancid-***@shrubbery.net
Subject: Re: [rancid] Re: Rancid with Fortigate Devices?
For an admin account the prompt is (sans quotes):
"FGT[model][s/n] # "
Please note the trailing space
For a read only account it is the same but with a $ instead of a #
-Jeff Moorse
Post by Mina EskanderI changed the -> in the nlogin script to ~ $ and it still does not work, here is the output I get
Would someone who knows the fortigate well please confirm the prompt format?
I was told '-> ', but reading through the manual that I found online, it
seems that the prompt is '$ ' and gives no indication that it changes with
elevated permissions. But, the manual for their CLI seems poorly written.
Post by Mina Eskanderpwcolofgt100c
spawn ssh -c 3des -x -l meskander pwcolofgt100c
parent: waiting for sync byte
parent: telling child to go ahead
parent: now unsynchronized from child
spawn: returns {16963}
expect: does "" (spawn_id exp6) match glob pattern "Connection refused"? no
"Unknown host\r\n"? no
"Host is unreachable"? no
"No address associated with name"? no
"Are you sure you want to continue connecting .*"? no
"Host key not found .* (yes/no)?"? no
"HOST IDENTIFICATION HAS CHANGED.* (yes/no)?"? no
"Offending key for .* (yes/no)?"? no
"denied"? no
" ### Login failed"? no
"(login:)"? no
"[Pp]assword:"? no
"~ $ "? no
"Unknown host\r\n"? no
"Host is unreachable"? no
"No address associated with name"? no
"Are you sure you want to continue connecting .*"? no
"Host key not found .* (yes/no)?"? no
"HOST IDENTIFICATION HAS CHANGED.* (yes/no)?"? no
"Offending key for .* (yes/no)?"? no
"denied"? no
" ### Login failed"? no
"(login:)"? no
expect: set expect_out(spawn_id) "exp6"
expect: continuing expect
expect: does " " (spawn_id exp6) match glob pattern "Connection refused"? no
"Unknown host\r\n"? no
"Host is unreachable"? no
"No address associated with name"? no
"Are you sure you want to continue connecting .*"? no
"Host key not found .* (yes/no)?"? no
"HOST IDENTIFICATION HAS CHANGED.* (yes/no)?"? no
"Offending key for .* (yes/no)?"? no
"denied"? no
" ### Login failed"? no
"(login:)"? no
"[Pp]assword:"? no
"~ $ "? no
expect: does " \r\n" (spawn_id exp6) match glob pattern "Connection refused"? no
"Unknown host\r\n"? no
"Host is unreachable"? no
"No address associated with name"? no
"Are you sure you want to continue connecting .*"? no
"Host key not found .* (yes/no)?"? no
"HOST IDENTIFICATION HAS CHANGED.* (yes/no)?"? no
"Offending key for .* (yes/no)?"? no
"denied"? no
" ### Login failed"? no
"(login:)"? no
"[Pp]assword:"? no
"~ $ "? no
FGT100C3G0860259~ $
expect: does " \r\nFGT100C3G0860259~ $ " (spawn_id exp6) match glob pattern "Connection refused"? no
"Unknown host\r\n"? no
"Host is unreachable"? no
"No address associated with name"? no
"Are you sure you want to continue connecting .*"? no
"Host key not found .* (yes/no)?"? no
"HOST IDENTIFICATION HAS CHANGED.* (yes/no)?"? no
"Offending key for .* (yes/no)?"? no
"denied"? no
" ### Login failed"? no
"(login:)"? no
"[Pp]assword:"? no
"~ $ "? yes
expect: set expect_out(0,string) "~ $ "
expect: set expect_out(spawn_id) "exp6"
expect: set expect_out(buffer) " \r\nFGT100C3G0860259~ $ "
send: sending "\r" to { exp6 }
expect: does "" (spawn_id exp6) match regular expression "[\r\n]+"? no
"^(.+~ $ )"? no
expect: does "\r\r\n" (spawn_id exp6) match regular expression "[\r\n]+"? yes
expect: set expect_out(0,string) "\r\r\n"
expect: set expect_out(spawn_id) "exp6"
expect: set expect_out(buffer) "\r\r\n"
expect: continuing expect
expect: does "" (spawn_id exp6) match regular expression "[\r\n]+"? no
"^(.+~ $ )"? no
FGT100C3G0860259~ $
expect: does "FGT100C3G0860259~ $ " (spawn_id exp6) match regular expression "[\r\n]+"? no
"^(.+~ $ )"? no
expect: timed out
Error: TIMEOUT reached
write() failed to write anything - will sleep(1) and retry...
Sent: Monday, April 20, 2009 11:06 PM
Subject: [rancid] Re: Rancid with Fortigate Devices?
Anyone know what the correct syntax for the expect script would be to match prompt (assuming the string of #'s following FGT is variable)?
I have experienced similar problems
Thanks
yep, your prompt is nFGT100C3G0860259~ $
but the script expects ->
_______________________________________________
Rancid-discuss mailing list
http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
--
-- Jeff Moorse --
_______________________________________________
Rancid-discuss mailing list
http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
--
-- Jeff Moorse --
________________________________
---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
The information contained in this email is confidential and may also contain privileged information. Sender does not waive confidentiality or legal
privilege. If you are not one of the intended recipients, please notify the sender immediately and destroy this e-mail; you must not copy,
distribute or take any action in reliance on the information contained within.
Internet communications are not secure or error free and the sender does not accept any liability for the content of the email. Although emails are
routinely screened for viruses, the sender does not accept responsibility for any damage caused. Replies to this email may be monitored.
---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------