Discussion:
[rancid] RANCID with HP Procurve 4100g
Andy Swanson
2008-02-24 21:01:58 UTC
Permalink
I know this is not a new topic as I have seem questions on this before...
However, I cant seem to get rancid to work with HP Procurve switches using
ssh. I am getting the infamous banner :

HP J4887A ProCurve Switch 4104GL
Firmware revision G.07.70

Copyright (C) 1991-2005 Hewlett-Packard Co. All Rights Reserved.

RESTRICTED RIGHTS LEGEND

Use, duplication, or disclosure by the Government is subject to
restrictions
as set forth in subdivision (b) (3) (ii) of the Rights in Technical Data
and
Computer Software clause at 52.227-7013.

HEWLETT-PACKARD COMPANY, 3000 Hanover St., Palo Alto, CA 94303



Press any key to continue


I know that the newer version of rancid is supposed to have fixed this but I
still cant get it to work... I have trying to get this to work for weeks but
it just will time out trying to get past this banner.. Does anybody have any
idea how I can get around this, so I can use ssh??

Thanks for any help!!

Andrew
Andy Swanson
2008-02-24 23:26:55 UTC
Permalink
I have found this post on this same topic:

http://www.shrubbery.net/pipermail/rancid-discuss/2007-January/001947.html



Looks like there was a tarbal attached with new scripts:

hp4000m.rancid

hp4000m.clogin

cloginrc2pl.exp

Rancid/ParseConfig.pm

Rancid/Login.pm



Any chance anyone has these file???



Andrew
Ed Ravin
2008-02-24 23:46:07 UTC
Permalink
Post by Andy Swanson
http://www.shrubbery.net/pipermail/rancid-discuss/2007-January/001947.html
hp4000m.rancid
hp4000m.clogin
cloginrc2pl.exp
Rancid/ParseConfig.pm
Rancid/Login.pm
Any chance anyone has these file???
I am the author of those files, and I do indeed have them. And I would
be delighted to give them to you. But they are for the HP Procurve 4000,
also known as the 8000 or 2424m, none of which is the HP 4100gl that
you have.

I think what you need is to set your device type to be "hp" and go
about debugging with hlogin and hrancid, if you haven't tried that
already. See the RANCID FAQ for hints on how to debug.

By the way, I had no problem downloading the tarball from the
above-mentioned URL - it comes down as "attachment.bin" and you
can read it with "gzcat attachment.bin | tar tvf -".

-- Ed
Dan Pritts
2008-05-14 04:44:44 UTC
Permalink
going through old mail here but it looks like you never got an
answer.

You have to turn on "autoenable" in your cloginrc file if you are ssh'ing
to the switch as an admin user.
Post by Andy Swanson
I know this is not a new topic as I have seem questions on this before...
However, I cant seem to get rancid to work with HP Procurve switches using
HP J4887A ProCurve Switch 4104GL
Firmware revision G.07.70
Copyright (C) 1991-2005 Hewlett-Packard Co. All Rights Reserved.
RESTRICTED RIGHTS LEGEND
Use, duplication, or disclosure by the Government is subject to
restrictions
as set forth in subdivision (b) (3) (ii) of the Rights in Technical Data
and
Computer Software clause at 52.227-7013.
HEWLETT-PACKARD COMPANY, 3000 Hanover St., Palo Alto, CA 94303
Press any key to continue
I know that the newer version of rancid is supposed to have fixed this but I
still cant get it to work... I have trying to get this to work for weeks but
it just will time out trying to get past this banner.. Does anybody have any
idea how I can get around this, so I can use ssh??
Thanks for any help!!
Andrew
_______________________________________________
Rancid-discuss mailing list
http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
danno
--
Dan Pritts, Sr. Systems Engineer
Internet2
office: +1-734-352-4953 | mobile: +1-734-834-7224

Be part of the future!
2008 Internet2 Strategic Planning
http://www.internet2.edu/strategicplanning
Mr. James W. Laferriere
2008-05-14 21:06:41 UTC
Permalink
Hello Dan ,
Post by Dan Pritts
going through old mail here but it looks like you never got an
answer.
You have to turn on "autoenable" in your cloginrc file if you are ssh'ing
to the switch as an admin user.
With the sessions for switches set to autoenable , The 'press any key'
still haunts getting access to the system . See below .
Anything I can provide please ask .
Tia , JimL

HP J4813A ProCurve Switch 2524
Software revision F.05.59

Copyright (C) 1991-2007 Hewlett-Packard Co. All Rights Reserved.

RESTRICTED RIGHTS LEGEND

Use, duplication, or disclosure by the Government is subject to restrictions
as set forth in subdivision (b) (3) (ii) of the Rights in Technical Data and
Computer Software clause at 52.227-7013.

HEWLETT-PACKARD COMPANY, 3000 Hanover St., Palo Alto, CA 94303











Press any key to continue

Error: TIMEOUT reached
Post by Dan Pritts
Post by Andy Swanson
I know this is not a new topic as I have seem questions on this before...
However, I cant seem to get rancid to work with HP Procurve switches using
HP J4887A ProCurve Switch 4104GL
Firmware revision G.07.70
Copyright (C) 1991-2005 Hewlett-Packard Co. All Rights Reserved.
RESTRICTED RIGHTS LEGEND
Use, duplication, or disclosure by the Government is subject to
restrictions
as set forth in subdivision (b) (3) (ii) of the Rights in Technical Data
and
Computer Software clause at 52.227-7013.
HEWLETT-PACKARD COMPANY, 3000 Hanover St., Palo Alto, CA 94303
Press any key to continue
I know that the newer version of rancid is supposed to have fixed this but I
still cant get it to work... I have trying to get this to work for weeks but
it just will time out trying to get past this banner.. Does anybody have any
idea how I can get around this, so I can use ssh??
Thanks for any help!!
Andrew
_______________________________________________
Rancid-discuss mailing list
http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
danno
--
Dan Pritts, Sr. Systems Engineer
Internet2
office: +1-734-352-4953 | mobile: +1-734-834-7224
Be part of the future!
2008 Internet2 Strategic Planning
http://www.internet2.edu/strategicplanning
_______________________________________________
Rancid-discuss mailing list
http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
--
+------------------------------------------------------------------+
| James W. Laferriere | System Techniques | Give me VMS |
| Network&System Engineer | 2133 McCullam Ave | Give me Linux |
| ***@baby-dragons.com | Fairbanks, AK. 99701 | only on AXP |
+------------------------------------------------------------------+
Gregory W Zill
2008-05-14 21:18:47 UTC
Permalink
I am attempting to get a new Juniper ssg-1000 into our RANCID system. I
have tried both nlogin and jlogin, for netscreen and juniper
respectively. Our RANCID may be a little older, but I seem to be close.

The nlogin seems to want to enable right after logging in:

$ nlogin -c 'get conf' fw

spawn ssh -c 3des -x -l user fw
***@fw's password:
Remote Management Console
NSRPCLUSTER:fw(M)-> can't read "enable": no such variable
while executing
"if { $enable } {
if {[do_enable $enauser $enapasswd]} {
if { $do_command || $do_script } {
close; wait
continue
}
}
}"
("foreach" body line 66)
invoked from within
"foreach firewall [lrange $argv $i end] {
set firewall [string tolower $firewall]
send_user "$firewall\n"

set prompt ">"

# Figure out..."
(file "/usr/local/rancid/bin/nlogin" line 423)

And then jlogin sends back even less debug:

$ jlogin -c 'get conf' fw

spawn ssh -c 3des -x -l user fw
***@fw's password:
Remote Management Console
NSRPCLUSTER:fwcentrisA(M)->
NSRPCLUSTER:fwcentrisA(M)-> set cli complete-on-space off
^------unknown keyword cli
--
gregory w zill, mba, cissp
Information Security Engineer
Managed Services Team
-----------------------------
Solutionary, Inc.
Making Security Manageable
v: 402-361-3066
Rob Skoog
2008-05-15 12:02:32 UTC
Permalink
You should update to the latest cvs version, I believe it is:
ftp://ftp.shrubbery.net/pub/rancid/rancid-2.3.2a7.tar.gz

I know even version 2.3.1 didn't work on our ISGs. (nlogin is the
correct one.)
Post by Gregory W Zill
I am attempting to get a new Juniper ssg-1000 into our RANCID system. I
have tried both nlogin and jlogin, for netscreen and juniper
respectively. Our RANCID may be a little older, but I seem to be close.
$ nlogin -c 'get conf' fw
spawn ssh -c 3des -x -l user fw
Remote Management Console
NSRPCLUSTER:fw(M)-> can't read "enable": no such variable
while executing
"if { $enable } {
if {[do_enable $enauser $enapasswd]} {
if { $do_command || $do_script } {
close; wait
continue
}
}
}"
("foreach" body line 66)
invoked from within
"foreach firewall [lrange $argv $i end] {
set firewall [string tolower $firewall]
send_user "$firewall\n"
set prompt ">"
# Figure out..."
(file "/usr/local/rancid/bin/nlogin" line 423)
$ jlogin -c 'get conf' fw
spawn ssh -c 3des -x -l user fw
Remote Management Console
NSRPCLUSTER:fwcentrisA(M)->
NSRPCLUSTER:fwcentrisA(M)-> set cli complete-on-space off
^------unknown keyword cli
Mr. James W. Laferriere
2008-05-15 22:52:52 UTC
Permalink
Hello Dan ,
Post by Mr. James W. Laferriere
Post by Dan Pritts
going through old mail here but it looks like you never got an
answer.
You have to turn on "autoenable" in your cloginrc file if you are ssh'ing
to the switch as an admin user.
With the sessions for switches set to autoenable , The 'press any key'
still haunts getting access to the system . See below .
Anything I can provide please ask .
Tia , JimL
HP J4813A ProCurve Switch 2524
Software revision F.05.59
Copyright (C) 1991-2007 Hewlett-Packard Co. All Rights Reserved.
RESTRICTED RIGHTS LEGEND
Use, duplication, or disclosure by the Government is subject to restrictions
as set forth in subdivision (b) (3) (ii) of the Rights in Technical Data and
Computer Software clause at 52.227-7013.
HEWLETT-PACKARD COMPANY, 3000 Hanover St., Palo Alto, CA 94303
Press any key to continue
Error: TIMEOUT reached
Below is a patch & the patch is also attached , NOTE: this is for
accessing the ProCurve Switch 2524's as the manager account ONLY , I will be
trying to update this as time permits to do the operator -> manager via enable .

Mind you the real difficulty is that on 'exit' these devices still
require you to exit to operator mode & then when you exit that it askes; "Do you
want to log out [y/n]?" , An interesting challenge , tho the time out will
exit the session I'd still like to exit cleanly .

Now HOPEFULLy someone knows howto get the ProCurse's <yes curse> to
return to default mode of the CLI ? That would make this patch be moot .

My Presen problem is , Trying to use the '-c "show interfaces 1"' ,
The command is not even get presented to the device command line . The time out
happens & session is returned to the user .
Anyone have any ideas where this might be going wrong ?
Tia , JimL

# diff -u flogin.orig-v1.47_20061208 flogin
--- flogin.orig-v1.47_20061208 2008-05-13 14:40:59.000000000 -0800
+++ flogin 2008-05-15 14:19:40.000000000 -0800
@@ -436,6 +436,15 @@
}
exp_continue
}
+ -re "Press any key to continue" {
+ send "\r"
+
+ expect "To select menu item" {
+ sleep 1
+ send "5"
+ }
+ exp_continue
+ }
"$prompt" { break; }
"Login invalid" {
send_user "\nError: Invalid login: $router\n";
@@ -444,6 +453,7 @@
}
}

+
set in_proc 0
return 0
}
@@ -483,7 +493,7 @@
global in_proc
set in_proc 1

- send "skip-page-display\r"
+ # send "skip-page-display\r"
expect $prompt {}

# Is this a multi-command?
--
+------------------------------------------------------------------+
| James W. Laferriere | System Techniques | Give me VMS |
| Network&System Engineer | 2133 McCullam Ave | Give me Linux |
| ***@baby-dragons.com | Fairbanks, AK. 99701 | only on AXP |
+------------------------------------------------------------------+
Mr. James W. Laferriere
2008-05-16 20:25:19 UTC
Permalink
Hello All ,

As 'manager' account goto menu mode .
Goto 'Run Setup'
Press <Enter>
Goto 'Edit' , Press <Enter>
Goto 'Logon Default : ' Field ,
Hit 'Space bar' , <<< this toggles between modes >>>
Press <Enter>
Goto 'Save' , Press <Enter>
Should take you back to the 'main menu' .

After that it's all upto you .

For this device & firmware version 'hlogin' is the program to use .

Setup a 'manager' user & then add something like ... To .cloginrc .

add autoenable *-sw* {1}
add user *-sw* {ManagerUser}
add password *-sw* {ManagerPassword} {nosuchpassword}
add method *-sw* ssh telnet

Hth , JimL

ps: DISREGARD any previous patches to flogin as that was a BAD start .
--
+------------------------------------------------------------------+
| James W. Laferriere | System Techniques | Give me VMS |
| Network&System Engineer | 2133 McCullam Ave | Give me Linux |
| ***@baby-dragons.com | Fairbanks, AK. 99701 | only on AXP |
+------------------------------------------------------------------+
Dan Pritts
2008-05-19 20:15:34 UTC
Permalink
that's new, interesting.

I'd approach this by

get rid of autoenable
tell rancid that it should look for "Press any key to continue" as its
enable prompt
make the enable password a single character, doesn't matter what.
Post by Mr. James W. Laferriere
Hello Dan ,
Post by Dan Pritts
going through old mail here but it looks like you never got an
answer.
You have to turn on "autoenable" in your cloginrc file if you are ssh'ing
to the switch as an admin user.
With the sessions for switches set to autoenable , The 'press any
key' still haunts getting access to the system . See below .
Anything I can provide please ask .
Tia , JimL
Loading...