Discussion:
[rancid] Need a little help with Auto Enable
Hurgh
2008-12-07 23:49:06 UTC
Permalink
Hi all,

I am trying to login to a Cisco router that has AutoEnable setup (enter user
and pass, and you are enabled).

I have the following in my .clogin file:

---------------------------------------------------------------------------------
add user 172.30.26.16 myusername
add password 172.30.26.16 {mypassword}
add autoenable 172.30.26.16 1
---------------------------------------------------------------------------------

The User and Pass have been swapped out, but I have confirmed the ones I am
using are correct (can manually telnet to the device using the user and pass
to login correctly).

I have confirmed that the router supplies the correct "Username" and
"Password" prompts.

The following is the error I get when I run:

rancid 172.30.26.16

--------------------------------------------------------------------------------
./rancid 172.30.26.16
write(spawn_id=1): broken pipe
while executing
"send_user -- "$expect_out(buffer)""
invoked from within
"expect -nobrace -re+ { exp_continue } -re {^[^
*]*spgvsour01c([^#>\r\n]+)?[#>](\([^)\r\n]+\))?} { send_user --
"$expect_out(buffer)"
} -re {..."
invoked from within
"expect {
-re "\b+" { exp_continue }
-re "^\[^\n\r *]*$reprompt" { send_user --
"$expect_out(buffer)"
}
-re "^\[^\n\r]*$reprompt." { send..."
invoked from within
"if [ string match "*\;*" "$command" ] {
set commands [split $command \;]
set num_commands [llength $commands]
# the pager can not be turned off on ..."
(procedure "run_commands" line 34)
invoked from within
"run_commands $prompt $command"
("foreach" body line 150)
invoked from within
"foreach router [lrange $argv $i end] {
set router [string tolower $router]
# attempt at platform switching.
set platform ""
send_user ..."
(file "/home/rancid/bin/clogin" line 712)
172.30.26.16: missed cmd(s): admin show diag,dir /all slavedisk2:,dir /all
sec-slot2:,show diag,dir /all disk1:,dir /all sec-nvram:,dir /all disk2:,dir
/all sec-bootflash:,show spe version,dir /all slaveslot2:,dir /all
disk0:,dir /all slaveslot0:,dir /all sec-slot1:,dir /all harddiska:,dir /all
slavenvram:,dir /all sec-disk2:,dir /all slavesup-bootflash:,dir /all
sec-disk0:,dir /all harddiskb:,show inventory raw,dir /all slavedisk1:,show
module,show controllers,show diagbus,dir /all slavedisk0:,show debug,dir
/all bootflash:,dir /all sec-slot0:,dir /all sec-disk1:,write term,show vtp
status,dir /all sup-bootflash:,dir /all slot2:,dir /all harddisk:,dir /all
slot0:,dir /all sup-microcode:,show vlan,dir /all slavebootflash:,show
controllers cbus,dir /all slaveslot1:,show vlan-switch,show
running-config,show c7200,dir /all slot1:
172.30.26.16: End of run not found
!
--------------------------------------------------------------------------------

I have done some searching etc, but can not find what the problem may be.
Srinivasa Raju
2008-12-08 05:08:20 UTC
Permalink
You can try this, this might fix the issue
Edit rancid
Post by Hurgh
Hi all,
I am trying to login to a Cisco router that has AutoEnable setup (enter
user and pass, and you are enabled).
---------------------------------------------------------------------------------
add user 172.30.26.16 myusername
add password 172.30.26.16 {mypassword}
add autoenable 172.30.26.16 1
---------------------------------------------------------------------------------
The User and Pass have been swapped out, but I have confirmed the ones I am
using are correct (can manually telnet to the device using the user and pass
to login correctly).
I have confirmed that the router supplies the correct "Username" and
"Password" prompts.
rancid 172.30.26.16
--------------------------------------------------------------------------------
./rancid 172.30.26.16
write(spawn_id=1): broken pipe
while executing
"send_user -- "$expect_out(buffer)""
invoked from within
"expect -nobrace -re+ { exp_continue } -re {^[^
*]*spgvsour01c([^#>\r\n]+)?[#>](\([^)\r\n]+\))?} { send_user --
"$expect_out(buffer)"
} -re {..."
invoked from within
"expect {
-re "\b+" { exp_continue }
-re "^\[^\n\r *]*$reprompt" { send_user --
"$expect_out(buffer)"
}
-re "^\[^\n\r]*$reprompt." { send..."
invoked from within
"if [ string match "*\;*" "$command" ] {
set commands [split $command \;]
set num_commands [llength $commands]
# the pager can not be turned off on ..."
(procedure "run_commands" line 34)
invoked from within
"run_commands $prompt $command"
("foreach" body line 150)
invoked from within
"foreach router [lrange $argv $i end] {
set router [string tolower $router]
# attempt at platform switching.
set platform ""
send_user ..."
(file "/home/rancid/bin/clogin" line 712)
172.30.26.16: missed cmd(s): admin show diag,dir /all slavedisk2:,dir /all
sec-slot2:,show diag,dir /all disk1:,dir /all sec-nvram:,dir /all disk2:,dir
/all sec-bootflash:,show spe version,dir /all slaveslot2:,dir /all
disk0:,dir /all slaveslot0:,dir /all sec-slot1:,dir /all harddiska:,dir /all
slavenvram:,dir /all sec-disk2:,dir /all slavesup-bootflash:,dir /all
sec-disk0:,dir /all harddiskb:,show inventory raw,dir /all slavedisk1:,show
module,show controllers,show diagbus,dir /all slavedisk0:,show debug,dir
/all bootflash:,dir /all sec-slot0:,dir /all sec-disk1:,write term,show vtp
status,dir /all sup-bootflash:,dir /all slot2:,dir /all harddisk:,dir /all
slot0:,dir /all sup-microcode:,show vlan,dir /all slavebootflash:,show
controllers cbus,dir /all slaveslot1:,show vlan-switch,show
172.30.26.16: End of run not found
!
--------------------------------------------------------------------------------
I have done some searching etc, but can not find what the problem may be.
Srinivasa Raju
2008-12-08 05:08:00 UTC
Permalink
You can try this, this might fix the issue
Edit <path-to-rancid>/bin/rancid

Give absolute path where ever you see in the script is invoking 'clogin'

For ex:
- open(INPUT,"clogin -t $timeo -c \"$cisco_cmds\" $host </dev/null |") ||
die "clogin failed for $host: $!\n";
+ open(INPUT,"/usr/local/rancid/bin/clogin -t $timeo -c \"$cisco_cmds\"
$host </dev/null |") || die "clogin failed for $host: $!\n";

Thanks
Raju
Post by Hurgh
Hi all,
I am trying to login to a Cisco router that has AutoEnable setup (enter
user and pass, and you are enabled).
---------------------------------------------------------------------------------
add user 172.30.26.16 myusername
add password 172.30.26.16 {mypassword}
add autoenable 172.30.26.16 1
---------------------------------------------------------------------------------
The User and Pass have been swapped out, but I have confirmed the ones I am
using are correct (can manually telnet to the device using the user and pass
to login correctly).
I have confirmed that the router supplies the correct "Username" and
"Password" prompts.
rancid 172.30.26.16
--------------------------------------------------------------------------------
./rancid 172.30.26.16
write(spawn_id=1): broken pipe
while executing
"send_user -- "$expect_out(buffer)""
invoked from within
"expect -nobrace -re+ { exp_continue } -re {^[^
*]*spgvsour01c([^#>\r\n]+)?[#>](\([^)\r\n]+\))?} { send_user --
"$expect_out(buffer)"
} -re {..."
invoked from within
"expect {
-re "\b+" { exp_continue }
-re "^\[^\n\r *]*$reprompt" { send_user --
"$expect_out(buffer)"
}
-re "^\[^\n\r]*$reprompt." { send..."
invoked from within
"if [ string match "*\;*" "$command" ] {
set commands [split $command \;]
set num_commands [llength $commands]
# the pager can not be turned off on ..."
(procedure "run_commands" line 34)
invoked from within
"run_commands $prompt $command"
("foreach" body line 150)
invoked from within
"foreach router [lrange $argv $i end] {
set router [string tolower $router]
# attempt at platform switching.
set platform ""
send_user ..."
(file "/home/rancid/bin/clogin" line 712)
172.30.26.16: missed cmd(s): admin show diag,dir /all slavedisk2:,dir /all
sec-slot2:,show diag,dir /all disk1:,dir /all sec-nvram:,dir /all disk2:,dir
/all sec-bootflash:,show spe version,dir /all slaveslot2:,dir /all
disk0:,dir /all slaveslot0:,dir /all sec-slot1:,dir /all harddiska:,dir /all
slavenvram:,dir /all sec-disk2:,dir /all slavesup-bootflash:,dir /all
sec-disk0:,dir /all harddiskb:,show inventory raw,dir /all slavedisk1:,show
module,show controllers,show diagbus,dir /all slavedisk0:,show debug,dir
/all bootflash:,dir /all sec-slot0:,dir /all sec-disk1:,write term,show vtp
status,dir /all sup-bootflash:,dir /all slot2:,dir /all harddisk:,dir /all
slot0:,dir /all sup-microcode:,show vlan,dir /all slavebootflash:,show
controllers cbus,dir /all slaveslot1:,show vlan-switch,show
172.30.26.16: End of run not found
!
--------------------------------------------------------------------------------
I have done some searching etc, but can not find what the problem may be.
john heasley
2008-12-08 19:39:25 UTC
Permalink
Post by Srinivasa Raju
You can try this, this might fix the issue
Edit <path-to-rancid>/bin/rancid
Give absolute path where ever you see in the script is invoking 'clogin'
- open(INPUT,"clogin -t $timeo -c \"$cisco_cmds\" $host </dev/null |") ||
die "clogin failed for $host: $!\n";
+ open(INPUT,"/usr/local/rancid/bin/clogin -t $timeo -c \"$cisco_cmds\"
$host </dev/null |") || die "clogin failed for $host: $!\n";
NO, add that path the user's PATH and let rancid (et al) inherit it. The
path should also include the location of telnet and ssh.
john heasley
2008-12-08 19:41:33 UTC
Permalink
Post by Hurgh
Hi all,
I am trying to login to a Cisco router that has AutoEnable setup (enter user
and pass, and you are enabled).
---------------------------------------------------------------------------------
add user 172.30.26.16 myusername
add password 172.30.26.16 {mypassword}
add autoenable 172.30.26.16 1
---------------------------------------------------------------------------------
The User and Pass have been swapped out, but I have confirmed the ones I am
using are correct (can manually telnet to the device using the user and pass
to login correctly).
I have confirmed that the router supplies the correct "Username" and
"Password" prompts.
rancid 172.30.26.16
--------------------------------------------------------------------------------
./rancid 172.30.26.16
write(spawn_id=1): broken pipe
while executing
"send_user -- "$expect_out(buffer)""
invoked from within
"expect -nobrace -re+ { exp_continue } -re {^[^
*]*spgvsour01c([^#>\r\n]+)?[#>](\([^)\r\n]+\))?} { send_user --
^^^^^^^^^^^
it looks like its already logged in and seen the prompt and has begun
to run commands. its more likely that the device disconnected prematurely,
but why I do not know. Follow the cloginrc/clogin testing in the FAQ.
Post by Hurgh
"$expect_out(buffer)"
} -re {..."
invoked from within
"expect {
-re "\b+" { exp_continue }
-re "^\[^\n\r *]*$reprompt" { send_user --
"$expect_out(buffer)"
}
-re "^\[^\n\r]*$reprompt." { send..."
invoked from within
"if [ string match "*\;*" "$command" ] {
set commands [split $command \;]
set num_commands [llength $commands]
# the pager can not be turned off on ..."
(procedure "run_commands" line 34)
invoked from within
"run_commands $prompt $command"
("foreach" body line 150)
invoked from within
"foreach router [lrange $argv $i end] {
set router [string tolower $router]
# attempt at platform switching.
set platform ""
send_user ..."
(file "/home/rancid/bin/clogin" line 712)
172.30.26.16: missed cmd(s): admin show diag,dir /all slavedisk2:,dir /all
sec-slot2:,show diag,dir /all disk1:,dir /all sec-nvram:,dir /all disk2:,dir
/all sec-bootflash:,show spe version,dir /all slaveslot2:,dir /all
disk0:,dir /all slaveslot0:,dir /all sec-slot1:,dir /all harddiska:,dir /all
slavenvram:,dir /all sec-disk2:,dir /all slavesup-bootflash:,dir /all
sec-disk0:,dir /all harddiskb:,show inventory raw,dir /all slavedisk1:,show
module,show controllers,show diagbus,dir /all slavedisk0:,show debug,dir
/all bootflash:,dir /all sec-slot0:,dir /all sec-disk1:,write term,show vtp
status,dir /all sup-bootflash:,dir /all slot2:,dir /all harddisk:,dir /all
slot0:,dir /all sup-microcode:,show vlan,dir /all slavebootflash:,show
controllers cbus,dir /all slaveslot1:,show vlan-switch,show
172.30.26.16: End of run not found
!
--------------------------------------------------------------------------------
I have done some searching etc, but can not find what the problem may be.
Hurgh
2008-12-08 22:09:25 UTC
Permalink
Hi All,

With a little bit of reading and some rancid -d action, I have discovered
the problem.

-- snip --
HIT COMMAND:spgvsour01c28#show variables boot
In ShowBoot: spgvsour01c28#show variables boot
HIT COMMAND:spgvsour01c28#show flash
In ShowFlash: spgvsour01c28#show flash
HIT COMMAND:spgvsour01c28#dir /all nvram:
In DirSlotN: spgvsour01c28#dir /all nvram:
write(spawn_id=1): broken pipe
while executing
"send_user -- "$expect_out(buffer)""
invoked from within
"expect -nobrace -re+ { exp_continue } -re {^[^
*]*spgvsour01c([^#>\r\n]+)?[#>](\([^)\r\n]+\))?} { send_user --
"$expect_out(buffer)"
} -re {..."
invoked from within
"expect {
-- snip --

It seems that the username I am using to login to the router does not have
access to run some of the required commands.

Dose anyone know how to stop Rancid running specific commands for specific
hosts? or is it a manual hack job to fix it?

Thanks
Post by Hurgh
Post by Hurgh
Hi all,
I am trying to login to a Cisco router that has AutoEnable setup (enter
user
Post by Hurgh
and pass, and you are enabled).
---------------------------------------------------------------------------------
Post by Hurgh
add user 172.30.26.16 myusername
add password 172.30.26.16 {mypassword}
add autoenable 172.30.26.16 1
---------------------------------------------------------------------------------
Post by Hurgh
The User and Pass have been swapped out, but I have confirmed the ones I
am
Post by Hurgh
using are correct (can manually telnet to the device using the user and
pass
Post by Hurgh
to login correctly).
I have confirmed that the router supplies the correct "Username" and
"Password" prompts.
rancid 172.30.26.16
--------------------------------------------------------------------------------
Post by Hurgh
./rancid 172.30.26.16
write(spawn_id=1): broken pipe
while executing
"send_user -- "$expect_out(buffer)""
invoked from within
"expect -nobrace -re+ { exp_continue } -re {^[^
*]*spgvsour01c([^#>\r\n]+)?[#>](\([^)\r\n]+\))?} { send_user --
^^^^^^^^^^^
it looks like its already logged in and seen the prompt and has begun
to run commands. its more likely that the device disconnected prematurely,
but why I do not know. Follow the cloginrc/clogin testing in the FAQ.
Post by Hurgh
"$expect_out(buffer)"
} -re {..."
invoked from within
"expect {
-re "\b+" { exp_continue }
-re "^\[^\n\r *]*$reprompt" { send_user --
"$expect_out(buffer)"
}
-re "^\[^\n\r]*$reprompt." { send..."
invoked from within
"if [ string match "*\;*" "$command" ] {
set commands [split $command \;]
set num_commands [llength $commands]
# the pager can not be turned off on ..."
(procedure "run_commands" line 34)
invoked from within
"run_commands $prompt $command"
("foreach" body line 150)
invoked from within
"foreach router [lrange $argv $i end] {
set router [string tolower $router]
# attempt at platform switching.
set platform ""
send_user ..."
(file "/home/rancid/bin/clogin" line 712)
172.30.26.16: missed cmd(s): admin show diag,dir /all slavedisk2:,dir
/all
Post by Hurgh
sec-slot2:,show diag,dir /all disk1:,dir /all sec-nvram:,dir /all
disk2:,dir
Post by Hurgh
/all sec-bootflash:,show spe version,dir /all slaveslot2:,dir /all
disk0:,dir /all slaveslot0:,dir /all sec-slot1:,dir /all harddiska:,dir
/all
Post by Hurgh
slavenvram:,dir /all sec-disk2:,dir /all slavesup-bootflash:,dir /all
sec-disk0:,dir /all harddiskb:,show inventory raw,dir /all
slavedisk1:,show
Post by Hurgh
module,show controllers,show diagbus,dir /all slavedisk0:,show debug,dir
/all bootflash:,dir /all sec-slot0:,dir /all sec-disk1:,write term,show
vtp
Post by Hurgh
status,dir /all sup-bootflash:,dir /all slot2:,dir /all harddisk:,dir
/all
Post by Hurgh
slot0:,dir /all sup-microcode:,show vlan,dir /all slavebootflash:,show
controllers cbus,dir /all slaveslot1:,show vlan-switch,show
172.30.26.16: End of run not found
!
--------------------------------------------------------------------------------
Post by Hurgh
I have done some searching etc, but can not find what the problem may be.
Lance Vermilion
2008-12-09 15:17:25 UTC
Permalink
Edit them out from the commandtable in <rancid_home>/bin/rancid

You just need to put a # in front of the command you don't want to run.
Post by Hurgh
Hi All,
With a little bit of reading and some rancid -d action, I have discovered
the problem.
-- snip --
HIT COMMAND:spgvsour01c28#show variables boot
In ShowBoot: spgvsour01c28#show variables boot
HIT COMMAND:spgvsour01c28#show flash
In ShowFlash: spgvsour01c28#show flash
write(spawn_id=1): broken pipe
while executing
"send_user -- "$expect_out(buffer)""
invoked from within
"expect -nobrace -re+ { exp_continue } -re {^[^
*]*spgvsour01c([^#>\r\n]+)?[#>](\([^)\r\n]+\))?} { send_user --
"$expect_out(buffer)"
} -re {..."
invoked from within
"expect {
-- snip --
It seems that the username I am using to login to the router does not have
access to run some of the required commands.
Dose anyone know how to stop Rancid running specific commands for specific
hosts? or is it a manual hack job to fix it?
Thanks
Post by john heasley
Post by Hurgh
Hi all,
I am trying to login to a Cisco router that has AutoEnable setup (enter user
and pass, and you are enabled).
---------------------------------------------------------------------------------
add user 172.30.26.16 myusername
add password 172.30.26.16 {mypassword}
add autoenable 172.30.26.16 1
---------------------------------------------------------------------------------
The User and Pass have been swapped out, but I have confirmed the ones I am
using are correct (can manually telnet to the device using the user and pass
to login correctly).
I have confirmed that the router supplies the correct "Username" and
"Password" prompts.
rancid 172.30.26.16
--------------------------------------------------------------------------------
./rancid 172.30.26.16
write(spawn_id=1): broken pipe
while executing
"send_user -- "$expect_out(buffer)""
invoked from within
"expect -nobrace -re+ { exp_continue } -re {^[^
*]*spgvsour01c([^#>\r\n]+)?[#>](\([^)\r\n]+\))?} { send_user --
^^^^^^^^^^^
it looks like its already logged in and seen the prompt and has begun
to run commands. its more likely that the device disconnected prematurely,
but why I do not know. Follow the cloginrc/clogin testing in the FAQ.
Post by Hurgh
"$expect_out(buffer)"
} -re {..."
invoked from within
"expect {
-re "\b+" { exp_continue }
-re "^\[^\n\r *]*$reprompt" { send_user --
"$expect_out(buffer)"
}
-re "^\[^\n\r]*$reprompt." { send..."
invoked from within
"if [ string match "*\;*" "$command" ] {
set commands [split $command \;]
set num_commands [llength $commands]
# the pager can not be turned off on ..."
(procedure "run_commands" line 34)
invoked from within
"run_commands $prompt $command"
("foreach" body line 150)
invoked from within
"foreach router [lrange $argv $i end] {
set router [string tolower $router]
# attempt at platform switching.
set platform ""
send_user ..."
(file "/home/rancid/bin/clogin" line 712)
172.30.26.16: missed cmd(s): admin show diag,dir /all slavedisk2:,dir /all
sec-slot2:,show diag,dir /all disk1:,dir /all sec-nvram:,dir /all disk2:,dir
/all sec-bootflash:,show spe version,dir /all slaveslot2:,dir /all
disk0:,dir /all slaveslot0:,dir /all sec-slot1:,dir /all harddiska:,dir /all
slavenvram:,dir /all sec-disk2:,dir /all slavesup-bootflash:,dir /all
sec-disk0:,dir /all harddiskb:,show inventory raw,dir /all
slavedisk1:,show
module,show controllers,show diagbus,dir /all slavedisk0:,show debug,dir
/all bootflash:,dir /all sec-slot0:,dir /all sec-disk1:,write term,show vtp
status,dir /all sup-bootflash:,dir /all slot2:,dir /all harddisk:,dir /all
slot0:,dir /all sup-microcode:,show vlan,dir /all slavebootflash:,show
controllers cbus,dir /all slaveslot1:,show vlan-switch,show
172.30.26.16: End of run not found
!
--------------------------------------------------------------------------------
I have done some searching etc, but can not find what the problem may be.
Victor Breen
2008-12-09 16:41:13 UTC
Permalink
Another option aside from limiting the commands issued by rancid is you also could give your username the same privileges as you would have being fully "enabled" so you won't hit a roadblock during rancid-run. This is pretty safe if you have a good set of ACLs to firewall ssh from the world keeping the bad guys out and your rancid logins unrestricted. The other side of the coin is you have to protect your username's password just as rigidly as the enable password since it can potentially do just as much damage in the wrong hands.

Ex:
username <username> privilege 15 secret <password>

P.S. I also recommend using "service password-encryption" and adding "transport input ssh" on your vtys if you have a crypto version of IOS ;-)
--
Victor Breen
***@impulse.net




----- Original Message -----
From: "Lance Vermilion" <***@gheek.net>
To: rancid-***@shrubbery.net
Sent: Tuesday, December 9, 2008 7:17:25 AM GMT -08:00 US/Canada Pacific
Subject: [rancid] Re: Need a little help with Auto Enable

Edit them out from the commandtable in <rancid_home>/bin/rancid

You just need to put a # in front of the command you don't want to run.
Post by Hurgh
Hi All,
With a little bit of reading and some rancid -d action, I have discovered
the problem.
-- snip --
HIT COMMAND:spgvsour01c28#show variables boot
In ShowBoot: spgvsour01c28#show variables boot
HIT COMMAND:spgvsour01c28#show flash
In ShowFlash: spgvsour01c28#show flash
write(spawn_id=1): broken pipe
while executing
"send_user -- "$expect_out(buffer)""
invoked from within
"expect -nobrace -re+ { exp_continue } -re {^[^
*]*spgvsour01c([^#>\r\n]+)?[#>](\([^)\r\n]+\))?} { send_user --
"$expect_out(buffer)"
} -re {..."
invoked from within
"expect {
-- snip --
It seems that the username I am using to login to the router does not have
access to run some of the required commands.
Dose anyone know how to stop Rancid running specific commands for specific
hosts? or is it a manual hack job to fix it?
Thanks
Post by john heasley
Post by Hurgh
Hi all,
I am trying to login to a Cisco router that has AutoEnable setup (enter
user
and pass, and you are enabled).
---------------------------------------------------------------------------------
add user 172.30.26.16 myusername
add password 172.30.26.16 {mypassword}
add autoenable 172.30.26.16 1
---------------------------------------------------------------------------------
The User and Pass have been swapped out, but I have confirmed the ones I
am
using are correct (can manually telnet to the device using the user and
pass
to login correctly).
I have confirmed that the router supplies the correct "Username" and
"Password" prompts.
rancid 172.30.26.16
--------------------------------------------------------------------------------
./rancid 172.30.26.16
write(spawn_id=1): broken pipe
while executing
"send_user -- "$expect_out(buffer)""
invoked from within
"expect -nobrace -re+ { exp_continue } -re {^[^
*]*spgvsour01c([^#>\r\n]+)?[#>](\([^)\r\n]+\))?} { send_user --
^^^^^^^^^^^
it looks like its already logged in and seen the prompt and has begun
to run commands. its more likely that the device disconnected
prematurely,
but why I do not know. Follow the cloginrc/clogin testing in the FAQ.
Post by Hurgh
"$expect_out(buffer)"
} -re {..."
invoked from within
"expect {
-re "\b+" { exp_continue }
-re "^\[^\n\r *]*$reprompt" { send_user --
"$expect_out(buffer)"
}
-re "^\[^\n\r]*$reprompt." { send..."
invoked from within
"if [ string match "*\;*" "$command" ] {
set commands [split $command \;]
set num_commands [llength $commands]
# the pager can not be turned off on ..."
(procedure "run_commands" line 34)
invoked from within
"run_commands $prompt $command"
("foreach" body line 150)
invoked from within
"foreach router [lrange $argv $i end] {
set router [string tolower $router]
# attempt at platform switching.
set platform ""
send_user ..."
(file "/home/rancid/bin/clogin" line 712)
172.30.26.16: missed cmd(s): admin show diag,dir /all slavedisk2:,dir
/all
sec-slot2:,show diag,dir /all disk1:,dir /all sec-nvram:,dir /all
disk2:,dir
/all sec-bootflash:,show spe version,dir /all slaveslot2:,dir /all
disk0:,dir /all slaveslot0:,dir /all sec-slot1:,dir /all harddiska:,dir
/all
slavenvram:,dir /all sec-disk2:,dir /all slavesup-bootflash:,dir /all
sec-disk0:,dir /all harddiskb:,show inventory raw,dir /all
slavedisk1:,show
module,show controllers,show diagbus,dir /all slavedisk0:,show debug,dir
/all bootflash:,dir /all sec-slot0:,dir /all sec-disk1:,write term,show
vtp
status,dir /all sup-bootflash:,dir /all slot2:,dir /all harddisk:,dir
/all
slot0:,dir /all sup-microcode:,show vlan,dir /all slavebootflash:,show
controllers cbus,dir /all slaveslot1:,show vlan-switch,show
172.30.26.16: End of run not found
!
--------------------------------------------------------------------------------
I have done some searching etc, but can not find what the problem may
be.
Peter Serwe
2008-12-09 20:23:29 UTC
Permalink
An alternative to worrying about keeping the passwords on the routers
is to set up tacacs+ and AAA authentication.

Peter
Post by Victor Breen
Another option aside from limiting the commands issued by rancid is you also could give your username the same privileges as you would have being fully "enabled" so you won't hit a roadblock during rancid-run. This is pretty safe if you have a good set of ACLs to firewall ssh from the world keeping the bad guys out and your rancid logins unrestricted. The other side of the coin is you have to protect your username's password just as rigidly as the enable password since it can potentially do just as much damage in the wrong hands.
username <username> privilege 15 secret <password>
P.S. I also recommend using "service password-encryption" and adding "transport input ssh" on your vtys if you have a crypto version of IOS ;-)
--
Victor Breen
----- Original Message -----
Sent: Tuesday, December 9, 2008 7:17:25 AM GMT -08:00 US/Canada Pacific
Subject: [rancid] Re: Need a little help with Auto Enable
Edit them out from the commandtable in <rancid_home>/bin/rancid
You just need to put a # in front of the command you don't want to run.
Post by Hurgh
Hi All,
With a little bit of reading and some rancid -d action, I have discovered
the problem.
-- snip --
HIT COMMAND:spgvsour01c28#show variables boot
In ShowBoot: spgvsour01c28#show variables boot
HIT COMMAND:spgvsour01c28#show flash
In ShowFlash: spgvsour01c28#show flash
write(spawn_id=1): broken pipe
while executing
"send_user -- "$expect_out(buffer)""
invoked from within
"expect -nobrace -re+ { exp_continue } -re {^[^
*]*spgvsour01c([^#>\r\n]+)?[#>](\([^)\r\n]+\))?} { send_user --
"$expect_out(buffer)"
} -re {..."
invoked from within
"expect {
-- snip --
It seems that the username I am using to login to the router does not have
access to run some of the required commands.
Dose anyone know how to stop Rancid running specific commands for specific
hosts? or is it a manual hack job to fix it?
Thanks
Post by john heasley
Post by Hurgh
Hi all,
I am trying to login to a Cisco router that has AutoEnable setup (enter
user
and pass, and you are enabled).
---------------------------------------------------------------------------------
add user 172.30.26.16 myusername
add password 172.30.26.16 {mypassword}
add autoenable 172.30.26.16 1
---------------------------------------------------------------------------------
The User and Pass have been swapped out, but I have confirmed the ones I
am
using are correct (can manually telnet to the device using the user and
pass
to login correctly).
I have confirmed that the router supplies the correct "Username" and
"Password" prompts.
rancid 172.30.26.16
--------------------------------------------------------------------------------
./rancid 172.30.26.16
write(spawn_id=1): broken pipe
while executing
"send_user -- "$expect_out(buffer)""
invoked from within
"expect -nobrace -re+ { exp_continue } -re {^[^
*]*spgvsour01c([^#>\r\n]+)?[#>](\([^)\r\n]+\))?} { send_user --
^^^^^^^^^^^
it looks like its already logged in and seen the prompt and has begun
to run commands. its more likely that the device disconnected
prematurely,
but why I do not know. Follow the cloginrc/clogin testing in the FAQ.
Post by Hurgh
"$expect_out(buffer)"
} -re {..."
invoked from within
"expect {
-re "\b+" { exp_continue }
-re "^\[^\n\r *]*$reprompt" { send_user --
"$expect_out(buffer)"
}
-re "^\[^\n\r]*$reprompt." { send..."
invoked from within
"if [ string match "*\;*" "$command" ] {
set commands [split $command \;]
set num_commands [llength $commands]
# the pager can not be turned off on ..."
(procedure "run_commands" line 34)
invoked from within
"run_commands $prompt $command"
("foreach" body line 150)
invoked from within
"foreach router [lrange $argv $i end] {
set router [string tolower $router]
# attempt at platform switching.
set platform ""
send_user ..."
(file "/home/rancid/bin/clogin" line 712)
172.30.26.16: missed cmd(s): admin show diag,dir /all slavedisk2:,dir
/all
sec-slot2:,show diag,dir /all disk1:,dir /all sec-nvram:,dir /all
disk2:,dir
/all sec-bootflash:,show spe version,dir /all slaveslot2:,dir /all
disk0:,dir /all slaveslot0:,dir /all sec-slot1:,dir /all harddiska:,dir
/all
slavenvram:,dir /all sec-disk2:,dir /all slavesup-bootflash:,dir /all
sec-disk0:,dir /all harddiskb:,show inventory raw,dir /all
slavedisk1:,show
module,show controllers,show diagbus,dir /all slavedisk0:,show debug,dir
/all bootflash:,dir /all sec-slot0:,dir /all sec-disk1:,write term,show
vtp
status,dir /all sup-bootflash:,dir /all slot2:,dir /all harddisk:,dir
/all
slot0:,dir /all sup-microcode:,show vlan,dir /all slavebootflash:,show
controllers cbus,dir /all slaveslot1:,show vlan-switch,show
172.30.26.16: End of run not found
!
--------------------------------------------------------------------------------
I have done some searching etc, but can not find what the problem may
be.
Loading...