unknown
1970-01-01 00:00:00 UTC
E-Mail to and from me, in connection with the transaction
of public business, is subject to the Wyoming Public Records
Act and may be disclosed to third parties.
--089e01182660c925a804f24e2ced
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable <div dir="ltr">Why not use tacacs accounting to log everything the user does, script or no script? �Why not use ciscocmd, iosrun or some other pre-made free tool to do this? �I've written little python snippets to do exactly this: ask a user what he wants to do, ssh or telnet, what text file has his list, what text file has your routers/commands/etc which I would share, but that they were done in haste and look like they were coded by drunken monkeys. �I'd be happy to give pointers though.�</div> <div class="gmail_extra"><br><br><div class="gmail_quote">On Thu, Feb 13, 2014 at 9:06 AM, Per-Olof Olsson <span dir="ltr"><<a href="mailto:***@chalmers.se" target="_blank">***@chalmers.se</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
heasley wrote 2014-02-13 16:40:<div><div class="h5"><br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Thu, Feb 13, 2014 at 10:22:11AM -0500, Andrew Ohnstad:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Thanks for the response. The full command line I am using is (I<br>
automatically am enabled via TACACS+):<br>
<br>
sudo -u rancid /usr/libexec/rancid/clogin -u<my-username> -p<my-password><br>
-c where <router><br>
<br>
If I add the -d argument to see the expect debugging, I can see that it<br>
launches the ssh spawn with the correct username, but it is blatantly<br>
disregarding the password supplied on the command line...<br>
<br>
spawn ssh -c 3des -x -l <myusername> <router><br>
</blockquote>
<br>
this should work; what version of rancid?<br>
______________________________<u></u>_________________<br>
Rancid-discuss mailing list<br>
<a href="mailto:Rancid-***@shrubbery.net" target="_blank">Rancid-***@shrubbery.net</a><br>
<a href="http://www.shrubbery.net/mailman/listinfo/rancid-discuss" target="_blank">http://www.shrubbery.net/<u></u>mailman/listinfo/rancid-<u></u>discuss</a><br>
<br>
</blockquote>
<br></div></div>
sudo -l[l] [-AknS] [-g group name | #gid] [-p prompt] [-U user name] [-u user name | #uid] [command]<br>
is sudo using -p option for it's on to set a prompt? -u for own username...<br>
<br>
test<br>
"sudo -u rancid -- /usr/libexec/rancid/clogin -u<my-username> -p<my-password> -c where <router>"<br>
<br>
of public business, is subject to the Wyoming Public Records
Act and may be disclosed to third parties.
--089e01182660c925a804f24e2ced
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable <div dir="ltr">Why not use tacacs accounting to log everything the user does, script or no script? �Why not use ciscocmd, iosrun or some other pre-made free tool to do this? �I've written little python snippets to do exactly this: ask a user what he wants to do, ssh or telnet, what text file has his list, what text file has your routers/commands/etc which I would share, but that they were done in haste and look like they were coded by drunken monkeys. �I'd be happy to give pointers though.�</div> <div class="gmail_extra"><br><br><div class="gmail_quote">On Thu, Feb 13, 2014 at 9:06 AM, Per-Olof Olsson <span dir="ltr"><<a href="mailto:***@chalmers.se" target="_blank">***@chalmers.se</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
heasley wrote 2014-02-13 16:40:<div><div class="h5"><br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Thu, Feb 13, 2014 at 10:22:11AM -0500, Andrew Ohnstad:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Thanks for the response. The full command line I am using is (I<br>
automatically am enabled via TACACS+):<br>
<br>
sudo -u rancid /usr/libexec/rancid/clogin -u<my-username> -p<my-password><br>
-c where <router><br>
<br>
If I add the -d argument to see the expect debugging, I can see that it<br>
launches the ssh spawn with the correct username, but it is blatantly<br>
disregarding the password supplied on the command line...<br>
<br>
spawn ssh -c 3des -x -l <myusername> <router><br>
</blockquote>
<br>
this should work; what version of rancid?<br>
______________________________<u></u>_________________<br>
Rancid-discuss mailing list<br>
<a href="mailto:Rancid-***@shrubbery.net" target="_blank">Rancid-***@shrubbery.net</a><br>
<a href="http://www.shrubbery.net/mailman/listinfo/rancid-discuss" target="_blank">http://www.shrubbery.net/<u></u>mailman/listinfo/rancid-<u></u>discuss</a><br>
<br>
</blockquote>
<br></div></div>
sudo -l[l] [-AknS] [-g group name | #gid] [-p prompt] [-U user name] [-u user name | #uid] [command]<br>
is sudo using -p option for it's on to set a prompt? -u for own username...<br>
<br>
test<br>
"sudo -u rancid -- /usr/libexec/rancid/clogin -u<my-username> -p<my-password> -c where <router>"<br>
<br>