Discussion:
[rancid] Weird commands on Cisco ASA
Michael T. Voity
2018-08-30 20:14:35 UTC
Permalink
Hello,

I have a firewall that has not been updated by rancid for a few days.

Upon investigation I did some testing from the server found this -

Looks like it is adding the command 'rancid' after it logs in.

This is my only device that does it, among the 50+ that rancid is polling.

[***@netwatch bin]$ ./clogin <hostname removed>
<hostname removed>
spawn ssh -c aes256-ctr -x -l rancid <hostname removed>
rancid@<hostname removed>'s password:
User rancid logged in to <hostname removed>
Logins over the last 78 days: 6800. Last login: 16:04:41 EDT Aug 30 2018 from <removed>
Failed logins since the last login: 0. Last failed login: 15:20:29 EDT Aug 30 2018 from <removed>
Type help or '?' for a list of available commands.
<hostname removed>> rancid
^
ERROR: % Invalid input detected at '^' marker.
<hostname removed>>
Error: Unrecognized command, check your enable command
rancid
^
ERROR: % Invalid input detected at '^' marker.
<hostname removed>> enable
Password:
Invalid password
Password:
Invalid password
Password:
Invalid password
Access denied.
<hostname removed>> exit

Logoff

Connection to <hostname removed> closed.
[***@netwatch bin]$


--
Michael T. Voity
Network Engineer
The University of Vermont
heasley
2018-08-30 20:20:51 UTC
Permalink
Post by Michael T. Voity
Hello,
I have a firewall that has not been updated by rancid for a few days.
Upon investigation I did some testing from the server found this -
Looks like it is adding the command 'rancid' after it logs in.
This is my only device that does it, among the 50+ that rancid is polling.
<hostname removed>
spawn ssh -c aes256-ctr -x -l rancid <hostname removed>
User rancid logged in to <hostname removed>
Logins over the last 78 days: 6800. Last login: 16:04:41 EDT Aug 30 2018 from <removed>
please upgrade to rancid 3.8
Piegorsch, Weylin William
2018-08-31 20:21:55 UTC
Permalink
Might this be an issue for you?
http://www.shrubbery.net/pipermail/rancid-discuss/2018-January/010021.html
weylin

From: "Michael T. Voity" <***@uvm.edu>
Date: Thursday, August 30, 2018 at 4:14 PM
To: "rancid-***@shrubbery.net" <rancid-***@shrubbery.net>
Subject: [rancid] Weird commands on Cisco ASA

Hello,

I have a firewall that has not been updated by rancid for a few days.

Upon investigation I did some testing from the server found this –

Looks like it is adding the command ‘rancid’ after it logs in.

This is my only device that does it, among the 50+ that rancid is polling.

[***@netwatch bin]$ ./clogin <hostname removed>
<hostname removed>
spawn ssh -c aes256-ctr -x -l rancid <hostname removed>
rancid@<hostname removed>'s password:
User rancid logged in to <hostname removed>
Logins over the last 78 days: 6800. Last login: 16:04:41 EDT Aug 30 2018 from <removed>
Failed logins since the last login: 0. Last failed login: 15:20:29 EDT Aug 30 2018 from <removed>
Type help or '?' for a list of available commands.
<hostname removed>> rancid
^
ERROR: % Invalid input detected at '^' marker.
<hostname removed>>
Error: Unrecognized command, check your enable command
rancid
^
ERROR: % Invalid input detected at '^' marker.
<hostname removed>> enable
Password:
Invalid password
Password:
Invalid password
Password:
Invalid password
Access denied.
<hostname removed>> exit

Logoff

Connection to <hostname removed> closed.
[***@netwatch bin]$
--
Michael T. Voity
Network Engineer
The University of Vermont
Loading...