[rancid] Username sent after login

Discussion:

Marles, Rob

2018-07-18 12:14:52 UTC

Hi All

Working with an ASA version 9.8(2), am able to get the login to work, and have the ASA set to auto-enable.

For some reason, the username is sent following the successful login, and I think it's messing up the script - I get the errors 'missed cmd(s)' and 'End of run not found' in the logfiles.

./cloginrc:
add user <username>
add method <device> ssh
add password <device> <password> (note, no enable pw here)
add autoenable <device> 0

I've tried 'autoenable 1', 'autoenable 0', 'noenable 1', it continues to send the username as follows:

[rancid@<rancidhostname> bin]$ ./clogin <asahostname>
<asahostname>
spawn ssh -x -l <username> <asahostname>

THIS IS A PRIVATE COMPUTER SYSTEM. It is for authorized use only.

<username>@<asahostname>'s password:
User <username> logged in to <asahostname>
Logins over the last 2 days: 138. Last login: 07:59:26 EDT Jul 18 2018 from <ipaddress>
Failed logins since the last login: 0.
Type help or '?' for a list of available commands.
<asahostname># <username>
^
ERROR: % Invalid input detected at '^' marker.
<asahostname>#
<asahostname># exit

Thanks in advance
Please be advised that this email may contain confidential information. If you are not the intended recipient, please notify us by email by replying to the sender and delete this message. The sender disclaims that the content of this email constitutes an offer to enter into, or the acceptance of, any agreement; provided that the foregoing does not invalidate the binding effect of any digital or other electronic reproduction of a manual signature that is included in any attachment.

Dan Anderson

2018-07-18 16:10:45 UTC

Permalink

Please look through the archives. This has been discussed several times in
the last few months.

You need to either hack clogin or disable the âlast successful loginâ
banner on the ASA.

Post by Marles, Rob
Hi All
Working with an ASA version 9.8(2), am able to get the login to work, and
have the ASA set to auto-enable.
For some reason, the username is sent following the successful login, and
I think itâs messing up the script â I get the errors âmissed cmd(s)â and
âEnd of run not foundâ in the logfiles.
add user <username>
add method <device> ssh
add password <device> <password> (note, no enable pw here)
add autoenable <device> 0
Iâve tried âautoenable 1â, âautoenable 0â, ânoenable 1â, it continues to
<asahostname>
spawn ssh -x -l <username> <asahostname>
THIS IS A PRIVATE COMPUTER SYSTEM. It is for authorized use only.
User <username> logged in to <asahostname>
Logins over the last 2 days: 138. Last login: 07:59:26 EDT Jul 18 2018 from <ipaddress>
Failed logins since the last login: 0.
Type help or '?' for a list of available commands.
<asahostname># <username>
^
ERROR: % Invalid input detected at '^' marker.
<asahostname>#
<asahostname># exit
Thanks in advance
Please be advised that this email may contain confidential information. If
you are not the intended recipient, please notify us by email by replying
to the sender and delete this message. The sender disclaims that the
content of this email constitutes an offer to enter into, or the acceptance
of, any agreement; provided that the foregoing does not invalidate the
binding effect of any digital or other electronic reproduction of a manual
signature that is included in any attachment.
_______________________________________________
Rancid-discuss mailing list
http://www.shrubbery.net/mailman/listinfo/rancid-discuss

--
Dan

Marles, Rob

2018-07-18 18:18:44 UTC

Permalink

Thanks Dan

I was asking because I had searched and kept seeing articles that were close, but not quite the same.

Your hint allowed me to find the post http://www.shrubbery.net/pipermail/rancid-discuss/2018-June/010255.html

I issued a âno aaa authentication login-historyâ and things appear to log in without passing the second username.

Oddly, it still shows âmissed cmd(s): show running-config view full, show running-configâ, âEnd of run not foundâ. I guess it wasnât related afterall.

From: Dan Anderson [mailto:***@gmail.com]
Sent: Wednesday, July 18, 2018 12:11 PM
To: Marles, Rob <***@trojanuv.com>
Cc: rancid-***@shrubbery.net
Subject: Re: [rancid] Username sent after login

Please look through the archives. This has been discussed several times in the last few months.

You need to either hack clogin or disable the âlast successful loginâ banner on the ASA.

On Wed, Jul 18, 2018 at 11:49 AM Marles, Rob <***@trojanuv.com<mailto:***@trojanuv.com>> wrote:
Hi All

Working with an ASA version 9.8(2), am able to get the login to work, and have the ASA set to auto-enable.

For some reason, the username is sent following the successful login, and I think itâs messing up the script â I get the errors âmissed cmd(s)â and âEnd of run not foundâ in the logfiles.

./cloginrc:
add user <username>
add method <device> ssh
add password <device> <password> (note, no enable pw here)
add autoenable <device> 0

Iâve tried âautoenable 1â, âautoenable 0â, ânoenable 1â, it continues to send the username as follows:

[rancid@<rancidhostname> bin]$ ./clogin <asahostname>
<asahostname>
spawn ssh -x -l <username> <asahostname>

THIS IS A PRIVATE COMPUTER SYSTEM. It is for authorized use only.

<username>@<asahostname>'s password:
User <username> logged in to <asahostname>
Logins over the last 2 days: 138. Last login: 07:59:26 EDT Jul 18 2018 from <ipaddress>
Failed logins since the last login: 0.
Type help or '?' for a list of available commands.
<asahostname># <username>
^
ERROR: % Invalid input detected at '^' marker.
<asahostname>#
<asahostname># exit

Thanks in advance
Please be advised that this email may contain confidential information. If you are not the intended recipient, please notify us by email by replying to the sender and delete this message. The sender disclaims that the content of this email constitutes an offer to enter into, or the acceptance of, any agreement; provided that the foregoing does not invalidate the binding effect of any digital or other electronic reproduction of a manual signature that is included in any attachment.
_______________________________________________
Rancid-discuss mailing list
Rancid-***@shrubbery.net<mailto:Rancid-***@shrubbery.net>
http://www.shrubbery.net/mailman/listinfo/rancid-discuss<https://urldefense.proofpoint.com/v2/url?u=http-3A__www.shrubbery.net_mailman_listinfo_rancid-2Ddiscuss&d=DwMFaQ&c=9mghv0deYPYDGP-W745IEdQLV1kHpn4XJRvR6xMRXtA&r=x9_zgdN80M-A0QNHMNDxOo4Peu_T3eQsLpxHIwFskhg&m=5GV6VBbF3INJoUmGd8bvYZ6SVJq3uzwSbCdW4huWO1A&s=bQVA_79tLW7_YIoimBStC8bLYnkU8CNh8wOQcOt4l5s&e=>

--
Dan
Please be advised that this email may contain confidential information. If you are not the intended recipient, please notify us by email by replying to the sender and delete this message. The sender disclaims that the content of this email constitutes an offer to enter into, or the acceptance of, any agreement; provided that the foregoing does not invalidate the binding effect of any digital or other electronic reproduction of a manual signature that is included in any attachment.

heasley

2018-07-20 14:31:48 UTC

Permalink

Post by Marles, Rob
Thanks Dan
I was asking because I had searched and kept seeing articles that were close, but not quite the same.
Your hint allowed me to find the post http://www.shrubbery.net/pipermail/rancid-discuss/2018-June/010255.html
I issued a “no aaa authentication login-history” and things appear to log in without passing the second username.
Oddly, it still shows “missed cmd(s): show running-config view full, show running-config”, “End of run not found”. I guess it wasn’t related afterall.

grab the current alpha rancid tarball, that fixes this. That will become
rancid 3.8 at some point today.

Marles, Rob

2018-07-20 14:49:18 UTC

Permalink

Oh cool, willdo. Thanks for the advice!

-----Original Message-----
From: heasley [mailto:***@shrubbery.net]
Sent: Friday, July 20, 2018 10:32 AM
To: Marles, Rob <***@trojanuv.com>
Cc: Dan Anderson <***@gmail.com>; rancid-***@shrubbery.net
Subject: Re: [rancid] Username sent after login

Post by Marles, Rob
Thanks Dan
I was asking because I had searched and kept seeing articles that were close, but not quite the same.
Your hint allowed me to find the post
https://urldefense.proofpoint.com/v2/url?u=http-3A__www.shrubbery.net_
pipermail_rancid-2Ddiscuss_2018-2DJune_010255.html&d=DwIDaQ&c=9mghv0de
YPYDGP-W745IEdQLV1kHpn4XJRvR6xMRXtA&r=x9_zgdN80M-A0QNHMNDxOo4Peu_T3eQs
LpxHIwFskhg&m=t5uEF5fQei1yZ-_2pkUkk2EMl-F40opf3rtoMFu-zls&s=WrERGv7IrK
pJFZnKMtBBxkIkpg71fUNzOmjTEkn7U60&e=
I issued a “no aaa authentication login-history” and things appear to log in without passing the second username.
Oddly, it still shows “missed cmd(s): show running-config view full, show running-config”, “End of run not found”. I guess it wasn’t related afterall.

grab the current alpha rancid tarball, that fixes this. That will become rancid 3.8 at some point today.
Please be advised that this email may contain confidential information. If you are not the intended recipient, please notify us by email by replying to the sender and delete this message. The sender disclaims that the content of this email constitutes an offer to enter into, or the acceptance of, any agreement; provided that the foregoing does not invalidate the binding effect of any digital or other electronic reproduction of a manual signature that is included in any attachment.