[rancid] cisco pix clogin timeout

Discussion:

Gregory W Zill

2007-10-18 16:41:49 UTC

I know this has been covered quite a bit but my visits to FAQ and list
searches have not resolved.

I am trying to automatically login with a new rancid setup to a 6.3(5)
pix whose prompt looks like
AbCdEf>

The login portion appears to work but enable never finishes and
eventually times out even when I add "-t 100"

The clogin I use looks like
clogin abcdef.clients.company.com

I can ssh manually to "abcdef.clients.company.com". The enable just
turns the > into a #.

Any help appreciated.

gregory w zill, mba, cissp
Information Security Engineer
Managed Devices Team
-----------------------------
Solutionary, Inc.
Making Security Manageable
v: 402-361-3066

Lance

2007-10-18 17:59:18 UTC

Permalink

Maybe you have autoenable set. You have not provided much information.
Show us what a login typically looks like, show us what you have in your
.cloginrc.

-Lance

-------- Original Message --------
Date: Thu, October 18, 2007 9:41 am
I know this has been covered quite a bit but my visits to FAQ and list
searches have not resolved.
I am trying to automatically login with a new rancid setup to a 6.3(5)
pix whose prompt looks like
AbCdEf>
The login portion appears to work but enable never finishes and
eventually times out even when I add "-t 100"
The clogin I use looks like
clogin abcdef.clients.company.com
I can ssh manually to "abcdef.clients.company.com". The enable just
turns the > into a #.
Any help appreciated.
gregory w zill, mba, cissp
Information Security Engineer
Managed Devices Team
-----------------------------
Solutionary, Inc.
Making Security Manageable
v: 402-361-3066<hr>_______________________________________________
Rancid-discuss mailing list
http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss

Gregory W Zill

2007-10-18 18:01:49 UTC

Permalink

I just needed to set autoenable to 0 in my .cloginrc.
Thanks heas.

--
gregory w zill, mba, cissp
Information Security Engineer
Managed Devices Team
-----------------------------
Solutionary, Inc.
Making Security Manageable
v: 402-361-3066

Trey Valenta

2007-11-20 23:34:03 UTC

Permalink

On Thu, Oct 18, 2007 at 11:41:49AM -0500, Gregory W Zill wrote:
I am trying to automatically login with a new rancid setup to a 6.3(5)

Post by Gregory W Zill
pix whose prompt looks like
AbCdEf>
The login portion appears to work but enable never finishes and
eventually times out even when I add "-t 100"
The clogin I use looks like
clogin abcdef.clients.company.com
I can ssh manually to "abcdef.clients.company.com". The enable just
turns the > into a #.

Hi Gregory,

I had a very similar problem that was a pain to resolve. The expect scripts
had no trouble pulling from a pix in my office, but I couldn't reliably connect
to a Pix over links with high latencies (particularly connections from the US
to China). I never truly resolved the issue, but for some reason passwords with
multiple special characters seemed to give me the most trouble. Until I have
time to really investigate, I used the following workaround in clogin. I set
send_slow to {6 .1} and use "send -s" when sending the enable password.

---cut here------
$ diff -u clogin ~rancid/bin/clogin
--- clogin 2007-09-17 13:14:55.000000000 -0700
+++ /usr/local/rancid/bin/clogin 2007-10-18 13:43:00.000000000 -0700
@@ -539,10 +539,11 @@
global u_prompt e_prompt
set in_proc 1

+set send_slow { 6 .1 }
send "enable\r"
expect {
-re "$u_prompt" { send "$enauser\r"; exp_continue}
- -re "$e_prompt" { send "$enapasswd\r"; exp_continue}
+ -re "$e_prompt" { send -s "$enapasswd\r"; exp_continue}
"#" { set prompt "#" }
"(enable)" { set prompt "> (enable) " }
-re "(denied|Sorry|Incorrect)" {
-----cut here---

--
<t(Trey)@(Valenta)trey.net> Seattle, Wash.
L is for Leo who swallowed some tacks.