Discussion:
[rancid] Fortinet Fortigate problem.
Chris Davis
2015-03-30 17:03:51 UTC
Permalink
I've been using Rancid 2.3.8 for some time now without any problems. (once I got all the patches installed for it)

This past week, we upgraded a unit from 5.0.7 firmware to 5.0.9. This had the negative effect of making it impossible for Rancid to log into the unit. I have checked all the normal things. I deleted and recreated the ssh Known_hosts entry. I've even manually logged in from the Rancid server using my own credentials and the rancid credentials and not had any problems.

I checked the log and it states that it couldn't log in. Any ideas what might be happening? The prompts still look the same. I'm currently stumped.

Latest log.
10.X.Y.Z: End of run not found

=====================================
Getting missed routers: round 3.
10.X.Y.Z fnlogin error: Error: Couldn't login: 10.X.Y.Z
10.X.Y.Z: missed cmd(s): show full-configuration,get system status
0: found end
10.X.Y.Z: End of run not found

=====================================
Getting missed routers: round 4.
10.X.Y.Z fnlogin error: Error: Couldn't login: 10.X.Y.Z
10.X.Y.Z: missed cmd(s): show full-configuration,get system status
0: found end
10.X.Y.Z: End of run not found


cvs diff: Diffing .
cvs diff: Diffing configs
cvs commit: Examining .
cvs commit: Examining configs

ending: Mon Mar 30 2015

Chris
Alan McKinnon
2015-03-30 19:15:25 UTC
Permalink
I’ve been using Rancid 2.3.8 for some time now without any problems.
(once I got all the patches installed for it)
This past week, we upgraded a unit from 5.0.7 firmware to 5.0.9. This
had the negative effect of making it impossible for Rancid to log into
the unit. I have checked all the normal things. I deleted and
recreated the ssh Known_hosts entry. I’ve even manually logged in from
the Rancid server using my own credentials and the rancid credentials
and not had any problems.
Did you log into the device from your Unix account on the rancid server,
or as the rancid user?

fnlogin run as the rancid user usually reveals why the remote login fails
--
Alan McKinnon
***@gmail.com
Joshua Lebo
2015-03-30 20:35:36 UTC
Permalink
One thing that bit me previously was:

config system global
set strong-crypto enable
end

During one of those version jumps, the 'strong crypto' didn't play well
with my older fortigate scripts using 3DES for ssh. Might be worth a look.
config system global
set strong-crypto enable
end
During one of those version jumps, the 'strong crypto' didn't play well
with my older fortigate scripts using 3DES for ssh. Might be worth a look.
I’ve been using Rancid 2.3.8 for some time now without any problems.
(once I got all the patches installed for it)
This past week, we upgraded a unit from 5.0.7 firmware to 5.0.9. This
had the negative effect of making it impossible for Rancid to log into the
unit. I have checked all the normal things. I deleted and recreated the
ssh Known_hosts entry. I’ve even manually logged in from the Rancid server
using my own credentials and the rancid credentials and not had any
problems.
I checked the log and it states that it couldn’t log in. Any ideas what
might be happening? The prompts still look the same. I’m currently
stumped.
Latest log.
10.X.Y.Z: End of run not found
=====================================
Getting missed routers: round 3.
10.X.Y.Z fnlogin error: Error: Couldn't login: 10.X.Y.Z
10.X.Y.Z: missed cmd(s): show full-configuration,get system status
0: found end
10.X.Y.Z: End of run not found
=====================================
Getting missed routers: round 4.
10.X.Y.Z fnlogin error: Error: Couldn't login: 10.X.Y.Z
10.X.Y.Z: missed cmd(s): show full-configuration,get system status
0: found end
10.X.Y.Z: End of run not found
cvs diff: Diffing .
cvs diff: Diffing configs
cvs commit: Examining .
cvs commit: Examining configs
ending: Mon Mar 30 2015
Chris
_______________________________________________
Rancid-discuss mailing list
http://www.shrubbery.net/mailman/listinfo/rancid-discuss
Loading...