[rancid] clogin hangs (ssh + cisco + bad password)

Discussion:

Gregory Bell

2007-10-04 22:43:47 UTC

Hello,

In my environment, clogin hangs (taking >70% cpu) in the following
situation:

- monitored device is running IOS
- method = ssh
- bad login password in .cloginrc

Obviously I should try to configure .cloginrc correctly ;-) but typos do
occur and the hung process seems undesirable.

In the situation I described, it appears that this 'close' doesn't
succeed in killing the ssh process:

-re "(denied|Sorry)" {
send_user "\nError: Check your passwd for $router\n"
catch {close}; wait; return 1
}

If I capture the ssh pid and try to kill it this way,

-re "(denied|Sorry)" {
send_user "\nError: Check your passwd for $router\n"
catch {exec kill $foo; close}; wait; return 1
}

- ssh dies as expected, but clogin hangs with high CPU nevertheless.
This is just blundering around, though; I know nothing about expect.

I'm running FreeBSD 6.2, rancid 2.3.1, expect 5.43.0, OpenSSH_4.7p1.

I've tried using the version of clogin in rancid-2.3.2a7, with the same
results.

Here's what I see when I run clogin manually:

***@mon ~ clogin c29s-50a-5191a-us24.lbnl.us
c29s-50a-5191a-us24.lbnl.us
spawn /usr/local/bin/ssh-441 -c 3des -x -l lblnet
c29s-50a-5191a-us24.lbnl.us
CC

NOTICE TO USERS

<SNIP>

Error: Check your passwd for c29s-50a-5191a-us24.lbnl.us

###### here clogin hangs, with the expect process consuming > 70% CPU.

Any help would be appreciated.

- Greg

Allen Tsang

2007-10-05 01:35:55 UTC

Permalink

Good catch, Greg.

It'd be nice if rancid had a bugzilla, or at least a wiki, to keep track
of such bugs and other things, such as all these incremental patches
that we've seen on this mailing-list for random fixes that haven't made
it into mainline.

Anyone else want to volunteer ( preferable ;p ), or should I step up to
the plate?

- Allen Tsang

Post by Gregory Bell
Hello,
In my environment, clogin hangs (taking >70% cpu) in the following
- monitored device is running IOS
- method = ssh
- bad login password in .cloginrc
Obviously I should try to configure .cloginrc correctly ;-) but typos do
occur and the hung process seems undesirable.
In the situation I described, it appears that this 'close' doesn't
-re "(denied|Sorry)" {
send_user "\nError: Check your passwd for $router\n"
catch {close}; wait; return 1
}
If I capture the ssh pid and try to kill it this way,
-re "(denied|Sorry)" {
send_user "\nError: Check your passwd for $router\n"
catch {exec kill $foo; close}; wait; return 1
}
- ssh dies as expected, but clogin hangs with high CPU nevertheless.
This is just blundering around, though; I know nothing about expect.
I'm running FreeBSD 6.2, rancid 2.3.1, expect 5.43.0, OpenSSH_4.7p1.
I've tried using the version of clogin in rancid-2.3.2a7, with the same
results.
c29s-50a-5191a-us24.lbnl.us
spawn /usr/local/bin/ssh-441 -c 3des -x -l lblnet
c29s-50a-5191a-us24.lbnl.us
CC
NOTICE TO USERS
<SNIP>
Error: Check your passwd for c29s-50a-5191a-us24.lbnl.us
###### here clogin hangs, with the expect process consuming > 70% CPU.
Any help would be appreciated.
- Greg
_______________________________________________
Rancid-discuss mailing list
http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss

Skinner, Michael

2007-10-05 08:26:23 UTC

Permalink

Go on, step up! It would be great to have an "amnesty" of everyone's
private fixes.

-----Original Message-----
From: rancid-discuss-***@shrubbery.net
[mailto:rancid-discuss-***@shrubbery.net] On Behalf Of Allen Tsang
Sent: 05 October 2007 02:36
To: Gregory Bell
Cc: rancid-***@shrubbery.net
Subject: [rancid] Re: clogin hangs (ssh + cisco + bad password)

Good catch, Greg.

It'd be nice if rancid had a bugzilla, or at least a wiki, to keep track
of such bugs and other things, such as all these incremental patches
that we've seen on this mailing-list for random fixes that haven't made
it into mainline.

Anyone else want to volunteer ( preferable ;p ), or should I step up to
the plate?

- Allen Tsang

$router\n"

Post by Gregory Bell
catch {close}; wait; return 1
}
If I capture the ssh pid and try to kill it this way,
-re "(denied|Sorry)" {
send_user "\nError: Check your passwd for

$router\n"

Post by Gregory Bell
catch {exec kill $foo; close}; wait; return 1
}
- ssh dies as expected, but clogin hangs with high CPU nevertheless.
This is just blundering around, though; I know nothing about expect.
I'm running FreeBSD 6.2, rancid 2.3.1, expect 5.43.0, OpenSSH_4.7p1.
I've tried using the version of clogin in rancid-2.3.2a7, with the
same results.
c29s-50a-5191a-us24.lbnl.us spawn /usr/local/bin/ssh-441 -c 3des -x -l
lblnet c29s-50a-5191a-us24.lbnl.us CC
NOTICE TO USERS
<SNIP>
Error: Check your passwd for c29s-50a-5191a-us24.lbnl.us
###### here clogin hangs, with the expect process consuming > 70% CPU.
Any help would be appreciated.
- Greg
_______________________________________________
Rancid-discuss mailing list
http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss

_______________________________________________
Rancid-discuss mailing list
Rancid-***@shrubbery.net
http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss

------------------------------------------------------------------------------
Save Paper - Do you really need to print this e-mail?

Visit www.virginmedia.com for more information, and more fun.

This email and any attachments are or may be confidential and legally privileged and are sent solely for the attention of the addressee(s). If you have received this email in error, please delete it from your system: its use, disclosure or copying is unauthorised. Statements and opinions expressed in this email may not represent those of Virgin Media. Any representations or commitments in this email are subject to contract. Please note that we are migrating our email addresses to a company wide address of "@virginmedia.co.uk". If you are sending to a Telewest or ntl email address your email will be re-directed.

Registered office: 160 Great Portland Street, London W1W 5QA. Registered in England and Wales with number 2591237

==============================================================================