Hello,
The problem is that if you connect via TELNET and answered ³y² you obtain:
# /cfg/dump
Display private keys? [y/n]: y
Access Denied: This operation can only be performed over a secure
connection such as HTTPS or SSH.
Connect to the device using a secure protocol and retry.
So my solution was this:
-re "Display private keys" {
if { "$cmethod" == "ssh" } {
send "y\r"
} else {
send "n\r"
}
exp_continue
}
So it is checked the method of connection.
But if you connect via SSH and answered ³y² you need to answered another
question:
# /cfg/dump
Display private keys? [y/n]: y
Enter passphrase:
So my solution was to add:
-re "passphrase" {
send ³PASSWORD\r"
exp_continue
}
Where ³PASSWORD² is a fix password that your certificates are cipher, so
any certificate to import needs that PASSWORD.
I hope this helps, for me it is working several months ago with several
versions and models of Radware including new models 4408, 5208 and 5224.
NOTE: I am still using Rancid 2.3.3 very modified to fit my needs, so
migrate to new 3.X (3.2 right now) seems very complicated.
--
Un saludo.
________________________________________
Iñaki Martínez Díez
Departamento de redes
acens Technologies S.L.
***@acens.com
Teléfono: 637 772 156
Fax: 944 412 426
Este mensaje puede contener información confidencial dirigida exclusivamente a su destinatario.
No se permite su copia o distribución sin la autorización expresa y por anticipado de acens.
Si recibió este mensaje por error, por favor, comuníquelo al emisor y elimínelo de su ordenador. Gracias.
This message may contain confidential information exclusively addressed to its intended recipient.
The copy or distribution of this message is not permitted without the prior express consent by acens.
If you are not the intended recipient of this message please advise the sender and delete it. Thank you.
-----Mensaje original-----
De: heasley <***@shrubbery.net>
Fecha: martes, 17 de marzo de 2015, 0:56
Para: Bob Franzke <***@altn.com>
CC: "rancid-***@shrubbery.net" <rancid-***@shrubbery.net>
Asunto: Re: [rancid] Radware/Alteon Interactive Commands
Post by heasleyPost by Bob FranzkeThere is not unfortunately. You could remove the certificate and it
would no longer prompt but those are needed.
looking at alogin, there is already code there to send 'y'. for the purposes
of automation, this is likely the right choice. although, it looks like the
prompt has changed in your new version and the match needs to be updated as
Index: bin/alogin.in
===================================================================
--- bin/alogin.in (revision 3061)
+++ bin/alogin.in (working copy)
@@ -456,7 +459,7 @@
-re "^\[^\n\r]*$reprompt" {}
-re "^\[^\n\r ]*>>.*$reprompt" { exp_continue }
-re "\[\n\r]+" { exp_continue }
- -re "^\*Display private keys? \[y/n]:" {
+ -re "^\*?Display private keys? \[y/n]:" {
send "y\r"
exp_continue
}
please lmk if that works.
Post by Bob FranzkePost by heasleySo I recently upgraded the code on my Alteon 4408 Load Balancers.
Since this upgrade, when running the /c/dump command listed in arancid
to print out the current config while having some type of SSL
certificate installed on the device, the device asks you if you want to
Display the Private Keys and expects the user to reply with a Œy¹ or Œn¹
Post by heasleyALTEON-A - Standalone ADC - Main# /c/d
This hangs RANCID up and causes the device config to not be
retrieved. Is there some way to fix this in the list of commands in
alogin/arancid such that the script would catch the ³Display private
keys? [y/n]:² and then send a Œn¹? I am not too sure which file I would
add this too to fix this.
Post by heasleyis there a configuration knob or argument to /c/dump to tell it not
to prompt?
_______________________________________________
Rancid-discuss mailing list
http://www.shrubbery.net/mailman/listinfo/rancid-discuss