Yes, it was a n00b question... Thank you Chris Moody for pointing out
that the order of the options is indeed important.

My bad.

Cheers everyone,

-Chris

It is probably failing because the ASA/PIX series always logs you in at
a non-privileged exec mode. To get to the privileged exec mode, you
have to enter your login password a second time. Here is how my working
.cloginrc is configured:

# Firewalls (before global settings)
#
add method PIX_firewall.example.com ssh
add autoenable PIX_firewall.example.com 0
add user PIX_firewall.example.com rancid
add password PIX_firewall.example.com e7eet.Pa55w0rd e7eet.Pa55w0rd
(I had to obfuscate the password in a fun way <grin> )

Good luck!

Chris

-----Original Message-----
From: rancid-discuss-***@shrubbery.net
[mailto:rancid-discuss-***@shrubbery.net] On Behalf Of Chris Knight
Sent: Monday, December 29, 2008 4:03 PM
To: Rancid-***@shrubbery.net
Subject: [rancid] Does the clogin -x flag work if ssh is the transport?

Howdy,

I am new to rancid, and I apologize if this is considered a newbie
question. I am trying to use rancid to send a set of canned commands
to a Cisco ASA. I have installed rancid 2.3.2a7 onto a RHEL5.2 box
running a 2.6.18-92.1.22.el5 kernel. I have configured .cloginrc and
tested that I can log into the ASA using clogin.

After verifying that I could log into the ASA via clogin, I
constructed a very simple command file, that contains only two
commands "show ver" and "show run". I invoke this command file with
this command line:

./bin/clogin asa-office -x test.cmd

What appears to happen is that clogin does in fact log into the ASA,
and then it stalls. If I let it sit for five minutes, nothing
happens. So, I type 'exit'. Now clogin appears to be invoking
telnet, and if I let that sit for a few minutes it times out:

[***@zack ~]$ ./bin/clogin asa-office -x test.cmd
asa-office
spawn ssh -c 3des -x -l proxyit asa-office
***@asa-office's password:
Type help or '?' for a list of available commands.
hq> enable
Password: *************
hq#
hq# exit

Logoff

Connection to asa-office closed by remote host.
Connection to asa-office closed.
-x
spawn telnet -x
telnet> enable
?Invalid command
telnet>
Error: TIMEOUT reached
can not find channel named "exp6"
while executing
"send "\r""
("foreach" body line 129)
invoked from within
"foreach router [lrange $argv $i end] {
set router [string tolower $router]
# attempt at platform switching.
set platform ""
send_user ..."
(file "./bin/clogin" line 712)
[***@zack ~]$


Is there a trick to being able to use the -x flag to invoke a list
of commands when using ssh instead of telnet?

-Chris

Hi Chris;

I never used -x flag but I always test it with following command to ensure
device/config is functioning properly;
/var/lib/rancid/bin/clogin -c 'show clock' test-c3560-acc-sw1

*Configuration example on Ubunto 8.x;*
adduser rancid –rancid /var/lib/rancid
su rancid
/var/lib/rancid/bin/rancid-cvs
cd /var/lib/rancid
rancid-run
chmod 777 /var/lib/rancid/.cloginrc
chown -R rancid /etc/cvsweb
=====================================================
/etc/postfix/main.cf
removed;
***@email.com, , localhost.localdomain, localhost
/etc/init.d/postfix restart
=====================================================
*1. Add to Hosts file;*
nano /etc/hosts
example; 172.16.30.1 test-c3560-acc-sw1

*2. Add device password to .cloginrc*
nano /root/.cloginrc
example follows;
add user test-c3560-acc-sw1 testacc
add userpassword test-c3560-acc-sw1 password
add password test-c3560-acc-sw1 password enablepassword
add method test-c3560-acc-sw1 {ssh}

*3. Edit to Router.db*
nano /var/lib/rancid/switches/router.db
nano /var/lib/rancid/CVS/switches/router.db
example; test-c3560-acc-sw1:cisco:up

-- Run it;
./bin/rancid-run -r test-c3560-acc-sw1
*Test:*
/var/lib/rancid/bin/clogin -c 'show clock' test-c3560-acc-sw1
./clogin test-c3560-acc-sw1
/usr/lib/rancid/bin/clogin -c 'write term' test-c3560-acc-sw1 >
/var/lib/rancid/backups/test.cfg
-- Configure CVSWeb -
/etc/cvsweb/cvsweb.conf
Basedir=/usr/local/rancid; expert basedir
path=/usr/local/rancid/bin:/usr/local/bin:/usr/lib/usr/bin:/usr/bin
CVSROOT=$basedir/CVS
CVSWEBs;
/etc/cvsweb
/usr/share/cvsweb
/usr/lib/cgi-bin/cvsweb
/usr/share/doc/cvsweb
=====================================
# run config differ hourly
1 * * * * /usr/lib/rancid/rancid-run
# clean out config differ logs
50 23 * * * /usr/bin/find /var/lib/rancid/logs -type f -mtime +2 -exec rm {}
\;
-----------------------------------------------------------------------------------------------------
I hope this helps

Dean