Discussion:
[rancid] Timeouts on Cisco ASA
JP Viljoen
2009-04-21 09:22:27 UTC
Permalink
I've got a few Cisco devices that I'm monitoring configs and changes to the
configs with using RANCID, and among them is an ASA. The problem I have is that
logging into the ASA with clogin seems to just stall. It gets as far the
prompt immediately after login, and from there's it's just dead.

***@mon:~/rancid/bin$ ./clogin 10.1.2.1
10.1.2.1
spawn ssh -c 3des -x -l user 10.1.2.1
***@10.1.2.1's password:
Type help or '?' for a list of available commands.
ciscoasa>
{TIMEOUT here}

Entering commands at this point is unsuccessful, as is giving commands with
the -c parameter. Logging into the device with ssh on its own works perfectly
though:

***@mon:~/rancid/bin$ ssh ***@10.1.2.1
***@10.1.2.1's password:
Type help or '?' for a list of available commands.
ciscoasa> ?

clear Reset functions
enable Turn on privileged commands
<snip>

My .cloginrc for the specific device is as follows:

add user 10.1.2.1 {user}
add password 10.1.2.1 {loginpass} {enablepass}
add method 10.1.2.1 ssh

Initially the configuration was with Telnet, using which I experienced the same
timeout issue. After some reading through the archives I established that it
might be worth attempting to use SSH and have now run into the same issue. If
anyone else has perhaps solved this issue, or have a pointer on what I could
look at?
Carlo Finotti
2009-04-21 12:15:34 UTC
Permalink
Yep that is basically the same thing that is happening to me. It
seems like the package works great for routers and switches but is a
bit buggy for an ASA especially in multiple context mode. Hopefully
someone has this setup and working and can shed some light on our
dilemma.
Post by JP Viljoen
I've got a few Cisco devices that I'm monitoring configs and changes to the
configs with using RANCID, and among them is an ASA. The problem I have is that
logging into the ASA with clogin seems to just stall. It gets as far the
prompt immediately after login, and from there's it's just dead.
10.1.2.1
spawn ssh -c 3des -x -l user 10.1.2.1
Type help or '?' for a list of available commands.
ciscoasa>
{TIMEOUT here}
Entering commands at this point is unsuccessful, as is giving commands with
the -c parameter. Logging into the device with ssh on its own works perfectly
Type help or '?' for a list of available commands.
ciscoasa> ?
 clear       Reset functions
 enable      Turn on privileged commands
<snip>
add user 10.1.2.1               {user}
add password 10.1.2.1           {loginpass} {enablepass}
add method 10.1.2.1             ssh
Initially the configuration was with Telnet, using which I experienced the same
timeout issue. After some reading through the archives I established that it
might be worth attempting to use SSH and have now run into the same issue. If
anyone else has perhaps solved this issue, or have a pointer on what I could
look at?
_______________________________________________
Rancid-discuss mailing list
http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
marcus gaysek
2009-04-21 13:39:16 UTC
Permalink
I have quite a few ASAs in my environment and do not have that issue.
What version of rancid are you both running?
Is it possible something else in your .cloginrc config is taking precedence?
What happens if you run: ./clogin -u user-name -p user-password -e
enable-password 10.1.2.1
Post by Carlo Finotti
Yep that is basically the same thing that is happening to me. It
seems like the package works great for routers and switches but is a
bit buggy for an ASA especially in multiple context mode. Hopefully
someone has this setup and working and can shed some light on our
dilemma.
Post by JP Viljoen
I've got a few Cisco devices that I'm monitoring configs and changes to
the
Post by JP Viljoen
configs with using RANCID, and among them is an ASA. The problem I have
is that
Post by JP Viljoen
logging into the ASA with clogin seems to just stall. It gets as far the
prompt immediately after login, and from there's it's just dead.
10.1.2.1
spawn ssh -c 3des -x -l user 10.1.2.1
Type help or '?' for a list of available commands.
ciscoasa>
{TIMEOUT here}
Entering commands at this point is unsuccessful, as is giving commands
with
Post by JP Viljoen
the -c parameter. Logging into the device with ssh on its own works
perfectly
Post by JP Viljoen
Type help or '?' for a list of available commands.
ciscoasa> ?
clear Reset functions
enable Turn on privileged commands
<snip>
add user 10.1.2.1 {user}
add password 10.1.2.1 {loginpass} {enablepass}
add method 10.1.2.1 ssh
Initially the configuration was with Telnet, using which I experienced
the same
Post by JP Viljoen
timeout issue. After some reading through the archives I established that
it
Post by JP Viljoen
might be worth attempting to use SSH and have now run into the same
issue. If
Post by JP Viljoen
anyone else has perhaps solved this issue, or have a pointer on what I
could
Post by JP Viljoen
look at?
_______________________________________________
Rancid-discuss mailing list
http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
_______________________________________________
Rancid-discuss mailing list
http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
john heasley
2009-04-21 14:54:04 UTC
Permalink
Post by marcus gaysek
I have quite a few ASAs in my environment and do not have that issue.
What version of rancid are you both running?
Is it possible something else in your .cloginrc config is taking precedence?
What happens if you run: ./clogin -u user-name -p user-password -e
enable-password 10.1.2.1
and -noenable
and -d
Post by marcus gaysek
Post by Carlo Finotti
Yep that is basically the same thing that is happening to me. It
seems like the package works great for routers and switches but is a
bit buggy for an ASA especially in multiple context mode. Hopefully
someone has this setup and working and can shed some light on our
dilemma.
Post by JP Viljoen
I've got a few Cisco devices that I'm monitoring configs and changes to
the
Post by JP Viljoen
configs with using RANCID, and among them is an ASA. The problem I have
is that
Post by JP Viljoen
logging into the ASA with clogin seems to just stall. It gets as far the
prompt immediately after login, and from there's it's just dead.
10.1.2.1
spawn ssh -c 3des -x -l user 10.1.2.1
Type help or '?' for a list of available commands.
ciscoasa>
{TIMEOUT here}
Entering commands at this point is unsuccessful, as is giving commands
with
Post by JP Viljoen
the -c parameter. Logging into the device with ssh on its own works
perfectly
Post by JP Viljoen
Type help or '?' for a list of available commands.
ciscoasa> ?
clear Reset functions
enable Turn on privileged commands
<snip>
add user 10.1.2.1 {user}
add password 10.1.2.1 {loginpass} {enablepass}
add method 10.1.2.1 ssh
Initially the configuration was with Telnet, using which I experienced
the same
Post by JP Viljoen
timeout issue. After some reading through the archives I established that
it
Post by JP Viljoen
might be worth attempting to use SSH and have now run into the same
issue. If
Post by JP Viljoen
anyone else has perhaps solved this issue, or have a pointer on what I
could
Post by JP Viljoen
look at?
_______________________________________________
Rancid-discuss mailing list
http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
_______________________________________________
Rancid-discuss mailing list
http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
_______________________________________________
Rancid-discuss mailing list
http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
JP Viljoen
2009-04-21 13:02:10 UTC
Permalink
It sounds like your setup is expecting it to drop directly to enabled
mode, which is why it is timing out (it's likely looking for a # in
the prompt). double-check your .cloginrc file to make sure there isn't
an autoenable setting that would be applying to your device.
192.168.121.11
spawn ssh -c 3des -x -l rancid 192.168.121.11
Type help or '?' for a list of available commands.
P10-JAX-ASA> enable
Password: ************
P10-JAX-ASA#
P10-JAX-ASA# sh ver
Cisco Adaptive Security Appliance Software Version 8.0(4)
Device Manager Version 6.1(5)57
Speaking to a friend of mine earlier after he saw my post to the list, I did
try debugging with noenable and other parameters and even adjusting the
expected enable prompt to specifically match "Password:" (even though the
default should do this) as well as ensuring it doesn't try to autoenable, all
unsuccessfully.

Running in debug mode I get the following output near the end (sorry if some
of it is unnecessary, I'm still busy learning the flow of RANCID and getting to
know what's important where):

expect: does " \r\nType help or '?' for a list of available commands.
\r\n\rciscoasa> " (spawn_id exp6) match glob pattern "unknown host\r"? no

expect: does " \r\nType help or '?' for a list of available commands.
\r\n\rciscoasa> " (spawn_id exp6) match glob pattern "Host is unreachable"? no
"No address associated with name"? no
"(Host key not found |The authenticity of host .* be established).*(yes/no)?"?
no
"HOST IDENTIFICATION HAS CHANGED.* (yes/no)?"? no
"Offending key for .* (yes/no)?"? no
"(denied|Sorry)"? no
"Login failed"? no
"% (Bad passwords|Authentication failed)"? no
"Press any key to continue"? no
"Enter Selection: "? no
"Last login:"? no
"@[^\r\n]+ ([Pp]assword|passwd):"? no
"(Username|Login|login|user name|User):"? no
"([Pp]assword|passwd):"? no
"(#| \(enable\))"? no
"Login invalid"? no
expect: timed out

Error: TIMEOUT reached
write() failed to write anything - will sleep(1) and retry...
john heasley
2009-04-21 14:55:07 UTC
Permalink
Post by JP Viljoen
It sounds like your setup is expecting it to drop directly to enabled
mode, which is why it is timing out (it's likely looking for a # in
the prompt). double-check your .cloginrc file to make sure there isn't
an autoenable setting that would be applying to your device.
192.168.121.11
spawn ssh -c 3des -x -l rancid 192.168.121.11
Type help or '?' for a list of available commands.
P10-JAX-ASA> enable
Password: ************
P10-JAX-ASA#
P10-JAX-ASA# sh ver
Cisco Adaptive Security Appliance Software Version 8.0(4)
Device Manager Version 6.1(5)57
Speaking to a friend of mine earlier after he saw my post to the list, I did
try debugging with noenable and other parameters and even adjusting the
expected enable prompt to specifically match "Password:" (even though the
default should do this) as well as ensuring it doesn't try to autoenable, all
unsuccessfully.
Running in debug mode I get the following output near the end (sorry if some
of it is unnecessary, I'm still busy learning the flow of RANCID and getting to
you havent included enough of the output.
Post by JP Viljoen
expect: does " \r\nType help or '?' for a list of available commands.
\r\n\rciscoasa> " (spawn_id exp6) match glob pattern "unknown host\r"? no
expect: does " \r\nType help or '?' for a list of available commands.
\r\n\rciscoasa> " (spawn_id exp6) match glob pattern "Host is unreachable"? no
"No address associated with name"? no
"(Host key not found |The authenticity of host .* be established).*(yes/no)?"?
no
"HOST IDENTIFICATION HAS CHANGED.* (yes/no)?"? no
"Offending key for .* (yes/no)?"? no
"(denied|Sorry)"? no
"Login failed"? no
"% (Bad passwords|Authentication failed)"? no
"Press any key to continue"? no
"Enter Selection: "? no
"Last login:"? no
"(Username|Login|login|user name|User):"? no
"([Pp]assword|passwd):"? no
"(#| \(enable\))"? no
"Login invalid"? no
expect: timed out
Error: TIMEOUT reached
write() failed to write anything - will sleep(1) and retry...
_______________________________________________
Rancid-discuss mailing list
http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
JP Viljoen
2009-04-28 08:46:13 UTC
Permalink
Post by john heasley
you havent included enough of the output.
Here's the full debug output for a normal run and then for a run with
noenable:

The clogin snippet:

<paste>
***@mon:~/rancid/bin$ grep 10.1.2.1 /home/rancid/.cloginrc
add user 10.1.2.1 {user}
add password 10.1.2.1 {loginpass} {enablepass}
add method 10.1.2.1 ssh
add enableprompt 10.1.2.1 {"\[Pp]assword:"}
add autoenable 10.1.2.1 {0}
</paste>

A manual clogin run:

<paste>
***@mon:~/rancid/bin$ ./clogin -t 10 10.1.2.1
10.1.2.1
spawn ssh -c 3des -x -l user 10.1.2.1
***@10.1.2.1's password:
Type help or '?' for a list of available commands.
ciscoasa>

Error: TIMEOUT reached
</paste>

A run with full debug:

<paste>
***@mon:~/rancid/bin$ ./clogin -t 10 -d 10.1.2.1
10.1.2.1
spawn ssh -c 3des -x -l user 10.1.2.1
parent: waiting for sync byte
parent: telling child to go ahead
parent: now unsynchronized from child
spawn: returns {26050}

expect: does "" (spawn_id exp6) match regular expression "(Connection refused|
Secure connection [^\n\r]+ refused)"? no
"(Connection closed by|Connection to [^\n\r]+ closed)"? no

expect: does "" (spawn_id exp6) match glob pattern "unknown host\r"? no

expect: does "" (spawn_id exp6) match glob pattern "Host is unreachable"? no
"No address associated with name"? no
"(Host key not found |The authenticity of host .* be established).*(yes/no)?"?
no
"HOST IDENTIFICATION HAS CHANGED.* (yes/no)?"? no
"Offending key for .* (yes/no)?"? no
"(denied|Sorry)"? no
"Login failed"? no
"% (Bad passwords|Authentication failed)"? no
"Press any key to continue"? no
"Enter Selection: "? no
"Last login:"? no
"@[^\r\n]+ ([Pp]assword|passwd):"? no
"(Username|Login|login|user name|User):"? no
"([Pp]assword|passwd):"? no
"(#| \(enable\))"? no
"Login invalid"? no
***@10.1.2.1's password:
expect: does "***@10.1.2.1's password: " (spawn_id exp6) match regular
expression "(Connection refused|Secure connection [^\n\r]+ refused)"? no
"(Connection closed by|Connection to [^\n\r]+ closed)"? no

expect: does "***@10.1.2.1's password: " (spawn_id exp6) match glob pattern
"unknown host\r"? no

expect: does "***@10.1.2.1's password: " (spawn_id exp6) match glob pattern
"Host is unreachable"? no
"No address associated with name"? no
"(Host key not found |The authenticity of host .* be established).*(yes/no)?"?
no
"HOST IDENTIFICATION HAS CHANGED.* (yes/no)?"? no
"Offending key for .* (yes/no)?"? no
"(denied|Sorry)"? no
"Login failed"? no
"% (Bad passwords|Authentication failed)"? no
"Press any key to continue"? no
"Enter Selection: "? no
"Last login:"? no
"@[^\r\n]+ ([Pp]assword|passwd):"? yes
expect: set expect_out(0,string) "@10.1.2.1's password:"
expect: set expect_out(1,string) "password"
expect: set expect_out(spawn_id) "exp6"
expect: set expect_out(buffer) "***@10.1.2.1's password:"
send: sending "loginpass\r" to { exp6 }
expect: continuing expect

expect: does " " (spawn_id exp6) match regular expression "(Connection
refused|Secure connection [^\n\r]+ refused)"? no
"(Connection closed by|Connection to [^\n\r]+ closed)"? no

expect: does " " (spawn_id exp6) match glob pattern "unknown host\r"? no

expect: does " " (spawn_id exp6) match glob pattern "Host is unreachable"? no
"No address associated with name"? no
"(Host key not found |The authenticity of host .* be established).*(yes/no)?"?
no
"HOST IDENTIFICATION HAS CHANGED.* (yes/no)?"? no
"Offending key for .* (yes/no)?"? no
"(denied|Sorry)"? no
"Login failed"? no
"% (Bad passwords|Authentication failed)"? no
"Press any key to continue"? no
"Enter Selection: "? no
"Last login:"? no
"@[^\r\n]+ ([Pp]assword|passwd):"? no
"(Username|Login|login|user name|User):"? no
"([Pp]assword|passwd):"? no
"(#| \(enable\))"? no
"Login invalid"? no


expect: does " \r\n" (spawn_id exp6) match regular expression "(Connection
refused|Secure connection [^\n\r]+ refused)"? no
"(Connection closed by|Connection to [^\n\r]+ closed)"? no

expect: does " \r\n" (spawn_id exp6) match glob pattern "unknown host\r"? no

expect: does " \r\n" (spawn_id exp6) match glob pattern "Host is unreachable"?
no
"No address associated with name"? no
"(Host key not found |The authenticity of host .* be established).*(yes/no)?"?
no
"HOST IDENTIFICATION HAS CHANGED.* (yes/no)?"? no
"Offending key for .* (yes/no)?"? no
"(denied|Sorry)"? no
"Login failed"? no
"% (Bad passwords|Authentication failed)"? no
"Press any key to continue"? no
"Enter Selection: "? no
"Last login:"? no
"@[^\r\n]+ ([Pp]assword|passwd):"? no
"(Username|Login|login|user name|User):"? no
"([Pp]assword|passwd):"? no
"(#| \(enable\))"? no
"Login invalid"? no
Type help or '?' for a list of available commands.

expect: does " \r\nType help or '?' for a list of available commands.\r\n"
(spawn_id exp6) match regular expression "(Connection refused|Secure
connection [^\n\r]+ refused)"? no
"(Connection closed by|Connection to [^\n\r]+ closed)"? no

expect: does " \r\nType help or '?' for a list of available commands.\r\n"
(spawn_id exp6) match glob pattern "unknown host\r"? no

expect: does " \r\nType help or '?' for a list of available commands.\r\n"
(spawn_id exp6) match glob pattern "Host is unreachable"? no
"No address associated with name"? no
"(Host key not found |The authenticity of host .* be established).*(yes/no)?"?
no
"HOST IDENTIFICATION HAS CHANGED.* (yes/no)?"? no
"Offending key for .* (yes/no)?"? no
"(denied|Sorry)"? no
"Login failed"? no
"% (Bad passwords|Authentication failed)"? no
"Press any key to continue"? no
"Enter Selection: "? no
"Last login:"? no
"@[^\r\n]+ ([Pp]assword|passwd):"? no
"(Username|Login|login|user name|User):"? no
"([Pp]assword|passwd):"? no
"(#| \(enable\))"? no
"Login invalid"? no
ciscoasa>
expect: does " \r\nType help or '?' for a list of available commands.
\r\n\rciscoasa> " (spawn_id exp6) match regular expression "(Connection
refused|Secure connection [^\n\r]+ refused)"? no
"(Connection closed by|Connection to [^\n\r]+ closed)"? no

expect: does " \r\nType help or '?' for a list of available commands.
\r\n\rciscoasa> " (spawn_id exp6) match glob pattern "unknown host\r"? no

expect: does " \r\nType help or '?' for a list of available commands.
\r\n\rciscoasa> " (spawn_id exp6) match glob pattern "Host is unreachable"? no
"No address associated with name"? no
"(Host key not found |The authenticity of host .* be established).*(yes/no)?"?
no
"HOST IDENTIFICATION HAS CHANGED.* (yes/no)?"? no
"Offending key for .* (yes/no)?"? no
"(denied|Sorry)"? no
"Login failed"? no
"% (Bad passwords|Authentication failed)"? no
"Press any key to continue"? no
"Enter Selection: "? no
"Last login:"? no
"@[^\r\n]+ ([Pp]assword|passwd):"? no
"(Username|Login|login|user name|User):"? no
"([Pp]assword|passwd):"? no
"(#| \(enable\))"? no
"Login invalid"? no
expect: timed out

Error: TIMEOUT reached
write() failed to write anything - will sleep(1) and retry...
</paste>

noenable run:

<paste>
***@mon:~/rancid/bin$ ./clogin -t 10 -d -noenable 10.1.2.1
10.1.2.1
spawn ssh -c 3des -x -l user 10.1.2.1
parent: waiting for sync byte
parent: telling child to go ahead
parent: now unsynchronized from child
spawn: returns {26441}

expect: does "" (spawn_id exp6) match regular expression "(Connection refused|
Secure connection [^\n\r]+ refused)"? no
"(Connection closed by|Connection to [^\n\r]+ closed)"? no

expect: does "" (spawn_id exp6) match glob pattern "unknown host\r"? no

expect: does "" (spawn_id exp6) match glob pattern "Host is unreachable"? no
"No address associated with name"? no
"(Host key not found |The authenticity of host .* be established).*(yes/no)?"?
no
"HOST IDENTIFICATION HAS CHANGED.* (yes/no)?"? no
"Offending key for .* (yes/no)?"? no
"(denied|Sorry)"? no
"Login failed"? no
"% (Bad passwords|Authentication failed)"? no
"Press any key to continue"? no
"Enter Selection: "? no
"Last login:"? no
"@[^\r\n]+ ([Pp]assword|passwd):"? no
"(Username|Login|login|user name|User):"? no
"([Pp]assword|passwd):"? no
"(#| \(enable\))"? no
"Login invalid"? no
***@10.1.2.1's password:
expect: does "***@10.1.2.1's password: " (spawn_id exp6) match regular
expression "(Connection refused|Secure connection [^\n\r]+ refused)"? no
"(Connection closed by|Connection to [^\n\r]+ closed)"? no

expect: does "***@10.1.2.1's password: " (spawn_id exp6) match glob pattern
"unknown host\r"? no

expect: does "***@10.1.2.1's password: " (spawn_id exp6) match glob pattern
"Host is unreachable"? no
"No address associated with name"? no
"(Host key not found |The authenticity of host .* be established).*(yes/no)?"?
no
"HOST IDENTIFICATION HAS CHANGED.* (yes/no)?"? no
"Offending key for .* (yes/no)?"? no
"(denied|Sorry)"? no
"Login failed"? no
"% (Bad passwords|Authentication failed)"? no
"Press any key to continue"? no
"Enter Selection: "? no
"Last login:"? no
"@[^\r\n]+ ([Pp]assword|passwd):"? yes
expect: set expect_out(0,string) "@10.1.2.1's password:"
expect: set expect_out(1,string) "password"
expect: set expect_out(spawn_id) "exp6"
expect: set expect_out(buffer) "***@10.1.2.1's password:"
send: sending "loginpass\r" to { exp6 }
expect: continuing expect

expect: does " " (spawn_id exp6) match regular expression "(Connection
refused|Secure connection [^\n\r]+ refused)"? no
"(Connection closed by|Connection to [^\n\r]+ closed)"? no

expect: does " " (spawn_id exp6) match glob pattern "unknown host\r"? no

expect: does " " (spawn_id exp6) match glob pattern "Host is unreachable"? no
"No address associated with name"? no
"(Host key not found |The authenticity of host .* be established).*(yes/no)?"?
no
"HOST IDENTIFICATION HAS CHANGED.* (yes/no)?"? no
"Offending key for .* (yes/no)?"? no
"(denied|Sorry)"? no
"Login failed"? no
"% (Bad passwords|Authentication failed)"? no
"Press any key to continue"? no
"Enter Selection: "? no
"Last login:"? no
"@[^\r\n]+ ([Pp]assword|passwd):"? no
"(Username|Login|login|user name|User):"? no
"([Pp]assword|passwd):"? no
"(#| \(enable\))"? no
"Login invalid"? no


expect: does " \r\n" (spawn_id exp6) match regular expression "(Connection
refused|Secure connection [^\n\r]+ refused)"? no
"(Connection closed by|Connection to [^\n\r]+ closed)"? no

expect: does " \r\n" (spawn_id exp6) match glob pattern "unknown host\r"? no

expect: does " \r\n" (spawn_id exp6) match glob pattern "Host is unreachable"?
no
"No address associated with name"? no
"(Host key not found |The authenticity of host .* be established).*(yes/no)?"?
no
"HOST IDENTIFICATION HAS CHANGED.* (yes/no)?"? no
"Offending key for .* (yes/no)?"? no
"(denied|Sorry)"? no
"Login failed"? no
"% (Bad passwords|Authentication failed)"? no
"Press any key to continue"? no
"Enter Selection: "? no
"Last login:"? no
"@[^\r\n]+ ([Pp]assword|passwd):"? no
"(Username|Login|login|user name|User):"? no
"([Pp]assword|passwd):"? no
"(#| \(enable\))"? no
"Login invalid"? no
Type help or '?' for a list of available commands.

expect: does " \r\nType help or '?' for a list of available commands.\r\n"
(spawn_id exp6) match regular expression "(Connection refused|Secure
connection [^\n\r]+ refused)"? no
"(Connection closed by|Connection to [^\n\r]+ closed)"? no

expect: does " \r\nType help or '?' for a list of available commands.\r\n"
(spawn_id exp6) match glob pattern "unknown host\r"? no

expect: does " \r\nType help or '?' for a list of available commands.\r\n"
(spawn_id exp6) match glob pattern "Host is unreachable"? no
"No address associated with name"? no
"(Host key not found |The authenticity of host .* be established).*(yes/no)?"?
no
"HOST IDENTIFICATION HAS CHANGED.* (yes/no)?"? no
"Offending key for .* (yes/no)?"? no
"(denied|Sorry)"? no
"Login failed"? no
"% (Bad passwords|Authentication failed)"? no
"Press any key to continue"? no
"Enter Selection: "? no
"Last login:"? no
"@[^\r\n]+ ([Pp]assword|passwd):"? no
"(Username|Login|login|user name|User):"? no
"([Pp]assword|passwd):"? no
"(#| \(enable\))"? no
"Login invalid"? no
ciscoasa>
expect: does " \r\nType help or '?' for a list of available commands.
\r\n\rciscoasa> " (spawn_id exp6) match regular expression "(Connection
refused|Secure connection [^\n\r]+ refused)"? no
"(Connection closed by|Connection to [^\n\r]+ closed)"? no

expect: does " \r\nType help or '?' for a list of available commands.
\r\n\rciscoasa> " (spawn_id exp6) match glob pattern "unknown host\r"? no

expect: does " \r\nType help or '?' for a list of available commands.
\r\n\rciscoasa> " (spawn_id exp6) match glob pattern "Host is unreachable"? no
"No address associated with name"? no
"(Host key not found |The authenticity of host .* be established).*(yes/no)?"?
no
"HOST IDENTIFICATION HAS CHANGED.* (yes/no)?"? no
"Offending key for .* (yes/no)?"? no
"(denied|Sorry)"? no
"Login failed"? no
"% (Bad passwords|Authentication failed)"? no
"Press any key to continue"? no
"Enter Selection: "? no
"Last login:"? no
"@[^\r\n]+ ([Pp]assword|passwd):"? no
"(Username|Login|login|user name|User):"? no
"([Pp]assword|passwd):"? no
"(#| \(enable\))"? no
"Login invalid"? no
expect: timed out

Error: TIMEOUT reached
write() failed to write anything - will sleep(1) and retry...
</paste>
JP Viljoen
2009-04-29 09:19:17 UTC
Permalink
you have something earlier in your cloginrc thats setting autoenable.
I went through it all line-by-line and it turns out that I didn't see the line
in the area where hosts were specified under domain names, and this is where
the global auto-enable was. Thanks

Loading...