[rancid] cannot login to sf302-08P managed swictch

Discussion:

Natxo Asenjo

2013-05-14 08:04:18 UTC

hi,

http://www.cisco.com/en/US/products/ps10898/prod_models_comparison.html

we have a few of those cheap(er) managed switches by cisco and I cannot
seem to login:

$ bin/clogin switch
switch
spawn telnet switch
Trying ip.ad.dr.ess...
Connected to swtich
Escape character is '^]'.

SWITCH

Authorized access only!

You have entered a secured system.
Disconnect IMMEDIATELY if
you are not an authorized user!

User Name:

This is the relevant part of my .cloginrc:

add user switch
add password switch {paassword}
add method switch {telnet}

I tried enclosing the user name in {} but that does not help either.

Any clues? Does anyone have those devices on their networks? I am aware
this is a SOHO device, but this is is full of enterprisey features.
--
Groeten,
natxo

Alex DEKKER

2013-05-14 16:02:01 UTC

Permalink

I'm guessing that clogin is waiting for something it recognises as a
username prompt and in the mean time the switch closes the connection:

$ clogin 192.168.253.20
192.168.253.20
spawn ssh -c 3des -x -l admin 192.168.253.20

User Name:
Error: Connection closed (ssh): 192.168.253.20

add user switch

I don't see a username in here ^^^

add password switch {paassword}
add method switch {telnet}
I tried enclosing the user name in {} but that does not help either.
Any clues? Does anyone have those devices on their networks?

Yes, I'd like to do the same with some SG500x.

alexd

Per-Olof Olsson

2013-05-15 05:16:46 UTC

Permalink

I'm guessing that clogin is waiting for something it recognises as a username prompt and in the mean time the
$ clogin 192.168.253.20
192.168.253.20
spawn ssh -c 3des -x -l admin 192.168.253.20
Error: Connection closed (ssh): 192.168.253.20

Or just a new prompter for user name

default from clogin
...
set u_prompt "(Username|Login|login|user name|User):"
...

it will not match

from .cloginrc
...
# add userprompt <router name glob> <username prompt>
# What the router prints to prompt for the username.
# Default: {"(Username|login|user name):"}
...

So what about testing
add userprompt switch {User name:}
in your .cloginrc

Post by Natxo Asenjo
add user switch

I don't see a username in here ^^^

Post by Natxo Asenjo
add password switch {paassword}
add method switch {telnet}
I tried enclosing the user name in {} but that does not help either.
Any clues? Does anyone have those devices on their networks?

Yes, I'd like to do the same with some SG500x.
alexd
_______________________________________________
Rancid-discuss mailing list
http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss

/Peo
----------------------------------------------------------
Per-Olof Olsson Email: ***@chalmers.se
Chalmers tekniska högskola IT-service
Hörsalsvägen 5 412 96 Göteborg
Tel: 031/772 6738 Fax: 031/772 8660
----------------------------------------------------------

Alex DEKKER

2013-05-15 09:19:31 UTC

Permalink

Post by Per-Olof Olsson
So what about testing
add userprompt switch {User name:}
in your .cloginrc

Thanks for that Per-Olof.

Adding

add userprompt 192.168.253.20 {"User Name:"}

to .cloginrc has done the trick.

alexd

Alex DEKKER

2013-05-15 09:24:57 UTC

Permalink

Post by Alex DEKKER
Adding
add userprompt 192.168.253.20 {"User Name:"}
to .cloginrc has done the trick.

Of course I should have known that it was never going to be that easy.
These are not IOS devices and the commands they support only intersect
in a small way with IOS, so it's probably going to need a new router
type.

Trying to get all of the configs.
192.168.253.20 clogin error: Error: TIMEOUT reached
192.168.253.20: missed cmd(s): show env all,show module,admin show
diag,show rsp chassis-info,admin show env all,show controllers,admin
show version,show diagbus,show diag,more system:running-config,show gsr
chassis,show debug,show idprom backplane,show diag chassis-info,write
term,show vtp status,show spe version,show install active,show
bootvar,show vlan,show controllers cbus,show version,show
vlan-switch,show redundancy secondary,admin show variables boot,show
variables boot,show running-config,show c7200,show boot,show inventory
raw
192.168.253.20: End of run not found
!

alexd

Natxo Asenjo

2013-05-15 09:42:16 UTC

Permalink

On Wed, May 15, 2013 at 7:16 AM, Per-Olof Olsson <***@chalmers.se> wrote:

hi,

Post by Per-Olof Olsson
So what about testing
add userprompt switch {User name:}
in your .cloginrc

getting closer ;-)

add user switch {username}
add password switch {pwd}
add userprompt switch {"User Name:"}
# add passprompt switch {"Password:"}
# add method switch {telnet}

adding the userprotmt allows rancid to go on, but it enters the
username/password three times and the authentication fails. I have verified
the user name/password combination are correct, I can log in manually with
those credentials.

I tried (as you see it is now commented out) the passprompt, but that does
not affect it. I see clogin type something 3 times and fail.

Now I have gone digging a bit further. We have radius configured in the
network devices. I used the radiusd -X logging of freeradius to see what
was coming from the switch and to my surprise I saw that the username was
correct but the password that was coming to the radius server corresponded
to the next .clogin defined for the 'normal' cisco devices. Strange.

so, to be clear, I have at the end of my cloginrc file a catchall rule like
so:

add user *.domain.tld {username}
add password *.domain.tld {pwd} {enablepwd}
add method *.domain.tld ssh

and befor that I add the config for the small switches. And yet rancid sent
the *.domain.tld password to the device.

I have now changed the *.domain.tld {username} to use radius authentication
instead of local user. Now it works.

Thanks for the userprompt tip!

--
groet,
natxo