rancid-andrew at andrew.net.au
Fri Dec 5 22:17:14 UTC 2003
I stumbled upon RANCID the other day, and boy is it the bees knees. I've
written something functionally similar (I haven't looked at RANCID's innards
yet) but this looks pretty spiffy. We use what I've written to drag configs
out of Cisco routers, switches and PIXes, and check them into CVS.
One thing that we do is not allow telnet access to our switches. They're all
connected to Cyclades console access servers, and my script SSHes to the
Cyclades to get onto the console of the switch. Any thoughts on including
the ability to connect to a device via an intermediate device?
To my knowledge, you can't setup RSA/DSA key access to a port on a Cyclades,
which is a bit of a bummer, and to work around the issues with trying to
authenticate to the Cyclades and then authenticate to the device on the
Cyclades' port, I've just disabled authentication on the port, so if you SSH
to the port, you land immediately on the console of the switch, and are
asked to authenticate to it. In an ideal world, it would be good to have
port-based authentication switched on...
More information about the Rancid-discuss