[rancid] Re: cloginrc for username and enable

Lance Vermilion rancid at gheek.net
Fri Apr 28 19:40:39 UTC 2006


Here is the format.
# add password <router name glob> <vty passwd> <enable passwd>
# add user <router name glob> <username>
#       The default user is $USER (i.e.: the user running clogin).
# add userprompt <router name glob> <username prompt>
#       What the router prints to prompt for the username.
#       Default: {"(Username|login|user name):"}
# add userpassword <router name glob> <user password>
#       The password for user if different than the password set
#       using 'add password'.
# add passprompt <router name glob> <password prompt>
#       What the router prints to prompt for the password.
#       Default: {"(\[Pp]assword|passwd):"}
# add method <router name glob> {ssh} [...]
#       Defines, in order, which connection method(s) to use for a device
#       from the set {ssh,telnet,rsh}.  e.g.: add method * {ssh} {telnet} {rsh}
#       will attempt ssh connection first.  if ssh fails with connection
#       refused (i.e.: not due to authentication failure), then try telnet,
#       then rsh.
#       Default: {telnet} {ssh}
# add noenable <router name glob>
#       equivalent of -noenable on the cmd line to not enable at login.
# add enableprompt <router name glob> <enable prompt>
#       What the router prints to prompt for the enable password.
#       Default: {"\[Pp]assword:"}
# add enauser <router name glob> <username>
#       This is only needed if enable asks for a username and this
#       username is different from what user is set to.
# add autoenable <router name glob> <1/0>
#       This is used if you are automatically enabled by the login process.
# add cyphertype <router name glob> <ssh encryption type>
#       Default is 3des.
# add identity <router name glob> <path to ssh identity file>
#       Default is your default ssh identity.


-Lance <rancid at gheek.net>

On Sat, Apr 29, 2006 at 12:45:28AM +0700, Affan Basalamah wrote:
> Hi all,
> I have configured our cisco router/switch to use tac+ auth, but I want
> to also enable it to be rancid-ed. I have added rancid special user
> (with show-only permissions) and password in tac_plus.conf. Enable
> password still exist in router/switch, which is different than rancid
> password.
> I want to know what will cloginrc config would be for this
> configuration, since I see in 'man cloginrc'  that 'add user' and 'add
> password' stanza doesn't include enable password.
> In a nutshell :
> - special rancid user & password
> - enable secret password in router
> Regards,
> -affan
> _______________________________________________
> Rancid-discuss mailing list
> Rancid-discuss at shrubbery.net
> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss

More information about the Rancid-discuss mailing list