[rancid] Re: Redback timeouts lockout admin accounts

john heasley heas at shrubbery.net
Mon Jul 17 21:30:09 UTC 2006


Mon, Jul 17, 2006 at 12:05:21PM -0400, Ed Ravin:
> On Mon, Jul 17, 2006 at 10:42:43AM -0500, Gary L Roberts wrote:
> > Running ./clogin produces this output:
> > 
> > [rancid at Rancid bin]$ ./clogin 10.xxx.xxx.xxx
> > 10.xxx.xxx.xxx
> > spawn ssh -c 3des -x -l adminlogin 10.xxx.xxx.xxx
> > adminlogin at 10.xxx.xxx.xxx's password:
> > [local]REDBACK#show config
> > 
> > Error: TIMEOUT reached
> > [rancid at Rancid bin]$ show config
> > bash: show: command not found
> > 
> > 
> > Redback only allows so many admin sessions at one time to be logged into 
> > the system.
> > And since RANCID errors out, it is not closing the ssh session. so after 
> > 1 days time, it completely locks out remote access to the router.
> 
> I think I fixed that problem with clogin a couple of months ago - see
> patch below.  clogin wasn't properly closing the SSH/telnet session
> if there was a timeout error.

That looks correct, though you should catch the close, but I doubt this
related since the telnet/ssh would see EOF on stdin and close the network
side.

> @@ -626,7 +644,7 @@
>                                                   exp_continue
>                                                 }
>         -re "\[\n\r]+"                          { exp_continue }
> -       timeout                                 { return 0 }
> +       timeout                                 { close; return 0 }
>         eof                                     { return 0 }
>      }
>      set in_proc 0
> 
> _______________________________________________
> Rancid-discuss mailing list
> Rancid-discuss at shrubbery.net
> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss



More information about the Rancid-discuss mailing list