[rancid] Re: 'out of band' access script changes?

Sherrill, Justin jsherrill at currentcomm.net
Tue Nov 21 15:59:44 UTC 2006

Looking at the debug output, the command never enters the login
information at the right time.  ('user' is the username for the second

User Access Verification

User Access Verification

Username:  timeout expired!

User Access Verification


I think the first clogin process is holding the output that contains the
Username: prompt, so the second spawned process doesn't see the prompt
and continue until there's an initial timeout and the first process
kicks out the output so far and the error message.  When that happens,
the second script prints out the username twice, since it sees
"Username:" twice, but the prompt isn't there for it yet.

The overlay command looks like it may be a solution, but a few seconds
of fiddling haven't produced a working example for me yet.  I'd gladly
send a (six-pack|batch of cookies) of choice to someone who could make
this work.

Justin C. Sherrill - CURRENT Communications
220 Kenneth Drive
Rochester, New York 14623
P: 585.486.0549 F: 585.486.0030

-----Original Message-----
From: Ed Ravin [mailto:eravin at panix.com] 
Sent: Monday, November 20, 2006 4:40 PM
To: Sherrill, Justin
Cc: rancid-discuss at shrubbery.net
Subject: Re: 'out of band' access script changes?

On Mon, Nov 20, 2006 at 03:33:22PM -0500, Sherrill, Justin wrote:
> Going by your example, it doesn't work, as the spawned process doesn't
> get a target router passed to it

Yes, I forgot the router argument won't get automatically generated as
it normally does for clogin.  But I see you figured that out already...

> As I understand it, the usercmd option that's been patched in supplies
> new connection method for whatever server's being accessed, so I tried
> constructing this line:
> add usercmd  {cmtslogin} {-c} {telnet}
> {}
> Am I correct in that this should say "Connect to and
> 'telnet', in order to connect to"?
> It works in that it eventually connects to the remote device, but the
> two connections seem to spawn and run in parallel - i.e. I see the
> username and password for the second device getting printed out while
> the first device is being logged into.
> Has anyone done this in practice?  I'm wondering if I'm just
> syntax-impaired.

As far as I know, you're the first one to chain clogins together like
this.  It's been only an academic discussion until now. :-)

I'm guessing that clogin#1 sees the login dialogue of clogin#2 logging
into the gateway router, and thinks that is the login prompt of the
far-end device.  To fix that, we need some way for the patched clogin
to detect that you've gotten past the telnet command of clogin#1.  The
usercmd_chat feature should work for that.  Maybe if you match the
first Cisco's telnet command, like this:

  add usercmd_chat {Trying.*} {}

This waits for the "Trying" message Cisco's telnet command prints
just before connecting, and sends an empty string, then exits
chat mode and returns to the normal clogin login prompt detection

If that fails, run the clogins with debug options and see if you can
find some output just before the far-end router's Username: prompt
to match.  If the far-end router has a login banner that is distinct
from that sent by the gateway router, you could try matching on that.

	-- Ed

The information in this email may be confidential and/or privileged. This email is intended to be reviewed by only the individual or organization named above. If you are not the intended recipient or an authorized representative of the intended recipient, you are hereby notified that any review, dissemination or copying of this email and its attachments, if any, or the information contained herein is prohibited. If you have received this email in error, please immediately notify the sender by return email and delete this message from your system. 

More information about the Rancid-discuss mailing list