[rancid] Re: unencrypted passwords in .cloginrc ...

[Ed Ravin]

On Thu, Oct 26, 2006 at 02:28:54PM -0700, John Dworske wrote:
> Is there any way getting around using unencrypted passwords in the 
> .cloginrc file ?  My co-workers will not let me use rancid unless we can 
> come up with something more secure ?

If something automated is going to log into a router, it needs an
authentication credential.  That's going to have to be stored somewhere.
If you store it encrypted, then you're going to need to store the
decryption key somewhere.  All that does is rearrange the exposure,
not solve it.  If your co-workers can elaborate on what they think
is "more secure", perhaps we can discuss it further.  It would also
help if your co-workers could describe what threat they're worried
about.  Are there hostile users on the RANCID host that might try to
discover your router passwords?  Is the RANCID host easy to break
into from the Internet or your local network?

If you trust your network and your RANCID host enough to use IP address
alone for authentication, you could use rsh.  (clogin has an rsh mode which
may work for you - it didn't for me, so I wrote a Perl script called
"rsh.clogin", posted to this list in June 2005, that should work reliably.)
Since rsh is unencrypted, and vulnerable to tcp spoofing if your network
isn't properly protected, some people might say that using rsh is less secure
than using passwords.

If you use a TACACS server for authentication, then you could do some
interesting things to make the passwords RANCID uses less useful to
outsiders - for example, the TACACS server could only allow the RANCID
username to be used from the RANCID host, or during certain times of day,
or only allow it to execute a limited subset of commands.