[rancid] Request to make "enable" command configurable

David Croft david.croft at infotrek.net
Tue Jun 19 16:30:31 UTC 2007


Unlike most Cisco devices, the ASAs seem to launch you into privilege
mode 0 when you login even if the user's privilege level is higher.

There are then two ways to enable:
- "enable" (requires the device's enable password and shoots you to priv 15)
- "login" (requires the user's name & password and then uses their
configured privilege level)

As we don't want the device enable password to be stored or used
anywhere the ideal method to enable is thus to "login". The only
change required is to change
    send "enable\r"
to
    send "login\r"

Rancid already handles entering the username automatically so this
works a treat.

I have tested this by copying clogin to asalogin and making this
change. So please consider this a request to make the enable command
in clogin configurable per device (e.g. set enablecmd fw* {login} ).
If it would be helpful for me to prepare a patch for this, let me
know.

Thanks

David

david at netman2:~$ asalogin fw01
fw01
spawn ssh -c 3des -x -l david fw01
david at fw01's password:
Type help or '?' for a list of available commands.
fw01> login
Username: david
Password: ********
fw01#


More information about the Rancid-discuss mailing list