[rancid] Re: Rancid with Fortigate Devices?

Mon Apr 20 17:39:35 UTC 2009

[rancid at pwcolocacti ~]$ nlogin -d -t 90 -c"get system status;get conf" pwcolofgt100c
pwcolofgt100c
spawn ssh -c 3des -x -l meskander pwcolofgt100c
parent: waiting for sync byte
parent: telling child to go ahead
parent: now unsynchronized from child
spawn: returns {6199}

expect: does "" (spawn_id exp6) match glob pattern "Connection refused"? no
"Unknown host\r\n"? no
"Host is unreachable"? no
"No address associated with name"? no
"Are you sure you want to continue connecting .*"? no
"Host key not found .* (yes/no)?"? no
"HOST IDENTIFICATION HAS CHANGED.* (yes/no)?"? no
"Offending key for .* (yes/no)?"? no
"denied"? no
" ### Login failed"? no
"(login:)"? no
"@[^\r\n]+[Pp]assword:"? no
"[Pp]assword:"? no
"-> "? no
meskander at pwcolofgt100c's password:
expect: does "meskander at pwcolofgt100c's password: " (spawn_id exp6) match glob pattern "Connection refused"? no
"Unknown host\r\n"? no
"Host is unreachable"? no
"No address associated with name"? no
"Are you sure you want to continue connecting .*"? no
"Host key not found .* (yes/no)?"? no
"HOST IDENTIFICATION HAS CHANGED.* (yes/no)?"? no
"Offending key for .* (yes/no)?"? no
"denied"? no
" ### Login failed"? no
"(login:)"? no
"@[^\r\n]+[Pp]assword:"? yes
expect: set expect_out(0,string) "@pwcolofgt100c's password:"
expect: set expect_out(spawn_id) "exp6"
expect: set expect_out(buffer) "meskander at pwcolofgt100c's password:"
send: sending "G0ds at v3s\r" to { exp6 }
expect: continuing expect

expect: does " " (spawn_id exp6) match glob pattern "Connection refused"? no
"Unknown host\r\n"? no
"Host is unreachable"? no
"No address associated with name"? no
"Are you sure you want to continue connecting .*"? no
"Host key not found .* (yes/no)?"? no
"HOST IDENTIFICATION HAS CHANGED.* (yes/no)?"? no
"Offending key for .* (yes/no)?"? no
"denied"? no
" ### Login failed"? no
"(login:)"? no
"@[^\r\n]+[Pp]assword:"? no
"[Pp]assword:"? no
"-> "? no

expect: does " \r\n" (spawn_id exp6) match glob pattern "Connection refused"? no
"Unknown host\r\n"? no
"Host is unreachable"? no
"No address associated with name"? no
"Are you sure you want to continue connecting .*"? no
"Host key not found .* (yes/no)?"? no
"HOST IDENTIFICATION HAS CHANGED.* (yes/no)?"? no
"Offending key for .* (yes/no)?"? no
"denied"? no
" ### Login failed"? no
"(login:)"? no
"@[^\r\n]+[Pp]assword:"? no
"[Pp]assword:"? no
"-> "? no
FGT100C3G0860259~ $
expect: does " \r\nFGT100C3G0860259~ $ " (spawn_id exp6) match glob pattern "Connection refused"? no
"Unknown host\r\n"? no
"Host is unreachable"? no
"No address associated with name"? no
"Are you sure you want to continue connecting .*"? no
"Host key not found .* (yes/no)?"? no
"HOST IDENTIFICATION HAS CHANGED.* (yes/no)?"? no
"Offending key for .* (yes/no)?"? no
"denied"? no
" ### Login failed"? no
"(login:)"? no
"@[^\r\n]+[Pp]assword:"? no
"[Pp]assword:"? no
"-> "? no
expect: timed out

Error: TIMEOUT reached
write() failed to write anything - will sleep(1) and retry...
[rancid at pwcolocacti ~]$

Mina Eskander
Perimeterwatch Technologies
Direct:   +1 (347) 448-2845
Mobile:   +1 (347) 510-4102
meskander at perimeterwatch.com

Network Security | Disaster Recovery | Business Continuity | IT Projects | Application Development
_____________________________________________________________________
New York: (347) 448-2845 - 34-12 36th Street - 2nd Floor - Astoria, NY 11106

-----Original Message-----
From: john heasley [mailto:heas at shrubbery.net]
Sent: Monday, April 20, 2009 12:25 PM
To: Mina Eskander
Cc: john heasley; rancid-discuss at shrubbery.net
Subject: Re: [rancid] Re: Rancid with Fortigate Devices?

Mon, Apr 20, 2009 at 09:32:58AM -0400, Mina Eskander:
>
> I ran the commanded and here is the output:
>
> [rancid at pwcolocacti ~]$ nlogin -t 90 -c"get system status;get conf" pwcolofgt100c
> pwcolofgt100c
> spawn ssh -c 3des -x -l meskander pwcolofgt100c
> meskander at pwcolofgt100c's password:
> FGT100C3G0860259~ $
> Error: TIMEOUT reached
>
> I think ive seen this before, it looks like rancid does not recognize the prompt, what do you think?

probably.  try it with the -d option

> -----Original Message-----
> From: john heasley [mailto:heas at shrubbery.net]
> Sent: Thursday, April 16, 2009 2:24 PM
> To: Mina Eskander
> Cc: rancid-discuss at shrubbery.net
> Subject: Re: [rancid] Re: Rancid with Fortigate Devices?
>
> Thu, Apr 16, 2009 at 11:38:45AM -0400, Mina Eskander:
> > Has anybody made progress with this?
> > I set up a new rancid server and did a fnrancid with the following output.
> >
> > [rancid at pwcolocacti ~]$ bin/fnrancid -d pwcolofgt100c
> > executing nlogin -t 90 -c"get system status;get conf" pwcolofgt100c
> > pwcolofgt100c nlogin error: Error: TIMEOUT reached
> > pwcolofgt100c nlogin error: Error: TIMEOUT reached
> > pwcolofgt100c: missed cmd(s): get conf,get system status
> > pwcolofgt100c: missed cmd(s): get conf,get system status
> > 0: found end
> > pwcolofgt100c: End of run not found
> > pwcolofgt100c: End of run not found
> >
> > not really sure if it's because of a regex problem or the commands or what, I would appreciate any help with this.
>
> first step should always be to make sure that the expect script is working.
> what does
> nlogin -t 90 -c"get system status;get conf" pwcolofgt100c
> o/p?
>
> > Network Security | Disaster Recovery | Business Continuity | IT Projects | Application Development
>
> what is 'business continuity'?