[rancid] Re: Rancid with Fortigate Devices?

john heasley heas at shrubbery.net
Tue Apr 28 19:04:00 UTC 2009 

Thu, Apr 23, 2009 at 11:19:03AM -0400, Mina Eskander:
> I changed the -> in the nlogin script to ~ $ and it still does not work, here is the output I get

Would someone who knows the fortigate well please confirm the prompt format?
I was told '-> ', but reading through the manual that I found online, it
seems that the prompt is '$ ' and gives no indication that it changes with
elevated permissions.  But, the manual for their CLI seems poorly written.

> [rancid at pwcolocacti bin]$ nlogin -d -t 90 -c"get system status;get conf" pwcolofgt100c
> pwcolofgt100c
> spawn ssh -c 3des -x -l meskander pwcolofgt100c
> parent: waiting for sync byte
> parent: telling child to go ahead
> parent: now unsynchronized from child
> spawn: returns {16963}
> 
> expect: does "" (spawn_id exp6) match glob pattern "Connection refused"? no
> "Unknown host\r\n"? no
> "Host is unreachable"? no
> "No address associated with name"? no
> "Are you sure you want to continue connecting .*"? no
> "Host key not found .* (yes/no)?"? no
> "HOST IDENTIFICATION HAS CHANGED.* (yes/no)?"? no
> "Offending key for .* (yes/no)?"? no
> "denied"? no
> " ### Login failed"? no
> "(login:)"? no
> "@[^\r\n]+[Pp]assword:"? no
> "[Pp]assword:"? no
> "~ $ "? no
> meskander at pwcolofgt100c's password:
> expect: does "meskander at pwcolofgt100c's password: " (spawn_id exp6) match glob pattern "Connection refused"? no
> "Unknown host\r\n"? no
> "Host is unreachable"? no
> "No address associated with name"? no
> "Are you sure you want to continue connecting .*"? no
> "Host key not found .* (yes/no)?"? no
> "HOST IDENTIFICATION HAS CHANGED.* (yes/no)?"? no
> "Offending key for .* (yes/no)?"? no
> "denied"? no
> " ### Login failed"? no
> "(login:)"? no
> "@[^\r\n]+[Pp]assword:"? yes
> expect: set expect_out(0,string) "@pwcolofgt100c's password:"
> expect: set expect_out(spawn_id) "exp6"
> expect: set expect_out(buffer) "meskander at pwcolofgt100c's password:"
> send: sending "G0ds at v3s\r" to { exp6 }
> expect: continuing expect
> 
> expect: does " " (spawn_id exp6) match glob pattern "Connection refused"? no
> "Unknown host\r\n"? no
> "Host is unreachable"? no
> "No address associated with name"? no
> "Are you sure you want to continue connecting .*"? no
> "Host key not found .* (yes/no)?"? no
> "HOST IDENTIFICATION HAS CHANGED.* (yes/no)?"? no
> "Offending key for .* (yes/no)?"? no
> "denied"? no
> " ### Login failed"? no
> "(login:)"? no
> "@[^\r\n]+[Pp]assword:"? no
> "[Pp]assword:"? no
> "~ $ "? no
> 
> 
> expect: does " \r\n" (spawn_id exp6) match glob pattern "Connection refused"? no
> "Unknown host\r\n"? no
> "Host is unreachable"? no
> "No address associated with name"? no
> "Are you sure you want to continue connecting .*"? no
> "Host key not found .* (yes/no)?"? no
> "HOST IDENTIFICATION HAS CHANGED.* (yes/no)?"? no
> "Offending key for .* (yes/no)?"? no
> "denied"? no
> " ### Login failed"? no
> "(login:)"? no
> "@[^\r\n]+[Pp]assword:"? no
> "[Pp]assword:"? no
> "~ $ "? no
> FGT100C3G0860259~ $
> expect: does " \r\nFGT100C3G0860259~ $ " (spawn_id exp6) match glob pattern "Connection refused"? no
> "Unknown host\r\n"? no
> "Host is unreachable"? no
> "No address associated with name"? no
> "Are you sure you want to continue connecting .*"? no
> "Host key not found .* (yes/no)?"? no
> "HOST IDENTIFICATION HAS CHANGED.* (yes/no)?"? no
> "Offending key for .* (yes/no)?"? no
> "denied"? no
> " ### Login failed"? no
> "(login:)"? no
> "@[^\r\n]+[Pp]assword:"? no
> "[Pp]assword:"? no
> "~ $ "? yes
> expect: set expect_out(0,string) "~ $ "
> expect: set expect_out(spawn_id) "exp6"
> expect: set expect_out(buffer) " \r\nFGT100C3G0860259~ $ "
> send: sending "\r" to { exp6 }
> 
> expect: does "" (spawn_id exp6) match regular expression "[\r\n]+"? no
> "^(.+~ $ )"? no
> 
> 
> expect: does "\r\r\n" (spawn_id exp6) match regular expression "[\r\n]+"? yes
> expect: set expect_out(0,string) "\r\r\n"
> expect: set expect_out(spawn_id) "exp6"
> expect: set expect_out(buffer) "\r\r\n"
> expect: continuing expect
> 
> expect: does "" (spawn_id exp6) match regular expression "[\r\n]+"? no
> "^(.+~ $ )"? no
> FGT100C3G0860259~ $
> expect: does "FGT100C3G0860259~ $ " (spawn_id exp6) match regular expression "[\r\n]+"? no
> "^(.+~ $ )"? no
> expect: timed out
> 
> Error: TIMEOUT reached
> write() failed to write anything - will sleep(1) and retry...
> [rancid at pwcolocacti bin]$
> 
> From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Jeff Moorse
> Sent: Monday, April 20, 2009 11:06 PM
> To: rancid-discuss at shrubbery.net
> Subject: [rancid] Re: Rancid with Fortigate Devices?
> 
> Anyone know what the correct syntax for the expect script would be to match prompt (assuming the string of #'s following FGT is variable)?
> 
> I have experienced similar problems
> 
> Thanks
> On Mon, Apr 20, 2009 at 10:45 AM, john heasley <heas at shrubbery.net<mailto:heas at shrubbery.net>> wrote:
> yep, your prompt is nFGT100C3G0860259~ $
> but the script expects ->
> 
> _______________________________________________
> Rancid-discuss mailing list
> Rancid-discuss at shrubbery.net<mailto:Rancid-discuss at shrubbery.net>
> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
> 
> 
> 
> --
> -- Jeff Moorse --

> _______________________________________________
> Rancid-discuss mailing list
> Rancid-discuss at shrubbery.net
> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss

More information about the Rancid-discuss mailing list