[rancid] SSH public-keys

Tyler J. Wagner tyler at tolaris.com
Tue Jan 10 09:26:02 UTC 2012


Michael,

I've not tried using clogin/hlogin with SSH keys, but I know a great deal
about SSH. Assuming that clogin will use a key if present (a big if):

1. Can you login with the SSH key using ssh as the root user?
2. Can you login with the SSH key using clogin as the root user?
3. What about as the rancid user?

Regards,
Tyler

On 2012-01-10 08:17, Michael Maymann wrote:
> I'm running on rhel-5u7-x64.
> Anyone...?
> 
> 
> Thanks in advance :-)
> ~maymann
> 
> 2012/1/9 Michael Maymann <michael at maymann.org <mailto:michael at maymann.org>>
> 
>     hlogin -w <USR> -c "sh ver" <HOSTNAME>:
>     ---
>     <HOSTNAME>
>     spawn hpuifilter -- ssh -c 3des -x -l <USR> <HOSTNAME>
>     We'd like to keep you up to date about:
>       * Software feature updates
>       * New product announcements
>       * Special events
> 
>     Please register your products now at:  www.ProCurve.com
>     <http://www.ProCurve.com>
> 
> 
>     ProCurve J8697A Switch 5406zl
>     Software revision K.15.02.0005
> 
>     Copyright (C) 1991-2010 Hewlett-Packard Co.  All Rights Reserved.
> 
>                                RESTRICTED RIGHTS LEGEND
> 
>      Use, duplication, or disclosure by the Government is subject to
>     restrictions
>      as set forth in subdivision (b) (3) (ii) of the Rights in Technical
>     Data and
>      Computer Software clause at 52.227-7013.
> 
>              HEWLETT-PACKARD COMPANY, 3000 Hanover St., Palo Alto, CA 94303
> 
>     Press any key to continue<HOSTNAME>#
>     ---
>     Just "hangs" there...
> 
> 
>     ssh <USR>@<HOSTNAME>:
>     ---
>     We'd like to keep you up to date about:
>       * Software feature updates
>       * New product announcements
>       * Special events
> 
>     Please register your products now at:  www.ProCurve.com
>     <http://www.ProCurve.com>
>               ProCurve J8697A Switch 5406zl
>     Software revision K.15.02.0005
> 
>     Copyright (C) 1991-2010 Hewlett-Packard Co.  All Rights Reserved.
> 
>                                RESTRICTED RIGHTS LEGEND
> 
>      Use, duplication, or disclosure by the Government is subject to
>     restrictions
>      as set forth in subdivision (b) (3) (ii) of the Rights in Technical
>     Data and
>      Computer Software clause at 52.227-7013.
> 
>              HEWLETT-PACKARD COMPANY, 3000 Hanover St., Palo Alto, CA 94303
>     Press any key to continue
>     <HOSTNAME># sh ver
>     Image stamp:    /sw/code/build/btm(K_15_02)
>                     Oct 20 2010 16:19:41
>                     K.15.02.0005
>                     121
>     Boot Image:     Primary
>     <HOSTNAME># logout
>     Do you want to log out [y/n]? y
>     Connection to <HOSTNAME> closed.
>     ---
>     So SSH is working fine...
>     I'm running Rancid 2.3.6... hlogin=$Id: hlogin.in <http://hlogin.in>
>     2251 2010-10-01 19:26:36Z heas $
>     Could there be a problem with HP Procurve 5406zl hlogin script
>     somewhere... or can someone actually confirm this to be working on
>     their 5406zl ?
> 
>     Furthermore, I would like to run hlogin+clogin wihout having to
>     configure anything inside .cloginrc... is this possible somehow ?
> 
> 
>     Thanks in advance... :-) !
>     ~maymann
> 
> 
>     2012/1/9 Michael Maymann <michael at maymann.org <mailto:michael at maymann.org>>
> 
>         Hi List,
> 
>         We have a setup where we have destributed 4096 bit RSA public-keys
>         to all our equipment from a network-user for optimanl security.
>         Our equipment is already in a DB and we have a scripting
>         environment that figures out the vendor/model/type for us already.
>         1. Can I use rancid without using .cloginrc (e.g. directly from
>         commandline) - how... ?
>         2. Alternatively, can I configure .cloginrc with ssh-keysharing -
>         how... ?
> 
>         We will need to connect to HP ProCurve (hlogin) and Cisco (clogin)...
> 
> 
>         Thanks in advance :-) !
> 
>         ~maymann
> 
> 
> 
> 
> 
> _______________________________________________
> Rancid-discuss mailing list
> Rancid-discuss at shrubbery.net
> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss

-- 
"[...] we are not attacking the corporations, but endeavoring to do
away with any evil in them. We are not hostile to them; we are merely
determined that they shall be so handled as to subserve the public
good. We draw the line against misconduct, not against wealth."
   -- Theodore Roosevelt


More information about the Rancid-discuss mailing list