[rancid] SSH public-keys

Michael Maymann michael at maymann.org
Tue Jan 10 13:33:22 UTC 2012 

Hi Tyler,

ok... I will try to give it a shot...
What about HP Procurve "Freeze"... can anyone help with this...?

Thanks in advance :-)!
~maymann

2012/1/10 Tyler J. Wagner <tyler at tolaris.com>

> Reading /usr/lib/rancid/bin/clogin, I don't see any intelligence for using
> SSH keys. Sorry, if you want that, you'll have to add it. Patches would no
> doubt be welcome.
>
> Tyler
>
> On 2012-01-10 13:11, Michael Maymann wrote:
> > Hi Tyler,
> >
> > Thanks for your reply...:-) !
> >
> > Same thing happens as for my network user...:
> > 1. yes
> > 2. no (clogin/hlogin requires a .cloginrc file with username/password to
> > run) - and my best bet is that this is what it uses currently... so no
> > ssh-keys using clogin/hlogin (from wither network user, root, rancid...).
> > Furthermore prompt is also "hanging" and it doesn't parse the -c "sh ver"
> > that works fine from normal ssh...
> > 3. same as network user/root
> >
> > So key-sharing is working fine... but don't know how to utilize it/bypass
> > .cloginrc in rancid...
> > Just hoping that there is a way... - would'nt like to manually edit
> scripts
> > every time i update Rancid... and I don't know expect that well
> either...:-) !
> >
> > Thanks in advance :-) !
> > ~maymann
> >
> > 2012/1/10 Tyler J. Wagner <tyler at tolaris.com <mailto:tyler at tolaris.com>>
> >
> >     Michael,
> >
> >     I've not tried using clogin/hlogin with SSH keys, but I know a great
> deal
> >     about SSH. Assuming that clogin will use a key if present (a big if):
> >
> >     1. Can you login with the SSH key using ssh as the root user?
> >     2. Can you login with the SSH key using clogin as the root user?
> >     3. What about as the rancid user?
> >
> >     Regards,
> >     Tyler
> >
> >     On 2012-01-10 08 <tel:2012-01-10%2008>:17, Michael Maymann wrote:
> >     > I'm running on rhel-5u7-x64.
> >     > Anyone...?
> >     >
> >     >
> >     > Thanks in advance :-)
> >     > ~maymann
> >     >
> >     > 2012/1/9 Michael Maymann <michael at maymann.org
> >     <mailto:michael at maymann.org> <mailto:michael at maymann.org
> >     <mailto:michael at maymann.org>>>
> >     >
> >     >     hlogin -w <USR> -c "sh ver" <HOSTNAME>:
> >     >     ---
> >     >     <HOSTNAME>
> >     >     spawn hpuifilter -- ssh -c 3des -x -l <USR> <HOSTNAME>
> >     >     We'd like to keep you up to date about:
> >     >       * Software feature updates
> >     >       * New product announcements
> >     >       * Special events
> >     >
> >     >     Please register your products now at:  www.ProCurve.com
> >     <http://www.ProCurve.com>
> >     >     <http://www.ProCurve.com>
> >     >
> >     >
> >     >     ProCurve J8697A Switch 5406zl
> >     >     Software revision K.15.02.0005
> >     >
> >     >     Copyright (C) 1991-2010 Hewlett-Packard Co.  All Rights
> Reserved.
> >     >
> >     >                                RESTRICTED RIGHTS LEGEND
> >     >
> >     >      Use, duplication, or disclosure by the Government is subject
> to
> >     >     restrictions
> >     >      as set forth in subdivision (b) (3) (ii) of the Rights in
> Technical
> >     >     Data and
> >     >      Computer Software clause at 52.227-7013.
> >     >
> >     >              HEWLETT-PACKARD COMPANY, 3000 Hanover St., Palo Alto,
> CA
> >     94303
> >     >
> >     >     Press any key to continue<HOSTNAME>#
> >     >     ---
> >     >     Just "hangs" there...
> >     >
> >     >
> >     >     ssh <USR>@<HOSTNAME>:
> >     >     ---
> >     >     We'd like to keep you up to date about:
> >     >       * Software feature updates
> >     >       * New product announcements
> >     >       * Special events
> >     >
> >     >     Please register your products now at:  www.ProCurve.com
> >     <http://www.ProCurve.com>
> >     >     <http://www.ProCurve.com>
> >     >               ProCurve J8697A Switch 5406zl
> >     >     Software revision K.15.02.0005
> >     >
> >     >     Copyright (C) 1991-2010 Hewlett-Packard Co.  All Rights
> Reserved.
> >     >
> >     >                                RESTRICTED RIGHTS LEGEND
> >     >
> >     >      Use, duplication, or disclosure by the Government is subject
> to
> >     >     restrictions
> >     >      as set forth in subdivision (b) (3) (ii) of the Rights in
> Technical
> >     >     Data and
> >     >      Computer Software clause at 52.227-7013.
> >     >
> >     >              HEWLETT-PACKARD COMPANY, 3000 Hanover St., Palo Alto,
> CA
> >     94303
> >     >     Press any key to continue
> >     >     <HOSTNAME># sh ver
> >     >     Image stamp:    /sw/code/build/btm(K_15_02)
> >     >                     Oct 20 2010 16:19:41
> >     >                     K.15.02.0005
> >     >                     121
> >     >     Boot Image:     Primary
> >     >     <HOSTNAME># logout
> >     >     Do you want to log out [y/n]? y
> >     >     Connection to <HOSTNAME> closed.
> >     >     ---
> >     >     So SSH is working fine...
> >     >     I'm running Rancid 2.3.6... hlogin=$Id: hlogin.in
> >     <http://hlogin.in> <http://hlogin.in>
> >     >     2251 2010-10-01 19:26:36Z heas $
> >     >     Could there be a problem with HP Procurve 5406zl hlogin script
> >     >     somewhere... or can someone actually confirm this to be
> working on
> >     >     their 5406zl ?
> >     >
> >     >     Furthermore, I would like to run hlogin+clogin wihout having to
> >     >     configure anything inside .cloginrc... is this possible
> somehow ?
> >     >
> >     >
> >     >     Thanks in advance... :-) !
> >     >     ~maymann
> >     >
> >     >
> >     >     2012/1/9 Michael Maymann <michael at maymann.org
> >     <mailto:michael at maymann.org> <mailto:michael at maymann.org
> >     <mailto:michael at maymann.org>>>
> >     >
> >     >         Hi List,
> >     >
> >     >         We have a setup where we have destributed 4096 bit RSA
> >     public-keys
> >     >         to all our equipment from a network-user for optimanl
> security.
> >     >         Our equipment is already in a DB and we have a scripting
> >     >         environment that figures out the vendor/model/type for us
> >     already.
> >     >         1. Can I use rancid without using .cloginrc (e.g. directly
> from
> >     >         commandline) - how... ?
> >     >         2. Alternatively, can I configure .cloginrc with
> ssh-keysharing -
> >     >         how... ?
> >     >
> >     >         We will need to connect to HP ProCurve (hlogin) and Cisco
> >     (clogin)...
> >     >
> >     >
> >     >         Thanks in advance :-) !
> >     >
> >     >         ~maymann
> >     >
> >     >
> >     >
> >     >
> >     >
> >     > _______________________________________________
> >     > Rancid-discuss mailing list
> >     > Rancid-discuss at shrubbery.net <mailto:Rancid-discuss at shrubbery.net>
> >     > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
> >
> >     --
> >     "[...] we are not attacking the corporations, but endeavoring to do
> >     away with any evil in them. We are not hostile to them; we are merely
> >     determined that they shall be so handled as to subserve the public
> >     good. We draw the line against misconduct, not against wealth."
> >       -- Theodore Roosevelt
> >
> >
>
> --
> "I respect you too much to respect your ridiculous ideas."
>   -- Johann Hari
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20120110/bcf69d71/attachment.html>

More information about the Rancid-discuss mailing list