[rancid] #' in my login banner
Alan McKinnon
alan.mckinnon at gmail.com
Wed Dec 11 17:51:05 UTC 2013
I see no-one has responded with an answer to your question.
I think the reason is that code cannot deal with ">" and "#" characters
in a banner in any sane way that gives consistent results. For rancid to
function properly, it has to know what the shell prompt is exactly for a
given device, and to do that it has to parse the entire text output.
The only tool available to detect the prompt is pattern matching which
inevitably means a regex. As a perl regex this is
^[-a-zA-Z0-9]*[>#]
and that's assuming the prompt is the hostname.
rancid has no way of knowing where the banner ends and cannot
distinguish between a trailing > or # on a line in a banner and a prompt
and the regex above could easily satisfy many possible lines in banners.
One can find ways around this but all you are really doing is defining
constraints on what may and may not be in a banner, and to make matters
worse those constraints won't be useful in general.
However, there is already a constraint in place about banners that
networking people generally agree on, and that is "do not put > or # in
banners"
I'm afraid you really have no sensible choice in the matter if you want
rancid to work, you have to accept this constraint. Think of it in the
same wise as hostnames - you can't put a space in those as things break
horribly.
Don't try and change sensible code, rather change whatever local
business rule gave you an invalid banner.
On 09/12/2013 17:48, Chip Pleasants wrote:
> I have a # in my login banner and I'm hoping someone could be so kind to
> assist me in adjusting clogin to accept the hash character in banner. I
> am hoping to remove the hash character from the banner in future, but
> right now I cannot. Below is the debug output. I'm using 2.3.6 on
> 12.0.4 Ubuntu apt-get package. I read though several posts and
> attempted to apply the patch from
> thread http://www.shrubbery.net/pipermail/rancid-discuss/2013-November/007277.html without
> luck. Looks like the patch is for 2.3.8, which may be an option if 2.3.6
> isn't going to fly. Any assistance is greatly appreciated.
>
> -Chip
>
>
>
> rancid at rancid-server:/var/lib/rancid/bin$ ./clogin -d 10.2.200.2
> 10.2.200.2
> spawn ssh -c 3des -x -l rancid-user 10.2.200.2
> parent: waiting for sync byte
> parent: telling child to go ahead
> parent: now unsynchronized from child
> spawn: returns {13962}
> Gate keeper glob pattern for '(Connection refused|Secure connection [^
> ]+ refused)' is ''. Not usable, disabling the performance booster.
> Gate keeper glob pattern for '(Connection closed by|Connection to [^
> ]+ closed)' is ''. Not usable, disabling the performance booster.
> Gate keeper glob pattern for '(Host key not found |The authenticity of
> host .* be established).*(yes/no)?' is ''. Not usable, disabling the
> performance booster.
> Gate keeper glob pattern for 'HOST IDENTIFICATION HAS CHANGED.*
> (yes/no)?' is 'HOST IDENTIFICATION HAS CHANGED* *'. Activating booster.
> Gate keeper glob pattern for 'Offending key for .* (yes/no)?' is
> 'Offending key for * *'. Activating booster.
> Gate keeper glob pattern for '(denied|Sorry)' is ''. Not usable,
> disabling the performance booster.
> Gate keeper glob pattern for '% (Bad passwords|Authentication failed)'
> is ''. Not usable, disabling the performance booster.
> Gate keeper glob pattern for 'Enter Selection: ' is 'Enter Selection: '.
> Activating booster.
> Gate keeper glob pattern for 'Last login:' is 'Last login:'. Activating
> booster.
> Gate keeper glob pattern for '@[^
> ]+ ([Pp]assword|passwd|Enter password for [^ :]+):' is ''. Not usable,
> disabling the performance booster.
> Gate keeper glob pattern for 'Enter passphrase.*: ' is 'Enter
> passphrase*: '. Activating booster.
> Gate keeper glob pattern for '(Username|Login|login|user name|User):' is
> ''. Not usable, disabling the performance booster.
> Gate keeper glob pattern for '([Pp]assword|passwd|Enter password for [^
> :]+):' is ''. Not usable, disabling the performance booster.
> Gate keeper glob pattern for '(>|#| \(enable\))' is ''. Not usable,
> disabling the performance booster.
>
> expect: does "" (spawn_id exp6) match regular expression "(Connection
> refused|Secure connection [^\n\r]+ refused)"? (No Gate, RE only)
> gate=yes re=no
> "(Connection closed by|Connection to [^\n\r]+ closed)"? (No Gate, RE
> only) gate=yes re=no
>
> expect: does "" (spawn_id exp6) match glob pattern "unknown host\r"? no
>
> expect: does "" (spawn_id exp6) match glob pattern "Host is unreachable"? no
> "No address associated with name"? no
> "(Host key not found |The authenticity of host .* be
> established).*(yes/no)?"? (No Gate, RE only) gate=yes re=no
> "HOST IDENTIFICATION HAS CHANGED.* (yes/no)?"? Gate "HOST IDENTIFICATION
> HAS CHANGED* *"? gate=no
> "Offending key for .* (yes/no)?"? Gate "Offending key for * *"? gate=no
> "(denied|Sorry)"? (No Gate, RE only) gate=yes re=no
> "Login failed"? no
> "% (Bad passwords|Authentication failed)"? (No Gate, RE only) gate=yes re=no
> "Press any key to continue"? no
> "Enter Selection: "? Gate "Enter Selection: "? gate=no
> "Last login:"? Gate "Last login:"? gate=no
> "@[^\r\n]+ ([Pp]assword|passwd|Enter password for [^ :]+):"? (No Gate,
> RE only) gate=yes re=no
> "Enter passphrase.*: "? Gate "Enter passphrase*: "? gate=no
> "(Username|Login|login|user name|User):"? (No Gate, RE only) gate=yes re=no
> "([Pp]assword|passwd|Enter password for [^ :]+):"? (No Gate, RE only)
> gate=yes re=no
> "(>|#| \(enable\))"? (No Gate, RE only) gate=yes re=no
> "Login invalid"? no
>
> ##############
> # Rev 3(1-5) #
> ##############
>
> expect: does "\r\r\n##############\r\r\n# Rev 3(1-5)
> #\r\r\n##############\r\r\n" (spawn_id exp6) match regular expression
> "(Connection refused|Secure connection [^\n\r]+ refused)"? (No Gate, RE
> only) gate=yes re=no
> "(Connection closed by|Connection to [^\n\r]+ closed)"? (No Gate, RE
> only) gate=yes re=no
>
> expect: does "\r\r\n##############\r\r\n# Rev 3(1-5)
> #\r\r\n##############\r\r\n" (spawn_id exp6) match glob pattern "unknown
> host\r"? no
>
> expect: does "\r\r\n##############\r\r\n# Rev 3(1-5)
> #\r\r\n##############\r\r\n" (spawn_id exp6) match glob pattern "Host is
> unreachable"? no
> "No address associated with name"? no
> "(Host key not found |The authenticity of host .* be
> established).*(yes/no)?"? (No Gate, RE only) gate=yes re=no
> "HOST IDENTIFICATION HAS CHANGED.* (yes/no)?"? Gate "HOST IDENTIFICATION
> HAS CHANGED* *"? gate=no
> "Offending key for .* (yes/no)?"? Gate "Offending key for * *"? gate=no
> "(denied|Sorry)"? (No Gate, RE only) gate=yes re=no
> "Login failed"? no
> "% (Bad passwords|Authentication failed)"? (No Gate, RE only) gate=yes re=no
> "Press any key to continue"? no
> "Enter Selection: "? Gate "Enter Selection: "? gate=no
> "Last login:"? Gate "Last login:"? gate=no
> "@[^\r\n]+ ([Pp]assword|passwd|Enter password for [^ :]+):"? (No Gate,
> RE only) gate=yes re=no
> "Enter passphrase.*: "? Gate "Enter passphrase*: "? gate=no
> "(Username|Login|login|user name|User):"? (No Gate, RE only) gate=yes re=no
> "([Pp]assword|passwd|Enter password for [^ :]+):"? (No Gate, RE only)
> gate=yes re=no
> "(>|#| \(enable\))"? (No Gate, RE only) gate=yes re=yes
> expect: set expect_out(0,string) "#"
> expect: set expect_out(1,string) "#"
> expect: set expect_out(spawn_id) "exp6"
> expect: set expect_out(buffer) "\r\r\n#"
> send: sending "\r" to { exp6 }
> Gate keeper glob pattern for '[
> ]+' is ''. Not usable, disabling the performance booster.
> Gate keeper glob pattern for '^(.+[:.])1 ((>|#| \(enable\)))' is ''. Not
> usable, disabling the performance booster.
> Gate keeper glob pattern for '^.+(>|#| \(enable\))' is ''. Not usable,
> disabling the performance booster.
>
> expect: does "#############\r\r\n# Rev 3(1-5)
> #\r\r\n##############\r\r\n" (spawn_id exp6) match regular expression
> "[\r\n]+"? (No Gate, RE only) gate=yes re=yes
> expect: set expect_out(0,string) "\r\r\n"
> expect: set expect_out(spawn_id) "exp6"
> expect: set expect_out(buffer) "#############\r\r\n"
> expect: continuing expect
>
> expect: does "# Rev 3(1-5) #\r\r\n##############\r\r\n" (spawn_id exp6)
> match regular expression "[\r\n]+"? (No Gate, RE only) gate=yes re=yes
> expect: set expect_out(0,string) "\r\r\n"
> expect: set expect_out(spawn_id) "exp6"
> expect: set expect_out(buffer) "# Rev 3(1-5) #\r\r\n"
> expect: continuing expect
>
> expect: does "##############\r\r\n" (spawn_id exp6) match regular
> expression "[\r\n]+"? (No Gate, RE only) gate=yes re=yes
> expect: set expect_out(0,string) "\r\r\n"
> expect: set expect_out(spawn_id) "exp6"
> expect: set expect_out(buffer) "##############\r\r\n"
> expect: continuing expect
>
> expect: does "" (spawn_id exp6) match regular expression "[\r\n]+"? (No
> Gate, RE only) gate=yes re=no
> "^(.+[:.])1 ((>|#| \(enable\)))"? (No Gate, RE only) gate=yes re=no
> "^.+(>|#| \(enable\))"? (No Gate, RE only) gate=yes re=no
>
>
> expect: does "\r\n" (spawn_id exp6) match regular expression "[\r\n]+"?
> (No Gate, RE only) gate=yes re=yes
> expect: set expect_out(0,string) "\r\n"
> expect: set expect_out(spawn_id) "exp6"
> expect: set expect_out(buffer) "\r\n"
> expect: continuing expect
>
> expect: does "" (spawn_id exp6) match regular expression "[\r\n]+"? (No
> Gate, RE only) gate=yes re=no
> "^(.+[:.])1 ((>|#| \(enable\)))"? (No Gate, RE only) gate=yes re=no
> "^.+(>|#| \(enable\))"? (No Gate, RE only) gate=yes re=no
> Password:
> expect: does "Password: " (spawn_id exp6) match regular expression
> "[\r\n]+"? (No Gate, RE only) gate=yes re=no
> "^(.+[:.])1 ((>|#| \(enable\)))"? (No Gate, RE only) gate=yes re=no
> "^.+(>|#| \(enable\))"? (No Gate, RE only) gate=yes re=no
> expect: timed out
>
> Error: TIMEOUT reached
>
>
> _______________________________________________
> Rancid-discuss mailing list
> Rancid-discuss at shrubbery.net
> http://www.shrubbery.net/mailman/listinfo/rancid-discuss
>
--
Alan McKinnon
alan.mckinnon at gmail.com
More information about the Rancid-discuss
mailing list