[rancid] Scripting clogin with bash and username/password

Alan McKinnon alan.mckinnon at gmail.com
Thu Feb 13 12:49:46 UTC 2014


On 13/02/2014 14:03, Andrew Ohnstad wrote:
> I'm not sure if I'm asking more of the tool than what's possible, or if
> I'm just missing the secret sauce. 
> 
> I've got rancid set up and working for archiving configs. I'm now trying
> to use clogin as part of a bash shell script to push configuration
> changes to a bunch of devices. The catch is that the devices are a) only
> reachable through ssh, and b) clogin must use a username and password
> provided as command line arguments and NOT any credentials stored in a
> .cloginrc file. This is a requirement so that the user pushing the
> updates can be logged. 
> 
> Is there a set of arguments to clogin that will tell it to ignore the
> username and password? I can get it to pass the specified username with
> the -u command, but by running with debugging turned on, I saw that it
> was still using the password in the .cloginrc file for all the logins.
> It seems to ignore every password related command line argument. 
> 
> Thanks in advance for any advice you can provide.  


Did you use this syntax:

clogin -u <username> -p <userpass> -e <enablepass> -c
<command1;command2...> routername

a) is not a problem. if you have method in .cloginrc as "telnet ssh" and
telnet fails, it tries ssh.

b) Personally I wouldn't use -p or -e, I'd let .cloginrc deal with that.
When a password is on the command line and visible to ps, or logged in a
log file, I consider that to be situation=game_over, but your needs may
be different



-- 
Alan McKinnon
alan.mckinnon at gmail.com



More information about the Rancid-discuss mailing list