[rancid] Rancid 2.3.8 FreeBSD 10.1 Cisco Pix 506e

Tue Jul 14 23:27:53 UTC 2015

I saw it a while back and completely forgot.  Going to fix.

Andrew Meyer
andrewm659 at gmail.com
ameyer at tsg2.com
314-266-4837

On Tue, Jul 14, 2015 at 6:27 PM, Aaron Wasserott <
aaron.wasserott at viawest.com> wrote:

>  Did you see this notice on the RANCID page? Sounds like that could be
> your issue.
>
>
>
> *NOTE: For rancid >= 2.3, you must use expect >= 5.40. Versions prior to
> this appear to have a regex handling bug that affects the ability of clogin
> to parse CLI prompts.*
>
>
>
> http://www.shrubbery.net/rancid/
>
>
>
> *From:* Andrew Meyer [mailto:andrewm659 at gmail.com]
> *Sent:* Tuesday, July 14, 2015 4:25 PM
> *To:* Aaron Wasserott
> *Cc:* rancid-discuss at googlegroups.com
> *Subject:* Re: [rancid] Rancid 2.3.8 FreeBSD 10.1 Cisco Pix 506e
>
>
>
> The issue is the pix i'm connecting to is using ssh 1.0 and is not
> working.  Here is the output i'm getting
>
>
>
> [rancid at tsg-monitoring01 ~]$ /usr/local/libexec/rancid/clogin -d -c "show
> run" 10.20.30.1
>
> 10.20.30.1
>
> spawn ssh -c 3des -x -l rancid 10.20.30.1
>
> parent: waiting for sync byte
>
> parent: telling child to go ahead
>
> parent: now unsynchronized from child
>
> spawn: returns {35121}
>
> Gate keeper glob pattern for '^<-+ More -+>[^
>
> ]*' is ''. Not usable, disabling the performance booster.
>
> Gate keeper glob pattern for '(Connection refused|Secure connection [^
>
> ]+ refused)' is ''. Not usable, disabling the performance booster.
>
> Gate keeper glob pattern for '(Connection closed by|Connection to [^
>
> ]+ closed)' is ''. Not usable, disabling the performance booster.
>
> Gate keeper glob pattern for '(Host key not found |The authenticity of
> host .* be established).* \(yes/no\)\?' is ''. Not usable, disabling the
> performance booster.
>
> Gate keeper glob pattern for 'HOST IDENTIFICATION HAS CHANGED.*
> \(yes/no\)\?' is 'HOST IDENTIFICATION HAS CHANGED* (yes/no)\?'. Activating
> booster.
>
> Gate keeper glob pattern for 'HOST IDENTIFICATION HAS CHANGED[^
>
> ]+' is 'HOST IDENTIFICATION HAS CHANGED*'. Activating booster.
>
> Gate keeper glob pattern for 'Offending key for .* \(yes/no\)\?' is
> 'Offending key for * (yes/no)\?'. Activating booster.
>
> Gate keeper glob pattern for '(denied|Sorry)' is ''. Not usable, disabling
> the performance booster.
>
> Gate keeper glob pattern for '% (Bad passwords|Authentication failed)' is
> ''. Not usable, disabling the performance booster.
>
> Gate keeper glob pattern for 'Enter Selection: ' is 'Enter Selection: '.
> Activating booster.
>
> Gate keeper glob pattern for 'Last login:' is 'Last login:'. Activating
> booster.
>
> Gate keeper glob pattern for '@[^
>
> ]+ ([Pp]assword|passwd|Enter password for [^ :]+):' is ''. Not usable,
> disabling the performance booster.
>
> Gate keeper glob pattern for 'Enter passphrase.*: ' is 'Enter passphrase*:
> '. Activating booster.
>
> Gate keeper glob pattern for '(Username|Login|login|user name|User):' is
> ''. Not usable, disabling the performance booster.
>
> Gate keeper glob pattern for '([Pp]assword|passwd|Enter password for [^
> :]+):' is ''. Not usable, disabling the performance booster.
>
> Gate keeper glob pattern for '(>|#| \(enable\))' is ''. Not usable,
> disabling the performance booster.
>
>
>
> expect: does "" (spawn_id exp6) match regular expression "^<-+ More
> -+>[^\n\r]*"? (No Gate, RE only) gate=yes re=no
>
> "(Connection refused|Secure connection [^\n\r]+ refused)"? (No Gate, RE
> only) gate=yes re=no
>
> "(Connection closed by|Connection to [^\n\r]+ closed)"? (No Gate, RE only)
> gate=yes re=no
>
>
>
> expect: does "" (spawn_id exp6) match glob pattern "unknown host\r"? no
>
>
>
> expect: does "" (spawn_id exp6) match glob pattern "Host is unreachable"?
> no
>
> "No address associated with name"? no
>
> "(Host key not found |The authenticity of host .* be established).*
> \(yes/no\)\?"? (No Gate, RE only) gate=yes re=no
>
> "HOST IDENTIFICATION HAS CHANGED.* \(yes/no\)\?"? Gate "HOST
> IDENTIFICATION HAS CHANGED* (yes/no)\?"? gate=no
>
> "HOST IDENTIFICATION HAS CHANGED[^\n\r]+"? Gate "HOST IDENTIFICATION HAS
> CHANGED*"? gate=no
>
> "Offending key for .* \(yes/no\)\?"? Gate "Offending key for *
> (yes/no)\?"? gate=no
>
> "(denied|Sorry)"? (No Gate, RE only) gate=yes re=no
>
> "Login failed"? no
>
> "% (Bad passwords|Authentication failed)"? (No Gate, RE only) gate=yes
> re=no
>
> "Press any key to continue"? no
>
> "Enter Selection: "? Gate "Enter Selection: "? gate=no
>
> "Last login:"? Gate "Last login:"? gate=no
>
> "@[^\r\n]+ ([Pp]assword|passwd|Enter password for [^ :]+):"? (No Gate, RE
> only) gate=yes re=no
>
> "Enter passphrase.*: "? Gate "Enter passphrase*: "? gate=no
>
> "(Username|Login|login|user name|User):"? (No Gate, RE only) gate=yes re=no
>
> "([Pp]assword|passwd|Enter password for [^ :]+):"? (No Gate, RE only)
> gate=yes re=no
>
> "(>|#| \(enable\))"? (No Gate, RE only) gate=yes re=no
>
> "Login invalid"? no
>
> expect: timed out
>
>
>
> Error: TIMEOUT reached
>
>
>
>
>
> Andrew Meyer
> andrewm659 at gmail.com
> ameyer at tsg2.com
> 314-266-4837
>
>
>
> On Tue, Jul 14, 2015 at 5:20 PM, Aaron Wasserott <
> aaron.wasserott at viawest.com> wrote:
>
> This is all I use to run simple one-liners and tests against a device:
>
>
>
> /usr/local/rancid/bin/clogin -c "show run" 10.20.30.1
>
>
>
> Have you checked the log file for the device that doesn’t work? Rancid is
> usually pretty good about providing a hint as to the issue.
>
>
>
> When testing via clogin, make sure to test against the same hostname used
> in your router.db file. Helps to point out any DNS or stale SSH key issues
> that might be the cause.
>
>
>
> Another thing, if you switch to rancid using su you should use – to ensure
> you get all the proper envvars – that way you shouldn’t need to specify
> path to .cloginrc.
>
>
>
> *From:* Rancid-discuss [mailto:rancid-discuss-bounces at shrubbery.net] *On
> Behalf Of *Andrew Meyer
> *Sent:* Monday, July 13, 2015 3:15 PM
> *To:* rancid-discuss at googlegroups.com
> *Subject:* [rancid] Rancid 2.3.8 FreeBSD 10.1 Cisco Pix 506e
>
>
>
> For some reason 1 of the Pix 506e I have won't work with RANCID. I got it
> working on another.  I'm not sure what is going on. When I try the clogin
> cmd it times out.
>
>
>
> Also, I'm trying to get it to use SSHv1.
>
>
>
> [rancid at tsg-monitoring01 ~]$ /usr/local/libexec/rancid/clogin -t 120 -c
> "show run" 10.20.30.1
>
> 10.20.30.1
>
> spawn ssh -c 3des -x -l rancid 10.20.30.1
>
> ^C[rancid at tsg-monitoring01 ~]$ /usr/local/libexec/rancid/clogin -t 120 -c
> "show run" 10.20.30.1 -1
>
> 10.20.30.1
>
> spawn ssh -c 3des -x -l rancid 10.20.30.1
>
> ^C[rancid at tsg-monitoring01 ~]$ /usr/local/libexec/rancid/clogin -f
> .cloginrc -t 120 -c "show run" 10.20.30.1 -1
>
> 10.20.30.1
>
> spawn ssh -c 3des -x -l rancid 10.20.30.1
>
> ^C[rancid at tsg-monitoring01 ~]$ /usr/local/libexec/rancid/clogin -t 120 -x
> -1 -c "show run" 10.20.30.1 -1
>
>
>
>
>
> Can someone tell me the syntax?  I have it in the .cloginrc file but its
> not taking.
>
> This message contains information that may be confidential, privileged or
> otherwise protected by law from disclosure. It is intended for the
> exclusive use of the addressee(s). Unless you are the addressee or
> authorized agent of the addressee, you may not review, copy, distribute or
> disclose to anyone the message or any information contained within. If you
> have received this message in error, please contact the sender by
> electronic reply and immediately delete all copies of the message.
>
>
>  This message contains information that may be confidential, privileged
> or otherwise protected by law from disclosure. It is intended for the
> exclusive use of the addressee(s). Unless you are the addressee or
> authorized agent of the addressee, you may not review, copy, distribute or
> disclose to anyone the message or any information contained within. If you
> have received this message in error, please contact the sender by
> electronic reply and immediately delete all copies of the message.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20150714/a7dd944b/attachment.html>