[rancid] Mikrotik + ssh with cert + rancid + as rancid user = can not login ?

Lukasz Sokol el.es.cr at gmail.com
Fri Mar 13 21:32:58 UTC 2015


Hi heasley,

On Fri, Mar 13, 2015 at 8:43 PM, heasley <heas at shrubbery.net> wrote:
>
> Fri, Mar 13, 2015 at 05:07:19PM +0000, Lukasz Sokol:
> > Actually
> >
> > - it's mtlogin that does not seem to pass -i to ssh at all
>
> indeed it doesnt; contributed code.
>
> does this patch work?
>
Thank you, I've no way to check right now - but will check on Monday
(GMT is my time zone)
(unless someone else who cares, beats me to it)

Kind Regards,

el es
-- 
(intentionally put below sig delimiter)
>
> Index: bin/mtlogin.in
> ===================================================================
> --- bin/mtlogin.in      (revision 3056)
> +++ bin/mtlogin.in      (working copy)
> @@ -119,7 +119,10 @@
>             set do_passwd 0
>         # ssh passphrase
>         } -r* {
> -           # ignore -r
> +           if {! [regexp .\[rR\](.+) $arg ignore passphrase]} {
> +               incr i
> +               set avpassphrase [lindex $argv $i]
> +           }
>         # Version string
>         } -V* {
>             send_user "rancid 2.3.2a9\n"
> @@ -290,7 +293,7 @@
>
>  # Log into the router.
>  # returns: 0 on success, 1 on failure
> -proc login { router user userpswd passwd prompt cmethod cyphertype } {
> +proc login { router user userpswd passwd prompt cmethod cyphertype identfile } {
>      global spawn_id in_proc do_command do_script
>      global u_prompt p_prompt sshcmd
>      set in_proc 1
> @@ -312,10 +315,20 @@
>                 return 1
>             }
>         } elseif ![string compare $prog "ssh"] {
> -            if [ catch {spawn $sshcmd -c $cyphertype -x -l $user+ct $router} reason ] {
> -                send_user "\nError: $sshcmd failed: $reason\n"
> -                return 1
> -            }
> +           # ssh to the router & try to login with or without an identfile.
> +           regexp {ssh(:([^[:space:]]+))*} $prog methcmd suffix port
> +           set cmd $sshcmd
> +           if {"$port" != ""} {
> +               set cmd "$cmd -p $port"
> +           }
> +           if {"$identfile" != ""} {
> +               set cmd "$cmd -i $identfile"
> +           }
> +           set retval [catch {eval spawn [split "$cmd -c $cyphertype -x -l $user+ct $router" { }]} reason]
> +           if { $retval } {
> +               send_user "\nError: $cmd failed: $reason\n"
> +               return 1
> +           }
>         } elseif ![string compare $prog "rsh"] {
>             send_error "\nError: unsupported method: rsh\n"
>             if { $progs == 0 } {
> @@ -527,6 +540,19 @@
>         set p_prompt [join [lindex $p_prompt 0] ""]
>      }
>
> +    # Figure out identity file to use
> +    set identfile [join [lindex [find identity $router] 0] ""]
> +
> +    # Figure out passphrase to use
> +    if {[info exists avpassphrase]} {
> +       set passphrase $avpassphrase
> +    } else {
> +       set passphrase [join [lindex [find passphrase $router] 0] ""]
> +    }
> +    if { ! [string length "$passphrase"]} {
> +       set passphrase $passwd
> +    }
> +
>      # Figure out cypher type
>      if {[info exists cypher]} {
>        # command line cypher type
> @@ -545,7 +571,7 @@
>      if { "$sshcmd" == "" } { set sshcmd {ssh} }
>
>      # Login to the router
> -    if {[login $router $ruser $userpswd $passwd $prompt $cmethod $cyphertype]} {
> +    if {[login $router $ruser $userpswd $passwd $prompt $cmethod $cyphertype $identfile]} {
>         incr exitval
>         continue
>      }
>


More information about the Rancid-discuss mailing list