[rancid] Debugging Logins for netscreen and procurve switches

heasley heas at shrubbery.net
Wed Aug 17 06:24:37 UTC 2016 

Mon, Aug 15, 2016 at 07:51:44PM +0000, Remsik,Robert:
> Using the FAQ as a reference (thank you) I was able generate a string that I can use to login to the device manually.
> 
> 
> $ssh -v -oHostKeyAlgorithms=+ssh-dss -oKexAlgorithms=+diffie-hellman-group1-sha1 login.name at x.y.148.230
> 
> When running rancid-run, rancid runs and generates the log files.  When I run hlogin [ip] it does not work.
> 
> $ /opt/rancid/bin/nlogin -t 90 -c "get system;get conf" x.y.148.230
> spawn ssh -c 3des -x -l login.name x.y.148.230
> Unknown cipher type '3des'
> 
> Error: Couldn't login: x.y.148.230
> 
> So my next thought is hrancid isn't passing the correct information to hlogin (even though the ssh algorithm and kex algorithms are specified in ssh.config file.
> 
> $ ./nrancid -d -t netscreen x.y.148.230
> executing nlogin -t 90 -c"get system;get conf" x.y.148.230
> x.y.148.230 nlogin error: Error: Couldn't login: x.y.148.230
> x.y.148.230 nlogin error: Error: Couldn't login: x.y.148.230
> x.y.148.230: missed cmd(s): all commands
> x.y.148.230: End of run not found
> x.y.148.230: End of run not found
> 
> I can edit the nlogin file to explicitly ask pass the cypher type as per the expect function, but I thought was what the point of this function was supposed to do (and far my dynamically than my static configuration)?  Do I need to modify it to read the .ssh config file?

please try the alpha version and see S3 Q13 in the current FAQ, and try it
without altering sshcmd your cloginrc.

>     # Figure out cypher type
>     if {[info exists cypher]} {
>         # command line cypher type
>         set cyphertype $cypher
>     } else {
>         set cyphertype [find cyphertype $router]
>         if { "$cyphertype" == "" } { set cyphertype "3des" }
>     }
> 
> One other thing I noticed was the home directory of the rancid user is /home/rancid versus /opt/rancid(where my sys admin compiled and stored it).  I had to add the below the .bashrc to enable rancid to be able to run at all.  Is this the root of the issue?
> ## Changing $HOME directory to allow rancid to run
> ## $HOME is referenced in the rancid clogin files
> export HOME="/opt/rancid"

i doubt it.

More information about the Rancid-discuss mailing list