[rancid] set password ENC

Gerhard Mourani gmourani at gmail.com
Fri Mar 18 22:44:48 UTC 2016


Guys,

This patch make the ENCRYPTED PRIVATE KEY part to be removed.

diff -ur rancid-3.2.orig/bin/fnrancid.in rancid-3.2/bin/fnrancid.in
--- rancid-3.2.orig/bin/fnrancid.in     2015-03-16 15:02:52.000000000 -0400
+++ rancid-3.2/bin/fnrancid.in  2016-03-17 13:22:16.494902363 -0400
@@ -170,6 +170,7 @@
 sub GetSystem {
     print STDERR "    In GetSystem: $_" if ($debug);

+    my $priv_key;
     while (<INPUT>) {
        tr/\015//d;
        next if /^\s*$/;
@@ -204,6 +205,11 @@
        tr/\015//d;
        next if /^\s*$/;
        last if (/$prompt/);
+       # spot the start of an ENCRYPTED private key
+       $priv_key = 1 if(/^\s*set private-key "-----BEGIN ENCRYPTED PRIVATE KEY-----/);
+       # spot the end of an RSA private key
+       $priv_key = 0 && next if(/^\s*-----END ENCRYPTED PRIVATE KEY-----"/);
+       next if($priv_key == 1);

        # System time is fortigate extraction time
        next if (/^\s*!System time:/);

Gerhard,

> On Mar 15, 2016, at 1:47 PM, heasley <heas at shrubbery.net> wrote:
> 
> Tue, Mar 15, 2016 at 05:35:10PM +0000, Nick Hilliard:
>> heasley wrote:
>>> meaning that the password has not changed but the encrypted string
>>> changes repeatedly?
>> 
>> yeah, fortios does this.  So does Adtran AOS.  Apparently this is a
>> "feature".
>> 
>> Nick
> 
> now i realize that someone wanted those saved, regardless of the cycling.
> i suppose rancid does need an option separate from FILTER_PWDS to save
> cycling passwords, as someone ask about last week.



More information about the Rancid-discuss mailing list