[rancid] Weird commands on Cisco ASA

Michael T. Voity mvoity at uvm.edu
Thu Aug 30 20:14:35 UTC 2018


Hello,

I have a firewall that has not been updated by rancid for a few days.

Upon investigation I did some testing from the server found this -

Looks like it is adding the command 'rancid' after it logs in.

This is my only device that does it,   among the 50+ that rancid is polling.

[rancid at netwatch bin]$ ./clogin <hostname removed>
<hostname removed>
spawn ssh -c aes256-ctr -x -l rancid <hostname removed>
rancid@<hostname removed>'s password:
User rancid logged in to <hostname removed>
Logins over the last 78 days: 6800.  Last login: 16:04:41 EDT Aug 30 2018 from <removed>
Failed logins since the last login: 0.  Last failed login: 15:20:29 EDT Aug 30 2018 from <removed>
Type help or '?' for a list of available commands.
<hostname removed>> rancid
              ^
ERROR: % Invalid input detected at '^' marker.
<hostname removed>>
Error: Unrecognized command, check your enable command
rancid
              ^
ERROR: % Invalid input detected at '^' marker.
<hostname removed>> enable
Password:
Invalid password
Password:
Invalid password
Password:
Invalid password
Access denied.
<hostname removed>> exit

Logoff

Connection to <hostname removed>  closed.
[rancid at netwatch bin]$


--
Michael T. Voity
Network Engineer
The University of Vermont
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20180830/a129f126/attachment.html>


More information about the Rancid-discuss mailing list