<div dir="ltr">Why not use tacacs accounting to log everything the user does, script or no script? Why not use ciscocmd, iosrun or some other pre-made free tool to do this? I've written little python snippets to do exactly this: ask a user what he wants to do, ssh or telnet, what text file has his list, what text file has your routers/commands/etc which I would share, but that they were done in haste and look like they were coded by drunken monkeys. I'd be happy to give pointers though. </div>
<div class="gmail_extra"><br><br><div class="gmail_quote">On Thu, Feb 13, 2014 at 9:06 AM, Per-Olof Olsson <span dir="ltr"><<a href="mailto:peo@chalmers.se" target="_blank">peo@chalmers.se</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
heasley wrote 2014-02-13 16:40:<div><div class="h5"><br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Thu, Feb 13, 2014 at 10:22:11AM -0500, Andrew Ohnstad:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Thanks for the response. The full command line I am using is (I<br>
automatically am enabled via TACACS+):<br>
<br>
sudo -u rancid /usr/libexec/rancid/clogin -u<my-username> -p<my-password><br>
-c where <router><br>
<br>
If I add the -d argument to see the expect debugging, I can see that it<br>
launches the ssh spawn with the correct username, but it is blatantly<br>
disregarding the password supplied on the command line...<br>
<br>
spawn ssh -c 3des -x -l <myusername> <router><br>
</blockquote>
<br>
this should work; what version of rancid?<br>
______________________________<u></u>_________________<br>
Rancid-discuss mailing list<br>
<a href="mailto:Rancid-discuss@shrubbery.net" target="_blank">Rancid-discuss@shrubbery.net</a><br>
<a href="http://www.shrubbery.net/mailman/listinfo/rancid-discuss" target="_blank">http://www.shrubbery.net/<u></u>mailman/listinfo/rancid-<u></u>discuss</a><br>
<br>
</blockquote>
<br></div></div>
sudo -l[l] [-AknS] [-g group name | #gid] [-p prompt] [-U user name] [-u user name | #uid] [command]<br>
is sudo using -p option for it's on to set a prompt? -u for own username...<br>
<br>
test<br>
"sudo -u rancid -- /usr/libexec/rancid/clogin -u<my-username> -p<my-password> -c where <router>"<br>
<br>
>From sudo man page<br>
...<br>
-- The -- option indicates that sudo should stop processing command line arguments.<br>
...<br>
<br>
Have seen this before to ssh/telnet commands<br>
<br>
<br>
/Peo<br>
------------------------------<u></u>----------------------------<br>
Per-Olof Olsson Email: <a href="mailto:peo@chalmers.se" target="_blank">peo@chalmers.se</a><br>
Chalmers tekniska högskola IT-service<br>
Arvid Hedvalls backe 6 412 96 Göteborg<br>
Tel: 031/772 6738 Fax: 031/772 8680<br>
------------------------------<u></u>----------------------------<div class="HOEnZb"><div class="h5"><br>
______________________________<u></u>_________________<br>
Rancid-discuss mailing list<br>
<a href="mailto:Rancid-discuss@shrubbery.net" target="_blank">Rancid-discuss@shrubbery.net</a><br>
<a href="http://www.shrubbery.net/mailman/listinfo/rancid-discuss" target="_blank">http://www.shrubbery.net/<u></u>mailman/listinfo/rancid-<u></u>discuss</a><br>
</div></div></blockquote></div><br></div>
<pre>
E-Mail to and from me, in connection with the transaction
of public business, is subject to the Wyoming Public Records
Act and may be disclosed to third parties.