Table of Contents
clogin - Cisco/Foundry login script
clogin [-autoenable] [-noenable]
[-c command] [-E var=x] [-e enable-password] [-f cloginrc-file] [-p user-password]
[-s script-file] [-t timeout] [-u username] [-v vty-password] [-w enable-username]
[-x command-file] [-y ssh_cypher_type] router [router...]
clogin is
an expect(1)
script to automate the process of logging into a Cisco router,
catalyst switch, Extreme switch, Juniper ERX/E-series, Procket Networks,
or Redback router. There are complementary scripts for Alteon, Bay Networks
(nortel), ADC-kentrox EZ-T3 mux, Foundry, HP Procurve Switches, Hitachi Routers,
Juniper Networks, Netscreen firewalls, Netscaler, Riverstone, and Lucent
TNT, named alogin, blogin, elogin, flogin, hlogin, htlogin, jlogin, nlogin,
nslogin, rivlogin, and tntlogin, respectively.
clogin reads the .cloginrc
file for its configuration, then connects and logins into each of the routers
specified on the command line in the order listed. Command-line options
exist to override some of the directives found in the .cloginrc configuration
file.
The command-line options are as follows:
- -c
- Command to be run on each
router list on the command-line. Multiple commands maybe listed by separating
them with semi-colons (;). The argument should be quoted to avoid shell
expansion.
- -E
- Specifies a variable to pass through to scripts (-s). For example,
the command-line option -Efoo=bar will produce a global variable by the name
Efoo with the initial value "bar".
- -e
- Specify a password to be supplied
when gaining enable privileges on the router(s). Also see the password
directive of the .cloginrc file.
- -f
- Specifies an alternate configuration
file. The default is $HOME/.cloginrc.
- -p
- Specifies a password associated
with the user specified by the -u option, user directive of the .cloginrc
file, or the Unix username of the user.
- -s
- The filename of an expect(1)
script which will be sourced after the login is successful and is expected
to return control to clogin, with the connection to the router intact,
when it is done. Note that clogin disables log_user of expect(1)
when -s
is used. Example script(s) can be found in share/rancid/*.exp.
- -t
- Alters the
timeout interval; the period that clogin waits for an individual command
to return a prompt or the login process to produce a prompt or failure.
The argument is in seconds.
- -u
- Specifies the username used when prompted.
The command-line option overrides any user directive found in .cloginrc.
The default is the current Unix username.
- -v
- Specifies a vty password, that
which is prompted for upon connection to the router. This overrides the
vty password of the .cloginrc file’s password directive.
- -w
- Specifies the
username used if prompted when gaining enable privileges. The command-line
option overrides any user or enauser directives found in .cloginrc. The default
is the current Unix username.
- -x
- Similar to the -c option; -x specifies a
file with commands to run on each of the routers. The commands must not
expect additional input, such as ’copy rcp startup-config’ does. For example:
show version
show logging
- -y
- Specifies the encryption algorithm for use with the ssh(1)
-c option.
The default encryption type is often not supported. See the ssh(1)
man
page for details. The default is 3des.
clogin recognizes the
following environment variables.
- CISCO_USER
- Overrides the user directive
found in the .cloginrc file, but may be overridden by the -u option.
- CLOGIN
- clogin will not change the banner on your xterm window if this includes
the character ’x’.
- HOME
- Normally set by login(1)
to the user’s home directory,
HOME is used by clogin to locate the .cloginrc configuration file.
$HOME/.cloginrc
Configuration file.
cloginrc(5)
, expect(1)
clogin expects
CatOS devices to have a prompt which includes a ’>’, such as "router> (enable)".
It uses this to determine, for example, whether the command to disable
the pager is "set length 0" or "term length 0".
The HP Procurve switches
that are Foundry OEMs use flogin, not hlogin.
The Extreme is supported by
clogin, but it has no concept of an "enabled" privilege level. You must
set autoenable for these devices in your .cloginrc.
Do not use greater
than (>) or pound sign (#) in device banners. These are the normal terminating
characters of device prompts and the login scripts need to locate the initial
prompt. Afterward, the full prompt is collected and makes a more precise
match so that the scripts know when the device is ready for the next command.
All these login scripts for separate devices should be rolled into one.
This goal is exceedingly difficult.
The HP Procurve switch CLI relies heavily
upon curses for cursor/screen manipulation and assumes a vt100 terminal
type. They do not provide a way to set a different terminal type or adjust
this behavior. The resulting escape codes make automating interaction with
these devices very difficult or impossible. Thus bin/hpuifilter, which
must be found in the user’s PATH, is used by hlogin to filter these. While
this works for rancid’s collection, there are side effects for interactive
logins via hlogin; most of which are formatting annoyances that may be
remedied by typing CTRL-R to reprint the current line.
WARNING: repeated
ssh login failures to HP Procurves cause the switch’s management interface
to lock-up (this includes snmp, ping) and sometimes it will crash. This
is with the latest firmware; 5.33 at the time of this writing.
Table of Contents