cloginrc(5)                   File Formats Manual                  cloginrc(5)




NAME

        .cloginrc - clogin configuration file


DESCRIPTION

       .cloginrc  contains configuration information for alogin(1), blogin(1),
       clogin(1), csblogin(1), elogin(1),  flogin(1),  fnlogin(1),  hlogin(1),
       htlogin(1),   jlogin(1),   nlogin(1),   nslogin(1),   rivlogin(1),  and
       wlogin(1), such as usernames, passwords, ssh encryption type, etc., and
       is read at run-time.

       Each  line  contains  either  white-space (blank line), a comment which
       begins with the comment character '#' and may  be  preceded  by  white-
       space, or one of the directives listed below.

       Each line containing a directive is of the form:

                 add <directive> <hostname glob> {<value>} [{<value>} ...]

                 or

                 include {<file>}

       Note:  the  braces  ({}) surrounding the values is significant when the
       values include TCL meta-characters.  Best common practice is to  always
       enclose  the  values  in braces.  If a value includes a (left or right)
       brace, space character, ampersand or blackslash, those characters  must
       be backslash-escaped, as in:

                 add user <hostname glob> {foo\}bar}
                 add user <hostname glob> {foo\ bar}

       Other special characters may be escaped without error, if desired.

       As  .cloginrc  is  searched  for a directive matching a hostname, it is
       always the first matching instance of a directive, one  whose  hostname
       glob  expression  matches  the  hostname,  which is used.  For example;
       looking up the "password" directive for hostname  foo  in  a  .cloginrc
       file containing

                 add password *   {bar} {table}
                 add password foo {bar} {table}

       would return the first line, even though the second is an exact match.

       .cloginrc  is  expected  to exist in the user's home directory and must
       not be readable, writable, or executable by "others".  .cloginrc should
       be  mode  0600,  or 0640 if it is to be shared with other users who are
       members of the same unix group.  See chgrp(1)  and  chmod(1)  for  more
       information on ownership and file modes.


DIRECTIVES

       The accepted directives are (alphabetically):

       add autoenable <router name glob> {[01]}
              When  using  locally defined usernames or AAA, it is possible to
              have a login which is automatically enabled.  This is, that user
              has  enable  privileges  without  the need to execute the enable
              command.  The router's prompt is  different  for  enabled  mode,
              ending with a # rather than a >.

              Example: add autoenable * {1}

              Default: 0

              zero,  meaning  that  the  user is not automatically enabled and
              clogin  should  execute  the  enable  command  to  gain   enable
              privileges,   unless   negated  by  the  noenable  directive  or
              -noenable command-line option.

              Also see the noenable directive.

       add cyphertype <router name glob> {<ssh encryption type>}
              cyphertype defines which encryption algorithm is used  with  ssh
              version  1.   A  device  may  not  support  the type ssh uses by
              default.  See ssh(1)'s -c option for details.

              Default: empty

       add enableprompt <router name glob> {"<enable prompt>"}
              When using AAA with a Cisco router or switch, it is possible  to
              redefine  the  prompt  the  device  presents to the user for the
              enable password.  enableprompt may be used to adjust the  prompt
              that  clogin  should  look  for when trying to login.  Note that
              enableprompt can be a Tcl style regular expression.

              Example:  add  enableprompt  rc*.example.net  {"\[Ee]nter\  the\
              enable\ password:"}

              Default: "\[Pp]assword:"

       add enablecmd <router name glob> {<enable command>}
              This  defines the command on the device used to enter enabled or
              super-user mode.  For example,  in  Cisco  IOS  the  command  is
              "enable".

       add enauser <router name glob> {<username>}
              This  is  only  needed  if  a device prompts for a username when
              gaining enable privileges and where this username  is  different
              from that defined by or the default of the user directive.

       add identity <router name glob> {<ssh identity file path>}
              May  be  used to specify an alternate identity file for use with
              ssh(1).  See ssh's -i option for details.

              Default: your default identity file.  see ssh(1).

       add method <router name glob> {ssh} [{...}]
              Defines, in order, the connection methods to use  for  a  device
              from the set {ssh, telnet, rsh}.  Method ssh and telnet may have
              a suffix, indicating an alternate TCP port, of the form ":port".

              Note: Different versions of telnet treat the specification of  a
              port  differently.  In particular, BSD derived telnets do not do
              option negotiation when a port is given.  Some devices,  Extreme
              switches  for  example,  have undesirable telnet default options
              such as linemode.  In the BSD case, to enable option negotiation
              when  specifying  a port the method should be "{telnet:-23}" or,
              better, add "mode character" to .telnetrc.   See  telnet(1)  for
              more  information on telnet command-line syntax, telnet options,
              and .telnetrc.

              Example: add method * {ssh} {telnet:3000} {rsh}

              Which would cause clogin to first attempt an ssh  connection  to
              the  device  and if that were to fail with connection refused, a
              telnet connection to port 3000 would be tried, and  then  a  rsh
              connection.

              Note  that  not  all  platforms  support all of these connection
              methods.

              Default: {telnet} {ssh}

       add noenable <router name glob> {1}
              clogin will not try to gain enable privileges when  noenable  is
              matched  for a device.  This is equivalent to clogin's -noenable
              command-line option.

              Note that this directive is meaningless for jlogin(1), nlogin(1)
              and  clogin(1)  [for  Extreme]  which do not have the concept of
              "enabled" and/or no way to elevate privleges once logged  in;  a
              user either has the necessary privleges or doesn't.

       add passphrase <router name glob> {"<SSH passphrase>"}
              Specify the SSH passphrase.  Note that this may be particular to
              an identity directive.   The  passphrase  will  default  to  the
              password for the given router.

              Example: add passphrase rc*.example.net {the\ bird\ goes\ tweet}

       add passprompt <router name glob> {"<password prompt>"}
              When  using AAA with a Cisco router or switch, it is possible to
              redefine the prompt the device presents  to  the  user  for  the
              password.   passprompt  may  be  used  to adjust the prompt that
              clogin  should  look  for  when  trying  to  login.   Note  that
              passprompt can be a Tcl style regular expression.

              Example:   add   passprompt  rc*.example.net  {"\[Ee]nter\  the\
              password:"}

              Default: "(\[Pp]assword|passwd):"

       add password <router name glob> {<vty passwd>} [{<enable passwd>}]
              Specifies a vty password, that which is prompted  for  upon  the
              connection  to  the  router.   The  last  argument is the enable
              password and need not be specified if  the  device  also  has  a
              matching  noenable  or autoenable directive or the corresponding
              command-line options are used.

       add prompt <router name glob> {<regex>}
              Match login prompt, or initial login prompt in the case of  some
              of  the  login  scripts.  This is provided only as a work-around
              for  login  banners  that  contain  forbidden  characters   that
              conflict with CLI prompt markers.

              Note that not all login scripts support this.

       add sshcmd <router name glob> {<ssh>}
              <ssh>  is  the  name  of  the  ssh  executable.   OpenSSH uses a
              command-line option to specify the protocol version,  but  other
              implementations  use  a  separate binary such as "ssh1".  sshcmd
              allows  this  to  be  adjusted  as  necessary  for   the   local
              environment.

              sshcmd  also  allows  the  user  to  add  any other command-line
              options, such as altering the offered key  exchange  algorithms.
              For  example:  add  sshcmd  *  {ssh\  -o\ KexAlgorithms=+diffie-
              hellman-group1-sha1}

              Default: ssh

       add timeout <router name glob> {<seconds>}
              Time in seconds that the login script will wait for  input  from
              the device before timeout.

              Default: device dependent

       add telnetcmd <router name glob> {<telnet>}
              <telnet> is the name of the telnet executable.  telnetcmd allows
              this to be adjusted as necessary for the local environment.

              telnetcmd also allows the user to  add  any  other  command-line
              options,  such  as  force  IPv4.   For  example: add telnetcmd *
              {telnet\ -K4}

              Default: telnet -K

       add user <router name glob> {<username>}
              Specifies a username clogin should use if or when  prompted  for
              one.

              Default: $USER (or $LOGNAME), i.e.: your Unix username.

       add userpassword <router name glob> {<user password>}
              Specifies  a password to be associated with a user, if different
              from that defined with the password directive.

       add userprompt <router name glob> {"<username prompt>"}
              When using AAA with a Cisco router or switch, it is possible  to
              redefine  the  prompt  the  device  presents to the user for the
              username.  userprompt may be used  to  adjust  the  prompt  that
              clogin  should  look  for  when  trying  to  login.   Note  that
              userprompt can be a Tcl style regular expression.

              Example:  add  userprompt  rc*.example.net  {"\[Ee]nter\   your\
              username:"}

              Default: "(Username|login|user name):"

       include {<file>}
              <file>  is  the  pathname  of  an  additional  .cloginrc file to
              include at that point.  It is evaluated  immediately.   That  is
              important  with  regard to the order of matching hostnames for a
              given directive, as mentioned above.  This is useful if you have
              your  own  .cloginrc  plus  an additional .cloginrc file that is
              shared among a group of folks.

              If <file> is not a full pathname, $HOME/ will be prepended.

              Example: include {.cloginrc.group}


FILES

       $HOME/.cloginrc               Configuration file described here.
       share/rancid/cloginrc.sample  A sample .cloginrc.


ERRORS

       .cloginrc is interpreted directly by Tcl, so its syntax follows that of
       Tcl.  Errors may produce quite unexpected results.


SEE ALSO

       clogin(1), glob(3), tclsh(1)



                                 12 April 2017                     cloginrc(5)

Man(1) output converted with man2html