Table of Contents
.cloginrc - clogin configuration file
.cloginrc contains configuration information for alogin(1)
,
blogin(1)
, clogin(1)
, elogin(1)
, flogin(1)
, hlogin(1)
, htlogin(1)
, jlogin(1)
,
nlogin(1)
, nslogin(1)
, rivlogin(1)
, and tntlogin(1)
, such as usernames,
passwords, ssh encryption type, etc., and is read at run-time.
Each line contains
either white-space (blank line), a comment which begins with the comment
character ’#’ and may be preceded by white-space, or one of the directives
listed below.
Each line containing a directive is of the form:
add <directive> <hostname glob> {<value>} [{<value>} ...]
or
include {<file>}
Note: the braces ({}) surrounding the values is significant when the values
include TCL meta-characters. Best common practice is to always enclose the
values in braces. If a value includes a (left or right) brace or space
character, it must be backslash-escaped, as in:
add user <hostname glob> {foo\}bar}
add user <hostname glob> {foo\ bar}
As .cloginrc is searched for a directive matching a hostname, it is always
the first matching instance of a directive, one whose hostname glob expression
matches the hostname, which is used. For example; looking up the "password"
directive for hostname foo in a .cloginrc file containing
add password * {bar} {table}
add password foo {bar} {table}
would return the first line, even though the second is an exact match.
.cloginrc is expected to exist in the user’s home directory and must not
be readable, writable, or executable by "others". .cloginrc should be mode
0600, or 0640 if it is to be shared with other users who are members of
the same unix group. See chgrp(1)
and chmod(1)
for more information on
ownership and file modes.
The accepted directives are (alphabetically):
- add autoenable <router name glob> {[01]}
- When using locally defined usernames
or AAA, it is possible to have a login which is automatically enabled.
This is, that user has enable privileges without the need to execute the
enable command. The router’s prompt is different for enabled mode, ending
with a # rather than a >.
Example: add autoenable * {1}
Default: 0
zero,
meaning that the user is not automatically enabled and clogin should execute
the enable command to gain enable privileges, unless negated by the noenable
directive or -noenable command-line option.
Also see the noenable directive.
- add cyphertype <router name glob> {<ssh encryption type>}
- cyphertype defines
which encryption algorithm is used with ssh. A device may not support the
type ssh uses by default. See ssh(1)
’s -c option for details.
Default: {3des}
- add enableprompt <router name glob> {"<enable prompt>"}
- When
using AAA with a Cisco router or switch, it is possible to redefine the
prompt the device presents to the user for the enable password. enableprompt
may be used to adjust the prompt that clogin should look for when trying
to login. Note that enableprompt can be a Tcl style regular expression.
Example: add enableprompt rc*.example.net {"\[Ee]nter\ the\ enable\ password:"}
Default: "\[Pp]assword:"
- add enauser <router name glob> {<username>}
- This is
only needed if a device prompts for a username when gaining enable privileges
and where this username is different from that defined by or the default
of the user directive.
- add identity <router name glob> {<ssh identity file
path>}
- May be used to specify an alternate identity file for use with ssh(1)
.
See ssh’s -i option for details.
Default: your default identity file. see
ssh(1)
.
- add method <router name glob> {ssh} [{...}]
- Defines, in order, the connection
methods to use for a device from the set {ssh, telnet, rsh}. Method telnet
may have a suffix, indicating an alternate TCP port, of the form ":port".
Note: Different versions of telnet treat the specification of a port differently.
In particular, BSD derived telnets do not do option negotiation when a
port is given. Some devices, Extreme switches for example, have undesirable
telnet default options such as linemode. In the BSD case, to enable option
negotiation when specifying a port the method should be "{telnet:-23}" or
you should add "mode character" to .telnetrc. See telnet(1)
for more information
on telnet command-line syntax, telnet options, and .telnetrc.
Example: add
method * {ssh} {telnet:-3000} {rsh}
Which would cause clogin to first attempt
an ssh connection to the device and if that were to fail with connection
refused, a telnet connection to port 3000 would be tried, and then a rsh
connection.
Note that not all platforms support all of these connection
methods.
Default: {telnet} {ssh}
- add noenable <router name glob> {1}
- clogin
will not try to gain enable privileges when noenable is matched for a device.
This is equivalent to clogin’s -noenable command-line option.
Note that this
directive is meaningless for jlogin(1)
, nlogin(1)
and clogin(1)
[for Extreme]
which do not have the concept of "enabled" and/or no way to elevate privleges
once logged in; a user either has the necessary privleges or doesn’t.
- add
passphrase <router name glob> {"<SSH passphrase>"}
- Specify the SSH passphrase.
Note that this may be particular to an identity directive. The passphrase
will default to the password for the given router.
Example: add passphrase
rc*.example.net {the\ bird\ goes\ tweet}
- add passprompt <router name glob> {"<password
prompt>"}
- When using AAA with a Cisco router or switch, it is possible to
redefine the prompt the device presents to the user for the password. passprompt
may be used to adjust the prompt that clogin should look for when trying
to login. Note that passprompt can be a Tcl style regular expression.
Example:
add passprompt rc*.example.net {"\[Ee]nter\ the\ password:"}
Default: "(\[Pp]assword|passwd):"
- add password <router name glob> {<vty passwd>} [{<enable passwd>}]
- Specifies
a vty password, that which is prompted for upon the connection to the router.
The last argument is the enable password and need not be specified if
the device also has a matching noenable or autoenable directive or the
corresponding command-line options are used.
- add sshcmd <router name glob>
{<ssh>}
- <ssh> is the name of the ssh executable. OpenSSH uses a command-line
option to specify the protocol version, but other implementations use a
separate binary such as "ssh1". sshcmd allows this to be adjusted as necessary
for the local environment.
Default: ssh
- add user <router name
glob> {<username>}
- Specifies a username clogin should use if or when prompted
for one.
Default: $USER (or $LOGNAME), i.e.: your Unix username.
- add userpassword
<router name glob> {<user password>}
- Specifies a password to be associated
with a user, if different from that defined with the password directive.
- add userprompt <router name glob> {"<username prompt>"}
- When using AAA with
a Cisco router or switch, it is possible to redefine the prompt the device
presents to the user for the username. userprompt may be used to adjust
the prompt that clogin should look for when trying to login. Note that
userprompt can be a Tcl style regular expression.
Example: add userprompt
rc*.example.net {"\[Ee]nter\ your\ username:"}
Default: "(Username|login|user
name):"
- include {<file>}
- <file> is the pathname of an additional .cloginrc
file to include at that point. It is evaluated immediately. That is important
with regard to the order of matching hostnames for a given directive, as
mentioned above. This is useful if you have your own .cloginrc plus an additional
.cloginrc file that is shared among a group of folks.
If <file> is not a full
pathname, $HOME/ will be prepended.
Example: include {.cloginrc.group}
$HOME/.cloginrc Configuration file described here.
share/rancid/cloginrc.sample A sample .cloginrc.
Errors.cloginrc is interpreted directly by Tcl, so its syntax follows that
of Tcl. Errors may produce quite unexpected results. See Also clogin(1),
glob(3), tclsh(1)