DESCRIPTION

       .cloginrc  contains configuration information for alogin(1), blogin(1),
       clogin(1),  elogin(1),  flogin(1),  hlogin(1),  htlogin(1),  jlogin(1),
       nlogin(1),  nslogin(1),	rivlogin(1), and wlogin(1), such as usernames,
       passwords, ssh encryption type, etc., and is read at run-time.

       Each line contains either white-space (blank  line),  a	comment	 which
       begins  with  the  comment  character '#' and may be preceded by	white-
       space, or one of	the directives listed below.

       Each line containing a directive	is of the form:

		 add <directive> <hostname glob> {<value>} [{<value>} ...]

		 or

		 include {<file>}

       Note: the braces	({}) surrounding the values is	significant  when  the
       values  include TCL meta-characters.  Best common practice is to	always
       enclose the values in braces.  If a value includes a  (left  or	right)
       brace or	space character, it must be backslash-escaped, as in:

		 add user <hostname glob> {foo\}bar}
		 add user <hostname glob> {foo\	bar}

       As  .cloginrc  is  searched  for	a directive matching a hostname, it is
       always the first	matching instance of a directive, one  whose  hostname
       glob  expression	 matches  the  hostname,  which	is used.  For example;
       looking up the "password" directive for hostname	 foo  in  a  .cloginrc
       file containing

		 add password *	  {bar}	{table}
		 add password foo {bar}	{table}

       would  return the first line, even though the second is an exact	match.

       .cloginrc is expected to	exist in the user's home  directory  and  must
       not be readable,	writable, or executable	by "others".  .cloginrc	should
       be mode 0600, or	0640 if	it is to be shared with	other  users  who  are
       members	of  the	 same  unix group.  See	chgrp(1) and chmod(1) for more
       information on ownership	and file modes.


DIRECTIVES

       The accepted directives are (alphabetically):


       add autoenable <router name glob> {[01]}
	      When using locally defined usernames or AAA, it is  possible  to
	      have a login which is automatically enabled.  This is, that user
	      has enable privileges without the	need  to  execute  the	enable
	      command.	 The  router's	prompt	is different for enabled mode,
	      cyphertype  defines which	encryption algorithm is	used with ssh.
	      A	device may not support the type	 ssh  uses  by	default.   See
	      ssh(1)'s -c option for details.

	      Default: {3des}

       add enableprompt	<router	name glob> {"<enable prompt>"}
	      When  using AAA with a Cisco router or switch, it	is possible to
	      redefine the prompt the device presents  to  the	user  for  the
	      enable  password.	 enableprompt may be used to adjust the	prompt
	      that clogin should look for when trying  to  login.   Note  that
	      enableprompt can be a Tcl	style regular expression.

	      Example:	add  enableprompt  rc*.example.net  {"\[Ee]nter\  the\
	      enable\ password:"}

	      Default: "\[Pp]assword:"

       add enablecmd <router name glob>	{<enable command>}
	      This defines the command on the device used to enter enabled  or
	      super-user  mode.	  For  example,	 in  Cisco  IOS	the command is
	      "enable".

       add enauser <router name	glob> {<username>}
	      This is only needed if a device  prompts	for  a	username  when
	      gaining  enable  privileges and where this username is different
	      from that	defined	by or the default of the user directive.

       add identity <router name glob> {<ssh identity file path>}
	      May be used to specify an	alternate identity file	for  use  with
	      ssh(1).  See ssh's -i option for details.

	      Default: your default identity file.  see	ssh(1).

       add method <router name glob> {ssh} [{...}]
	      Defines,	in  order,  the	connection methods to use for a	device
	      from the set {ssh, telnet, rsh}.	Method ssh and telnet may have
	      a	suffix,	indicating an alternate	TCP port, of the form ":port".

	      Note: Different versions of telnet treat the specification of  a
	      port  differently.  In particular, BSD derived telnets do	not do
	      option negotiation when a	port is	given.	Some devices,  Extreme
	      switches	for  example,  have undesirable	telnet default options
	      such as linemode.	 In the	BSD case, to enable option negotiation
	      when  specifying	a port the method should be "{telnet:-23}" or,
	      better, add "mode	character" to .telnetrc.   See	telnet(1)  for
	      more  information	on telnet command-line syntax, telnet options,
	      and .telnetrc.

	      Example: add method * {ssh} {telnet:3000}	{rsh}

	      Which would cause	clogin to first	attempt	an ssh	connection  to
	      Note that	this directive is meaningless for jlogin(1), nlogin(1)
	      and  clogin(1)  [for  Extreme]  which do not have	the concept of
	      "enabled"	and/or no way to elevate privleges once	logged	in;  a
	      user either has the necessary privleges or doesn't.

       add passphrase <router name glob> {"<SSH	passphrase>"}
	      Specify the SSH passphrase.  Note	that this may be particular to
	      an identity directive.   The  passphrase	will  default  to  the
	      password for the given router.

	      Example: add passphrase rc*.example.net {the\ bird\ goes\	tweet}

       add passprompt <router name glob> {"<password prompt>"}
	      When using AAA with a Cisco router or switch, it is possible  to
	      redefine	the  prompt  the  device  presents to the user for the
	      password.	 passprompt may	be used	 to  adjust  the  prompt  that
	      clogin  should  look  for	 when  trying  to  login.   Note  that
	      passprompt can be	a Tcl style regular expression.

	      Example:	add  passprompt	 rc*.example.net   {"\[Ee]nter\	  the\
	      password:"}

	      Default: "(\[Pp]assword|passwd):"

       add password <router name glob> {<vty passwd>} [{<enable	passwd>}]
	      Specifies	 a  vty	 password, that	which is prompted for upon the
	      connection to the	router.	  The  last  argument  is  the	enable
	      password	and  need  not	be  specified if the device also has a
	      matching noenable	or autoenable directive	or  the	 corresponding
	      command-line options are used.

       add prompt <router name glob> {<regex>}
	      Match  login prompt, or initial login prompt in the case of some
	      of the login scripts.  This is provided only  as	a  work-around
	      for   login  banners  that  contain  forbidden  characters  that
	      conflict with CLI	prompt markers.

	      Note that	not all	login scripts support this.

       add sshcmd <router name glob> {<ssh>}
	      <ssh> is the  name  of  the  ssh	executable.   OpenSSH  uses  a
	      command-line  option  to specify the protocol version, but other
	      implementations use a separate binary such  as  "ssh1".	sshcmd
	      allows   this   to  be  adjusted	as  necessary  for  the	 local
	      environment.

	      Default: ssh

       add timeout <router name	glob> {<seconds>}
	      Time in seconds that the login script will wait for  input  from
	      the device before	timeout.

	      redefine the prompt the device presents  to  the	user  for  the
	      username.	  userprompt  may  be  used  to	adjust the prompt that
	      clogin  should  look  for	 when  trying  to  login.   Note  that
	      userprompt can be	a Tcl style regular expression.

	      Example:	 add  userprompt  rc*.example.net  {"\[Ee]nter\	 your\
	      username:"}

	      Default: "(Username|login|user name):"

       include {<file>}
	      <file> is	the  pathname  of  an  additional  .cloginrc  file  to
	      include  at  that	 point.	 It is evaluated immediately.  That is
	      important	with regard to the order of matching hostnames	for  a
	      given directive, as mentioned above.  This is useful if you have
	      your own .cloginrc plus an additional  .cloginrc	file  that  is
	      shared among a group of folks.

	      If <file>	is not a full pathname,	$HOME/ will be prepended.

	      Example: include {.cloginrc.group}


FILES

       $HOME/.cloginrc		     Configuration file	described here.
       share/rancid/cloginrc.sample  A sample .cloginrc.


ERRORS

       .cloginrc is interpreted	directly by Tcl, so its	syntax follows that of
       Tcl.  Errors may	produce	quite unexpected results.


SEE ALSO

       clogin(1), glob(3), tclsh(1)



			       25 September 2014		   cloginrc(5)

Man(1) output converted with man2html