[rancid] New device on .cloginrc
Wagner Pereira
What should I do after include a new device in the .cloginrc file?
I noticed after I did that, Rancid didn't create a new file in the
config directory.
Thanks for any help, as usual.
Hugs.
--
Wagner Pereira
PoP-SP/RNP - Ponto de Presença da RNP em São Paulo
CCE/USP - Centro de Computação Eletrônica da Universidade de São Paulo
http://www.pop-sp.rnp.br
Tel. (11) 3091-8901
_______________________________________________
Rancid-discuss mailing list
Rancid-...@shrubbery.net
http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
Ryan West
> -----Original Message-----
> From: rancid-disc...@shrubbery.net [mailto:rancid-discuss-
> bou...@shrubbery.net] On Behalf Of Wagner Pereira
> Sent: Monday, April 12, 2010 5:22 PM
> To: Rancid Mailing List
> Subject: [rancid] New device on .cloginrc
>
> Hi, all.
>
> What should I do after include a new device in the .cloginrc file?
>
> I noticed after I did that, Rancid didn't create a new file in the
> config directory.
>
Update var/<group name>/router.db with your new device and set it to up.
-ryan
Andrew Brennan
only the credentials, address, etc. The actual connection is based on
what you have in your router.db file(s).
andrew.
Wagner Pereira
You both were right. I just included one new line in my router.db file
and it is started to try diff it.
But, in my log I noticed the Rancid isn't able to get the configs:
"cannot open file 10.0.0.2 for comparing: Permission denied"
(This is not the real IP!)
There is Radius implemented in that device. Can it be the problem?
Hugs,
--
Wagner Pereira
PoP-SP/RNP - Ponto de Presença da RNP em São Paulo
CCE/USP - Centro de Computação Eletrônica da Universidade de São Paulo
http://www.pop-sp.rnp.br
Tel. (11) 3091-8901
Martin Barry
>
> But, in my log I noticed the Rancid isn't able to get the configs:
> "cannot open file 10.0.0.2 for comparing: Permission denied"
> (This is not the real IP!)
This sounds like either a file or directory permission issue. What user is
rancid running as and do they have the appropriate permission in the working
directory?
> There is Radius implemented in that device. Can it be the problem?
You can double check that by manually running clogin which will test logging
into the device.
cheers
Marty
Ryan West
root. Did you ever go back and correct the permissions from your
install?
Sent from handheld.
On Apr 13, 2010, at 8:00 AM, "Wagner Pereira" <wper...@pop-sp.rnp.br>
wrote:
Wagner Pereira
It sounds wrong, I suppose, because the Rancid is still running over
other device perfectly.
Then, I ran this:
----------------------
/home/rancid/bin/clogin 10.0.0.2
10.0.0.2
spawn telnet 10.0.0.2
Trying 10.0.0.2...
telnet: Unable to connect to remote host: Connection refused
spawn ssh -c 3des -x -l root 10.0.0.2
ssh_rsa_verify: RSA modulus too small: 512 < minimum 768 bits
key_verify failed for server_host_key
Error: Couldn't login: 10.0.0.2
----------------------
What does it mean?
Thanks.
--
Wagner Pereira
PoP-SP/RNP - Ponto de Presença da RNP em São Paulo
CCE/USP - Centro de Computação Eletrônica da Universidade de São Paulo
http://www.pop-sp.rnp.br
Tel. (11) 3091-8901
Ryan West
> -----Original Message-----
> Sent: Tuesday, April 13, 2010 9:34 AM
> To: rancid-...@shrubbery.net
> Subject: [rancid] Re: New device on .cloginrc
>
> Hi, Marty.
>
> It sounds wrong, I suppose, because the Rancid is still running over
> other device perfectly.
>
> Then, I ran this:
> ----------------------
> /home/rancid/bin/clogin 10.0.0.2
> 10.0.0.2
> spawn telnet 10.0.0.2
> Trying 10.0.0.2...
> telnet: Unable to connect to remote host: Connection refused
> spawn ssh -c 3des -x -l root 10.0.0.2
> ssh_rsa_verify: RSA modulus too small: 512 < minimum 768 bits
> key_verify failed for server_host_key
>
> Error: Couldn't login: 10.0.0.2
> ----------------------
Try googling the ss_rsa_verify output. I imagine the device you're connecting to is rather old, you should try to run a 1024 bit key at the minimum. I would recommend using a 2048 bit key if you can, but if it's an older device, be prepared to wait a while. You may be able to change how RANCID connects to the device, but I think you would be off gen'ing a new key on the device instead.
-ryan
Wagner Pereira
You were right concerning to the rsa key.
I ran the "crypto key generate rsa" command in my Cisco router, choosing
1024 bits. It worked.
But now the error changed, as follows (it seems like the ssh connection
method was not tried):
---------------------
/home/rancid/bin/clogin 10.0.0.2
10.0.0.2
spawn telnet 10.0.0.2
Trying 10.0.0.2...
telnet: Unable to connect to remote host: No route to host
Error: Couldn't login: 10.0.0.2
---------------------
What's next?
--
Wagner Pereira
PoP-SP/RNP - Ponto de Presença da RNP em São Paulo
CCE/USP - Centro de Computação Eletrônica da Universidade de São Paulo
http://www.pop-sp.rnp.br
Tel. (11) 3091-8901
Ryan West
-ryan
> -----Original Message-----
> From: rancid-disc...@shrubbery.net [mailto:rancid-discuss-
> bou...@shrubbery.net] On Behalf Of Wagner Pereira
Wagner Pereira
I changed this:
add method 10.0.0.2 {telnet} {ssh}
To this:
add method 10.0.0.2 {ssh} {telnet}
But now, the error has changed...(ok, if "Update the SSH known_hosts
file accordingly." is the answer, how can I do that?)
-----------------------
/home/rancid/bin/clogin 10.0.0.2
10.0.0.2
spawn telnet 10.0.0.2
Trying 10.0.0.2...
telnet: Unable to connect to remote host: Connection refused
spawn ssh -c 3des -x -l root 10.0.0.2
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that the RSA host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
8f:23:61:b6:03:36:e0:7c:d2:e6:5c:0c:37:5d:c5:fe.
Please contact your system administrator.
Add correct host key in /root/.ssh/known_hosts to get rid of this message.
Offending key in /root/.ssh/known_hosts:1
RSA host key for 10.0.0.2 has changed and you have requested strict
checking.
Host key verification failed.
Error: The host key for 10.0.0.2 has changed. Update the SSH
known_hosts file accordingly.
-----------------------
--
Wagner Pereira
PoP-SP/RNP - Ponto de Presença da RNP em São Paulo
CCE/USP - Centro de Computação Eletrônica da Universidade de São Paulo
http://www.pop-sp.rnp.br
Tel. (11) 3091-8901
Mahaffey, Brian
rm -rf /root/.ssh/known_hosts
-----Original Message-----
From: rancid-disc...@shrubbery.net [mailto:rancid-disc...@shrubbery.net] On Behalf Of Wagner Pereira
Sent: Tuesday, April 13, 2010 1:20 PM
To: Rancid Mailing List
Ryan,
--
Wagner Pereira
This transmission is intended only for use by the intended
recipient(s). If you are not an intended recipient you should not read, disclose copy, circulate or in any other way use the information contained in this transmission. The information contained in this transmission may be confidential and/or privileged. If you have received this transmission in error, please notify the sender immediately and delete this transmission including any attachments.
Jethro R Binks
> http://lmgtfy.com/?q=Offending+key+in+%2Froot%2F.ssh%2Fknown_hosts
>
> rm -rf /root/.ssh/known_hosts
Which will blow away the cached keys of all the known hosts.
Probably better to edit that file, and selectively delete the entries for
10.0.0.2.
Jethro.
> PoP-SP/RNP - Ponto de Presen?a da RNP em S?o Paulo
> CCE/USP - Centro de Computa??o Eletr?nica da Universidade de S?o Paulo
> >> PoP-SP/RNP - Ponto de Presen?a da RNP em S?o Paulo
> >> CCE/USP - Centro de Computa??o Eletr?nica da Universidade de S?o Paulo
. . . . . . . . . . . . . . . . . . . . . . . . .
Jethro R Binks
Computing Officer, IT Services, University Of Strathclyde, Glasgow, UK
Wagner Pereira
My known_host file has only one entry and I deleted that one.
After then, he stopped to complain because this host key stuff.
Now there is other error, but it is due to wrong password, I'm not sure.
Thanks for all your help, guys.
Hugs.
--
Wagner Pereira
PoP-SP/RNP - Ponto de Presença da RNP em São Paulo
CCE/USP - Centro de Computação Eletrônica da Universidade de São Paulo
http://www.pop-sp.rnp.br
Tel. (11) 3091-8901
Ryan West
> -----Original Message-----
> Sent: Tuesday, April 13, 2010 4:52 PM
> To: Rancid Mailing List
> Subject: [rancid] Re: New device on .cloginrc
>
> That's exactly what I did, Jethro.
>
> My known_host file has only one entry and I deleted that one.
>
> After then, he stopped to complain because this host key stuff.
>
> Now there is other error, but it is due to wrong password, I'm not sure.
>
I doubt root is the userid you have configured on your device, you'll need to work that.
Eric Cables
-- Eric Cables
Wagner Pereira
When I try to connect to my device using /home/rancid/bin/clogin, this
is what I get:
--------------------
--------------------
But, there is no root user written in my .cloginrc file.
Where does this root user should come from?
Hugs,
--
Wagner Pereira
PoP-SP/RNP - Ponto de Presença da RNP em São Paulo
CCE/USP - Centro de Computação Eletrônica da Universidade de São Paulo
http://www.pop-sp.rnp.br
Tel. (11) 3091-8901
You received this message because you are subscribed to the Google Groups "rancid-discuss" group.
To post to this group, send email to rancid-...@googlegroups.com.
To unsubscribe from this group, send email to rancid-discus...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/rancid-discuss?hl=en.
Drikus Brits
The root user is most likely because clogin is being executed as the root user, ie: you're logged in as root when you try to clogin into your router.
Hope this helps,
Drikus.
-----Original Message-----
From: rancid-disc...@shrubbery.net [mailto:rancid-disc...@shrubbery.net] On Behalf Of Wagner Pereira
Wagner Pereira
By the way, I noticed this comment in the .cloginrc file:
# add user <router name glob> <username>
# The default user is $USER (i.e.: the user running clogin).
Ok, so, I copied the .cloginrc file to /root directory. It still doesn't
work.
Error: TIMEOUT reached
Hugs,
--
Wagner Pereira
PoP-SP/RNP - Ponto de Presença da RNP em São Paulo
CCE/USP - Centro de Computação Eletrônica da Universidade de São Paulo
http://www.pop-sp.rnp.br
Tel. (11) 3091-8901
> Hi,
>
> The root user is most likely because clogin is being executed as the root user, ie: you're logged in as root when you try to clogin into your router.
>
> Hope this helps,
>
> Drikus.
>
> -----Original Message-----
> From: rancid-disc...@shrubbery.net [mailto:rancid-disc...@shrubbery.net] On Behalf Of Wagner Pereira
> Sent: 16 April 2010 03:40 PM
> Cc: Rancid Mailing List
> Subject: [rancid] Re: New device on .cloginrc
>
> Ryan,
>
> When I try to connect to my device using /home/rancid/bin/clogin, this
> is what I get:
>
> --------------------
> spawn ssh -c 3des -x -l root 10.0.0.2
> ro...@10.0.0.2's password:
> --------------------
>
> But, there is no root user written in my .cloginrc file.
>
> Where does this root user should come from?
>
> Hugs,
>
>
Wagner Pereira
In my first Cisco switch (already working) I logged in with the admin user.
But in the second one, which I still can't run Rancid OK, there is a
Radius AAA model implemented, which means: the authentication is not
local, but this device ask other server if the user is known.
I don't know what is the impact over Rancid when there is a Radius
running in the device.
Hugs,
--
Wagner Pereira
PoP-SP/RNP - Ponto de Presença da RNP em São Paulo
CCE/USP - Centro de Computação Eletrônica da Universidade de São Paulo
http://www.pop-sp.rnp.br
Tel. (11) 3091-8901
> Hi,
>
> If you need to use a specific user to log into your routers you can add it as
>
> <snip>
> add user * wagner
> </snip>
>
> That should then tell clogin to always use the username wagner for any switch.
>
> Regards,
>
> Drikus
>
>
> -----Original Message-----
> From: rancid-disc...@shrubbery.net [mailto:rancid-disc...@shrubbery.net] On Behalf Of Wagner Pereira
> Sent: 16 April 2010 04:43 PM
> Cc: Rancid Mailing List
> Subject: [rancid] Re: New device on .cloginrc
>
>
> By the way, I noticed this comment in the .cloginrc file:
>
> # add user<router name glob> <username>
> # The default user is $USER (i.e.: the user running clogin).
>
> Ok, so, I copied the .cloginrc file to /root directory. It still doesn't
> work.
>
> Error: TIMEOUT reached
>
> Hugs,
>
>
Drikus Brits
If you need to use a specific user to log into your routers you can add it as
<snip>
add user * wagner
</snip>
That should then tell clogin to always use the username wagner for any switch.
Regards,
Drikus
Mickael GARNIER
do you have a 'add user' entry in your .cloginrc ?
it should be like :
add user <host> <user>
add password <host> <password> <enable-password>
add method <host> ssh
MG
Le 16/04/2010 15:46, Drikus Brits a écrit :
> Hi,
>
> The root user is most likely because clogin is being executed as the root user, ie: you're logged in as root when you try to clogin into your router.
>
> Hope this helps,
>
> Drikus.
>
> -----Original Message-----
> From: rancid-disc...@shrubbery.net [mailto:rancid-disc...@shrubbery.net] On Behalf Of Wagner Pereira
> Sent: 16 April 2010 03:40 PM
> Cc: Rancid Mailing List
> Subject: [rancid] Re: New device on .cloginrc
>
> Ryan,
>
> When I try to connect to my device using /home/rancid/bin/clogin, this
> is what I get:
>
> --------------------
> spawn ssh -c 3des -x -l root 10.0.0.2
> ro...@10.0.0.2's password:
> --------------------
>
> But, there is no root user written in my .cloginrc file.
>
> Where does this root user should come from?
>
> Hugs,
>
>
Ce message est confidentiel. Sous reserve de tout accord conclu par
ecrit entre vous et La Poste, son contenu ne represente en aucun cas un
engagement de la part de La Poste. Toute publication, utilisation ou
diffusion, meme partielle, doit etre autorisee prealablement. Si vous
n'etes pas destinataire de ce message, merci d'en avertir immediatement
l'expediteur.
Drikus Brits
So , when you change your .cloginrc file to the below :
add user * admin
add password * {whatever_the_password_is}
what do you get ?
Thus to recap.....
1. Make sure you are either user admin logged in on your system and then try to clogin
2. Set the user variable to "admin" in the .cloginrc file if you are another user.
Also, can you try a manual login and see what happens ?..eg telnet into the device/or ssh and see if it completes ?
d.
Wagner Pereira
Yes, my .cloginrc is exactly like the below (omitting all the real
values, obviously):
add password 10.0.0.2 {vty passwd} {enable passwd}
add user 10.0.0.2 user
add userprompt 10.0.0.2 {"Username:"}
add passprompt 10.0.0.2 {"Password:"}
add cyphertype 10.0.0.2 {3des}
I already have another device rancid'ing perfectly, that means my
.cloginrc lines are correctly written, since I declared it at the same
way that the above.
Hugs,
--
Wagner Pereira
PoP-SP/RNP - Ponto de Presença da RNP em São Paulo
CCE/USP - Centro de Computação Eletrônica da Universidade de São Paulo
http://www.pop-sp.rnp.br
Tel. (11) 3091-8901
Remy Heiden
Regards,
Remy