From cdeloison at cora.fr  Thu Mar  1 13:14:04 2018
From: cdeloison at cora.fr (DELOISON, Clement)
Date: Thu, 1 Mar 2018 14:14:04 +0100
Subject: [rancid] How to configure rancid for stacked switches ?
Message-ID: <CAFG82UvaiqYZHOsg1bTK6hQxR8qONQv2bUg_arVTcm3-4Y+=nQ@mail.gmail.com>

Hi,

Can you help me with my problem ? I can't make RANCID works with my stacked
HP switches. When I check logs, I have this :

Trying to get all of the configs.
couldn't compile regular expression pattern: parentheses () not balanced
    while executing
"expect {
        -re $reprompt   {}
        -re "\[\n\r]+"  { exp_continue }
    }"
    (procedure "run_commands" line 12)
    invoked from within
"run_commands $prompt $command"
    ("foreach" body line 160)
    invoked from within
"foreach router [lrange $argv $i end] {
    set router [string tolower $router]
    send_user "$router\n"

    # device timeout
    set timeout [find t..."
    (file "/usr/local/rancid/bin/hlogin" line 654)
xx.xxx.xxx.xxx: missed cmd(s): all commands
xx.xxx.xxx.xxx: End of run not found
;

I don't really understand what is the problem and what I can do to fix that.

Best regards,
-- 
Cl?ment Deloison
Apprenti R?seau
cdeloison at cora.fr
--
Cora Informatique
12 rue Joseph Cugnot - BP35049
57072 Metz CEDEX 3
Tel : 03.87.39.52.00
Fax : 03.87.39.52.99
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20180301/5a3e772f/attachment.html>

From doug.hughes at keystonenap.com  Thu Mar  1 18:09:44 2018
From: doug.hughes at keystonenap.com (doug.hughes at keystonenap.com)
Date: Thu, 1 Mar 2018 13:09:44 -0500
Subject: [rancid] How to configure rancid for stacked switches ?
In-Reply-To: <CAFG82UvaiqYZHOsg1bTK6hQxR8qONQv2bUg_arVTcm3-4Y+=nQ@mail.gmail.com>
References: <CAFG82UvaiqYZHOsg1bTK6hQxR8qONQv2bUg_arVTcm3-4Y+=nQ@mail.gmail.com>
Message-ID: <e8451414-a5c8-43f4-8946-719cc286210b.maildroid@localhost>

try hrancid -d -t hp <device>

Then we'd be able to tell a little more about what's going on.


Sent from my android device.

-----Original Message-----
From: "DELOISON, Clement" <cdeloison at cora.fr>
To: rancid-discuss at shrubbery.net
Sent: Thu, 01 Mar 2018 13:04
Subject: [rancid] How to configure rancid for stacked switches ?

Hi,

Can you help me with my problem ? I can't make RANCID works with my stacked
HP switches. When I check logs, I have this :

Trying to get all of the configs.
couldn't compile regular expression pattern: parentheses () not balanced
    while executing
"expect {
        -re $reprompt   {}
        -re "\[\n\r]+"  { exp_continue }
    }"
    (procedure "run_commands" line 12)
    invoked from within
"run_commands $prompt $command"
    ("foreach" body line 160)
    invoked from within
"foreach router [lrange $argv $i end] {
    set router [string tolower $router]
    send_user "$router\n"

    # device timeout
    set timeout [find t..."
    (file "/usr/local/rancid/bin/hlogin" line 654)
xx.xxx.xxx.xxx: missed cmd(s): all commands
xx.xxx.xxx.xxx: End of run not found
;

I don't really understand what is the problem and what I can do to fix that.

Best regards,
-- 
Cl?ment Deloison
Apprenti R?seau
cdeloison at cora.fr
--
Cora Informatique
12 rue Joseph Cugnot - BP35049
57072 Metz CEDEX 3
Tel : 03.87.39.52.00
Fax : 03.87.39.52.99
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20180301/2b1d3c6b/attachment.html>

From KGeil at orda.org  Thu Mar  1 20:29:13 2018
From: KGeil at orda.org (Kevin Geil)
Date: Thu, 1 Mar 2018 20:29:13 +0000
Subject: [rancid] Sonicwall: clogin sends password after first login?
Message-ID: <C9DD931F00FBFC49B2895B0B13C9250BDF1C062E@ORDAExchange-01.orda.local>

Hi, I hope someone can point me in the right direction here:  I'm trying to monitor a sonicwall device with Rancid, and am having a hiccup at the first step.   I can get clogin to authenticate to the device, but it immediately sends the password a second time after login, so the sonicwall sees it as a command, and returns an error.  I'm guessing it's my lack of understanding of Clogin, but after reading documentation, I still can't figure it out.  Thanks in advance to anyone who can help. I have tried adding a timeout value, and playing with the -noenable option, but to no avail.

Thanks again,

Kevin


My .cloginrc file looks like this:

add noenable sonic {1}
add method sonic ssh
add cyphertype sonic aes128-ctr
add user sonic ReadOnlyAdmin
add password sonic {mypassword}

And the output looks like this:
root at ubuntu:/var/lib/rancid/bin# ./clogin -f /var/lib/rancid/.cloginrc -noenable sonic

ReadOnlyAdmin at sonic's password:

Copyright (c) 2016 Dell | SonicWALL, Inc.
Using username 'ReadOnlyAdmin'.
Password:
ReadOnlyAdmin at MY NSA4600_Primary> mypassword
% Error encountered at '^' marker:
    mypassword
    ^
% Error: No matching command found.
ReadOnlyAdmin at MY NSA4600_Primary>


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20180301/574829b1/attachment.html>

From doug.hughes at keystonenap.com  Thu Mar  1 22:23:20 2018
From: doug.hughes at keystonenap.com (doug.hughes at keystonenap.com)
Date: Thu, 1 Mar 2018 17:23:20 -0500
Subject: [rancid] Sonicwall: clogin sends password after first login?
In-Reply-To: <C9DD931F00FBFC49B2895B0B13C9250BDF1C062E@ORDAExchange-01.orda.local>
References: <C9DD931F00FBFC49B2895B0B13C9250BDF1C062E@ORDAExchange-01.orda.local>
Message-ID: <541cf3c4-826c-4ae3-aa56-14c02bfbdb0f.maildroid@localhost>

most likely it's having a problem recognizing your prompt. That's a pretty complex one and embedded spaces are bound to complicate things.


Sent from my android device.

-----Original Message-----
From: Kevin Geil <KGeil at orda.org>
To: "rancid-discuss at shrubbery.net" <rancid-discuss at shrubbery.net>
Sent: Thu, 01 Mar 2018 16:06
Subject: [rancid] Sonicwall: clogin sends password after first login?

Hi, I hope someone can point me in the right direction here:  I'm trying to monitor a sonicwall device with Rancid, and am having a hiccup at the first step.   I can get clogin to authenticate to the device, but it immediately sends the password a second time after login, so the sonicwall sees it as a command, and returns an error.  I'm guessing it's my lack of understanding of Clogin, but after reading documentation, I still can't figure it out.  Thanks in advance to anyone who can help. I have tried adding a timeout value, and playing with the -noenable option, but to no avail.

Thanks again,

Kevin


My .cloginrc file looks like this:

add noenable sonic {1}
add method sonic ssh
add cyphertype sonic aes128-ctr
add user sonic ReadOnlyAdmin
add password sonic {mypassword}

And the output looks like this:
root at ubuntu:/var/lib/rancid/bin# ./clogin -f /var/lib/rancid/.cloginrc -noenable sonic

ReadOnlyAdmin at sonic's password:

Copyright (c) 2016 Dell | SonicWALL, Inc.
Using username 'ReadOnlyAdmin'.
Password:
ReadOnlyAdmin at MY NSA4600_Primary> mypassword
% Error encountered at '^' marker:
    mypassword
    ^
% Error: No matching command found.
ReadOnlyAdmin at MY NSA4600_Primary>


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20180301/e3a7e29f/attachment.html>

From heas at shrubbery.net  Thu Mar  1 23:38:12 2018
From: heas at shrubbery.net (heasley)
Date: Thu, 1 Mar 2018 23:38:12 +0000
Subject: [rancid] Sonicwall: clogin sends password after first login?
In-Reply-To: <541cf3c4-826c-4ae3-aa56-14c02bfbdb0f.maildroid@localhost>
References: <C9DD931F00FBFC49B2895B0B13C9250BDF1C062E@ORDAExchange-01.orda.local>
 <541cf3c4-826c-4ae3-aa56-14c02bfbdb0f.maildroid@localhost>
Message-ID: <20180301233812.GR39608@shrubbery.net>

Thu, Mar 01, 2018 at 05:23:20PM -0500, doug.hughes at keystonenap.com:
> most likely it's having a problem recognizing your prompt. That's a pretty complex one and embedded spaces are bound to complicate things.
> 
> 
> Sent from my android device.
> 
> -----Original Message-----
> From: Kevin Geil <KGeil at orda.org>
> To: "rancid-discuss at shrubbery.net" <rancid-discuss at shrubbery.net>
> Sent: Thu, 01 Mar 2018 16:06
> Subject: [rancid] Sonicwall: clogin sends password after first login?
> 
> Hi, I hope someone can point me in the right direction here:  I'm trying to monitor a sonicwall device with Rancid, and am having a hiccup at the first step.   I can get clogin to authenticate to the device, but it immediately sends the password a second time after login, so the sonicwall sees it as a command, and returns an error.  I'm guessing it's my lack of understanding of Clogin, but after reading documentation, I still can't figure it out.  Thanks in advance to anyone who can help. I have tried adding a timeout value, and playing with the -noenable option, but to no avail.

There is no support for Sonic.  So, I do not know if clogin would work with
it.  you will need to add support yourself.

> Thanks again,
> 
> Kevin
> 
> 
> My .cloginrc file looks like this:
> 
> add noenable sonic {1}
> add method sonic ssh
> add cyphertype sonic aes128-ctr
> add user sonic ReadOnlyAdmin
> add password sonic {mypassword}
> 
> And the output looks like this:
> root at ubuntu:/var/lib/rancid/bin# ./clogin -f /var/lib/rancid/.cloginrc -noenable sonic
> 
> ReadOnlyAdmin at sonic's password:
> 
> Copyright (c) 2016 Dell | SonicWALL, Inc.
> Using username 'ReadOnlyAdmin'.
> Password:
> ReadOnlyAdmin at MY NSA4600_Primary> mypassword
> % Error encountered at '^' marker:
>     mypassword
>     ^
> % Error: No matching command found.
> ReadOnlyAdmin at MY NSA4600_Primary>
> 
> 

> _______________________________________________
> Rancid-discuss mailing list
> Rancid-discuss at shrubbery.net
> http://www.shrubbery.net/mailman/listinfo/rancid-discuss


From heas at shrubbery.net  Fri Mar  2 00:02:09 2018
From: heas at shrubbery.net (heasley)
Date: Fri, 2 Mar 2018 00:02:09 +0000
Subject: [rancid] How to configure rancid for stacked switches ?
In-Reply-To: <e8451414-a5c8-43f4-8946-719cc286210b.maildroid@localhost>
References: <CAFG82UvaiqYZHOsg1bTK6hQxR8qONQv2bUg_arVTcm3-4Y+=nQ@mail.gmail.com>
 <e8451414-a5c8-43f4-8946-719cc286210b.maildroid@localhost>
Message-ID: <20180302000209.GU39608@shrubbery.net>

Thu, Mar 01, 2018 at 01:09:44PM -0500, doug.hughes at keystonenap.com:
> try hrancid -d -t hp <device>
> 
> Then we'd be able to tell a little more about what's going on.

and what version of rancid.  what model switch.  etc.

> -----Original Message-----
> From: "DELOISON, Clement" <cdeloison at cora.fr>
> To: rancid-discuss at shrubbery.net
> Sent: Thu, 01 Mar 2018 13:04
> Subject: [rancid] How to configure rancid for stacked switches ?
> 
> Hi,
> 
> Can you help me with my problem ? I can't make RANCID works with my stacked
> HP switches. When I check logs, I have this :
> 
> Trying to get all of the configs.
> couldn't compile regular expression pattern: parentheses () not balanced
>     while executing
> "expect {
>         -re $reprompt   {}
>         -re "\[\n\r]+"  { exp_continue }
>     }"
>     (procedure "run_commands" line 12)
>     invoked from within
> "run_commands $prompt $command"
>     ("foreach" body line 160)
>     invoked from within
> "foreach router [lrange $argv $i end] {
>     set router [string tolower $router]
>     send_user "$router\n"
> 
>     # device timeout
>     set timeout [find t..."
>     (file "/usr/local/rancid/bin/hlogin" line 654)
> xx.xxx.xxx.xxx: missed cmd(s): all commands
> xx.xxx.xxx.xxx: End of run not found
> ;
> 
> I don't really understand what is the problem and what I can do to fix that.
> 
> Best regards,
> -- 
> Cl?ment Deloison
> Apprenti R?seau
> cdeloison at cora.fr
> --
> Cora Informatique
> 12 rue Joseph Cugnot - BP35049
> 57072 Metz CEDEX 3
> Tel : 03.87.39.52.00
> Fax : 03.87.39.52.99

> _______________________________________________
> Rancid-discuss mailing list
> Rancid-discuss at shrubbery.net
> http://www.shrubbery.net/mailman/listinfo/rancid-discuss


From cdeloison at cora.fr  Fri Mar  2 08:16:33 2018
From: cdeloison at cora.fr (DELOISON, Clement)
Date: Fri, 2 Mar 2018 09:16:33 +0100
Subject: [rancid] How to configure rancid for stacked switches ?
In-Reply-To: <20180302000209.GU39608@shrubbery.net>
References: <CAFG82UvaiqYZHOsg1bTK6hQxR8qONQv2bUg_arVTcm3-4Y+=nQ@mail.gmail.com>
 <e8451414-a5c8-43f4-8946-719cc286210b.maildroid@localhost>
 <20180302000209.GU39608@shrubbery.net>
Message-ID: <CAFG82UuTjcB-=1sG0r2hx0=JujcSDgams5keYeRr8eW_dAw0iA@mail.gmail.com>

Hi again,

I'm not able to do a hrancid... I'm sorry for that but I'm a french student
and I'm new at rancid configuration, it's the first time I use it. I may
apologize too for my english which is not perfect at all.
 Well, this is what I had when I tried hrancid ; "-bash: hrancid: command
not found" (I suppose that I have to install packages or something like
this ?)
For the configuration, this is what I have :



There are 2 of them, which are stacked (I don't know if it's the right word
but it's like you have 2 switches in one with only one IP address)
My version of RANCID is : rancid-3.4.1

Thank you very much for your feedback ! You help me a lot in my project !

Best regards,

2018-03-02 1:02 GMT+01:00 heasley <heas at shrubbery.net>:

> Thu, Mar 01, 2018 at 01:09:44PM -0500, doug.hughes at keystonenap.com:
> > try hrancid -d -t hp <device>
> >
> > Then we'd be able to tell a little more about what's going on.
>
> and what version of rancid.  what model switch.  etc.
>
> > -----Original Message-----
> > From: "DELOISON, Clement" <cdeloison at cora.fr>
> > To: rancid-discuss at shrubbery.net
> > Sent: Thu, 01 Mar 2018 13:04
> > Subject: [rancid] How to configure rancid for stacked switches ?
> >
> > Hi,
> >
> > Can you help me with my problem ? I can't make RANCID works with my
> stacked
> > HP switches. When I check logs, I have this :
> >
> > Trying to get all of the configs.
> > couldn't compile regular expression pattern: parentheses () not balanced
> >     while executing
> > "expect {
> >         -re $reprompt   {}
> >         -re "\[\n\r]+"  { exp_continue }
> >     }"
> >     (procedure "run_commands" line 12)
> >     invoked from within
> > "run_commands $prompt $command"
> >     ("foreach" body line 160)
> >     invoked from within
> > "foreach router [lrange $argv $i end] {
> >     set router [string tolower $router]
> >     send_user "$router\n"
> >
> >     # device timeout
> >     set timeout [find t..."
> >     (file "/usr/local/rancid/bin/hlogin" line 654)
> > xx.xxx.xxx.xxx: missed cmd(s): all commands
> > xx.xxx.xxx.xxx: End of run not found
> > ;
> >
> > I don't really understand what is the problem and what I can do to fix
> that.
> >
> > Best regards,
> > --
> > Cl?ment Deloison
> > Apprenti R?seau
> > cdeloison at cora.fr
> > --
> > Cora Informatique
> > 12 rue Joseph Cugnot - BP35049
> > 57072 Metz CEDEX 3
> > Tel : 03.87.39.52.00
> > Fax : 03.87.39.52.99
>
> > _______________________________________________
> > Rancid-discuss mailing list
> > Rancid-discuss at shrubbery.net
> > http://www.shrubbery.net/mailman/listinfo/rancid-discuss
>
>


-- 
Cl?ment Deloison
Apprenti R?seau
cdeloison at cora.fr
--
Cora Informatique
12 rue Joseph Cugnot - BP35049
57072 Metz CEDEX 3
Tel : 03.87.39.52.00
Fax : 03.87.39.52.99
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20180302/1cbfae94/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: aruba model.png
Type: image/png
Size: 14221 bytes
Desc: not available
URL: <http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20180302/1cbfae94/attachment.png>

From doug.hughes at keystonenap.com  Fri Mar  2 14:25:33 2018
From: doug.hughes at keystonenap.com (doug.hughes at keystonenap.com)
Date: Fri, 2 Mar 2018 09:25:33 -0500
Subject: [rancid] Sonicwall: clogin sends password after first login?
In-Reply-To: <C9DD931F00FBFC49B2895B0B13C9250BDF1CB988@ORDAExchange-01.orda.local>
References: <C9DD931F00FBFC49B2895B0B13C9250BDF1C062E@ORDAExchange-01.orda.local>
 <541cf3c4-826c-4ae3-aa56-14c02bfbdb0f.maildroid@localhost>
 <20180301233812.GR39608@shrubbery.net>
 <C9DD931F00FBFC49B2895B0B13C9250BDF1CB988@ORDAExchange-01.orda.local>
Message-ID: <4899bc00-acbc-4429-8600-d59a9c65a745.maildroid@localhost>

you'll probably have to (or want to) for clogin into something like soniclogin so that it can do what is necessary to get the login prompt determination right. (see also the paloalto login script)
And you'll want a forked rancid from one of the other examples like urancid that sends the right sets of commands. Urancid for ubiquiti devices is a pretty simple and good one to copy, or the fortinet one.


Sent from my android device.

-----Original Message-----
From: Kevin Geil <KGeil at orda.org>
To: heasley <heas at shrubbery.net>, "doug.hughes at keystonenap.com" <doug.hughes at keystonenap.com>
Cc: "rancid-discuss at shrubbery.net" <rancid-discuss at shrubbery.net>
Sent: Fri, 02 Mar 2018 9:11
Subject: RE: [rancid] Sonicwall: clogin sends password after first login?

Thanks, I figured it was something like that.  Is  it recommended to use a custom version of clogin, or do I just discard the error text when I write the script that retrieves the configuration?

Thanks again,

Kevin
-----Original Message-----
From: heasley [mailto:heas at shrubbery.net] 
Sent: Thursday, March 1, 2018 6:38 PM
To: doug.hughes at keystonenap.com
Cc: rancid-discuss at shrubbery.net; Kevin Geil <KGeil at orda.org>
Subject: Re: [rancid] Sonicwall: clogin sends password after first login?

Thu, Mar 01, 2018 at 05:23:20PM -0500, doug.hughes at keystonenap.com:
> most likely it's having a problem recognizing your prompt. That's a pretty complex one and embedded spaces are bound to complicate things.
> 
> 
> Sent from my android device.
> 
> -----Original Message-----
> From: Kevin Geil <KGeil at orda.org>
> To: "rancid-discuss at shrubbery.net" <rancid-discuss at shrubbery.net>
> Sent: Thu, 01 Mar 2018 16:06
> Subject: [rancid] Sonicwall: clogin sends password after first login?
> 
> Hi, I hope someone can point me in the right direction here:  I'm trying to monitor a sonicwall device with Rancid, and am having a hiccup at the first step.   I can get clogin to authenticate to the device, but it immediately sends the password a second time after login, so the sonicwall sees it as a command, and returns an error.  I'm guessing it's my lack of understanding of Clogin, but after reading documentation, I still can't figure it out.  Thanks in advance to anyone who can help. I have tried adding a timeout value, and playing with the -noenable option, but to no avail.

There is no support for Sonic.  So, I do not know if clogin would work with it.  you will need to add support yourself.

> Thanks again,
> 
> Kevin
> 
> 
> My .cloginrc file looks like this:
> 
> add noenable sonic {1}
> add method sonic ssh
> add cyphertype sonic aes128-ctr
> add user sonic ReadOnlyAdmin
> add password sonic {mypassword}
> 
> And the output looks like this:
> root at ubuntu:/var/lib/rancid/bin# ./clogin -f /var/lib/rancid/.cloginrc 
> -noenable sonic
> 
> ReadOnlyAdmin at sonic's password:
> 
> Copyright (c) 2016 Dell | SonicWALL, Inc.
> Using username 'ReadOnlyAdmin'.
> Password:
> ReadOnlyAdmin at MY NSA4600_Primary> mypassword % Error encountered at 
> '^' marker:
>     mypassword
>     ^
> % Error: No matching command found.
> ReadOnlyAdmin at MY NSA4600_Primary>
> 
> 

> _______________________________________________
> Rancid-discuss mailing list
> Rancid-discuss at shrubbery.net
> http://www.shrubbery.net/mailman/listinfo/rancid-discuss

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20180302/76c46e5d/attachment.html>

From heas at shrubbery.net  Fri Mar  2 16:11:00 2018
From: heas at shrubbery.net (heasley)
Date: Fri, 2 Mar 2018 16:11:00 +0000
Subject: [rancid] Sonicwall: clogin sends password after first login?
In-Reply-To: <4899bc00-acbc-4429-8600-d59a9c65a745.maildroid@localhost>
References: <C9DD931F00FBFC49B2895B0B13C9250BDF1C062E@ORDAExchange-01.orda.local>
 <541cf3c4-826c-4ae3-aa56-14c02bfbdb0f.maildroid@localhost>
 <20180301233812.GR39608@shrubbery.net>
 <C9DD931F00FBFC49B2895B0B13C9250BDF1CB988@ORDAExchange-01.orda.local>
 <4899bc00-acbc-4429-8600-d59a9c65a745.maildroid@localhost>
Message-ID: <20180302161100.GA44756@shrubbery.net>

Fri, Mar 02, 2018 at 09:25:33AM -0500, doug.hughes at keystonenap.com:
> you'll probably have to (or want to) for clogin into something like soniclogin so that it can do what is necessary to get the login prompt determination right. (see also the paloalto login script)
> And you'll want a forked rancid from one of the other examples like urancid that sends the right sets of commands. Urancid for ubiquiti devices is a pretty simple and good one to copy, or the fortinet one.

there is a rancid FAQ entry on extending rancid.  please read that too.

the ubiquity stuff is native now, btw.  I think it might need a tweak or
two for some devices that I did not have access to.

> Sent from my android device.
> 
> -----Original Message-----
> From: Kevin Geil <KGeil at orda.org>
> To: heasley <heas at shrubbery.net>, "doug.hughes at keystonenap.com" <doug.hughes at keystonenap.com>
> Cc: "rancid-discuss at shrubbery.net" <rancid-discuss at shrubbery.net>
> Sent: Fri, 02 Mar 2018 9:11
> Subject: RE: [rancid] Sonicwall: clogin sends password after first login?
> 
> Thanks, I figured it was something like that.  Is  it recommended to use a custom version of clogin, or do I just discard the error text when I write the script that retrieves the configuration?
> 
> Thanks again,
> 
> Kevin
> -----Original Message-----
> From: heasley [mailto:heas at shrubbery.net] 
> Sent: Thursday, March 1, 2018 6:38 PM
> To: doug.hughes at keystonenap.com
> Cc: rancid-discuss at shrubbery.net; Kevin Geil <KGeil at orda.org>
> Subject: Re: [rancid] Sonicwall: clogin sends password after first login?
> 
> Thu, Mar 01, 2018 at 05:23:20PM -0500, doug.hughes at keystonenap.com:
> > most likely it's having a problem recognizing your prompt. That's a pretty complex one and embedded spaces are bound to complicate things.
> > 
> > 
> > Sent from my android device.
> > 
> > -----Original Message-----
> > From: Kevin Geil <KGeil at orda.org>
> > To: "rancid-discuss at shrubbery.net" <rancid-discuss at shrubbery.net>
> > Sent: Thu, 01 Mar 2018 16:06
> > Subject: [rancid] Sonicwall: clogin sends password after first login?
> > 
> > Hi, I hope someone can point me in the right direction here:  I'm trying to monitor a sonicwall device with Rancid, and am having a hiccup at the first step.   I can get clogin to authenticate to the device, but it immediately sends the password a second time after login, so the sonicwall sees it as a command, and returns an error.  I'm guessing it's my lack of understanding of Clogin, but after reading documentation, I still can't figure it out.  Thanks in advance to anyone who can help. I have tried adding a timeout value, and playing with the -noenable option, but to no avail.
> 
> There is no support for Sonic.  So, I do not know if clogin would work with it.  you will need to add support yourself.
> 
> > Thanks again,
> > 
> > Kevin
> > 
> > 
> > My .cloginrc file looks like this:
> > 
> > add noenable sonic {1}
> > add method sonic ssh
> > add cyphertype sonic aes128-ctr
> > add user sonic ReadOnlyAdmin
> > add password sonic {mypassword}
> > 
> > And the output looks like this:
> > root at ubuntu:/var/lib/rancid/bin# ./clogin -f /var/lib/rancid/.cloginrc 
> > -noenable sonic
> > 
> > ReadOnlyAdmin at sonic's password:
> > 
> > Copyright (c) 2016 Dell | SonicWALL, Inc.
> > Using username 'ReadOnlyAdmin'.
> > Password:
> > ReadOnlyAdmin at MY NSA4600_Primary> mypassword % Error encountered at 
> > '^' marker:
> >     mypassword
> >     ^
> > % Error: No matching command found.
> > ReadOnlyAdmin at MY NSA4600_Primary>
> > 
> > 
> 
> > _______________________________________________
> > Rancid-discuss mailing list
> > Rancid-discuss at shrubbery.net
> > http://www.shrubbery.net/mailman/listinfo/rancid-discuss
> 


From KGeil at orda.org  Fri Mar  2 14:11:35 2018
From: KGeil at orda.org (Kevin Geil)
Date: Fri, 2 Mar 2018 14:11:35 +0000
Subject: [rancid] Sonicwall: clogin sends password after first login?
In-Reply-To: <20180301233812.GR39608@shrubbery.net>
References: <C9DD931F00FBFC49B2895B0B13C9250BDF1C062E@ORDAExchange-01.orda.local>
 <541cf3c4-826c-4ae3-aa56-14c02bfbdb0f.maildroid@localhost>
 <20180301233812.GR39608@shrubbery.net>
Message-ID: <C9DD931F00FBFC49B2895B0B13C9250BDF1CB988@ORDAExchange-01.orda.local>

Thanks, I figured it was something like that.  Is  it recommended to use a custom version of clogin, or do I just discard the error text when I write the script that retrieves the configuration?

Thanks again,

Kevin
-----Original Message-----
From: heasley [mailto:heas at shrubbery.net] 
Sent: Thursday, March 1, 2018 6:38 PM
To: doug.hughes at keystonenap.com
Cc: rancid-discuss at shrubbery.net; Kevin Geil <KGeil at orda.org>
Subject: Re: [rancid] Sonicwall: clogin sends password after first login?

Thu, Mar 01, 2018 at 05:23:20PM -0500, doug.hughes at keystonenap.com:
> most likely it's having a problem recognizing your prompt. That's a pretty complex one and embedded spaces are bound to complicate things.
> 
> 
> Sent from my android device.
> 
> -----Original Message-----
> From: Kevin Geil <KGeil at orda.org>
> To: "rancid-discuss at shrubbery.net" <rancid-discuss at shrubbery.net>
> Sent: Thu, 01 Mar 2018 16:06
> Subject: [rancid] Sonicwall: clogin sends password after first login?
> 
> Hi, I hope someone can point me in the right direction here:  I'm trying to monitor a sonicwall device with Rancid, and am having a hiccup at the first step.   I can get clogin to authenticate to the device, but it immediately sends the password a second time after login, so the sonicwall sees it as a command, and returns an error.  I'm guessing it's my lack of understanding of Clogin, but after reading documentation, I still can't figure it out.  Thanks in advance to anyone who can help. I have tried adding a timeout value, and playing with the -noenable option, but to no avail.

There is no support for Sonic.  So, I do not know if clogin would work with it.  you will need to add support yourself.

> Thanks again,
> 
> Kevin
> 
> 
> My .cloginrc file looks like this:
> 
> add noenable sonic {1}
> add method sonic ssh
> add cyphertype sonic aes128-ctr
> add user sonic ReadOnlyAdmin
> add password sonic {mypassword}
> 
> And the output looks like this:
> root at ubuntu:/var/lib/rancid/bin# ./clogin -f /var/lib/rancid/.cloginrc 
> -noenable sonic
> 
> ReadOnlyAdmin at sonic's password:
> 
> Copyright (c) 2016 Dell | SonicWALL, Inc.
> Using username 'ReadOnlyAdmin'.
> Password:
> ReadOnlyAdmin at MY NSA4600_Primary> mypassword % Error encountered at 
> '^' marker:
>     mypassword
>     ^
> % Error: No matching command found.
> ReadOnlyAdmin at MY NSA4600_Primary>
> 
> 

> _______________________________________________
> Rancid-discuss mailing list
> Rancid-discuss at shrubbery.net
> http://www.shrubbery.net/mailman/listinfo/rancid-discuss


From KGeil at orda.org  Fri Mar  2 15:55:23 2018
From: KGeil at orda.org (Kevin Geil)
Date: Fri, 2 Mar 2018 15:55:23 +0000
Subject: [rancid] Sonicwall: clogin sends password after first login?
In-Reply-To: <4899bc00-acbc-4429-8600-d59a9c65a745.maildroid@localhost>
References: <C9DD931F00FBFC49B2895B0B13C9250BDF1C062E@ORDAExchange-01.orda.local>
 <541cf3c4-826c-4ae3-aa56-14c02bfbdb0f.maildroid@localhost>
 <20180301233812.GR39608@shrubbery.net>
 <C9DD931F00FBFC49B2895B0B13C9250BDF1CB988@ORDAExchange-01.orda.local>
 <4899bc00-acbc-4429-8600-d59a9c65a745.maildroid@localhost>
Message-ID: <C9DD931F00FBFC49B2895B0B13C9250BDF1CCF9F@ORDAExchange-01.orda.local>

Thanks so much.  Hopefully I have some success to share in the next couple of months.

Kevin

From: doug.hughes at keystonenap.com [mailto:doug.hughes at keystonenap.com]
Sent: Friday, March 2, 2018 9:26 AM
To: heasley <heas at shrubbery.net>; Kevin Geil <KGeil at orda.org>
Cc: rancid-discuss at shrubbery.net
Subject: RE: [rancid] Sonicwall: clogin sends password after first login?

you'll probably have to (or want to) for clogin into something like soniclogin so that it can do what is necessary to get the login prompt determination right. (see also the paloalto login script)
And you'll want a forked rancid from one of the other examples like urancid that sends the right sets of commands. Urancid for ubiquiti devices is a pretty simple and good one to copy, or the fortinet one.


Sent from my android device.

-----Original Message-----
From: Kevin Geil <KGeil at orda.org<mailto:KGeil at orda.org>>
To: heasley <heas at shrubbery.net<mailto:heas at shrubbery.net>>, "doug.hughes at keystonenap.com<mailto:doug.hughes at keystonenap.com>" <doug.hughes at keystonenap.com<mailto:doug.hughes at keystonenap.com>>
Cc: "rancid-discuss at shrubbery.net<mailto:rancid-discuss at shrubbery.net>" <rancid-discuss at shrubbery.net<mailto:rancid-discuss at shrubbery.net>>
Sent: Fri, 02 Mar 2018 9:11
Subject: RE: [rancid] Sonicwall: clogin sends password after first login?
Thanks, I figured it was something like that.  Is  it recommended to use a custom version of clogin, or do I just discard the error text when I write the script that retrieves the configuration?

Thanks again,

Kevin
-----Original Message-----
From: heasley [mailto:heas at shrubbery.net<mailto:heas at shrubbery.net>]
Sent: Thursday, March 1, 2018 6:38 PM
To: doug.hughes at keystonenap.com<mailto:doug.hughes at keystonenap.com>
Cc: rancid-discuss at shrubbery.net<mailto:rancid-discuss at shrubbery.net>; Kevin Geil <KGeil at orda.org<mailto:KGeil at orda.org>>
Subject: Re: [rancid] Sonicwall: clogin sends password after first login?

Thu, Mar 01, 2018 at 05:23:20PM -0500, doug.hughes at keystonenap.com<mailto:doug.hughes at keystonenap.com>:
> most likely it's having a problem recognizing your prompt. That's a pretty complex one and embedded spaces are bound to complicate things.
>
>
> Sent from my android device.
>
> -----Original Message-----
> From: Kevin Geil <KGeil at orda.org<mailto:KGeil at orda.org>>
> To: "rancid-discuss at shrubbery.net<mailto:rancid-discuss at shrubbery.net>" <rancid-discuss at shrubbery.net<mailto:rancid-discuss at shrubbery.net>>
> Sent: Thu, 01 Mar 2018 16:06
> Subject: [rancid] Sonicwall: clogin sends password after first login?
>
> Hi, I hope someone can point me in<geo:0,0?q=one+can+point+me+in> the right direction here:  I'm trying to monitor a sonicwall device with Rancid, and am having a hiccup at the first step.   I can get clogin to authenticate to the device, but it immediately sends the password a second time after login, so the sonicwall sees it as a command, and returns an error.  I'm guessing it's my lack of understanding of Clogin, but after reading documentation, I still can't figure it out.  Thanks in advance to anyone who can help. I have tried adding a timeout value, and playing with the -noenable option, but to no avail.

There is no support for Sonic.  So, I do not know if clogin would work with it.  you will need to add support yourself.

> Thanks again,
>
> Kevin
>
>
> My .cloginrc file looks like this:
>
> add noenable sonic {1}
> add method sonic ssh
> add cyphertype sonic aes128-ctr
> add user sonic ReadOnlyAdmin
> add password sonic {mypassword}
>
> And the output looks like this:
> root at ubuntu:/var/lib/rancid/bin# ./clogin -f /var/lib/rancid/.cloginrc
> -noenable sonic
>
> ReadOnlyAdmin at sonic's password:
>
> Copyright (c) 2016 Dell | SonicWALL, Inc.
> Using username 'ReadOnlyAdmin'.
> Password:
> ReadOnlyAdmin at MY NSA4600_Primary> mypassword % Error encountered at
> '^' marker:
>     mypassword
>     ^
> % Error: No matching command found.
> ReadOnlyAdmin at MY NSA4600_Primary>
>
>

> _______________________________________________
> Rancid-discuss mailing list
> Rancid-discuss at shrubbery.net<mailto:Rancid-discuss at shrubbery.net>
> http://www.shrubbery.net/mailman/listinfo/rancid-discuss
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20180302/73b9b31e/attachment.html>

From heas at shrubbery.net  Fri Mar  2 16:40:24 2018
From: heas at shrubbery.net (heasley)
Date: Fri, 2 Mar 2018 16:40:24 +0000
Subject: [rancid] How to configure rancid for stacked switches ?
In-Reply-To: <CAFG82UuTjcB-=1sG0r2hx0=JujcSDgams5keYeRr8eW_dAw0iA@mail.gmail.com>
References: <CAFG82UvaiqYZHOsg1bTK6hQxR8qONQv2bUg_arVTcm3-4Y+=nQ@mail.gmail.com>
 <e8451414-a5c8-43f4-8946-719cc286210b.maildroid@localhost>
 <20180302000209.GU39608@shrubbery.net>
 <CAFG82UuTjcB-=1sG0r2hx0=JujcSDgams5keYeRr8eW_dAw0iA@mail.gmail.com>
Message-ID: <20180302164024.GD44756@shrubbery.net>

Fri, Mar 02, 2018 at 09:16:33AM +0100, DELOISON, Clement:
> Hi again,
> 
> I'm not able to do a hrancid... I'm sorry for that but I'm a french student
> and I'm new at rancid configuration, it's the first time I use it. I may
> apologize too for my english which is not perfect at all.

your english is fine; stop appologizing for it.

>  Well, this is what I had when I tried hrancid ; "-bash: hrancid: command
> not found" (I suppose that I have to install packages or something like
> this ?)

if you are using bash, you should be able to "source" rancid.conf to create
a usable PATH that includes the location of hrancid, etc.
". /path/to/rancid.conf"

> For the configuration, this is what I have :
> 
> There are 2 of them, which are stacked (I don't know if it's the right word
> but it's like you have 2 switches in one with only one IP address)
> My version of RANCID is : rancid-3.4.1

There have been changes to hp support since then; I suggest that you install
rancid 3.7.

but, also tell us what model of switches these are, HP OEMs a lot of it's
network hardware.

> Thank you very much for your feedback ! You help me a lot in my project !
> 
> Best regards,
> 
> 2018-03-02 1:02 GMT+01:00 heasley <heas at shrubbery.net>:
> 
> > Thu, Mar 01, 2018 at 01:09:44PM -0500, doug.hughes at keystonenap.com:
> > > try hrancid -d -t hp <device>
> > >
> > > Then we'd be able to tell a little more about what's going on.
> >
> > and what version of rancid.  what model switch.  etc.
> >
> > > -----Original Message-----
> > > From: "DELOISON, Clement" <cdeloison at cora.fr>
> > > To: rancid-discuss at shrubbery.net
> > > Sent: Thu, 01 Mar 2018 13:04
> > > Subject: [rancid] How to configure rancid for stacked switches ?
> > >
> > > Hi,
> > >
> > > Can you help me with my problem ? I can't make RANCID works with my
> > stacked
> > > HP switches. When I check logs, I have this :
> > >
> > > Trying to get all of the configs.
> > > couldn't compile regular expression pattern: parentheses () not balanced
> > >     while executing
> > > "expect {
> > >         -re $reprompt   {}
> > >         -re "\[\n\r]+"  { exp_continue }
> > >     }"
> > >     (procedure "run_commands" line 12)
> > >     invoked from within
> > > "run_commands $prompt $command"
> > >     ("foreach" body line 160)
> > >     invoked from within
> > > "foreach router [lrange $argv $i end] {
> > >     set router [string tolower $router]
> > >     send_user "$router\n"
> > >
> > >     # device timeout
> > >     set timeout [find t..."
> > >     (file "/usr/local/rancid/bin/hlogin" line 654)
> > > xx.xxx.xxx.xxx: missed cmd(s): all commands
> > > xx.xxx.xxx.xxx: End of run not found
> > > ;
> > >
> > > I don't really understand what is the problem and what I can do to fix
> > that.
> > >
> > > Best regards,
> > > --
> > > Cl?ment Deloison
> > > Apprenti R?seau
> > > cdeloison at cora.fr
> > > --
> > > Cora Informatique
> > > 12 rue Joseph Cugnot - BP35049
> > > 57072 Metz CEDEX 3
> > > Tel : 03.87.39.52.00
> > > Fax : 03.87.39.52.99
> >
> > > _______________________________________________
> > > Rancid-discuss mailing list
> > > Rancid-discuss at shrubbery.net
> > > http://www.shrubbery.net/mailman/listinfo/rancid-discuss
> >
> >
> 
> 
> -- 
> Cl?ment Deloison
> Apprenti R?seau
> cdeloison at cora.fr
> --
> Cora Informatique
> 12 rue Joseph Cugnot - BP35049
> 57072 Metz CEDEX 3
> Tel : 03.87.39.52.00
> Fax : 03.87.39.52.99



From weylin at bu.edu  Mon Mar  5 14:48:56 2018
From: weylin at bu.edu (Piegorsch, Weylin William)
Date: Mon, 5 Mar 2018 14:48:56 +0000
Subject: [rancid] New Cisco ASA Login Failure
Message-ID: <96DD37D5-3F3B-4BBA-A8AC-78143EFFDF2A@bu.edu>

Hello,

I have a Cisco ASA 5506X device I just deployed (running 9.8(2)20 version), that rancid?s not logging into properly.  Clogincrc is set to method {telnet ssh} because there?s a plethora of really really old devices that hang when I try the other way around (and we haven?t been funded to refresh them nor authorized to remove them).

Here?s what rancid shows:



[rancid at nsgv-prod-59 ~]$ rancid -V

rancid 3.4.1

[rancid at nsgv-prod-59 ~]$

[rancid at nsgv-prod-59 ~]$

[rancid at nsgv-prod-59 ~]$

[rancid at nsgv-prod-59 ~]$ clogin xxxxxxxxxx

xxxxxxxxxx

spawn telnet xxxxxxxxxx

Trying yyyyyyy...

telnet: connect to address yyyyyyy: Connection refused

spawn ssh -2 -c aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc -x -l rancid xxxxxxxxxx



+------------------------------------+

|         BOSTON UNIVERSITY          |

+------------------------------------+

|         !!   WARNING   !!          |

|       AUTHORIZED ACCESS ONLY!      |

| Access to this system is permitted |

| for authorized  persons only.  All |

| connections    are    logged   and |

| monitored.    By   accessing  this |

| system,  you  acknowledge that use |

| of  this and  any other technology |

| at Boston University is subject to |

| the terms of the Boston University |

| Conditions  of  Use and  Policy on |

| Computing  Ethics;   please   see: |

| http://www.bu.edu/computing/ethics |

| for details.                       |

+------------------------------------+



rancid at xxxxxxxxxx 's password:

User rancid logged in to xxxxxxxxxx

Logins over the last 2 days: 12.  Last login: 08:39:20 EST Mar 5 2018 from zzzzzzz

Failed logins since the last login: 0.

Type help or '?' for a list of available commands.

xxxxxxxxxx/pri/act> rancid

                           ^

ERROR: % Invalid input detected at '^' marker.

xxxxxxxxxx/pri/act> en

Error: Unrecognized command, check your enable command

able

Password:

Password:

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20180305/9607e6bd/attachment.html>

From heas at shrubbery.net  Mon Mar  5 17:40:54 2018
From: heas at shrubbery.net (heasley)
Date: Mon, 5 Mar 2018 17:40:54 +0000
Subject: [rancid] New Cisco ASA Login Failure
In-Reply-To: <96DD37D5-3F3B-4BBA-A8AC-78143EFFDF2A@bu.edu>
References: <96DD37D5-3F3B-4BBA-A8AC-78143EFFDF2A@bu.edu>
Message-ID: <20180305174054.GE65161@shrubbery.net>

Mon, Mar 05, 2018 at 02:48:56PM +0000, Piegorsch, Weylin William:
> Hello,
> 
> I have a Cisco ASA 5506X device I just deployed (running 9.8(2)20 version), that rancid?s not logging into properly.  Clogincrc is set to method {telnet ssh} because there?s a plethora of really really old devices that hang when I try the other way around (and we haven?t been funded to refresh them nor authorized to remove them).
> 

A fix for this will be in the next version.  you can grab clogin from
http://rancid.shrubbery.net/rancid/svn/rancid/trunk/rancid/ or the alpha
from ftp://ftp.shrubbery.net/pub/rancid/alpha/


From weylin at bu.edu  Mon Mar  5 20:09:15 2018
From: weylin at bu.edu (Piegorsch, Weylin William)
Date: Mon, 5 Mar 2018 20:09:15 +0000
Subject: [rancid] New Cisco ASA Login Failure
In-Reply-To: <CADVasu7GHvB_gxy3dJpWhV+LQJQ4YEgq0-Z_6StZCRcgpJHVaQ@mail.gmail.com>
References: <96DD37D5-3F3B-4BBA-A8AC-78143EFFDF2A@bu.edu>
 <CADVasu7GHvB_gxy3dJpWhV+LQJQ4YEgq0-Z_6StZCRcgpJHVaQ@mail.gmail.com>
Message-ID: <ECFD039B-DBEE-40C6-911D-5F0F5D4A018C@bu.edu>

Thanks James.  Except, I can get the login prompt fine, which means the SSH cyphersuite negotiated well enough; and, I have no problems with any of my other ASAs running various code versions between 8.3 and 9.7.  See also below.
Weylin


[rancid at rancid-server ~]$ egrep -B 7 "^add cypher" .cloginrc



#

# cryptographic cypher support for Nexus 9000 running 7.0(3)I2(1) and later

# http://www.cisco.com/c/en/us/support/docs/switches/nexus-9000-series-switches/200663-Unable-to-SSH-into-Nexus-9K-fatal.html

# This also works fine for all other campus devices

# 22 Sep 2015

#

add cyphertype * {aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc}

[rancid at rancid-server ~]


From: james machado <hvgeekwtrvl at gmail.com>
Date: Monday, March 5, 2018 at 12:18 PM
To: Weylin Piegorsch <weylin at bu.edu>
Cc: "rancid-discuss at shrubbery.net" <rancid-discuss at shrubbery.net>
Subject: Re: [rancid] New Cisco ASA Login Failure

This is due to changes in the supported encryption methods in the updated IOS's and ASA softwares.  in your .cloginrc you will want to add a line:

add cyphertype <device> {encryption method}

you can find an encryption method your systems are happy with by doing the following:

ssh -vv <device>
[...]
debug2: mac_setup: found hmac-sha1
debug1: kex: server->client aes128-ctr hmac-sha1 none
debug2: mac_setup: found hmac-sha1
debug1: kex: client->server aes128ctr hmac-sha1 none
[...]

with my ASA's i use {aes256-ctr}.

james


On Mon, Mar 5, 2018 at 6:48 AM, Piegorsch, Weylin William <weylin at bu.edu<mailto:weylin at bu.edu>> wrote:
Hello,

I have a Cisco ASA 5506X device I just deployed (running 9.8(2)20 version), that rancid?s not logging into properly.  Clogincrc is set to method {telnet ssh} because there?s a plethora of really really old devices that hang when I try the other way around (and we haven?t been funded to refresh them nor authorized to remove them).

Here?s what rancid shows:



[rancid at nsgv-prod-59 ~]$ rancid -V

rancid 3.4.1

[rancid at nsgv-prod-59 ~]$

[rancid at nsgv-prod-59 ~]$

[rancid at nsgv-prod-59 ~]$

[rancid at nsgv-prod-59 ~]$ clogin xxxxxxxxxx

xxxxxxxxxx

spawn telnet xxxxxxxxxx

Trying yyyyyyy...

telnet: connect to address yyyyyyy: Connection refused

spawn ssh -2 -c aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc -x -l rancid xxxxxxxxxx



+------------------------------------+

|         BOSTON UNIVERSITY          |

+------------------------------------+

|         !!   WARNING   !!          |

|       AUTHORIZED ACCESS ONLY!      |

| Access to this system is permitted |

| for authorized  persons only.  All |

| connections    are    logged   and |

| monitored.    By   accessing  this |

| system,  you  acknowledge that use |

| of  this and  any other technology |

| at Boston University is subject to |

| the terms of the Boston University |

| Conditions  of  Use and  Policy on |

| Computing  Ethics;   please   see: |

| http://www.bu.edu/computing/ethics |

| for details.                       |

+------------------------------------+



rancid at xxxxxxxxxx 's password:

User rancid logged in to xxxxxxxxxx

Logins over the last 2 days: 12.  Last login: 08:39:20 EST Mar 5 2018 from zzzzzzz

Failed logins since the last login: 0.

Type help or '?' for a list of available commands.

xxxxxxxxxx/pri/act> rancid

                           ^

ERROR: % Invalid input detected at '^' marker.

xxxxxxxxxx/pri/act> en

Error: Unrecognized command, check your enable command

able

Password:

Password:


_______________________________________________
Rancid-discuss mailing list
Rancid-discuss at shrubbery.net<mailto:Rancid-discuss at shrubbery.net>
http://www.shrubbery.net/mailman/listinfo/rancid-discuss

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20180305/c3c3fdc3/attachment.html>

From weylin at bu.edu  Mon Mar  5 20:09:48 2018
From: weylin at bu.edu (Piegorsch, Weylin William)
Date: Mon, 5 Mar 2018 20:09:48 +0000
Subject: [rancid] New Cisco ASA Login Failure
In-Reply-To: <20180305174054.GE65161@shrubbery.net>
References: <96DD37D5-3F3B-4BBA-A8AC-78143EFFDF2A@bu.edu>
 <20180305174054.GE65161@shrubbery.net>
Message-ID: <0B728315-0B6E-4193-899D-F44D8C0F8BD9@bu.edu>

Got it; thanks Heasley.  I'll poke around on it.
weylin

?On 3/5/18, 12:41 PM, "heasley" <heas at shrubbery.net> wrote:

    Mon, Mar 05, 2018 at 02:48:56PM +0000, Piegorsch, Weylin William:
    > Hello,
    > 
    > I have a Cisco ASA 5506X device I just deployed (running 9.8(2)20 version), that rancid?s not logging into properly.  Clogincrc is set to method {telnet ssh} because there?s a plethora of really really old devices that hang when I try the other way around (and we haven?t been funded to refresh them nor authorized to remove them).
    > 
    
    A fix for this will be in the next version.  you can grab clogin from
    http://rancid.shrubbery.net/rancid/svn/rancid/trunk/rancid/ or the alpha
    from ftp://ftp.shrubbery.net/pub/rancid/alpha/
    


From Bob.Brunette at cdw.com  Mon Mar  5 20:20:28 2018
From: Bob.Brunette at cdw.com (Bob Brunette)
Date: Mon, 5 Mar 2018 20:20:28 +0000
Subject: [rancid] New Cisco ASA Login Failure
In-Reply-To: <ECFD039B-DBEE-40C6-911D-5F0F5D4A018C@bu.edu>
References: <96DD37D5-3F3B-4BBA-A8AC-78143EFFDF2A@bu.edu>
 <CADVasu7GHvB_gxy3dJpWhV+LQJQ4YEgq0-Z_6StZCRcgpJHVaQ@mail.gmail.com>
 <ECFD039B-DBEE-40C6-911D-5F0F5D4A018C@bu.edu>
Message-ID: <0AC64AD3-F0DD-4BFB-BFCF-98287162B937@cdw.com>

William,
Your easiest solution might be to turn on auto-enable on your new ASA with this:
aaa authorization exec authentication-server auto-enable

That doesn't get to the root cause of the problem, but it avoids having to enter the "enable" command and password.  Can you share your .cloginrc file lines for this device?  The problem may be there.

Bob Brunette

From: Rancid-discuss <rancid-discuss-bounces at shrubbery.net> on behalf of "Piegorsch, Weylin William" <weylin at bu.edu>
Date: Monday, March 5, 2018 at 2:09 PM
To: james machado <hvgeekwtrvl at gmail.com>
Cc: "rancid-discuss at shrubbery.net" <rancid-discuss at shrubbery.net>
Subject: Re: [rancid] New Cisco ASA Login Failure

Thanks James.  Except, I can get the login prompt fine, which means the SSH cyphersuite negotiated well enough; and, I have no problems with any of my other ASAs running various code versions between 8.3 and 9.7.  See also below.
Weylin


[rancid at rancid-server ~]$ egrep -B 7 "^add cypher" .cloginrc



#

# cryptographic cypher support for Nexus 9000 running 7.0(3)I2(1) and later

# http://www.cisco.com/c/en/us/support/docs/switches/nexus-9000-series-switches/200663-Unable-to-SSH-into-Nexus-9K-fatal.html

# This also works fine for all other campus devices

# 22 Sep 2015

#

add cyphertype * {aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc}

[rancid at rancid-server ~]


From: james machado <hvgeekwtrvl at gmail.com>
Date: Monday, March 5, 2018 at 12:18 PM
To: Weylin Piegorsch <weylin at bu.edu>
Cc: "rancid-discuss at shrubbery.net" <rancid-discuss at shrubbery.net>
Subject: Re: [rancid] New Cisco ASA Login Failure

This is due to changes in the supported encryption methods in the updated IOS's and ASA softwares.  in your .cloginrc you will want to add a line:

add cyphertype <device> {encryption method}

you can find an encryption method your systems are happy with by doing the following:

ssh -vv <device>
[...]
debug2: mac_setup: found hmac-sha1
debug1: kex: server->client aes128-ctr hmac-sha1 none
debug2: mac_setup: found hmac-sha1
debug1: kex: client->server aes128ctr hmac-sha1 none
[...]

with my ASA's i use {aes256-ctr}.

james


On Mon, Mar 5, 2018 at 6:48 AM, Piegorsch, Weylin William <weylin at bu.edu<mailto:weylin at bu.edu>> wrote:
Hello,

I have a Cisco ASA 5506X device I just deployed (running 9.8(2)20 version), that rancid?s not logging into properly.  Clogincrc is set to method {telnet ssh} because there?s a plethora of really really old devices that hang when I try the other way around (and we haven?t been funded to refresh them nor authorized to remove them).

Here?s what rancid shows:



[rancid at nsgv-prod-59 ~]$ rancid -V

rancid 3.4.1

[rancid at nsgv-prod-59 ~]$

[rancid at nsgv-prod-59 ~]$

[rancid at nsgv-prod-59 ~]$

[rancid at nsgv-prod-59 ~]$ clogin xxxxxxxxxx

xxxxxxxxxx

spawn telnet xxxxxxxxxx

Trying yyyyyyy...

telnet: connect to address yyyyyyy: Connection refused

spawn ssh -2 -c aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc -x -l rancid xxxxxxxxxx



+------------------------------------+

|         BOSTON UNIVERSITY          |

+------------------------------------+

|         !!   WARNING   !!          |

|       AUTHORIZED ACCESS ONLY!      |

| Access to this system is permitted |

| for authorized  persons only.  All |

| connections    are    logged   and |

| monitored.    By   accessing  this |

| system,  you  acknowledge that use |

| of  this and  any other technology |

| at Boston University is subject to |

| the terms of the Boston University |

| Conditions  of  Use and  Policy on |

| Computing  Ethics;   please   see: |

| http://www.bu.edu/computing/ethics<https://urldefense.proofpoint.com/v2/url?u=http-3A__www.bu.edu_computing_ethics&d=DwMGaQ&c=PzM68gSF_5r1R7BCE75oeA&r=gYZeMiDUCUw52JdC5NN6jRS7tkNrkCJCnDUS2Hz0h_k&m=PJpNpfTsb-UJ2eULuUeb6G2pdcg4c3d3NLb0WIm20wQ&s=h5QMqt5VS0dN_nxSvvHqSJaljh5o8muH8ro7j9-quHg&e=> |

| for details.                       |

+------------------------------------+



rancid at xxxxxxxxxx 's password:

User rancid logged in to xxxxxxxxxx

Logins over the last 2 days: 12.  Last login: 08:39:20 EST Mar 5 2018 from zzzzzzz

Failed logins since the last login: 0.

Type help or '?' for a list of available commands.

xxxxxxxxxx/pri/act> rancid

                           ^

ERROR: % Invalid input detected at '^' marker.

xxxxxxxxxx/pri/act> en

Error: Unrecognized command, check your enable command

able

Password:

Password:


_______________________________________________
Rancid-discuss mailing list
Rancid-discuss at shrubbery.net<mailto:Rancid-discuss at shrubbery.net>
http://www.shrubbery.net/mailman/listinfo/rancid-discuss<https://urldefense.proofpoint.com/v2/url?u=http-3A__www.shrubbery.net_mailman_listinfo_rancid-2Ddiscuss&d=DwMGaQ&c=PzM68gSF_5r1R7BCE75oeA&r=gYZeMiDUCUw52JdC5NN6jRS7tkNrkCJCnDUS2Hz0h_k&m=PJpNpfTsb-UJ2eULuUeb6G2pdcg4c3d3NLb0WIm20wQ&s=cudwTPeN4uy63yWcBWbAsaMsFdZlD_iWsDcj1b7xclc&e=>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20180305/1b232425/attachment.html>

From weylin at bu.edu  Mon Mar  5 20:36:27 2018
From: weylin at bu.edu (Piegorsch, Weylin William)
Date: Mon, 5 Mar 2018 20:36:27 +0000
Subject: [rancid] New Cisco ASA Login Failure
In-Reply-To: <0AC64AD3-F0DD-4BFB-BFCF-98287162B937@cdw.com>
References: <96DD37D5-3F3B-4BBA-A8AC-78143EFFDF2A@bu.edu>
 <CADVasu7GHvB_gxy3dJpWhV+LQJQ4YEgq0-Z_6StZCRcgpJHVaQ@mail.gmail.com>
 <ECFD039B-DBEE-40C6-911D-5F0F5D4A018C@bu.edu>
 <0AC64AD3-F0DD-4BFB-BFCF-98287162B937@cdw.com>
Message-ID: <1033008B-52B3-4A4B-855F-0DF75F360F87@bu.edu>

An interesting idea, hadn?t thought of that.  Unfortunately I?m not able to noenable that device; security policy doesn?t allow direct login to superuser (for those devices that have that ability... eg NX-OS defaults).  Here?s my entire .cloginrc, except that I?ve removed lines for individual devices, and obfuscated usernames/passwords; I have no group-specific .cloginrc files..
Weylin

#
# cryptographic cypher support for Nexus 9000 running 7.0(3)I2(1) and later
# http://www.cisco.com/c/en/us/support/docs/switches/nexus-9000-series-switches/200663-Unable-to-SSH-into-Nexus-9K-fatal.html
# This also works fine for all other campus devices
#
add cyphertype * {aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc}
add sshcmd * {ssh\ -2}

# Defaults
add user * {xxxxxxx}
add password * {xxxxxxx} {xxxxxxx}
add method * {telnet} {ssh}


From: Bob Brunette <Bob.Brunette at cdw.com>
Date: Monday, March 5, 2018 at 3:21 PM
To: Weylin Piegorsch <weylin at bu.edu>, james machado <hvgeekwtrvl at gmail.com>
Cc: "rancid-discuss at shrubbery.net" <rancid-discuss at shrubbery.net>
Subject: Re: [rancid] New Cisco ASA Login Failure

William,
Your easiest solution might be to turn on auto-enable on your new ASA with this:
aaa authorization exec authentication-server auto-enable

That doesn't get to the root cause of the problem, but it avoids having to enter the "enable" command and password.  Can you share your .cloginrc file lines for this device?  The problem may be there.

Bob Brunette

From: Rancid-discuss <rancid-discuss-bounces at shrubbery.net> on behalf of "Piegorsch, Weylin William" <weylin at bu.edu>
Date: Monday, March 5, 2018 at 2:09 PM
To: james machado <hvgeekwtrvl at gmail.com>
Cc: "rancid-discuss at shrubbery.net" <rancid-discuss at shrubbery.net>
Subject: Re: [rancid] New Cisco ASA Login Failure

Thanks James.  Except, I can get the login prompt fine, which means the SSH cyphersuite negotiated well enough; and, I have no problems with any of my other ASAs running various code versions between 8.3 and 9.7.  See also below.
Weylin


[rancid at rancid-server ~]$ egrep -B 7 "^add cypher" .cloginrc



#

# cryptographic cypher support for Nexus 9000 running 7.0(3)I2(1) and later

# http://www.cisco.com/c/en/us/support/docs/switches/nexus-9000-series-switches/200663-Unable-to-SSH-into-Nexus-9K-fatal.html

# This also works fine for all other campus devices

# 22 Sep 2015

#

add cyphertype * {aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc}

[rancid at rancid-server ~]


From: james machado <hvgeekwtrvl at gmail.com>
Date: Monday, March 5, 2018 at 12:18 PM
To: Weylin Piegorsch <weylin at bu.edu>
Cc: "rancid-discuss at shrubbery.net" <rancid-discuss at shrubbery.net>
Subject: Re: [rancid] New Cisco ASA Login Failure

This is due to changes in the supported encryption methods in the updated IOS's and ASA softwares.  in your .cloginrc you will want to add a line:

add cyphertype <device> {encryption method}

you can find an encryption method your systems are happy with by doing the following:

ssh -vv <device>
[...]
debug2: mac_setup: found hmac-sha1
debug1: kex: server->client aes128-ctr hmac-sha1 none
debug2: mac_setup: found hmac-sha1
debug1: kex: client->server aes128ctr hmac-sha1 none
[...]

with my ASA's i use {aes256-ctr}.

james


On Mon, Mar 5, 2018 at 6:48 AM, Piegorsch, Weylin William <weylin at bu.edu<mailto:weylin at bu.edu>> wrote:
Hello,

I have a Cisco ASA 5506X device I just deployed (running 9.8(2)20 version), that rancid?s not logging into properly.  Clogincrc is set to method {telnet ssh} because there?s a plethora of really really old devices that hang when I try the other way around (and we haven?t been funded to refresh them nor authorized to remove them).

Here?s what rancid shows:



[rancid at nsgv-prod-59 ~]$ rancid -V

rancid 3.4.1

[rancid at nsgv-prod-59 ~]$

[rancid at nsgv-prod-59 ~]$

[rancid at nsgv-prod-59 ~]$

[rancid at nsgv-prod-59 ~]$ clogin xxxxxxxxxx

xxxxxxxxxx

spawn telnet xxxxxxxxxx

Trying yyyyyyy...

telnet: connect to address yyyyyyy: Connection refused

spawn ssh -2 -c aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc -x -l rancid xxxxxxxxxx



+------------------------------------+

|         BOSTON UNIVERSITY          |

+------------------------------------+

|         !!   WARNING   !!          |

|       AUTHORIZED ACCESS ONLY!      |

| Access to this system is permitted |

| for authorized  persons only.  All |

| connections    are    logged   and |

| monitored.    By   accessing  this |

| system,  you  acknowledge that use |

| of  this and  any other technology |

| at Boston University is subject to |

| the terms of the Boston University |

| Conditions  of  Use and  Policy on |

| Computing  Ethics;   please   see: |

| http://www.bu.edu/computing/ethics<https://urldefense.proofpoint.com/v2/url?u=http-3A__www.bu.edu_computing_ethics&d=DwMGaQ&c=PzM68gSF_5r1R7BCE75oeA&r=gYZeMiDUCUw52JdC5NN6jRS7tkNrkCJCnDUS2Hz0h_k&m=PJpNpfTsb-UJ2eULuUeb6G2pdcg4c3d3NLb0WIm20wQ&s=h5QMqt5VS0dN_nxSvvHqSJaljh5o8muH8ro7j9-quHg&e=> |

| for details.                       |

+------------------------------------+



rancid at xxxxxxxxxx 's password:

User rancid logged in to xxxxxxxxxx

Logins over the last 2 days: 12.  Last login: 08:39:20 EST Mar 5 2018 from zzzzzzz

Failed logins since the last login: 0.

Type help or '?' for a list of available commands.

xxxxxxxxxx/pri/act> rancid

                           ^

ERROR: % Invalid input detected at '^' marker.

xxxxxxxxxx/pri/act> en

Error: Unrecognized command, check your enable command

able

Password:

Password:


_______________________________________________
Rancid-discuss mailing list
Rancid-discuss at shrubbery.net<mailto:Rancid-discuss at shrubbery.net>
http://www.shrubbery.net/mailman/listinfo/rancid-discuss<https://urldefense.proofpoint.com/v2/url?u=http-3A__www.shrubbery.net_mailman_listinfo_rancid-2Ddiscuss&d=DwMGaQ&c=PzM68gSF_5r1R7BCE75oeA&r=gYZeMiDUCUw52JdC5NN6jRS7tkNrkCJCnDUS2Hz0h_k&m=PJpNpfTsb-UJ2eULuUeb6G2pdcg4c3d3NLb0WIm20wQ&s=cudwTPeN4uy63yWcBWbAsaMsFdZlD_iWsDcj1b7xclc&e=>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20180305/c1e3f382/attachment.html>

From hvgeekwtrvl at gmail.com  Mon Mar  5 17:17:34 2018
From: hvgeekwtrvl at gmail.com (james machado)
Date: Mon, 5 Mar 2018 09:17:34 -0800
Subject: [rancid] New Cisco ASA Login Failure
In-Reply-To: <96DD37D5-3F3B-4BBA-A8AC-78143EFFDF2A@bu.edu>
References: <96DD37D5-3F3B-4BBA-A8AC-78143EFFDF2A@bu.edu>
Message-ID: <CADVasu7GHvB_gxy3dJpWhV+LQJQ4YEgq0-Z_6StZCRcgpJHVaQ@mail.gmail.com>

This is due to changes in the supported encryption methods in the updated
IOS's and ASA softwares.  in your .cloginrc you will want to add a line:

add cyphertype <device> {encryption method}

you can find an encryption method your systems are happy with by doing the
following:

ssh -vv <device>
[...]
debug2: mac_setup: found hmac-sha1
debug1: kex: server->client aes128-ctr hmac-sha1 none
debug2: mac_setup: found hmac-sha1
debug1: kex: client->server aes128ctr hmac-sha1 none
[...]

with my ASA's i use {aes256-ctr}.

james


On Mon, Mar 5, 2018 at 6:48 AM, Piegorsch, Weylin William <weylin at bu.edu>
wrote:

> Hello,
>
>
>
> I have a Cisco ASA 5506X device I just deployed (running 9.8(2)20
> version), that rancid?s not logging into properly.  Clogincrc is set to
> method {telnet ssh} because there?s a plethora of really really old devices
> that hang when I try the other way around (and we haven?t been funded to
> refresh them nor authorized to remove them).
>
>
>
> Here?s what rancid shows:
>
>
>
> [rancid at nsgv-prod-59 ~]$ rancid -V
>
> rancid 3.4.1
>
> [rancid at nsgv-prod-59 ~]$
>
> [rancid at nsgv-prod-59 ~]$
>
> [rancid at nsgv-prod-59 ~]$
>
> [rancid at nsgv-prod-59 ~]$ clogin xxxxxxxxxx
>
> xxxxxxxxxx
>
> spawn telnet xxxxxxxxxx
>
> Trying yyyyyyy...
>
> telnet: connect to address yyyyyyy: Connection refused
>
> spawn ssh -2 -c aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc
> -x -l rancid xxxxxxxxxx
>
>
>
> +------------------------------------+
>
> |         BOSTON UNIVERSITY          |
>
> +------------------------------------+
>
> |         !!   WARNING   !!          |
>
> |       AUTHORIZED ACCESS ONLY!      |
>
> | Access to this system is permitted |
>
> | for authorized  persons only.  All |
>
> | connections    are    logged   and |
>
> | monitored.    By   accessing  this |
>
> | system,  you  acknowledge that use |
>
> | of  this and  any other technology |
>
> | at Boston University is subject to |
>
> | the terms of the Boston University |
>
> | Conditions  of  Use and  Policy on |
>
> | Computing  Ethics;   please   see: |
>
> | http://www.bu.edu/computing/ethics |
>
> | for details.                       |
>
> +------------------------------------+
>
>
>
> rancid at xxxxxxxxxx 's password:
>
> User rancid logged in to xxxxxxxxxx
>
> Logins over the last 2 days: 12.  Last login: 08:39:20 EST Mar 5 2018
> from zzzzzzz
>
> Failed logins since the last login: 0.
>
> Type help or '?' for a list of available commands.
>
> xxxxxxxxxx/pri/act> rancid
>
>                            ^
>
> ERROR: % Invalid input detected at '^' marker.
>
> xxxxxxxxxx/pri/act> en
>
> Error: Unrecognized command, check your enable command
>
> able
>
> Password:
>
> Password:
>
>
>
> _______________________________________________
> Rancid-discuss mailing list
> Rancid-discuss at shrubbery.net
> http://www.shrubbery.net/mailman/listinfo/rancid-discuss
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20180305/d256548d/attachment.html>

From doug.hughes at keystonenap.com  Tue Mar  6 00:03:03 2018
From: doug.hughes at keystonenap.com (doug.hughes at keystonenap.com)
Date: Mon, 5 Mar 2018 19:03:03 -0500
Subject: [rancid] New Cisco ASA Login Failure
In-Reply-To: <CADVasu7GHvB_gxy3dJpWhV+LQJQ4YEgq0-Z_6StZCRcgpJHVaQ@mail.gmail.com>
References: <96DD37D5-3F3B-4BBA-A8AC-78143EFFDF2A@bu.edu>
 <CADVasu7GHvB_gxy3dJpWhV+LQJQ4YEgq0-Z_6StZCRcgpJHVaQ@mail.gmail.com>
Message-ID: <ebadcdee-3ed2-461c-83f7-83552f7c3eac.maildroid@localhost>

I use add cyphertype <device> aes256-cbc for all of our ASA-5*-X models, and it works.


Sent from my android device.

-----Original Message-----
From: james machado <hvgeekwtrvl at gmail.com>
To: "Piegorsch, Weylin William" <weylin at bu.edu>
Cc: "rancid-discuss at shrubbery.net" <rancid-discuss at shrubbery.net>
Sent: Mon, 05 Mar 2018 18:31
Subject: Re: [rancid] New Cisco ASA Login Failure

This is due to changes in the supported encryption methods in the updated
IOS's and ASA softwares.  in your .cloginrc you will want to add a line:

add cyphertype <device> {encryption method}

you can find an encryption method your systems are happy with by doing the
following:

ssh -vv <device>
[...]
debug2: mac_setup: found hmac-sha1
debug1: kex: server->client aes128-ctr hmac-sha1 none
debug2: mac_setup: found hmac-sha1
debug1: kex: client->server aes128ctr hmac-sha1 none
[...]

with my ASA's i use {aes256-ctr}.

james


On Mon, Mar 5, 2018 at 6:48 AM, Piegorsch, Weylin William <weylin at bu.edu>
wrote:

> Hello,
>
>
>
> I have a Cisco ASA 5506X device I just deployed (running 9.8(2)20
> version), that rancid?s not logging into properly.  Clogincrc is set to
> method {telnet ssh} because there?s a plethora of really really old devices
> that hang when I try the other way around (and we haven?t been funded to
> refresh them nor authorized to remove them).
>
>
>
> Here?s what rancid shows:
>
>
>
> [rancid at nsgv-prod-59 ~]$ rancid -V
>
> rancid 3.4.1
>
> [rancid at nsgv-prod-59 ~]$
>
> [rancid at nsgv-prod-59 ~]$
>
> [rancid at nsgv-prod-59 ~]$
>
> [rancid at nsgv-prod-59 ~]$ clogin xxxxxxxxxx
>
> xxxxxxxxxx
>
> spawn telnet xxxxxxxxxx
>
> Trying yyyyyyy...
>
> telnet: connect to address yyyyyyy: Connection refused
>
> spawn ssh -2 -c aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc
> -x -l rancid xxxxxxxxxx
>
>
>
> +------------------------------------+
>
> |         BOSTON UNIVERSITY          |
>
> +------------------------------------+
>
> |         !!   WARNING   !!          |
>
> |       AUTHORIZED ACCESS ONLY!      |
>
> | Access to this system is permitted |
>
> | for authorized  persons only.  All |
>
> | connections    are    logged   and |
>
> | monitored.    By   accessing  this |
>
> | system,  you  acknowledge that use |
>
> | of  this and  any other technology |
>
> | at Boston University is subject to |
>
> | the terms of the Boston University |
>
> | Conditions  of  Use and  Policy on |
>
> | Computing  Ethics;   please   see: |
>
> | http://www.bu.edu/computing/ethics |
>
> | for details.                       |
>
> +------------------------------------+
>
>
>
> rancid at xxxxxxxxxx 's password:
>
> User rancid logged in to xxxxxxxxxx
>
> Logins over the last 2 days: 12.  Last login: 08:39:20 EST Mar 5 2018
> from zzzzzzz
>
> Failed logins since the last login: 0.
>
> Type help or '?' for a list of available commands.
>
> xxxxxxxxxx/pri/act> rancid
>
>                            ^
>
> ERROR: % Invalid input detected at '^' marker.
>
> xxxxxxxxxx/pri/act> en
>
> Error: Unrecognized command, check your enable command
>
> able
>
> Password:
>
> Password:
>
>
>
> _______________________________________________
> Rancid-discuss mailing list
> Rancid-discuss at shrubbery.net
> http://www.shrubbery.net/mailman/listinfo/rancid-discuss
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20180305/67426152/attachment-0001.html>

From hvgeekwtrvl at gmail.com  Tue Mar  6 00:17:29 2018
From: hvgeekwtrvl at gmail.com (james machado)
Date: Mon, 5 Mar 2018 16:17:29 -0800
Subject: [rancid] New Cisco ASA Login Failure
In-Reply-To: <ECFD039B-DBEE-40C6-911D-5F0F5D4A018C@bu.edu>
References: <96DD37D5-3F3B-4BBA-A8AC-78143EFFDF2A@bu.edu>
 <CADVasu7GHvB_gxy3dJpWhV+LQJQ4YEgq0-Z_6StZCRcgpJHVaQ@mail.gmail.com>
 <ECFD039B-DBEE-40C6-911D-5F0F5D4A018C@bu.edu>
Message-ID: <CADVasu5=MYkk9hPiKjXCC86LaXs7A9yjfU9Yv2BTGWJpZ3nHwA@mail.gmail.com>

That's what i get for replying too soon.  It looks like your getting hit
with the "last login" item that came up on the list in January.
http://www.shrubbery.net/pipermail/rancid-discuss/2018-January/010020.html

James

On Mon, Mar 5, 2018 at 12:09 PM, Piegorsch, Weylin William <weylin at bu.edu>
wrote:

> Thanks James.  Except, I can get the login prompt fine, which means the
> SSH cyphersuite negotiated well enough; and, I have no problems with any of
> my other ASAs running various code versions between 8.3 and 9.7.  See also
> below.
>
> Weylin
>
>
>
> [rancid at rancid-server ~]$ egrep -B 7 "^add cypher" .cloginrc
>
>
>
> #
>
> # cryptographic cypher support for Nexus 9000 running 7.0(3)I2(1) and later
>
> # http://www.cisco.com/c/en/us/support/docs/switches/nexus-
> 9000-series-switches/200663-Unable-to-SSH-into-Nexus-9K-fatal.html
>
> # This also works fine for all other campus devices
>
> # 22 Sep 2015
>
> #
>
> add cyphertype * {aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc,
> aes192-cbc,aes256-cbc}
>
> [rancid at rancid-server ~]
>
>
>
>
>
> *From: *james machado <hvgeekwtrvl at gmail.com>
> *Date: *Monday, March 5, 2018 at 12:18 PM
> *To: *Weylin Piegorsch <weylin at bu.edu>
> *Cc: *"rancid-discuss at shrubbery.net" <rancid-discuss at shrubbery.net>
> *Subject: *Re: [rancid] New Cisco ASA Login Failure
>
>
>
> This is due to changes in the supported encryption methods in the updated
> IOS's and ASA softwares.  in your .cloginrc you will want to add a line:
>
>
>
> add cyphertype <device> {encryption method}
>
>
>
> you can find an encryption method your systems are happy with by doing the
> following:
>
>
>
> ssh -vv <device>
>
> [...]
>
> debug2: mac_setup: found hmac-sha1
>
> debug1: kex: server->client aes128-ctr hmac-sha1 none
>
> debug2: mac_setup: found hmac-sha1
>
> debug1: kex: client->server aes128ctr hmac-sha1 none
>
> [...]
>
>
>
> with my ASA's i use {aes256-ctr}.
>
>
>
> james
>
>
>
>
>
> On Mon, Mar 5, 2018 at 6:48 AM, Piegorsch, Weylin William <weylin at bu.edu>
> wrote:
>
> Hello,
>
>
>
> I have a Cisco ASA 5506X device I just deployed (running 9.8(2)20
> version), that rancid?s not logging into properly.  Clogincrc is set to
> method {telnet ssh} because there?s a plethora of really really old devices
> that hang when I try the other way around (and we haven?t been funded to
> refresh them nor authorized to remove them).
>
>
>
> Here?s what rancid shows:
>
>
>
> [rancid at nsgv-prod-59 ~]$ rancid -V
>
> rancid 3.4.1
>
> [rancid at nsgv-prod-59 ~]$
>
> [rancid at nsgv-prod-59 ~]$
>
> [rancid at nsgv-prod-59 ~]$
>
> [rancid at nsgv-prod-59 ~]$ clogin xxxxxxxxxx
>
> xxxxxxxxxx
>
> spawn telnet xxxxxxxxxx
>
> Trying yyyyyyy...
>
> telnet: connect to address yyyyyyy: Connection refused
>
> spawn ssh -2 -c aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc
> -x -l rancid xxxxxxxxxx
>
>
>
> +------------------------------------+
>
> |         BOSTON UNIVERSITY          |
>
> +------------------------------------+
>
> |         !!   WARNING   !!          |
>
> |       AUTHORIZED ACCESS ONLY!      |
>
> | Access to this system is permitted |
>
> | for authorized  persons only.  All |
>
> | connections    are    logged   and |
>
> | monitored.    By   accessing  this |
>
> | system,  you  acknowledge that use |
>
> | of  this and  any other technology |
>
> | at Boston University is subject to |
>
> | the terms of the Boston University |
>
> | Conditions  of  Use and  Policy on |
>
> | Computing  Ethics;   please   see: |
>
> | http://www.bu.edu/computing/ethics |
>
> | for details.                       |
>
> +------------------------------------+
>
>
>
> rancid at xxxxxxxxxx 's password:
>
> User rancid logged in to xxxxxxxxxx
>
> Logins over the last 2 days: 12.  Last login: 08:39:20 EST Mar 5 2018
> from zzzzzzz
>
> Failed logins since the last login: 0.
>
> Type help or '?' for a list of available commands.
>
> xxxxxxxxxx/pri/act> rancid
>
>                            ^
>
> ERROR: % Invalid input detected at '^' marker.
>
> xxxxxxxxxx/pri/act> en
>
> Error: Unrecognized command, check your enable command
>
> able
>
> Password:
>
> Password:
>
>
>
>
> _______________________________________________
> Rancid-discuss mailing list
> Rancid-discuss at shrubbery.net
> http://www.shrubbery.net/mailman/listinfo/rancid-discuss
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20180305/9839e596/attachment.html>

From ross at eve-it.net  Mon Mar  5 23:25:10 2018
From: ross at eve-it.net (Ross [Eve IT])
Date: Tue, 6 Mar 2018 10:25:10 +1100
Subject: [rancid] Brocade VDX
In-Reply-To: <20180223181430.GD10876@shrubbery.net>
References: <1221278298.4896124.1517948075907.ref@mail.yahoo.com>
 <1221278298.4896124.1517948075907@mail.yahoo.com>
 <20180223023430.GJ95665@shrubbery.net>
 <bed522d5-43d2-049e-3b7c-0002cd1df6b6@keystonenap.com>
 <20180223181430.GD10876@shrubbery.net>
Message-ID: <CAODA=KEx-1ffpQ=k_QWnTe-mioSJTbipA0aAh1rNSo8c-Zif5Q@mail.gmail.com>

I also use brcdvcs and it works fine.
Debian Jessie

2 stacks of 6740s.

Ross.



On Sat, Feb 24, 2018 at 5:14 AM, heasley <heas at shrubbery.net> wrote:

> Thu, Feb 22, 2018 at 09:44:47PM -0500, Doug Hughes:
> > I have VDX switches working.
> >
> > I use brcdvcs type
> >
> > 2 6940 and 2 6740 in a stack
> >
> > rancid.types.conf:
> >
> > # Brocade VCS 10g/40g
> > brcdvcs;script;rancid -t brcdvcs
> > brcdvcs;login;a10login
> > brcdvcs;module;brocade
> > brcdvcs;inloop;brocade::inloop
> > brcdvcs;command;brocade::ShowVersion;show version all-partitions
> > brcdvcs;command;brocade::ShowLicense;show license
> > brcdvcs;command;brocade::ShowRasLicense;show logging raslog rbridge-id
> 11
> > brcdvcs;command;brocade::ShowRasLicense;show logging raslog rbridge-id
> 12
> > brcdvcs;command;brocade::ShowVcs;show vcs detail
> > brcdvcs;command;brocade::ShowVlan;show vlan brief
> > brcdvcs;command;brocade::ShowSnapshots;show config snapshot rbridge-id 1
> > brcdvcs;command;brocade::ShowFabric;show virtual-fabric status
> > brcdvcs;command;brocade::ShowFabric;show fabric all
> > brcdvcs;command;brocade::ShowSupport;show support
> > brcdvcs;command;brocade::ShowMonitor;show system monitor
> > brcdvcs;command;brocade::ShowConfig;show running-config
>
> It'd be great if others who use this would confirm that it works properly
> and reliably.
>
> > (you'll want to change your rbridge-ids appropriately)
> >
> >
> >
> > On 2/22/2018 9:34 PM, heasley wrote:
> > > Tue, Feb 06, 2018 at 08:14:35PM +0000, Andrew Meyer:
> > >> I have 4 Brocade VDX 6740 switches that I am trying to add to
> RANCiD.  Has anyone gotten these to work?  I'm trying to write
> documentation so I can repeat this in the future.
> > >>
> > >> This is what I have found so far.  But I'm running this on FreeBSD
> 11.1.  I'm ok if I need to patch it.  Just loooking for the right way to
> add this to the system or patch it.
> > >>
> > >>
> > >>
> > >> http://www.shrubbery.net/pipermail/rancid-discuss/2017-
> April/009534.html
> > >>
> > >> https://community.brocade.com/t5/Ethernet-Fabric-VDX-CNA/
> Automatic-backup-for-brocade-VDX-Switches/td-p/84924
> > >> https://webclient.obs.j0ke.net/package/view_file/server:
> monitoring/rancid-stable/rancid.types.conf
> > >>
> > >> https://www.forwardingplane.net/2012/11/vdxrancid-contrib-scripts/
> > >>
> > >> http://www.dmcservicescorp.com/?p=2064
> > > you havent told us what version of rancid.  are you trying to add some
> > > other script because type foundry doesnt work for the device?  this
> > > page is accurate and/or see section 4 of the rancid FAQ
> > >
> > >> https://tobru.ch/backup-brocade-router-config-with-rancid/
> > >>
> > >> _______________________________________________
> > >> Rancid-discuss mailing list
> > >> Rancid-discuss at shrubbery.net
> > >> http://www.shrubbery.net/mailman/listinfo/rancid-discuss
> > > _______________________________________________
> > > Rancid-discuss mailing list
> > > Rancid-discuss at shrubbery.net
> > > http://www.shrubbery.net/mailman/listinfo/rancid-discuss
> >
> > --
> > Doug Hughes
> > Keystone NAP
> > Fairless Hills, PA
> > 1.844.KEYBLOCK (539.2562)
> >
>
> > _______________________________________________
> > Rancid-discuss mailing list
> > Rancid-discuss at shrubbery.net
> > http://www.shrubbery.net/mailman/listinfo/rancid-discuss
>
> _______________________________________________
> Rancid-discuss mailing list
> Rancid-discuss at shrubbery.net
> http://www.shrubbery.net/mailman/listinfo/rancid-discuss
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20180306/3f75c2b6/attachment.html>

From weylin at bu.edu  Tue Mar  6 12:58:37 2018
From: weylin at bu.edu (Piegorsch, Weylin William)
Date: Tue, 6 Mar 2018 12:58:37 +0000
Subject: [rancid] New Cisco ASA Login Failure
In-Reply-To: <CADVasu5=MYkk9hPiKjXCC86LaXs7A9yjfU9Yv2BTGWJpZ3nHwA@mail.gmail.com>
References: <96DD37D5-3F3B-4BBA-A8AC-78143EFFDF2A@bu.edu>
 <CADVasu7GHvB_gxy3dJpWhV+LQJQ4YEgq0-Z_6StZCRcgpJHVaQ@mail.gmail.com>
 <ECFD039B-DBEE-40C6-911D-5F0F5D4A018C@bu.edu>
 <CADVasu5=MYkk9hPiKjXCC86LaXs7A9yjfU9Yv2BTGWJpZ3nHwA@mail.gmail.com>
Message-ID: <005C22F6-9E4E-4FD9-998C-89DAAD59F456@bu.edu>

Aw snap!  I even replied to that thread :-(
http://www.shrubbery.net/pipermail/rancid-discuss/2018-January/010021.html

Thanks for pointing this out.

weylin

From: james machado <hvgeekwtrvl at gmail.com>
Date: Monday, March 5, 2018 at 7:18 PM
To: Weylin Piegorsch <weylin at bu.edu>
Cc: "rancid-discuss at shrubbery.net" <rancid-discuss at shrubbery.net>
Subject: Re: [rancid] New Cisco ASA Login Failure

That's what i get for replying too soon.  It looks like your getting hit with the "last login" item that came up on the list in January. http://www.shrubbery.net/pipermail/rancid-discuss/2018-January/010020.html

James

On Mon, Mar 5, 2018 at 12:09 PM, Piegorsch, Weylin William <weylin at bu.edu<mailto:weylin at bu.edu>> wrote:
Thanks James.  Except, I can get the login prompt fine, which means the SSH cyphersuite negotiated well enough; and, I have no problems with any of my other ASAs running various code versions between 8.3 and 9.7.  See also below.
Weylin


[rancid at rancid-server ~]$ egrep -B 7 "^add cypher" .cloginrc



#

# cryptographic cypher support for Nexus 9000 running 7.0(3)I2(1) and later

# http://www.cisco.com/c/en/us/support/docs/switches/nexus-9000-series-switches/200663-Unable-to-SSH-into-Nexus-9K-fatal.html

# This also works fine for all other campus devices

# 22 Sep 2015

#

add cyphertype * {aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc}

[rancid at rancid-server ~]


From: james machado <hvgeekwtrvl at gmail.com<mailto:hvgeekwtrvl at gmail.com>>
Date: Monday, March 5, 2018 at 12:18 PM
To: Weylin Piegorsch <weylin at bu.edu<mailto:weylin at bu.edu>>
Cc: "rancid-discuss at shrubbery.net<mailto:rancid-discuss at shrubbery.net>" <rancid-discuss at shrubbery.net<mailto:rancid-discuss at shrubbery.net>>
Subject: Re: [rancid] New Cisco ASA Login Failure

This is due to changes in the supported encryption methods in the updated IOS's and ASA softwares.  in your .cloginrc you will want to add a line:

add cyphertype <device> {encryption method}

you can find an encryption method your systems are happy with by doing the following:

ssh -vv <device>
[...]
debug2: mac_setup: found hmac-sha1
debug1: kex: server->client aes128-ctr hmac-sha1 none
debug2: mac_setup: found hmac-sha1
debug1: kex: client->server aes128ctr hmac-sha1 none
[...]

with my ASA's i use {aes256-ctr}.

james


On Mon, Mar 5, 2018 at 6:48 AM, Piegorsch, Weylin William <weylin at bu.edu<mailto:weylin at bu.edu>> wrote:
Hello,

I have a Cisco ASA 5506X device I just deployed (running 9.8(2)20 version), that rancid?s not logging into properly.  Clogincrc is set to method {telnet ssh} because there?s a plethora of really really old devices that hang when I try the other way around (and we haven?t been funded to refresh them nor authorized to remove them).

Here?s what rancid shows:



[rancid at nsgv-prod-59 ~]$ rancid -V

rancid 3.4.1

[rancid at nsgv-prod-59 ~]$

[rancid at nsgv-prod-59 ~]$

[rancid at nsgv-prod-59 ~]$

[rancid at nsgv-prod-59 ~]$ clogin xxxxxxxxxx

xxxxxxxxxx

spawn telnet xxxxxxxxxx

Trying yyyyyyy...

telnet: connect to address yyyyyyy: Connection refused

spawn ssh -2 -c aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc -x -l rancid xxxxxxxxxx



+------------------------------------+

|         BOSTON UNIVERSITY          |

+------------------------------------+

|         !!   WARNING   !!          |

|       AUTHORIZED ACCESS ONLY!      |

| Access to this system is permitted |

| for authorized  persons only.  All |

| connections    are    logged   and |

| monitored.    By   accessing  this |

| system,  you  acknowledge that use |

| of  this and  any other technology |

| at Boston University is subject to |

| the terms of the Boston University |

| Conditions  of  Use and  Policy on |

| Computing  Ethics;   please   see: |

| http://www.bu.edu/computing/ethics |

| for details.                       |

+------------------------------------+



rancid at xxxxxxxxxx 's password:

User rancid logged in to xxxxxxxxxx

Logins over the last 2 days: 12.  Last login: 08:39:20 EST Mar 5 2018 from zzzzzzz

Failed logins since the last login: 0.

Type help or '?' for a list of available commands.

xxxxxxxxxx/pri/act> rancid

                           ^

ERROR: % Invalid input detected at '^' marker.

xxxxxxxxxx/pri/act> en

Error: Unrecognized command, check your enable command

able

Password:

Password:


_______________________________________________
Rancid-discuss mailing list
Rancid-discuss at shrubbery.net<mailto:Rancid-discuss at shrubbery.net>
http://www.shrubbery.net/mailman/listinfo/rancid-discuss


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20180306/d8c7271d/attachment.html>

From on at LEFerguson.com  Tue Mar  6 14:36:37 2018
From: on at LEFerguson.com (on at LEFerguson.com)
Date: Tue, 6 Mar 2018 14:36:37 +0000
Subject: [rancid] New Cisco ASA Login Failure
In-Reply-To: <005C22F6-9E4E-4FD9-998C-89DAAD59F456@bu.edu>
References: <96DD37D5-3F3B-4BBA-A8AC-78143EFFDF2A@bu.edu>
 <CADVasu7GHvB_gxy3dJpWhV+LQJQ4YEgq0-Z_6StZCRcgpJHVaQ@mail.gmail.com>
 <ECFD039B-DBEE-40C6-911D-5F0F5D4A018C@bu.edu>
 <CADVasu5=MYkk9hPiKjXCC86LaXs7A9yjfU9Yv2BTGWJpZ3nHwA@mail.gmail.com>
 <005C22F6-9E4E-4FD9-998C-89DAAD59F456@bu.edu>
Message-ID: <BL2PR05MB222800068F9DF9CAEB3D1B92D5D90@BL2PR05MB2228.namprd05.prod.outlook.com>

I just got hit by this also on a 5506-x.  I turned off the login history for now, but I saw back in January a proposed patch, did that work out?   (I guess I could try it, but it's always nice to know if it worked, and if it might be destined for incorporation?)

Linwood


From: Rancid-discuss [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Piegorsch, Weylin William
Sent: Tuesday, March 6, 2018 7:59 AM
To: james machado <hvgeekwtrvl at gmail.com>
Cc: rancid-discuss at shrubbery.net
Subject: Re: [rancid] New Cisco ASA Login Failure

Aw snap!  I even replied to that thread :-(
http://www.shrubbery.net/pipermail/rancid-discuss/2018-January/010021.html

Thanks for pointing this out.

weylin

From: james machado <hvgeekwtrvl at gmail.com<mailto:hvgeekwtrvl at gmail.com>>
Date: Monday, March 5, 2018 at 7:18 PM
To: Weylin Piegorsch <weylin at bu.edu<mailto:weylin at bu.edu>>
Cc: "rancid-discuss at shrubbery.net<mailto:rancid-discuss at shrubbery.net>" <rancid-discuss at shrubbery.net<mailto:rancid-discuss at shrubbery.net>>
Subject: Re: [rancid] New Cisco ASA Login Failure

That's what i get for replying too soon.  It looks like your getting hit with the "last login" item that came up on the list in January. http://www.shrubbery.net/pipermail/rancid-discuss/2018-January/010020.html

James

On Mon, Mar 5, 2018 at 12:09 PM, Piegorsch, Weylin William <weylin at bu.edu<mailto:weylin at bu.edu>> wrote:
Thanks James.  Except, I can get the login prompt fine, which means the SSH cyphersuite negotiated well enough; and, I have no problems with any of my other ASAs running various code versions between 8.3 and 9.7.  See also below.
Weylin


[rancid at rancid-server ~]$ egrep -B 7 "^add cypher" .cloginrc



#

# cryptographic cypher support for Nexus 9000 running 7.0(3)I2(1) and later

# http://www.cisco.com/c/en/us/support/docs/switches/nexus-9000-series-switches/200663-Unable-to-SSH-into-Nexus-9K-fatal.html

# This also works fine for all other campus devices

# 22 Sep 2015

#

add cyphertype * {aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc}

[rancid at rancid-server ~]


From: james machado <hvgeekwtrvl at gmail.com<mailto:hvgeekwtrvl at gmail.com>>
Date: Monday, March 5, 2018 at 12:18 PM
To: Weylin Piegorsch <weylin at bu.edu<mailto:weylin at bu.edu>>
Cc: "rancid-discuss at shrubbery.net<mailto:rancid-discuss at shrubbery.net>" <rancid-discuss at shrubbery.net<mailto:rancid-discuss at shrubbery.net>>
Subject: Re: [rancid] New Cisco ASA Login Failure

This is due to changes in the supported encryption methods in the updated IOS's and ASA softwares.  in your .cloginrc you will want to add a line:

add cyphertype <device> {encryption method}

you can find an encryption method your systems are happy with by doing the following:

ssh -vv <device>
[...]
debug2: mac_setup: found hmac-sha1
debug1: kex: server->client aes128-ctr hmac-sha1 none
debug2: mac_setup: found hmac-sha1
debug1: kex: client->server aes128ctr hmac-sha1 none
[...]

with my ASA's i use {aes256-ctr}.

james


On Mon, Mar 5, 2018 at 6:48 AM, Piegorsch, Weylin William <weylin at bu.edu<mailto:weylin at bu.edu>> wrote:
Hello,

I have a Cisco ASA 5506X device I just deployed (running 9.8(2)20 version), that rancid?s not logging into properly.  Clogincrc is set to method {telnet ssh} because there?s a plethora of really really old devices that hang when I try the other way around (and we haven?t been funded to refresh them nor authorized to remove them).

Here?s what rancid shows:



[rancid at nsgv-prod-59 ~]$ rancid -V

rancid 3.4.1

[rancid at nsgv-prod-59 ~]$

[rancid at nsgv-prod-59 ~]$

[rancid at nsgv-prod-59 ~]$

[rancid at nsgv-prod-59 ~]$ clogin xxxxxxxxxx

xxxxxxxxxx

spawn telnet xxxxxxxxxx

Trying yyyyyyy...

telnet: connect to address yyyyyyy: Connection refused

spawn ssh -2 -c aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc -x -l rancid xxxxxxxxxx



+------------------------------------+

|         BOSTON UNIVERSITY          |

+------------------------------------+

|         !!   WARNING   !!          |

|       AUTHORIZED ACCESS ONLY!      |

| Access to this system is permitted |

| for authorized  persons only.  All |

| connections    are    logged   and |

| monitored.    By   accessing  this |

| system,  you  acknowledge that use |

| of  this and  any other technology |

| at Boston University is subject to |

| the terms of the Boston University |

| Conditions  of  Use and  Policy on |

| Computing  Ethics;   please   see: |

| http://www.bu.edu/computing/ethics |

| for details.                       |

+------------------------------------+



rancid at xxxxxxxxxx 's password:

User rancid logged in to xxxxxxxxxx

Logins over the last 2 days: 12.  Last login: 08:39:20 EST Mar 5 2018 from zzzzzzz

Failed logins since the last login: 0.

Type help or '?' for a list of available commands.

xxxxxxxxxx/pri/act> rancid

                           ^

ERROR: % Invalid input detected at '^' marker.

xxxxxxxxxx/pri/act> en

Error: Unrecognized command, check your enable command

able

Password:

Password:


_______________________________________________
Rancid-discuss mailing list
Rancid-discuss at shrubbery.net<mailto:Rancid-discuss at shrubbery.net>
http://www.shrubbery.net/mailman/listinfo/rancid-discuss


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20180306/483f5fcd/attachment.html>

From heas at shrubbery.net  Tue Mar  6 17:16:31 2018
From: heas at shrubbery.net (heasley)
Date: Tue, 6 Mar 2018 17:16:31 +0000
Subject: [rancid] New Cisco ASA Login Failure
In-Reply-To: <BL2PR05MB222800068F9DF9CAEB3D1B92D5D90@BL2PR05MB2228.namprd05.prod.outlook.com>
References: <96DD37D5-3F3B-4BBA-A8AC-78143EFFDF2A@bu.edu>
 <CADVasu7GHvB_gxy3dJpWhV+LQJQ4YEgq0-Z_6StZCRcgpJHVaQ@mail.gmail.com>
 <ECFD039B-DBEE-40C6-911D-5F0F5D4A018C@bu.edu>
 <CADVasu5=MYkk9hPiKjXCC86LaXs7A9yjfU9Yv2BTGWJpZ3nHwA@mail.gmail.com>
 <005C22F6-9E4E-4FD9-998C-89DAAD59F456@bu.edu>
 <BL2PR05MB222800068F9DF9CAEB3D1B92D5D90@BL2PR05MB2228.namprd05.prod.outlook.com>
Message-ID: <20180306171631.GC60582@shrubbery.net>

Tue, Mar 06, 2018 at 02:36:37PM +0000, on at LEFerguson.com:
> I just got hit by this also on a 5506-x.  I turned off the login history for now, but I saw back in January a proposed patch, did that work out?   (I guess I could try it, but it's always nice to know if it worked, and if it might be destined for incorporation?)
> 
> Linwood

I've already replied to this thread pointing to source w/ the patch.  i
have nothing to test it against, but its broken nothing that I do have.


From on at LEFerguson.com  Tue Mar  6 22:12:22 2018
From: on at LEFerguson.com (on at LEFerguson.com)
Date: Tue, 6 Mar 2018 22:12:22 +0000
Subject: [rancid] New Cisco ASA Login Failure
References: <96DD37D5-3F3B-4BBA-A8AC-78143EFFDF2A@bu.edu>
 <CADVasu7GHvB_gxy3dJpWhV+LQJQ4YEgq0-Z_6StZCRcgpJHVaQ@mail.gmail.com>
 <ECFD039B-DBEE-40C6-911D-5F0F5D4A018C@bu.edu>
 <CADVasu5=MYkk9hPiKjXCC86LaXs7A9yjfU9Yv2BTGWJpZ3nHwA@mail.gmail.com>
 <005C22F6-9E4E-4FD9-998C-89DAAD59F456@bu.edu>
 <BL2PR05MB222800068F9DF9CAEB3D1B92D5D90@BL2PR05MB2228.namprd05.prod.outlook.com>
 <20180306171631.GC60582@shrubbery.net> 
Message-ID: <BL2PR05MB2228F65E633DE8F041043E77D5D90@BL2PR05MB2228.namprd05.prod.outlook.com>

(Sorry, I replied to this initially with a different account, if that's sitting in a moderation queue it can be deleted) 

>> I just got hit by this also on a 5506-x.  I turned off the login history for now, but I saw back in January a proposed patch, did that work out?   (I guess I could try it, but it's always nice to know if it worked, and if it might be destined for incorporation?)
>
>I've already replied to this thread pointing to source w/ the patch.  i 
>have nothing to test it against, but its broken nothing that I do have.

OK, was just being lazy to see if someone had test.   I just patched mine, reset my ASA (the setting if anyone doesn't have is [no] aaa authentication login-history), and did a rancid-run, and it worked fine.

So yes, that seems to work, and did not break anything else (though this system only has about 4 types of late model cisco's, so it is hardly a comprehensive test). 

Thank you for the patch.

Linwood


From Linwood at leferguson.com  Tue Mar  6 17:35:39 2018
From: Linwood at leferguson.com (Linwood Ferguson)
Date: Tue, 6 Mar 2018 17:35:39 +0000
Subject: [rancid] New Cisco ASA Login Failure
In-Reply-To: <20180306171631.GC60582@shrubbery.net>
References: <96DD37D5-3F3B-4BBA-A8AC-78143EFFDF2A@bu.edu>
 <CADVasu7GHvB_gxy3dJpWhV+LQJQ4YEgq0-Z_6StZCRcgpJHVaQ@mail.gmail.com>
 <ECFD039B-DBEE-40C6-911D-5F0F5D4A018C@bu.edu>
 <CADVasu5=MYkk9hPiKjXCC86LaXs7A9yjfU9Yv2BTGWJpZ3nHwA@mail.gmail.com>
 <005C22F6-9E4E-4FD9-998C-89DAAD59F456@bu.edu>
 <BL2PR05MB222800068F9DF9CAEB3D1B92D5D90@BL2PR05MB2228.namprd05.prod.outlook.com>
 <20180306171631.GC60582@shrubbery.net>
Message-ID: <BL2PR05MB2228768FADBD88AF2BEE48F8D5D90@BL2PR05MB2228.namprd05.prod.outlook.com>

>> I just got hit by this also on a 5506-x.  I turned off the login history for now, but I saw back in January a proposed patch, did that work out?   (I guess I could try it, but it's always nice to know if it worked, and if it might be destined for incorporation?)
>
>I've already replied to this thread pointing to source w/ the patch.  i have nothing to test it 
>against, but its broken nothing that I do have.

OK, was just being lazy to see if someone had test.   I just patched mine, reset my ASA (the setting if anyone doesn't have is [no] aaa authentication login-history), and did a rancid-run, and it worked fine.

So yes, that seems to work, and did not break anything else (though this system only has about 4 types of late model cisco's, so it is hardly a comprehensive test). 

Thank you for the patch.

Linwood


From Sebastien.Boulianne at cpu.ca  Wed Mar  7 22:01:37 2018
From: Sebastien.Boulianne at cpu.ca (Sebastien.Boulianne at cpu.ca)
Date: Wed, 7 Mar 2018 17:01:37 -0500
Subject: [rancid] Which cypertype should use to connect to Cisco and
 Fortinet devices ?
Message-ID: <5FE0959288C73D448BB44CB7E9CC320F79CD1CAC1C@CPUMAIL2.cpu.qc.ca>

Hi guys,

I am curious to know which cypertype do you use to connect to Cisco and Fortinet devices ?
I use aes256-ctr aes256-cbc but I would like to know which others cypertype work.

Thanks for your answer.

Sebastien


From gmourani at gmail.com  Thu Mar  8 14:29:08 2018
From: gmourani at gmail.com (Gerhard Mourani)
Date: Thu, 8 Mar 2018 09:29:08 -0500
Subject: [rancid] DELL Force10 N4032F
Message-ID: <84CABBE7-9425-429D-AC78-A89B110014BB@gmail.com>

Hello list,

Rancid v3.7

I'm trying to backup a DELL Force10 N series switches without success!
The backup config for those devices are empty and here what can be found in the log file.

Trying to get all of the configs.
192.168.60.252: missed cmd(s): all commands
192.168.60.252: End of run not found
!
192.168.60.251: missed cmd(s): all commands
192.168.60.251: End of run not found
!
=====================================
Getting missed routers: round 1.
192.168.60.251: missed cmd(s): all commands
192.168.60.251: End of run not found
!
192.168.60.252: missed cmd(s): all commands
192.168.60.252: End of run not found
!
=====================================
Getting missed routers: round 2.
192.168.60.251: missed cmd(s): all commands
192.168.60.251: End of run not found
!
192.168.60.252: missed cmd(s): all commands
192.168.60.252: End of run not found
!
=====================================
Getting missed routers: round 3.
192.168.60.252: missed cmd(s): all commands
192.168.60.252: End of run not found
!
192.168.60.251: missed cmd(s): all commands
192.168.60.251: End of run not found
!


Credentials are ok as you can see here:
su - rancid -c "clogin -c 'show version' 192.168.60.251"
192.168.60.251
spawn telnet 192.168.60.251
Trying 192.168.60.251...
Connected to 192.168.60.251.
Escape character is '^]'.


User:admin
Password:********
n4032f-b-1>
n4032f-b-1>terminal length 0
             ^
% Invalid input detected at '^' marker.

n4032f-b-1>terminal width 132
             ^
% Invalid input detected at '^' marker.

n4032f-b-1>show version

Machine Description............... Dell Networking Switch
System Model ID................... N4032F
Machine Type...................... Dell Networking N4032F
Serial Number..................... CP05KGDH296728791011A01
Manufacturer...................... 0xbc00
Burned In MAC Address............. F8B1.5649.8EDA
System Object ID.................. 1.3.6.1.4.1.674.10895.3044
CPU Version....................... XLP308H-B2
SOC Version....................... BCM56842_A1
HW Version........................ 3
CPLD Version...................... 17

unit active      backup      current-active next-active
---- ----------- ----------- -------------- --------------
1    6.3.3.10    6.3.2.7     6.3.3.10       6.3.3.10
2    6.3.3.10    6.3.2.7     6.3.3.10       6.3.3.10


n4032f-b-1>exitConnection closed by foreign host.

Regards,
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20180308/d541ba1c/attachment.html>

From weylin at bu.edu  Sat Mar 10 04:52:37 2018
From: weylin at bu.edu (Piegorsch, Weylin William)
Date: Sat, 10 Mar 2018 04:52:37 +0000
Subject: [rancid] Which cypertype should use to connect to Cisco and
 Fortinet devices ?
In-Reply-To: <5FE0959288C73D448BB44CB7E9CC320F79CD1CAC1C@CPUMAIL2.cpu.qc.ca>
References: <5FE0959288C73D448BB44CB7E9CC320F79CD1CAC1C@CPUMAIL2.cpu.qc.ca>
Message-ID: <EDADE83E-FF8F-438E-AFAF-75798031997A@bu.edu>

Have you tried specifying all the cyphertypes your system support?  I manually ran the command ssh -vvv <device> and read the (incredibly plentiful) output to find what my system was offering; then, I just specified all of them in .cloginrc.  The target system will only accept those cypher it supports, so there's no harm to the SSH protocol to offer as many as you want.

If you're interested in being security conscious, that's a much more involved discussion. I've not researched that - while I'm aware of the discussion around the topic, I'm nonetheless much more concerned (in my current job, anyway) with inter-operability than encryption strength.

weylin

?On 3/7/18, 5:01 PM, "Sebastien.Boulianne at cpu.ca" <Sebastien.Boulianne at cpu.ca> wrote:

    Hi guys,
    
    I am curious to know which cypertype do you use to connect to Cisco and Fortinet devices ?
    I use aes256-ctr aes256-cbc but I would like to know which others cypertype work.
    
    Thanks for your answer.
    
    Sebastien
    
    
    


From heas at shrubbery.net  Sat Mar 10 15:24:20 2018
From: heas at shrubbery.net (heasley)
Date: Sat, 10 Mar 2018 15:24:20 +0000
Subject: [rancid] Which cypertype should use to connect to Cisco and
 Fortinet devices ?
In-Reply-To: <EDADE83E-FF8F-438E-AFAF-75798031997A@bu.edu>
References: <5FE0959288C73D448BB44CB7E9CC320F79CD1CAC1C@CPUMAIL2.cpu.qc.ca>
 <EDADE83E-FF8F-438E-AFAF-75798031997A@bu.edu>
Message-ID: <20180310152419.GB17186@shrubbery.net>

Sat, Mar 10, 2018 at 04:52:37AM +0000, Piegorsch, Weylin William:
> Have you tried specifying all the cyphertypes your system support?  I manually ran the command ssh -vvv <device> and read the (incredibly plentiful) output to find what my system was offering; then, I just specified all of them in .cloginrc.  The target system will only accept those cypher it supports, so there's no harm to the SSH protocol to offer as many as you want.

see ssh -Q

Also, these can be placed these in ~/.ssh/config or /etc/ssh/ssh_config so
that they work outside of rancid too.


From Sebastien.Boulianne at cpu.ca  Mon Mar 12 13:57:40 2018
From: Sebastien.Boulianne at cpu.ca (Sebastien.Boulianne at cpu.ca)
Date: Mon, 12 Mar 2018 09:57:40 -0400
Subject: [rancid] Which cypertype should use to connect to Cisco and
 Fortinet devices ?
In-Reply-To: <20180310152419.GB17186@shrubbery.net>
References: <5FE0959288C73D448BB44CB7E9CC320F79CD1CAC1C@CPUMAIL2.cpu.qc.ca>
 <EDADE83E-FF8F-438E-AFAF-75798031997A@bu.edu>
 <20180310152419.GB17186@shrubbery.net>
Message-ID: <5FE0959288C73D448BB44CB7E9CC320F79CD1CACBF@CPUMAIL2.cpu.qc.ca>

Thanks sir.

-----Message d'origine-----
De?: heasley [mailto:heas at shrubbery.net] 
Envoy??: 10 mars 2018 10:24
??: Piegorsch, Weylin William <weylin at bu.edu>
Cc?: Sebastien Boulianne <Sebastien.Boulianne at cpu.ca>; rancid-discuss at shrubbery.net
Objet?: Re: [rancid] Which cypertype should use to connect to Cisco and Fortinet devices ?

Sat, Mar 10, 2018 at 04:52:37AM +0000, Piegorsch, Weylin William:
> Have you tried specifying all the cyphertypes your system support?  I manually ran the command ssh -vvv <device> and read the (incredibly plentiful) output to find what my system was offering; then, I just specified all of them in .cloginrc.  The target system will only accept those cypher it supports, so there's no harm to the SSH protocol to offer as many as you want.

see ssh -Q

Also, these can be placed these in ~/.ssh/config or /etc/ssh/ssh_config so that they work outside of rancid too.


From network at acs-europe.de  Wed Mar 14 10:25:15 2018
From: network at acs-europe.de (ACS Solutions Network)
Date: Wed, 14 Mar 2018 10:25:15 +0000
Subject: [rancid] Howto setup Rancid with Git on Debian?
In-Reply-To: <56D575CA-AA15-4D6D-A03F-69DE6CA772D5@comscore.com>
References: <02b0bf24a8664951947a52548a01b965@acs-europe.de>
 <CAP1_MOAXdi1BYr-eiKhq_W5FUEBavU2gurOqi6jB1atEQZ0EAw@mail.gmail.com>
 <56D575CA-AA15-4D6D-A03F-69DE6CA772D5@comscore.com>
Message-ID: <3b524a792c1e4a1dae759955f641de7d@acs-europe.de>

Thank you very much Chris and please excuse the late heads up. I didn?t thought it was just setting RCSSYS=?git? ? pretty straight forward.

Von: Rancid-discuss [mailto:rancid-discuss-bounces at shrubbery.net] Im Auftrag von Gauthier, Chris
Gesendet: Donnerstag, 11. Januar 2018 16:20
An: rancid-discuss at shrubbery.net
Betreff: Re: [rancid] Howto setup Rancid with Git on Debian?

Whether its Debian or another distro, the basic setup is still the same. I did the same thing on CentOS. V3.6.2 has a bug when running the configure script. Check out:
http://www.shrubbery.net/pipermail/rancid-discuss/2017-July/009735.html

As for the Git part, rancid uses a local git server that it creates the folder structure for. Each rancid group is its gets own Git repo. The key is really the rancid config file. Set RCSSYS=?git? and it will do the heavy lifting. If you need the stuff to go to a remote repo, then you will need to make the local Git do blind commits to the remote repo. That?s something one of my server admins took care of, so I?m not sure exactly how he did it.

Chris


Chris

Gauthier

 Senior Network Engineer

 |

comScore, Inc.



t +1 (503) 331-2704<tel:(503)%20331-2704>

 |

cgauthier at comscore.com<mailto:cgauthier at comscore.com>



317 SW Alder Street, Suite 700

 |

Portland, OR 97204

 United States




comscore.com<http://www.comscore.com/>



???This e-mail (including any attachments) may contain information that is private, confidential, or protected by attorney-client or other privilege. If you received this e-mail in error, please delete it from your system and notify sender.






 -----Original Message-----
From: Rancid-discuss <rancid-discuss-bounces at shrubbery.net<mailto:rancid-discuss-bounces at shrubbery.net>> on behalf of shouldbe q931 <shouldbeq931 at gmail.com<mailto:shouldbeq931 at gmail.com>>
Date: Thursday, January 11, 2018 at 4:46 AM
To: ACS Solutions Network <network at acs-europe.de<mailto:network at acs-europe.de>>
Cc: "rancid-discuss at shrubbery.net<mailto:rancid-discuss at shrubbery.net>" <rancid-discuss at shrubbery.net<mailto:rancid-discuss at shrubbery.net>>
Subject: Re: [rancid] Howto setup Rancid with Git on Debian?

On Thu, Jan 11, 2018 at 11:02 AM, ACS Solutions Network
<network at acs-europe.de<mailto:network at acs-europe.de>> wrote:
> Hello folks,
>
>
>
> i?ve searched the web, this list, contents in the package etc. but didn?t
> find any up to date information on how to setup Rancid with Git on Debian.
>
>
>
> I?ve installed rancid via apt-get (rancid ver. 3.6.2-2) on Debian 9. Git is
> ver. 2.11.
>

<10 seconds with google found

https://www.cryptomonkeys.com/2016/11/rancid-git/
http://opennodecloud.com/howto/2014/05/08/howto-about-rancid.html

I do not know if the Debian packaged 3.6.2 includes git support.

Cheers

_______________________________________________
Rancid-discuss mailing list
Rancid-discuss at shrubbery.net<mailto:Rancid-discuss at shrubbery.net>
http://www.shrubbery.net/mailman/listinfo/rancid-discuss
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20180314/6d19b33e/attachment.html>

From marktpl97 at hotmail.com  Mon Mar 19 09:41:06 2018
From: marktpl97 at hotmail.com (marktpl 97)
Date: Mon, 19 Mar 2018 09:41:06 +0000
Subject: [rancid] hash key triggers cvs
Message-ID: <VI1PR05MB3453B6519F83B93F7727B47BBCD40@VI1PR05MB3453.eurprd05.prod.outlook.com>

Hi,

The config I download with rancid 3.6 works just fine. One thing is 
bugging me.

The config contains a line like this : server host 192.168.1.1 key 
"b2d85dfa2c6950184c35b6647b5c7a"
The hash changes every time you check the config, which triggers CVS.
When I add : /^server .*key/???????? && next;
to the perl module, CVS is no longer triggered, but the line does no 
longer appear in my backup file.

Is there a way to store the line (without the hash is fine by me) in the 
config and not trigger CVS?

Kind regards,
Mark T



From heas at shrubbery.net  Mon Mar 19 11:21:06 2018
From: heas at shrubbery.net (heasley)
Date: Mon, 19 Mar 2018 11:21:06 +0000
Subject: [rancid] hash key triggers cvs
In-Reply-To: <VI1PR05MB3453B6519F83B93F7727B47BBCD40@VI1PR05MB3453.eurprd05.prod.outlook.com>
References: <VI1PR05MB3453B6519F83B93F7727B47BBCD40@VI1PR05MB3453.eurprd05.prod.outlook.com>
Message-ID: <20180319112106.GA47257@shrubbery.net>

Mon, Mar 19, 2018 at 09:41:06AM +0000, marktpl 97:
> Hi,
> 
> The config I download with rancid 3.6 works just fine. One thing is 
> bugging me.
> 
> The config contains a line like this : server host 192.168.1.1 key 
> "b2d85dfa2c6950184c35b6647b5c7a"
> The hash changes every time you check the config, which triggers CVS.
> When I add : /^server .*key/???????? && next;
> to the perl module, CVS is no longer triggered, but the line does no 
> longer appear in my backup file.

what type of device?  and have you set FILTER_PWDS or FILTER_OSC in
rancid.conf?

> Is there a way to store the line (without the hash is fine by me) in the 
> config and not trigger CVS?
> 
> Kind regards,
> Mark T
> 
> 
> _______________________________________________
> Rancid-discuss mailing list
> Rancid-discuss at shrubbery.net
> http://www.shrubbery.net/mailman/listinfo/rancid-discuss


From lauri.haveri at alsocloudsolutions.fi  Wed Mar 21 20:43:24 2018
From: lauri.haveri at alsocloudsolutions.fi (Lauri Haveri)
Date: Wed, 21 Mar 2018 20:43:24 +0000
Subject: [rancid] Error when trying to back up a JunOS device, SRX100
Message-ID: <ae67598e0b3d4d5aa84904559863c411@alsocloudsolutions.fi>

Hello all,


I am setting up a test enviroment on Ubuntu 16.04 before Rancid will go to a production enviroment.

Everytime I run Rancid I get the following error:

"Use of uninitialized value $_ in pattern match (m//) at /usr/share/perl5/rancid/junos.pm line 135

Use of uninitialized value $_ in pattern match (m//) at /usr/share/perl5/rancid/junos.pm line 140

00003-test-fw01: missed cmd(s): show configuration, show version invoke-on other-routing-engine, show system core-dumps, show version detail

00003-test-fw01: End of run not foud

# Error: TIMEOUT reached"



When I go the the part that the log (/usr/share/perl5/rancid/junos.pm) tells me, the part is following:



"$rval = {$commands{$cmd}}{$INPUT, $OUTPUT, $cmd};

delete($commands{$cmd});

if {$rval == -1} {                                // this is the line 135

               $clean_run = 0;

               last TOP;

}

if (/>\s*quit/){                                  // this is line 140

$clean_run=1;

last;

}"

The command I am using to run Rancid is:
"sudo su -c /var/lib/rancid/bin/rancid-run -s /bin/bash -l rancid"

Could you please help me?

Kind regards,
Lauri
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20180321/93e3358e/attachment.html>

From heas at shrubbery.net  Wed Mar 21 21:15:17 2018
From: heas at shrubbery.net (Heasley)
Date: Wed, 21 Mar 2018 21:15:17 +0000
Subject: [rancid] Error when trying to back up a JunOS device, SRX100
In-Reply-To: <ae67598e0b3d4d5aa84904559863c411@alsocloudsolutions.fi>
References: <ae67598e0b3d4d5aa84904559863c411@alsocloudsolutions.fi>
Message-ID: <582251F8-A1B3-4A70-9E1B-79F2C9BD2877@shrubbery.net>



> Am 21.03.2018 um 20:43 schrieb Lauri Haveri <lauri.haveri at alsocloudsolutions.fi>:
> 
> Hello all,
>  
> I am setting up a test enviroment on Ubuntu 16.04 before Rancid will go to a production enviroment. 
> 
> Everytime I run Rancid I get the following error:
> 
> ?Use of uninitialized value $_ in pattern match (m//) at /usr/share/perl5/rancid/junos.pm line 135
> Use of uninitialized value $_ in pattern match (m//) at /usr/share/perl5/rancid/junos.pm line 140
> 00003-test-fw01: missed cmd(s): show configuration, show version invoke-on other-routing-engine, show system core-dumps, show version detail
> 00003-test-fw01: End of run not foud
> # Error: TIMEOUT reached?
>  
> When I go the the part that the log (/usr/share/perl5/rancid/junos.pm) tells me, the part is following:
>  
> ?$rval = {$commands{$cmd}}{$INPUT, $OUTPUT, $cmd};
> delete($commands{$cmd});
> if {$rval == -1} {                                // this is the line 135
>                $clean_run = 0;
>                last TOP;
> }
> if (/>\s*quit/){                                  // this is line 140
> $clean_run=1;
> last;
> }?
> 
> The command I am using to run Rancid is:
> ?sudo su -c /var/lib/rancid/bin/rancid-run -s /bin/bash -l rancid?
> 
> Could you please help me?

You havent told us what version of rancid nor from where you retrieved it. If its not 3.7, please start there. If it already is, but it is a ubuntu package, please try an install from source. 

>  
> Kind regards,
> Lauri
> _______________________________________________
> Rancid-discuss mailing list
> Rancid-discuss at shrubbery.net
> http://www.shrubbery.net/mailman/listinfo/rancid-discuss
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20180321/e0ed2fab/attachment.html>

From emille at abccommunications.com  Thu Mar 22 00:12:34 2018
From: emille at abccommunications.com (Emille Blanc)
Date: Wed, 21 Mar 2018 17:12:34 -0700
Subject: [rancid] Error when trying to back up a JunOS device, SRX100
In-Reply-To: <582251F8-A1B3-4A70-9E1B-79F2C9BD2877@shrubbery.net>
References: <ae67598e0b3d4d5aa84904559863c411@alsocloudsolutions.fi>
 <582251F8-A1B3-4A70-9E1B-79F2C9BD2877@shrubbery.net>
Message-ID: <4FBAFC2ECF5D6244BA4A26C1C94A1E270D6B1331AF@exchange>

I've had no problems with our lonely SRX100b, in any versions of RANCID 3.x, up to and including 3.7.
The SRX is running 12.1X46-D55.3

From: Rancid-discuss [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Heasley
Sent: March-21-18 2:15 PM
To: Lauri Haveri
Cc: Rancid-discuss at shrubbery.net
Subject: Re: [rancid] Error when trying to back up a JunOS device, SRX100



Am 21.03.2018 um 20:43 schrieb Lauri Haveri <lauri.haveri at alsocloudsolutions.fi<mailto:lauri.haveri at alsocloudsolutions.fi>>:
Hello all,


I am setting up a test enviroment on Ubuntu 16.04 before Rancid will go to a production enviroment.

Everytime I run Rancid I get the following error:

?Use of uninitialized value $_ in pattern match (m//) at /usr/share/perl5/rancid/junos.pm line 135

Use of uninitialized value $_ in pattern match (m//) at /usr/share/perl5/rancid/junos.pm line 140

00003-test-fw01: missed cmd(s): show configuration, show version invoke-on other-routing-engine, show system core-dumps, show version detail

00003-test-fw01: End of run not foud

# Error: TIMEOUT reached?



When I go the the part that the log (/usr/share/perl5/rancid/junos.pm) tells me, the part is following:



?$rval = {$commands{$cmd}}{$INPUT, $OUTPUT, $cmd};

delete($commands{$cmd});

if {$rval == -1} {                                // this is the line 135

               $clean_run = 0;

               last TOP;

}

if (/>\s*quit/){                                  // this is line 140

$clean_run=1;

last;

}?

The command I am using to run Rancid is:
?sudo su -c /var/lib/rancid/bin/rancid-run -s /bin/bash -l rancid?

Could you please help me?

You havent told us what version of rancid nor from where you retrieved it. If its not 3.7, please start there. If it already is, but it is a ubuntu package, please try an install from source.



Kind regards,
Lauri
_______________________________________________
Rancid-discuss mailing list
Rancid-discuss at shrubbery.net<mailto:Rancid-discuss at shrubbery.net>
http://www.shrubbery.net/mailman/listinfo/rancid-discuss
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20180321/aeaaef0e/attachment.html>

From lauri.haveri at alsocloudsolutions.fi  Thu Mar 22 16:02:43 2018
From: lauri.haveri at alsocloudsolutions.fi (Lauri Haveri)
Date: Thu, 22 Mar 2018 16:02:43 +0000
Subject: [rancid] Error when trying to back up a JunOS device, SRX100
In-Reply-To: <4FBAFC2ECF5D6244BA4A26C1C94A1E270D6B1331AF@exchange>
References: <ae67598e0b3d4d5aa84904559863c411@alsocloudsolutions.fi>
 <582251F8-A1B3-4A70-9E1B-79F2C9BD2877@shrubbery.net>
 <4FBAFC2ECF5D6244BA4A26C1C94A1E270D6B1331AF@exchange>
Message-ID: <48979440b1ea4e72a583dd468f1c6f4a@alsocloudsolutions.fi>

Hello again and thanks for the answers!

My device happens to be SRX100b and version of the Rancid is 3.3.

I got from ?apt-get install rancid cvs?

Kind regards,
Lauri


From: Emille Blanc <emille at abccommunications.com>
Sent: torstai 22. maaliskuuta 2018 2.13
To: Heasley <heas at shrubbery.net>; Lauri Haveri <lauri.haveri at alsocloudsolutions.fi>
Cc: Rancid-discuss at shrubbery.net
Subject: RE: [rancid] Error when trying to back up a JunOS device, SRX100

I've had no problems with our lonely SRX100b, in any versions of RANCID 3.x, up to and including 3.7.
The SRX is running 12.1X46-D55.3

From: Rancid-discuss [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Heasley
Sent: March-21-18 2:15 PM
To: Lauri Haveri
Cc: Rancid-discuss at shrubbery.net
Subject: Re: [rancid] Error when trying to back up a JunOS device, SRX100



Am 21.03.2018 um 20:43 schrieb Lauri Haveri <lauri.haveri at alsocloudsolutions.fi<mailto:lauri.haveri at alsocloudsolutions.fi>>:
Hello all,


I am setting up a test enviroment on Ubuntu 16.04 before Rancid will go to a production enviroment.

Everytime I run Rancid I get the following error:

?Use of uninitialized value $_ in pattern match (m//) at /usr/share/perl5/rancid/junos.pm line 135

Use of uninitialized value $_ in pattern match (m//) at /usr/share/perl5/rancid/junos.pm line 140

00003-test-fw01: missed cmd(s): show configuration, show version invoke-on other-routing-engine, show system core-dumps, show version detail

00003-test-fw01: End of run not foud

# Error: TIMEOUT reached?



When I go the the part that the log (/usr/share/perl5/rancid/junos.pm) tells me, the part is following:



?$rval = {$commands{$cmd}}{$INPUT, $OUTPUT, $cmd};

delete($commands{$cmd});

if {$rval == -1} {                                // this is the line 135

               $clean_run = 0;

               last TOP;

}

if (/>\s*quit/){                                  // this is line 140

$clean_run=1;

last;

}?

The command I am using to run Rancid is:
?sudo su -c /var/lib/rancid/bin/rancid-run -s /bin/bash -l rancid?

Could you please help me?

You havent told us what version of rancid nor from where you retrieved it. If its not 3.7, please start there. If it already is, but it is a ubuntu package, please try an install from source.


Kind regards,
Lauri
_______________________________________________
Rancid-discuss mailing list
Rancid-discuss at shrubbery.net<mailto:Rancid-discuss at shrubbery.net>
http://www.shrubbery.net/mailman/listinfo/rancid-discuss
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20180322/11bb803a/attachment.html>

From heas at shrubbery.net  Thu Mar 22 16:54:04 2018
From: heas at shrubbery.net (heasley)
Date: Thu, 22 Mar 2018 16:54:04 +0000
Subject: [rancid] Error when trying to back up a JunOS device, SRX100
In-Reply-To: <48979440b1ea4e72a583dd468f1c6f4a@alsocloudsolutions.fi>
References: <ae67598e0b3d4d5aa84904559863c411@alsocloudsolutions.fi>
 <582251F8-A1B3-4A70-9E1B-79F2C9BD2877@shrubbery.net>
 <4FBAFC2ECF5D6244BA4A26C1C94A1E270D6B1331AF@exchange>
 <48979440b1ea4e72a583dd468f1c6f4a@alsocloudsolutions.fi>
Message-ID: <20180322165404.GE86587@shrubbery.net>

Thu, Mar 22, 2018 at 04:02:43PM +0000, Lauri Haveri:
> Hello again and thanks for the answers!
> 
> My device happens to be SRX100b and version of the Rancid is 3.3.
> 
> I got from ?apt-get install rancid cvs?

Please install rancid 3/7.  It is available here:
ftp://ftp.shrubbery.net/pub/ranciD


From ler762 at gmail.com  Thu Mar 22 17:46:09 2018
From: ler762 at gmail.com (Lee)
Date: Thu, 22 Mar 2018 13:46:09 -0400
Subject: [rancid] signing key?
Message-ID: <CAD8GWsvTRunRHyAzQ+yXc_2fRWe=vNTO1STqG2gv+w_9F7ezkw@mail.gmail.com>

On 3/22/18, heasley <heas at shrubbery.net> wrote:
> Thu, Mar 22, 2018 at 04:02:43PM +0000, Lauri Haveri:
>> Hello again and thanks for the answers!
>>
>> My device happens to be SRX100b and version of the Rancid is 3.3.
>>
>> I got from ?apt-get install rancid cvs?
>
> Please install rancid 3/7.  It is available here:
> ftp://ftp.shrubbery.net/pub/ranciD

Which has a detached sig -- thank you!!  But what key was used for signing?

Thanks
Lee


From heas at shrubbery.net  Thu Mar 22 17:47:00 2018
From: heas at shrubbery.net (heasley)
Date: Thu, 22 Mar 2018 17:47:00 +0000
Subject: [rancid] signing key?
In-Reply-To: <CAD8GWsvTRunRHyAzQ+yXc_2fRWe=vNTO1STqG2gv+w_9F7ezkw@mail.gmail.com>
References: <CAD8GWsvTRunRHyAzQ+yXc_2fRWe=vNTO1STqG2gv+w_9F7ezkw@mail.gmail.com>
Message-ID: <20180322174700.GA37150@shrubbery.net>

Thu, Mar 22, 2018 at 01:46:09PM -0400, Lee:
> On 3/22/18, heasley <heas at shrubbery.net> wrote:
> > Thu, Mar 22, 2018 at 04:02:43PM +0000, Lauri Haveri:
> >> Hello again and thanks for the answers!
> >>
> >> My device happens to be SRX100b and version of the Rancid is 3.3.
> >>
> >> I got from ?apt-get install rancid cvs?
> >
> > Please install rancid 3/7.  It is available here:
> > ftp://ftp.shrubbery.net/pub/ranciD
> 
> Which has a detached sig -- thank you!!  But what key was used for signing?

mine


From doug.hughes at keystonenap.com  Thu Mar 22 18:33:48 2018
From: doug.hughes at keystonenap.com (Doug Hughes)
Date: Thu, 22 Mar 2018 14:33:48 -0400
Subject: [rancid] Error when trying to back up a JunOS device, SRX100
In-Reply-To: <48979440b1ea4e72a583dd468f1c6f4a@alsocloudsolutions.fi>
References: <ae67598e0b3d4d5aa84904559863c411@alsocloudsolutions.fi>
 <582251F8-A1B3-4A70-9E1B-79F2C9BD2877@shrubbery.net>
 <4FBAFC2ECF5D6244BA4A26C1C94A1E270D6B1331AF@exchange>
 <48979440b1ea4e72a583dd468f1c6f4a@alsocloudsolutions.fi>
Message-ID: <030836ea-2146-a275-be8c-0d47266a7a8f@keystonenap.com>

It's highly unlikely that this is your problem, but this command has a
whole lot of extra shell startup redundancy in it:

?sudo su -c /var/lib/rancid/bin/rancid-run -s /bin/bash -l rancid?

You can skip using sudo to call su, sudo can do that, and you don't need
to call bash again either.

This should do it for you:

sudo -u rancid -Hl /var/lib/rancid/bin/rancid-run



On 3/22/2018 12:02 PM, Lauri Haveri wrote:
>
> Hello again and thanks for the answers!
>
> ?
>
> My device happens to be SRX100b and version of the Rancid is 3.3.
>
> I got from ?apt-get install rancid cvs?
>
> ?
>
> Kind regards,
> Lauri
>
> ?
>
> ?
>
> *From:*Emille Blanc <emille at abccommunications.com>
> *Sent:* torstai 22. maaliskuuta 2018 2.13
> *To:* Heasley <heas at shrubbery.net>; Lauri Haveri
> <lauri.haveri at alsocloudsolutions.fi>
> *Cc:* Rancid-discuss at shrubbery.net
> *Subject:* RE: [rancid] Error when trying to back up a JunOS device,
> SRX100
>
> ?
>
> I've had no problems with our lonely SRX100b, in any versions of
> RANCID 3.x, up to and including 3.7.
>
> The SRX is running 12.1X46-D55.3
>
> ?
>
> *From:*Rancid-discuss [mailto:rancid-discuss-bounces at shrubbery.net]
> *On Behalf Of *Heasley
> *Sent:* March-21-18 2:15 PM
> *To:* Lauri Haveri
> *Cc:* Rancid-discuss at shrubbery.net
> *Subject:* Re: [rancid] Error when trying to back up a JunOS device,
> SRX100
>
> ?
>
> ?
>
>
> Am 21.03.2018 um 20:43 schrieb Lauri Haveri
> <lauri.haveri at alsocloudsolutions.fi
> <mailto:lauri.haveri at alsocloudsolutions.fi>>:
>
>     Hello all,
>
>     ?
>
>     I am setting up a test enviroment on Ubuntu 16.04 before Rancid
>     will go to a production enviroment.
>
>     Everytime I run Rancid I get the following error:
>
>     ?Use of uninitialized value $_ in pattern match (m//) at
>     /usr/share/perl5/rancid/junos.pm line 135
>
>     Use of uninitialized value $_ in pattern match (m//) at
>     /usr/share/perl5/rancid/junos.pm line 140
>
>     00003-test-fw01: missed cmd(s): show configuration, show version
>     invoke-on other-routing-engine, show system core-dumps, show
>     version detail
>
>     00003-test-fw01: End of run not foud
>
>     # Error: TIMEOUT reached?
>
>     ?
>
>     When I go the the part that the log
>     (/usr/share/perl5/rancid/junos.pm) tells me, the part is following:
>
>     ?
>
>     ?$rval = {$commands{$cmd}}{$INPUT, $OUTPUT, $cmd};
>
>     delete($commands{$cmd});
>
>     if {$rval == -1} { ?????????????????????????????? // this is the
>     line 135
>
>     ?????????????? $clean_run = 0;
>
>     ?????????????? last TOP;
>
>     }
>
>     if (/>\s*quit/){????????????????????????????????? // this is line 140
>
>     $clean_run=1;
>
>     last;
>
>     }?
>
>
>     The command I am using to run Rancid is:
>     ?sudo su -c /var/lib/rancid/bin/rancid-run -s /bin/bash -l rancid?
>
>     Could you please help me?
>
> ?
>
> You havent told us what version of rancid nor from where you retrieved
> it. If its not 3.7, please start there. If it already is, but it is a
> ubuntu package, please try an install from source.?
>
> ?
>
> ?
>
> Kind regards,
> Lauri
>
>     _______________________________________________
>     Rancid-discuss mailing list
>     Rancid-discuss at shrubbery.net <mailto:Rancid-discuss at shrubbery.net>
>     http://www.shrubbery.net/mailman/listinfo/rancid-discuss
>
>
>
> _______________________________________________
> Rancid-discuss mailing list
> Rancid-discuss at shrubbery.net
> http://www.shrubbery.net/mailman/listinfo/rancid-discuss

-- 
Doug Hughes
Keystone NAP
Fairless Hills, PA
1.844.KEYBLOCK (539.2562) 	

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20180322/d63b7a17/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: keystone-nap.png
Type: image/png
Size: 3476 bytes
Desc: not available
URL: <http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20180322/d63b7a17/attachment.png>

From doug.hughes at keystonenap.com  Thu Mar 22 18:33:55 2018
From: doug.hughes at keystonenap.com (Doug Hughes)
Date: Thu, 22 Mar 2018 14:33:55 -0400
Subject: [rancid] Error when trying to back up a JunOS device, SRX100
In-Reply-To: <48979440b1ea4e72a583dd468f1c6f4a@alsocloudsolutions.fi>
References: <ae67598e0b3d4d5aa84904559863c411@alsocloudsolutions.fi>
 <582251F8-A1B3-4A70-9E1B-79F2C9BD2877@shrubbery.net>
 <4FBAFC2ECF5D6244BA4A26C1C94A1E270D6B1331AF@exchange>
 <48979440b1ea4e72a583dd468f1c6f4a@alsocloudsolutions.fi>
Message-ID: <26bf2d42-c9cc-2d6b-1b82-911fe1ca0a1d@keystonenap.com>

It's highly unlikely that this is your problem, but this command has a
whole lot of extra shell startup redundancy in it:

?sudo su -c /var/lib/rancid/bin/rancid-run -s /bin/bash -l rancid?

You can skip using sudo to call su, sudo can do that, and you don't need
to call bash again either.

This should do it for you:

sudo -u rancid -Hl /var/lib/rancid/bin/rancid-run



On 3/22/2018 12:02 PM, Lauri Haveri wrote:
>
> Hello again and thanks for the answers!
>
> ?
>
> My device happens to be SRX100b and version of the Rancid is 3.3.
>
> I got from ?apt-get install rancid cvs?
>
> ?
>
> Kind regards,
> Lauri
>
> ?
>
> ?
>
> *From:*Emille Blanc <emille at abccommunications.com>
> *Sent:* torstai 22. maaliskuuta 2018 2.13
> *To:* Heasley <heas at shrubbery.net>; Lauri Haveri
> <lauri.haveri at alsocloudsolutions.fi>
> *Cc:* Rancid-discuss at shrubbery.net
> *Subject:* RE: [rancid] Error when trying to back up a JunOS device,
> SRX100
>
> ?
>
> I've had no problems with our lonely SRX100b, in any versions of
> RANCID 3.x, up to and including 3.7.
>
> The SRX is running 12.1X46-D55.3
>
> ?
>
> *From:*Rancid-discuss [mailto:rancid-discuss-bounces at shrubbery.net]
> *On Behalf Of *Heasley
> *Sent:* March-21-18 2:15 PM
> *To:* Lauri Haveri
> *Cc:* Rancid-discuss at shrubbery.net
> *Subject:* Re: [rancid] Error when trying to back up a JunOS device,
> SRX100
>
> ?
>
> ?
>
>
> Am 21.03.2018 um 20:43 schrieb Lauri Haveri
> <lauri.haveri at alsocloudsolutions.fi
> <mailto:lauri.haveri at alsocloudsolutions.fi>>:
>
>     Hello all,
>
>     ?
>
>     I am setting up a test enviroment on Ubuntu 16.04 before Rancid
>     will go to a production enviroment.
>
>     Everytime I run Rancid I get the following error:
>
>     ?Use of uninitialized value $_ in pattern match (m//) at
>     /usr/share/perl5/rancid/junos.pm line 135
>
>     Use of uninitialized value $_ in pattern match (m//) at
>     /usr/share/perl5/rancid/junos.pm line 140
>
>     00003-test-fw01: missed cmd(s): show configuration, show version
>     invoke-on other-routing-engine, show system core-dumps, show
>     version detail
>
>     00003-test-fw01: End of run not foud
>
>     # Error: TIMEOUT reached?
>
>     ?
>
>     When I go the the part that the log
>     (/usr/share/perl5/rancid/junos.pm) tells me, the part is following:
>
>     ?
>
>     ?$rval = {$commands{$cmd}}{$INPUT, $OUTPUT, $cmd};
>
>     delete($commands{$cmd});
>
>     if {$rval == -1} { ?????????????????????????????? // this is the
>     line 135
>
>     ?????????????? $clean_run = 0;
>
>     ?????????????? last TOP;
>
>     }
>
>     if (/>\s*quit/){????????????????????????????????? // this is line 140
>
>     $clean_run=1;
>
>     last;
>
>     }?
>
>
>     The command I am using to run Rancid is:
>     ?sudo su -c /var/lib/rancid/bin/rancid-run -s /bin/bash -l rancid?
>
>     Could you please help me?
>
> ?
>
> You havent told us what version of rancid nor from where you retrieved
> it. If its not 3.7, please start there. If it already is, but it is a
> ubuntu package, please try an install from source.?
>
> ?
>
> ?
>
> Kind regards,
> Lauri
>
>     _______________________________________________
>     Rancid-discuss mailing list
>     Rancid-discuss at shrubbery.net <mailto:Rancid-discuss at shrubbery.net>
>     http://www.shrubbery.net/mailman/listinfo/rancid-discuss
>
>
>
> _______________________________________________
> Rancid-discuss mailing list
> Rancid-discuss at shrubbery.net
> http://www.shrubbery.net/mailman/listinfo/rancid-discuss

-- 
Doug Hughes
Keystone NAP
Fairless Hills, PA
1.844.KEYBLOCK (539.2562) 	

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20180322/4b8c460e/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: keystone-nap.png
Type: image/png
Size: 3476 bytes
Desc: not available
URL: <http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20180322/4b8c460e/attachment.png>

From ler762 at gmail.com  Thu Mar 22 18:07:30 2018
From: ler762 at gmail.com (Lee)
Date: Thu, 22 Mar 2018 14:07:30 -0400
Subject: [rancid] signing key?
In-Reply-To: <20180322174700.GA37150@shrubbery.net>
References: <CAD8GWsvTRunRHyAzQ+yXc_2fRWe=vNTO1STqG2gv+w_9F7ezkw@mail.gmail.com>
 <20180322174700.GA37150@shrubbery.net>
Message-ID: <CAD8GWsvKorGQUT98x+7sJw6O-jB-+5Q67UgfVg3+BLoegj16bg@mail.gmail.com>

On 3/22/18, heasley <heas at shrubbery.net> wrote:
> Thu, Mar 22, 2018 at 01:46:09PM -0400, Lee:
>> On 3/22/18, heasley <heas at shrubbery.net> wrote:
>> > Thu, Mar 22, 2018 at 04:02:43PM +0000, Lauri Haveri:
>> >> Hello again and thanks for the answers!
>> >>
>> >> My device happens to be SRX100b and version of the Rancid is 3.3.
>> >>
>> >> I got from ?apt-get install rancid cvs?
>> >
>> > Please install rancid 3/7.  It is available here:
>> > ftp://ftp.shrubbery.net/pub/ranciD
>>
>> Which has a detached sig -- thank you!!  But what key was used for
>> signing?
>
> mine

touch?

I don't have your key, so verifying the fingerprint would be nice; a
file I can gpg --import even better

Thanks
Lee


From boheme at gmail.com  Thu Mar 22 19:30:07 2018
From: boheme at gmail.com (Boheme)
Date: Thu, 22 Mar 2018 12:30:07 -0700
Subject: [rancid] signing key?
In-Reply-To: <CAD8GWsvKorGQUT98x+7sJw6O-jB-+5Q67UgfVg3+BLoegj16bg@mail.gmail.com>
References: <CAD8GWsvTRunRHyAzQ+yXc_2fRWe=vNTO1STqG2gv+w_9F7ezkw@mail.gmail.com>
 <20180322174700.GA37150@shrubbery.net>
 <CAD8GWsvKorGQUT98x+7sJw6O-jB-+5Q67UgfVg3+BLoegj16bg@mail.gmail.com>
Message-ID: <EB0E9392-03DB-49B2-BC2F-220AEA6F8A83@gmail.com>

gpg --search-keys heas at shrubbery.net

-Sent from my Pip-Boy 3000

> On Mar 22, 2018, at 11:07 AM, Lee <ler762 at gmail.com> wrote:
> 
>> On 3/22/18, heasley <heas at shrubbery.net> wrote:
>> Thu, Mar 22, 2018 at 01:46:09PM -0400, Lee:
>>>> On 3/22/18, heasley <heas at shrubbery.net> wrote:
>>>> Thu, Mar 22, 2018 at 04:02:43PM +0000, Lauri Haveri:
>>>>> Hello again and thanks for the answers!
>>>>> 
>>>>> My device happens to be SRX100b and version of the Rancid is 3.3.
>>>>> 
>>>>> I got from ?apt-get install rancid cvs?
>>>> 
>>>> Please install rancid 3/7.  It is available here:
>>>> ftp://ftp.shrubbery.net/pub/ranciD
>>> 
>>> Which has a detached sig -- thank you!!  But what key was used for
>>> signing?
>> 
>> mine
> 
> touch?
> 
> I don't have your key, so verifying the fingerprint would be nice; a
> file I can gpg --import even better
> 
> Thanks
> Lee
> 
> _______________________________________________
> Rancid-discuss mailing list
> Rancid-discuss at shrubbery.net
> http://www.shrubbery.net/mailman/listinfo/rancid-discuss


From ler762 at gmail.com  Thu Mar 22 20:13:35 2018
From: ler762 at gmail.com (Lee)
Date: Thu, 22 Mar 2018 16:13:35 -0400
Subject: [rancid] signing key?
In-Reply-To: <EB0E9392-03DB-49B2-BC2F-220AEA6F8A83@gmail.com>
References: <CAD8GWsvTRunRHyAzQ+yXc_2fRWe=vNTO1STqG2gv+w_9F7ezkw@mail.gmail.com>
 <20180322174700.GA37150@shrubbery.net>
 <CAD8GWsvKorGQUT98x+7sJw6O-jB-+5Q67UgfVg3+BLoegj16bg@mail.gmail.com>
 <EB0E9392-03DB-49B2-BC2F-220AEA6F8A83@gmail.com>
Message-ID: <CAD8GWsudwZ_n1-PV5e0fxtMR07Hx3zLJcVy2HChcrkO7jmV05w@mail.gmail.com>

On 3/22/18, Boheme <boheme at gmail.com> wrote:
> gpg --search-keys heas at shrubbery.net

Thanks, but that's not the positive ack I'm looking for.

Maybe he did use a key created in 1996 & maybe that really is his key,
but I'd rather get the fingerprint from him instead of just searching
for a key that works.

$ gpg --verify rancid-3.7.tar.gz.sig rancid-3.7.tar.gz
gpg: Signature made Wed, Mar  7, 2018  7:32:42 PM EST
gpg:                using RSA key 0x4B2BDD527A774C09
gpg: Can't check signature: public key not found

$ gpg --search-keys heas at shrubbery.net
gpg: searching for "heas at shrubbery.net" from hkps server
hkps.pool.sks-keyservers.net
(1)     John Heasley <heas at shrubbery.net>
          2048 bit RSA key 0xFC860A57C2B34FCB, created: 2015-07-06
(2)     John Heasley <heas at shrubbery.net>
          2048 bit DSA key 0x4472A69EB6650559, created: 2015-04-23
(3)     John Heasley <heas at shrubbery.net>
          1024 bit RSA key 0x0A5CE6407A774C09, created: 2014-06-16 (revoked)
(4)     John Heasley <heas at shrubbery.net>
          1024 bit RSA key 0x4B2BDD527A774C09, created: 1996-12-20
Keys 1-4 of 4 for "heas at shrubbery.net".  Enter number(s), N)ext, or Q)uit > q



>> On Mar 22, 2018, at 11:07 AM, Lee <ler762 at gmail.com> wrote:
>>
>>> On 3/22/18, heasley <heas at shrubbery.net> wrote:
>>> Thu, Mar 22, 2018 at 01:46:09PM -0400, Lee:
>>>>> On 3/22/18, heasley <heas at shrubbery.net> wrote:
>>>>> Thu, Mar 22, 2018 at 04:02:43PM +0000, Lauri Haveri:
>>>>>> Hello again and thanks for the answers!
>>>>>>
>>>>>> My device happens to be SRX100b and version of the Rancid is 3.3.
>>>>>>
>>>>>> I got from ?apt-get install rancid cvs?
>>>>>
>>>>> Please install rancid 3/7.  It is available here:
>>>>> ftp://ftp.shrubbery.net/pub/ranciD
>>>>
>>>> Which has a detached sig -- thank you!!  But what key was used for
>>>> signing?
>>>
>>> mine
>>
>> touch?
>>
>> I don't have your key, so verifying the fingerprint would be nice; a
>> file I can gpg --import even better
>>
>> Thanks
>> Lee


From lior.paster at gmail.com  Sat Mar 24 01:44:33 2018
From: lior.paster at gmail.com (Lior Paster)
Date: Sat, 24 Mar 2018 01:44:33 +0000
Subject: [rancid] Rancid support for Mellanox switches?
Message-ID: <CANr3rp=9G+yYANpYKYjggiRRdhQyz5iER9pFEFQ1XZRCFexa8Q@mail.gmail.com>

Shawn were you able to get Ranid to work with the SN2700 ?


Lior
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20180324/4a95fd0a/attachment.html>

From heas at shrubbery.net  Sat Mar 24 10:07:52 2018
From: heas at shrubbery.net (heasley)
Date: Sat, 24 Mar 2018 10:07:52 +0000
Subject: [rancid] signing key?
In-Reply-To: <CAD8GWsudwZ_n1-PV5e0fxtMR07Hx3zLJcVy2HChcrkO7jmV05w@mail.gmail.com>
References: <CAD8GWsvTRunRHyAzQ+yXc_2fRWe=vNTO1STqG2gv+w_9F7ezkw@mail.gmail.com>
 <20180322174700.GA37150@shrubbery.net>
 <CAD8GWsvKorGQUT98x+7sJw6O-jB-+5Q67UgfVg3+BLoegj16bg@mail.gmail.com>
 <EB0E9392-03DB-49B2-BC2F-220AEA6F8A83@gmail.com>
 <CAD8GWsudwZ_n1-PV5e0fxtMR07Hx3zLJcVy2HChcrkO7jmV05w@mail.gmail.com>
Message-ID: <20180324100752.GA38885@shrubbery.net>

Thu, Mar 22, 2018 at 04:13:35PM -0400, Lee:
> On 3/22/18, Boheme <boheme at gmail.com> wrote:
> > gpg --search-keys heas at shrubbery.net
> 
> Thanks, but that's not the positive ack I'm looking for.
> 
> Maybe he did use a key created in 1996 & maybe that really is his key,
> but I'd rather get the fingerprint from him instead of just searching
> for a key that works.

i hadnt noticed that it was using the old key; the tool behavior changed
and i didnt notice.  future sigs will use the more recent key/subkey.

> $ gpg --verify rancid-3.7.tar.gz.sig rancid-3.7.tar.gz
> gpg: Signature made Wed, Mar  7, 2018  7:32:42 PM EST
> gpg:                using RSA key 0x4B2BDD527A774C09
> gpg: Can't check signature: public key not found
> 
> $ gpg --search-keys heas at shrubbery.net
> gpg: searching for "heas at shrubbery.net" from hkps server
> hkps.pool.sks-keyservers.net
> (1)     John Heasley <heas at shrubbery.net>
>           2048 bit RSA key 0xFC860A57C2B34FCB, created: 2015-07-06
> (2)     John Heasley <heas at shrubbery.net>
>           2048 bit DSA key 0x4472A69EB6650559, created: 2015-04-23
> (3)     John Heasley <heas at shrubbery.net>
>           1024 bit RSA key 0x0A5CE6407A774C09, created: 2014-06-16 (revoked)
> (4)     John Heasley <heas at shrubbery.net>
>           1024 bit RSA key 0x4B2BDD527A774C09, created: 1996-12-20
> Keys 1-4 of 4 for "heas at shrubbery.net".  Enter number(s), N)ext, or Q)uit > q
> 
> 
> 
> >> On Mar 22, 2018, at 11:07 AM, Lee <ler762 at gmail.com> wrote:
> >>
> >>> On 3/22/18, heasley <heas at shrubbery.net> wrote:
> >>> Thu, Mar 22, 2018 at 01:46:09PM -0400, Lee:
> >>>>> On 3/22/18, heasley <heas at shrubbery.net> wrote:
> >>>>> Thu, Mar 22, 2018 at 04:02:43PM +0000, Lauri Haveri:
> >>>>>> Hello again and thanks for the answers!
> >>>>>>
> >>>>>> My device happens to be SRX100b and version of the Rancid is 3.3.
> >>>>>>
> >>>>>> I got from ?apt-get install rancid cvs?
> >>>>>
> >>>>> Please install rancid 3/7.  It is available here:
> >>>>> ftp://ftp.shrubbery.net/pub/ranciD
> >>>>
> >>>> Which has a detached sig -- thank you!!  But what key was used for
> >>>> signing?
> >>>
> >>> mine
> >>
> >> touch?
> >>
> >> I don't have your key, so verifying the fingerprint would be nice; a
> >> file I can gpg --import even better
> >>
> >> Thanks
> >> Lee


From heas at shrubbery.net  Mon Mar 26 08:05:51 2018
From: heas at shrubbery.net (heasley)
Date: Mon, 26 Mar 2018 08:05:51 +0000
Subject: [rancid] Cisco FirePower / FX-OS information needed
Message-ID: <20180326080551.GI6246@shrubbery.net>

FX-OS is somewhat different from IOS* and ASA.  In trying to write a rancid
module for it, I'm having trouble find access to one or a complete example
of a config.

So, if anyone has a Cisco FirePower (FX-OS) devie, not the FirePower s/w
module that is supported on some ASAs, that they could allow me to access
remotely or from which they could provide a full config and some testing,
please contact me.

Thanks


From heas at shrubbery.net  Wed Mar 28 09:02:28 2018
From: heas at shrubbery.net (heasley)
Date: Wed, 28 Mar 2018 09:02:28 +0000
Subject: [rancid] Hauwei VRP
Message-ID: <20180328090227.GB35594@shrubbery.net>

It is incomplete, but we?ve added support for Hauwei VRP-based devices. It
can be found in the current alpha image or the svn repo.

Again, incomplete, but welcome feedback from folks.


From Chris.Davis at principia.edu  Wed Mar 28 14:51:38 2018
From: Chris.Davis at principia.edu (Chris Davis)
Date: Wed, 28 Mar 2018 14:51:38 +0000
Subject: [rancid] Fortigate Cluster uptime
In-Reply-To: <HE1P190MB0522DD1B4C618A033BA8F9ACE2B30@HE1P190MB0522.EURP190.PROD.OUTLOOK.COM>
References: <HE1P192MB010626CC1D2243C01298CC57E2BD0@HE1P192MB0106.EURP192.PROD.OUTLOOK.COM>
 <20170731214743.GE49389@shrubbery.net>
 <HE1P190MB0522FD2F57E0452945C9ABBFE2B20@HE1P190MB0522.EURP190.PROD.OUTLOOK.COM>
 <20170801175821.GE47846@shrubbery.net>
 <HE1P190MB0522DD1B4C618A033BA8F9ACE2B30@HE1P190MB0522.EURP190.PROD.OUTLOOK.COM>
Message-ID: <3639C201-D33B-405F-97C7-BC26BCFD9EF6@principia.edu>

Just ran into this as well when I upgraded my clusters.  I was wondering if this change has been added to the distribution.  Probably be a good time for me to upgrade Rancid if it has been.

Thanks.
Chris

From: Rancid-discuss <rancid-discuss-bounces at shrubbery.net> on behalf of Ryan <merlin_rbs at hotmail.com>
Date: Wednesday, August 2, 2017 at 5:45 AM
To: heasley <heas at shrubbery.net>
Cc: "rancid-discuss at shrubbery.net" <rancid-discuss at shrubbery.net>
Subject: Re: [rancid] Fortigate Cluster uptime


Thanks! That worked. I had the "cluster uptime" line located in the wrong place. moving it to the location you showed (Line 184 in the script) sorted it out.

        next if (/^FortiClient application signature package:/);
+       # Cluster uptime
+       next if (/^\s*Cluster uptime:/);

        ProcessHistory("","","","#$_");
     }



Cheers!

________________________________
From: heasley <heas at shrubbery.net>
Sent: 01 August 2017 17:58:21
To: Ryan
Cc: heasley; rancid-discuss at shrubbery.net
Subject: Re: [rancid] Fortigate Cluster uptime

Mon, Jul 31, 2017 at 10:39:40PM +0000, Ryan:
> Hi,
>
>
> Thanks for the help. "get system status" also produces the line:

Index: bin/fnrancid.in
===================================================================
--- bin/fnrancid.in     (revision 3719)
+++ bin/fnrancid.in     (working copy)
@@ -188,6 +188,8 @@
        next if (/^\s*Extended DB: .*/);
        next if (/^\s*IPS-DB: .*/);
        next if (/^FortiClient application signature package:/);
+       # Cluster uptime
+       next if (/^\s*Cluster uptime:/);

        ProcessHistory("","","","#$_");
     }

> DCPGFW1 # get system status
> <some other lines here>
> Current HA mode: a-p, master
> Cluster uptime: 37 days, 10 hours, 14 minutes, 55 seconds
> System time: Tue Aug  1 10:35:45 2017
>
> FYI I removed the ! from the line (next if (/^\s*Cluster uptime:/);) but I get a mail with the following:
>
>
>   #FIPS-CC mode: disable
>
>   #Current HA mode: a-p, master
>
> - #Cluster uptime: 35 days, 20 hours, 37 minutes, 22 seconds
>
> + #Cluster uptime: 37 days, 10 hours, 16 minutes, 50 seconds
>
>
> Thanks again.
>
>
>
> ________________________________
> From: heasley <heas at shrubbery.net>
> Sent: 31 July 2017 21:47:43
> To: Ryan
> Cc: rancid-discuss at shrubbery.net
> Subject: Re: [rancid] Fortigate Cluster uptime
>
> Sun, Jul 30, 2017 at 09:26:18AM +0000, Ryan:
> > Hi All,
> >
> >
> > Sorry to mail this out but I have searched through a number of groups and cant find anything that actually works. I recently upgraded my Fortinet FW cluster and, unfortunately, the config status displays a new line, "Cluster uptime", from the "get system ha status" cli. e.g.
> >
>
> rancid does not use that command.  it uses only get system status.  is that
> command including this output now or have you changed your distribution?
>
> >   !Virtual domains status: 1 in NAT mode, 0 in TP mode
> >
> >   !Virtual domain configuration: disable
> >
> >   !FIPS-CC mode: disable
> >
> >   !Current HA mode: a-p, master
> >
> > - !Cluster uptime: 35 days, 19 hours, 40 minutes, 13 seconds
> >
> > + !Cluster uptime: 35 days, 20 hours, 40 minutes, 13 seconds
> >
> >   !Branch point: 1449
> >
> >   !Release Version Information: GA
> >
> >
> > The "Cluster uptime" means that I get an updated FW version mailed to me every hour of the day. I have tried a number of things to resolve this including:
> >
> >
> >   1.  I updated the fnrancid file with the below but both attempts failed:
> >
> >
> > sub GetConf {
> >     print STDERR "    In GetConf: $_" if ($debug);
> >
> >     while (<INPUT>) {
> >         tr/\015//d;
> >         next if /^\s*$/;
> >         last if (/$prompt/);
> >
> >         # System time is fortigate extraction time
> >         next if (/^\s*!System time:/);
> >         # remove occurrances of conf_file_ver
> >         next if (/^#?conf_file_ver=/);
> >
> >
> > # First think I tried
> >
> > #remove occurances of Cluster Uptime
> >         next if (/^\s*!Cluster uptime:/);
>
> no !.
>
> >
> > # next thing I tried.
> >
> >         #if (/^\s*!Cluster uptime:/) {
> >         #    ProcessHistory("","","","","","#$_");
> >         #    next;
> >         #}
> >
> >
> > 2. I tried other options e.g. writing something similar to the cycling password but I am afraid I reached the end of my skillset.
> >
> > 3. Finally I thought my Rancid server is pretty old 2.3.6 so I built a new rancid server (3.3.0) using Ubuntu 16.04 and updated the fnrancid again without success.
> >
> >
> > Two questions if I may:
> >
> >   1.  Anyone know how I can ignore the Cluster uptime line?
> >   2.  If I move to using the new server is there a way to export the CVS history on the old server and import it on the new?
> >
> >
> > Thanks in advance! Your help is appreciated!
> >
> >
> > Cheers,
> >
>
> > _______________________________________________
> > Rancid-discuss mailing list
> > Rancid-discuss at shrubbery.net
> > http://www.shrubbery.net/mailman/listinfo/rancid-discuss
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20180328/00247da4/attachment.html>

From heas at shrubbery.net  Thu Mar 29 19:58:17 2018
From: heas at shrubbery.net (heasley)
Date: Thu, 29 Mar 2018 19:58:17 +0000
Subject: [rancid] Fortigate Cluster uptime
In-Reply-To: <3639C201-D33B-405F-97C7-BC26BCFD9EF6@principia.edu>
References: <HE1P192MB010626CC1D2243C01298CC57E2BD0@HE1P192MB0106.EURP192.PROD.OUTLOOK.COM>
 <20170731214743.GE49389@shrubbery.net>
 <HE1P190MB0522FD2F57E0452945C9ABBFE2B20@HE1P190MB0522.EURP190.PROD.OUTLOOK.COM>
 <20170801175821.GE47846@shrubbery.net>
 <HE1P190MB0522DD1B4C618A033BA8F9ACE2B30@HE1P190MB0522.EURP190.PROD.OUTLOOK.COM>
 <3639C201-D33B-405F-97C7-BC26BCFD9EF6@principia.edu>
Message-ID: <20180329195816.GF73832@shrubbery.net>

Wed, Mar 28, 2018 at 02:51:38PM +0000, Chris Davis:
> Just ran into this as well when I upgraded my clusters.  I was wondering if this change has been added to the distribution.  Probably be a good time for me to upgrade Rancid if it has been.
> 

it is in 3.7.