I am a CCNP and I've never seen a device use password :) Regardless, that
wasn't the final fix. There was a space between the * and password which
was also causing the script to fail.
On Thursday, October 11, 2012 1:12:23 PM UTC-4, dan (ddpbsd) wrote:
>
> On Thu, Oct 11, 2012 at 12:53 PM, Lsilverman
> <lsilv...@chargeanywhere.com <javascript:>> wrote:
> > Thanks for the reply Dan. I am calling the script from /var/ossec/ :)
> >
> > You are a genius :) I had to take it a step further though... Here is
> the
> > section of bad code:
> >
> > expect {
> > "WARNING: REMOTE HOST" {
> > send_user "ERROR: RSA host key for '$hostname' has changed.
> Unable
> > to access.\n"
> > exit 1;
> > }
> > "*sure you want to continue connecting*" {
> > send "yes\r"
> > expect "* Password:*" {
> > send "$pass\r"
> >
> > expect {
> > "Permission denied" {
> > send_user "ERROR: Incorrect password to remote host:
> > $hostname .\n"
> > exit 1;
> > }
> > timeout {
> > send_user "ERROR: Timeout while running on host (too
> > long to finish): $hostname .\n"
> > exit 1;
> > }
> > "*>" {
> > send_user "\nINFO: Starting.\n"
> > }
> > }
> > }
> > }
> > "ssh: connect to host*" {
> > send_user "ERROR: Unable to connect to remote host: $hostname
> .\n"
> > exit 1;
> > }
> > "no address associated with name" {
> > send_user "ERROR: Unable to connect to remote host: $hostname
> .\n"
> > exit 1;
> > }
> > "*Connection refused*" {
> > send_user "ERROR: Unable to connect to remote host: $hostname
> .\n"
> > exit 1;
> > }
> > "*Connection closed by remote host*" {
> > send_user "ERROR: Unable to connect to remote host: $hostname
> .\n"
> > exit 1;
> > }
> > "* password:*" {
> > send "$pass\r"
> >
> >
> > The bolded section on the bottom had to be changed to "*Password:*"{.
> Now it
> > works perfectly. No one else noticed this bug? :P
> >
>
> I'm not a cisco expert, but from the little I know about their
> products they're very inconsistent. I wouldn't be surprised if some
> versions used password, and others Password.
>
> Glad it helped!
>
> > THANK YOU THANK YOU THANK YOU
> >
> > Lou
> >
> >
> >
> > On Thursday, October 11, 2012 12:32:33 PM UTC-4, dan (ddpbsd) wrote:
> >>
> >> On Thu, Oct 11, 2012 at 12:23 PM, Lsilverman
> >> <lsilv...@chargeanywhere.com> wrote:
> >> > Agentless monitoring with a password simply does not work. Can't get
> it
> >> > working for linux or cisco boxes.
> >> >
> >> > I am running CentOS 5.8 on a ESXi guest. Install went very smooth,
> >> > rolling
> >> > out agents also works perfectly. Here is my steps for setting up
> >> > agentless
> >> > config diffs on cisco router:
> >> >
> >> > 1. I enabled agentless with: /var/ossec/bin/ossec-control enable
> >> > agentless
> >> > 2. Added the host with: /var/ossec/agentless/register_host.sh add
> >> > cisco@x.x.x.x SSHPASS ENABLEPASS
> >> > 3. added the appropriate items to ossec.conf:
> >> >
> >> > <agentless>
> >> > <type>ssh_pixconfig_diff</type>
> >> > <frequency>120</frequency>
> >> > <host>cisco@x.x.x.x</host>
> >> > <state>periodic_diff</state>
> >> > </agentless>
> >> >
> >> > 4. restarted ossec server
> >> >
> >> >
> >> > Once I realized this was not working, I started testing. No matter
> what
> >> > I do
> >> > it doesnt work:
> >> >
> >> >
> >> > sudo -u ossec ./agentless/ssh_generic_diff cisco@x.x.x.x
> >>
> >> # NOTE: this script must be called from within /var/ossec for it to
> work.
> >>
> >> Just a hunch, since I don't know expect, but it looks like the script
> >> is expecting to see "password:", but below it looks like it's seeing
> >> "Password." Perhaps changing the line '"* password:*" {' to '"*
> >> Password:*" {' might help?
> >>
> >>
> >> > spawn ssh cisco@x.x.x.x
> >> > Password:
> >> > ERROR: Timeout while connecting to host: cisco@x.x.x.x .
> >> >
> >> >
> >> >
> >> > sudo -u ossec ./agentless/ssh_pixconfig_diff cisco@x.x.x.x
> >> > spawn ssh -c des cisco@x.x.x.x
> >> > No valid ciphers for protocol version 2 given, using defaults.
> >> > Password: ERROR: Timeout while connecting to host: cisco@x.x.x.x
> >> >
> >> >
> >> > Please excuse the insane formatting here. Anyone have a
> recommendation?
> >> >
> >> >
> >> > Thanks
> >> >
> >> > Lou
>
