Re: [rancid] Weird commands on Cisco ASA
Might this be an issue for you? http://www.shrubbery.net/pipermail/rancid-discuss/2018-January/010021.html weylin From: "Michael T. Voity" Date: Thursday, August 30, 2018 at 4:14 PM To: "rancid-discuss@shrubbery.net" Subject: [rancid] Weird commands on Cisco ASA Hello, I have a firewall that has not been updated by rancid for a few days. Upon investigation I did some testing from the server found this – Looks like it is adding the command ‘rancid’ after it logs in. This is my only device that does it, among the 50+ that rancid is polling. [rancid@netwatch bin]$ ./clogin spawn ssh -c aes256-ctr -x -l rancid rancid@'s password: User rancid logged in to Logins over the last 78 days: 6800. Last login: 16:04:41 EDT Aug 30 2018 from Failed logins since the last login: 0. Last failed login: 15:20:29 EDT Aug 30 2018 from Type help or '?' for a list of available commands. > rancid ^ ERROR: % Invalid input detected at '^' marker. > Error: Unrecognized command, check your enable command rancid ^ ERROR: % Invalid input detected at '^' marker. > enable Password: Invalid password Password: Invalid password Password: Invalid password Access denied. > exit Logoff Connection to closed. [rancid@netwatch bin]$ -- Michael T. Voity Network Engineer The University of Vermont ___ Rancid-discuss mailing list Rancid-discuss@shrubbery.net http://www.shrubbery.net/mailman/listinfo/rancid-discuss
Re: [rancid] Backup Extreme switches
Fri, Aug 31, 2018 at 10:52:03AM +, Peltokangas Mikko: > Well, I'm trying to log in via telnet. > > I found this package, what gives some guidance for that: > https://www.dropbox.com/s/tsqclfxg8c8p9n1/rancid-extreme-changes.tgz?dl=0_subpath=%2F. > There's only one problem, it tells that I need to add that vendor-to-script > -translation to rancid-fe but when I'm looking my > rancid-fe, it look like this: https://pastebin.com/ptb5LZQ8 > > Do I have some wrong version or something else odd? that is unsupported in 3.x. > Should I add new type to /etc/rancid/rancid.types.base dispite the threat of > voodoo doll? ;) you could add one to rancid.types.conf, but it should not be necessary. please follow the debugging sets in the FAQ S3 Q2 to debug the reason xlogin is failing or to help us help you by sharing that output. > -- > -m > > Lähettäjä: Nick Hilliard > Lähetetty: 28. elokuuta 2018 22:58 > Vastaanottaja: heasley > Kopio: Peltokangas Mikko; rancid-discuss@shrubbery.net > Aihe: Re: [rancid] Backup Extreme switches > > heasley wrote on 28/08/2018 19:54: > > it shouldnt. please should me xlogin -d -c 'somecommand' output. > > fake news. This was a bug affecting older versions, but it seems to be > fixed now. > > Mikko, make sure you can log in to the switches using ssh from the > rancid account, because the versions of XOS that are supported on these > devices only allows deprecated crypto parameters. You may need this in > your ~rancid/.ssh/config file: > > -- > Host * > KexAlgorithms +diffie-hellman-group1-sha1 > HostkeyAlgorithms +ssh-dss > -- > > Nick ___ Rancid-discuss mailing list Rancid-discuss@shrubbery.net http://www.shrubbery.net/mailman/listinfo/rancid-discuss
Re: [rancid] Backup Extreme switches
Well, I'm trying to log in via telnet. I found this package, what gives some guidance for that: https://www.dropbox.com/s/tsqclfxg8c8p9n1/rancid-extreme-changes.tgz?dl=0_subpath=%2F. There's only one problem, it tells that I need to add that vendor-to-script -translation to rancid-fe but when I'm looking my rancid-fe, it look like this: https://pastebin.com/ptb5LZQ8 Do I have some wrong version or something else odd? Should I add new type to /etc/rancid/rancid.types.base dispite the threat of voodoo doll? ;) -- -m Lähettäjä: Nick Hilliard Lähetetty: 28. elokuuta 2018 22:58 Vastaanottaja: heasley Kopio: Peltokangas Mikko; rancid-discuss@shrubbery.net Aihe: Re: [rancid] Backup Extreme switches heasley wrote on 28/08/2018 19:54: > it shouldnt. please should me xlogin -d -c 'somecommand' output. fake news. This was a bug affecting older versions, but it seems to be fixed now. Mikko, make sure you can log in to the switches using ssh from the rancid account, because the versions of XOS that are supported on these devices only allows deprecated crypto parameters. You may need this in your ~rancid/.ssh/config file: -- Host * KexAlgorithms +diffie-hellman-group1-sha1 HostkeyAlgorithms +ssh-dss -- Nick ___ Rancid-discuss mailing list Rancid-discuss@shrubbery.net http://www.shrubbery.net/mailman/listinfo/rancid-discuss