Package:rancid
Version:2.3.8-6
Hi,
Clogin fails to connect to our fortigate devices (300D & 600D) using
read-only users, no issue using admin ones (except having to force an
specific cypher for newer fortigate firmware):
root@rancid[PRO]:~# /usr/bin/clogin_bk fortigate1
fortigate1
spawn ssh -c aes128-ctr -x -l rancid fortigate1
rancid@fortigate1's password:
fortigate1 $
Error: TIMEOUT reached
root@rancid[PRO]:~# /usr/bin/clogin fortigate1
fortigate1
spawn ssh -c aes128-ctr -x -l rancid fortigate1
rancid@fortigate1's password:
fortigate1 $
fortigate1 $
fortigate1 $
fortigate1 $ exit
Connection to fortigate1 closed.
root@rancid[PRO]:~# diff /usr/bin/clogin{,_bk}
788c788
< set prompt "(\\$|>|#| \\(enable\\))"
---
> set prompt "(>|#| \\(enable\\))"
root@tacacs[PRO]:~# grep fortigate1 /var/lib/rancid/sitea/router.db
fortigate1:fortigate:up
root@rancid[PRO]:~# grep fortigate1 /home/rancid/.cloginrc
add user fortigate1 rancid
add password fortigate1 foobar
add cyphertype fortigate1 {aes128-ctr}
add noenable fortigate1 1
Seems that '$' isn't a valid prompt, logins on fortigate devices with a
read-only user gives you that prompt instead of '#'.
Kind regards.
--
------------------------------
[image: Fon] <http://www.fon.com/>
Héctor Javier Sánchez Montes
<http://keyserver.ubuntu.com/pks/lookup?op=vindex&fingerprint=on&search=0xC17CA721B12C6541>
Network Specialist
+34 912 91 76 83
Skype: hector.sanchez.fon
All information in this email is confidential
<https://fon.com/email-disclaimer/>
