table of contents
other versions
- wheezy 2.3.8-3
- jessie 2.3.8-6
- jessie-backports 3.6.2-2~bpo8+1
- testing 3.6.2-2
- unstable 3.6.2-2
cloginrc(5) | File Formats Manual | cloginrc(5) |
NAME¶
.cloginrc - clogin configuration file
DESCRIPTION¶
.cloginrc contains configuration information for alogin(1), blogin(1), clogin(1), elogin(1), flogin(1), hlogin(1), htlogin(1), jlogin(1), nlogin(1), nslogin(1), rivlogin(1), and tntlogin(1), such as usernames, passwords, ssh encryption type, etc., and is read at run-time. Each line contains either white-space (blank line), a comment which begins with the comment character '#' and may be preceded by white-space, or one of the directives listed below. Each line containing a directive is of the form:add <directive> <hostname glob> {<value>} [{<value>} ...]orinclude {<file>}
Note: the braces ({}) surrounding the values is significant when the values include TCL meta-characters. Best common practice is to always enclose the values in braces. If a value includes a (left or right) brace or space character, it must be backslash-escaped, as in:
add user <hostname glob> {foo\}bar} add user <hostname glob> {foo\ bar}
As .cloginrc is searched for a directive matching a hostname, it is always the first matching instance of a directive, one whose hostname glob expression matches the hostname, which is used. For example; looking up the "password" directive for hostname foo in a .cloginrc file containing
add password * {bar} {table} add password foo {bar} {table}
DIRECTIVES¶
The accepted directives are (alphabetically):- add autoenable <router name glob> {[01]}
- When using locally defined usernames or AAA, it is possible
to have a login which is automatically enabled. This is, that user has
enable privileges without the need to execute the enable command. The
router's prompt is different for enabled mode, ending with a # rather than
a >.
- add cyphertype <router name glob> {<ssh encryption type>}
- cyphertype defines which encryption algorithm is used with
ssh. A device may not support the type ssh uses by default. See
ssh(1)'s
-c option for details.
- add enableprompt <router name glob> {"<enable prompt>"}
- When using AAA with a Cisco router or switch, it is
possible to redefine the prompt the device presents to the user for the
enable password. enableprompt may be used to adjust the prompt that
clogin should look for when trying to login. Note that enableprompt
can be a Tcl style regular expression.
- add enauser <router name glob> {<username>}
- This is only needed if a device prompts for a username when gaining enable privileges and where this username is different from that defined by or the default of the user directive.
- add identity <router name glob> {<ssh identity file path>}
- May be used to specify an alternate identity file for use
with ssh(1). See ssh's -i option for details.
- add method <router name glob> {ssh} [{...}]
- Defines, in order, the connection methods to use for a
device from the set {ssh, telnet, rsh}. Method telnet may have a suffix,
indicating an alternate TCP port, of the form ":port".
- add noenable <router name glob> {1}
- clogin will not try to gain enable privileges when
noenable is matched for a device. This is equivalent to clogin's
-noenable command-line option.
- add passphrase <router name glob> {"<SSH passphrase>"}
- Specify the SSH passphrase. Note that this may be
particular to an identity directive. The passphrase will default to
the password for the given router.
- add passprompt <router name glob> {"<password prompt>"}
- When using AAA with a Cisco router or switch, it is
possible to redefine the prompt the device presents to the user for the
password. passprompt may be used to adjust the prompt that clogin
should look for when trying to login. Note that passprompt can be a Tcl
style regular expression.
- add password <router name glob> {<vty passwd>} [{<enable passwd>}]
- Specifies a vty password, that which is prompted for upon the connection to the router. The last argument is the enable password and need not be specified if the device also has a matching noenable or autoenable directive or the corresponding command-line options are used.
- add sshcmd <router name glob> {<ssh>}
- <ssh> is the name of the ssh executable. OpenSSH uses
a command-line option to specify the protocol version, but other
implementations use a separate binary such as "ssh1".
sshcmd allows this to be adjusted as necessary for the local
environment.
- add timeout <router name glob> {<seconds>}
- Time in seconds that the login script will wait for input
from the device before timeout.
- add user <router name glob> {<username>}
- Specifies a username clogin should use if or when
prompted for one.
- add userpassword <router name glob> {<user password>}
- Specifies a password to be associated with a user, if different from that defined with the password directive.
- add userprompt <router name glob> {"<username prompt>"}
- When using AAA with a Cisco router or switch, it is
possible to redefine the prompt the device presents to the user for the
username. userprompt may be used to adjust the prompt that clogin
should look for when trying to login. Note that userprompt can be a Tcl
style regular expression.
- include {<file>}
- <file> is the pathname of an additional
.cloginrc file to include at that point. It is evaluated
immediately. That is important with regard to the order of matching
hostnames for a given directive, as mentioned above. This is useful if you
have your own .cloginrc plus an additional .cloginrc file
that is shared among a group of folks.
FILES¶
$HOME/.cloginrc Configuration file described here. share/rancid/cloginrc.sample A sample .cloginrc.
ERRORS¶
.cloginrc is interpreted directly by Tcl, so its syntax follows that of Tcl. Errors may produce quite unexpected results.SEE ALSO¶
clogin(1), glob(3), tclsh(1)9 February 2009 |