NAME¶
clogin - Cisco login script
SYNOPSIS¶
clogin [
-autoenable] [
-noenable] [
-dSV]
[
-c command] [
-E var=x] [
-e
enable-password] [
-f cloginrc-file] [
-p
user-password] [
-s script-file] [
-t timeout]
[
-u username] [
-v vty-password] [
-w
enable-username] [
-x command-file] [
-y
ssh_cypher_type] router [router...]
DESCRIPTION¶
clogin is an
expect(1) script to automate the process of logging
into a Cisco router, catalyst switch, Extreme switch, Juniper ERX/E-series,
Procket Networks, or Redback router. There are complementary scripts for
Alteon, Avocent (Cyclades), Bay Networks (nortel), ADC-kentrox EZ-T3 mux,
Foundry, HP Procurve switches and Cisco AGMs, Hitachi routers, Juniper
Networks, MRV optical switch, Mikrotik routers, Netscreen firewalls,
Netscaler, Riverstone, Netopia, and Lucent TNT, named
alogin,
avologin, blogin, elogin, flogin, fnlogin,
hlogin, htlogin, jlogin, mrvlogin, mtlogin,
nlogin, nslogin, rivlogin, tlogin, and
tntlogin, respectively.
clogin reads the
.cloginrc file for its configuration, then
connects and logs into each of the routers specified on the command line in
the order listed. Command-line options exist to override some of the
directives found in the
.cloginrc configuration file.
The command-line options are as follows:
- -S
- Save the configuration on exit, if the device prompts at
logout time. This only has affect when used with -s.
- -V
- Prints package name and version strings.
- -c
- Command to be run on each router list on the command-line.
Multiple commands maybe listed by separating them with semi-colons (;).
The argument should be quoted to avoid shell expansion.
- -d
- Enable expect debugging.
- -E
- Specifies a variable to pass through to scripts (-s). For
example, the command-line option -Efoo=bar will produce a global variable
by the name Efoo with the initial value "bar".
- -e
- Specify a password to be supplied when gaining enable
privileges on the router(s). Also see the password directive of the
.cloginrc file.
- -f
- Specifies an alternate configuration file. The default is
$HOME/.cloginrc.
- -p
- Specifies a password associated with the user specified by
the -u option, user directive of the .cloginrc file, or the
Unix username of the user.
- -s
- The filename of an expect(1) script which will be
sourced after the login is successful and is expected to return control to
clogin, with the connection to the router intact, when it is done.
Note that clogin disables log_user of
expect(1)when -s is used. Example script(s) can be
found in share/rancid/*.exp.
- -t
- Alters the timeout interval; the period that clogin
waits for an individual command to return a prompt or the login process to
produce a prompt or failure. The argument is in seconds.
- -u
- Specifies the username used when prompted. The command-line
option overrides any user directive found in .cloginrc. The default
is the current Unix username.
- -v
- Specifies a vty password, that which is prompted for upon
connection to the router. This overrides the vty password of the
.cloginrc file's password directive.
- -w
- Specifies the username used if prompted when gaining enable
privileges. The command-line option overrides any user or enauser
directives found in .cloginrc. The default is the current Unix
username.
- -x
- Similar to the -c option; -x specifies a file
with commands to run on each of the routers. The commands must not expect
additional input, such as 'copy rcp startup-config' does. For
example:
show version
show logging
- -y
- Specifies the encryption algorithm for use with the
ssh(1) -c option. The default encryption type is often not
supported. See the ssh(1) man page for details. The default is
3des.
RETURNS¶
If the login script fails for any of the devices on the command-line, the exit
value of the script will be non-zero and the value will be the number of
failures.
ENVIRONMENT¶
clogin recognizes the following environment variables.
- CISCO_USER
- Overrides the user directive found in the .cloginrc
file, but may be overridden by the -u option.
- CLOGIN
- clogin will not change the banner on your xterm
window if this includes the character 'x'.
- CLOGINRC
- Specifies an alternative location for the .cloginrc
file, like the -f option.
- HOME
- Normally set by login(1) to the user's home
directory, HOME is used by clogin to locate the .cloginrc
configuration file.
FILES¶
$HOME/.cloginrc Configuration file.
SEE ALSO¶
cloginrc(5),
expect(1)
CAVEATS¶
clogin expects CatOS devices to have a prompt which includes a '>',
such as "router> (enable)". It uses this to determine, for
example, whether the command to disable the pager is "set length 0"
or "term length 0".
The HP Procurve switches that are Foundry OEMs use flogin, not hlogin.
The Extreme is supported by
clogin, but it has no concept of an
"enabled" privilege level. You must set autoenable for these devices
in your
.cloginrc.
The -S option is a recent addition, it may not be supported in all of the login
scripts or for every target device.
BUGS¶
Do not use greater than (>) or pound sign (#) in device banners. These are
the normal terminating characters of device prompts and the login scripts need
to locate the initial prompt. Afterward, the full prompt is collected and
makes a more precise match so that the scripts know when the device is ready
for the next command.
All these login scripts for separate devices should be rolled into one. This
goal is exceedingly difficult.
The HP Procurve switch, Motorola BSR, and Cisco AGM CLIs rely heavily upon
terminal escape codes for cursor/screen manipulation and assumes a vt100
terminal type. They do not provide a way to set a different terminal type or
adjust this behavior. The resulting escape codes make automating interaction
with these devices very difficult or impossible. Thus bin/hpuifilter, which
must be found in the user's PATH, is used by hlogin to filter these escape
sequences. While this works for rancid's collection, there are side effects
for interactive logins via hlogin; most of which are formatting annoyances
that may be remedied by typing CTRL-R to reprint the current line.
WARNING: repeated ssh login failures to HP Procurves cause the switch's
management interface to lock-up (this includes snmp, ping) and sometimes it
will crash. This is with the latest firmware; 5.33 at the time of this
writing.