Now I've come across a device that I can't reach directly from my rancid host. It's not possible to create a direct network connection, or to use ssh tunnels or netcat to forward those ports using a relay host.
Instead I found a much simpler and more elegant solution. Albeit this involves patching rancid.
After playing with ProxyCommands and netcat I came across this patch on the rancid-discuss list from 2006.
The principle seems simple, elegant but still straight forward. Extending the clogin script to define a new method that can use custom commands to establish the connection.
This is accomplished by adding two new commands.
add method testrouter {usercmd}In my case I wanted to ssh to the relay host, and then telnet to my device from there. This is how I set that up:
add usercmd testrouter {ssh} {-t} {termserver01} {cu -l /dev/tty01 -s 9600}
add usercmd_chat testrouter {Connected.} {\r}
add method my-alias usercmdTwo caveats to this situation:
add usercmd my-alias {ssh} {-t} {rancid@my-relay-host} {telnet my-device}
add user my-alias rancid
add password my-alias rancid
- The username on my-relay-host must match the username used on the device my-alias.
- This requires password less authentication to my-relay-host. I've used ssh standard key exchange.
2 comments:
Hi,
any chance you can deocument how you patch rancid ?
I get the following error message :
"Error: unknown connection method: usercmd"
at the line :
add method fwsm001-ctxpublic.corp.local {usercmd}
Thanks for your help !
I've linked to the patch. If you are not familiar with patching, it's probably easier to modify the file manually in this case.
Remember to take a backup first!
The changes are at the bottom of this post, the first number after the "@@" signs is the line.
http://www.shrubbery.net/pipermail/rancid-discuss/2006-May/001490.html
Post a Comment