summaryrefslogtreecommitdiffstats
path: root/man/clogin.1
blob: 077403c61bed1717ef541100a81d19248e1fd39a (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
.\"
.hys 50
.TH "clogin" "1" "27 February 2008"
.SH NAME
clogin \- Cisco/Foundry login script
.SH SYNOPSIS
.B clogin
[\fB\-autoenable\fP]
[\fB\-noenable\fP]
[\fB\-dV\fR]
[\c
.BI \-c\ 
command]
[\c
.BI \-E\ 
var=x]
[\c
.BI \-e\ 
enable-password]
[\c
.BI \-f\ 
cloginrc-file]
[\c
.BI \-p\ 
user-password]
[\c
.BI \-s\ 
script-file]
[\c
.BI \-t\ 
timeout]
[\c
.BI \-u\ 
username]
[\c
.BI \-v\ 
vty-password]
[\c
.BI \-w\ 
enable-username]
[\c
.BI \-x\ 
command-file]
[\c
.BI \-y\ 
ssh_cypher_type]
router
[router...]
.SH DESCRIPTION
.B clogin
is an
.BR expect (1)
script to automate the process of logging into a Cisco router,
catalyst switch, Extreme switch, Juniper ERX/E-series, Procket Networks,
or Redback router.
There are complementary scripts for
Alteon,
Avocent (Cyclades),
Bay Networks (nortel),
ADC-kentrox EZ-T3 mux,
Foundry,
HP Procurve Switches and Cisco AGMs,
Hitachi Routers,
Juniper Networks,
Netscreen firewalls,
Netscaler,
Riverstone,
Netopia,
and Lucent TNT,
named
.B alogin,
.B avologin,
.B blogin,
.B elogin,
.B flogin,
.B hlogin,
.B htlogin,
.B jlogin,
.B nlogin,
.B nslogin,
.B rivlogin,
.B tlogin,
and
.B tntlogin,
respectively.
.PP
.B clogin
reads the
.IR .cloginrc
file for its configuration, then connects and logs into each of the
routers specified on the command line in the order listed.  Command-line
options exist to override some of the directives found in the
.IR .cloginrc
configuration file.
.PP
The command-line options are as follows:
.TP
.B \-V
Prints package name and version strings.
.\"
.TP
.B \-c
Command to be run on each router list on the command-line.  Multiple
commands maybe listed by separating them with semi-colons (;).  The argument
should be quoted to avoid shell expansion.
.\"
.TP
.B \-d
Enable expect debugging.
.\"
.TP
.B \-E
Specifies a variable to pass through to scripts (\-s).  For example, the
command-line option \-Efoo=bar will produce a global variable by the name
Efoo with the initial value "bar".
.\"
.TP
.B \-e
Specify a password to be supplied when gaining enable privileges on the
router(s).  Also see the password directive of the
.IR .cloginrc
file.
.\"
.TP
.B \-f
Specifies an alternate configuration file.  The default is
.IR "$HOME/.cloginrc" .
.\"
.TP
.B \-p
Specifies a password associated with the user specified by the
.B \-u
option, user directive of the
.IR .cloginrc
file, or the Unix username of the user.
.\"
.TP
.B \-s
The filename of an
.BR expect (1)
script which will be sourced after the login is successful and is expected
to return control to
.B clogin,
with the connection to the router intact, when it is done.  Note that
.B clogin
disables
.IR log_user
of
.BR expect (1) when
.B \-s
is used.
Example script(s) can be found in share/rancid/*.exp.
.\"
.TP
.B \-t
Alters the timeout interval; the period that
.B clogin
waits for an individual command to return a prompt or the login process to
produce a prompt or failure.  The argument is in seconds.
.\"
.TP
.B \-u
Specifies the username used when prompted.  The command-line option overrides
any user directive found in
.IR .cloginrc .
The default is the current Unix username.
.\"
.TP
.B \-v
Specifies a vty password, that which is prompted for upon connection
to the router.  This overrides the vty password of the
.IR .cloginrc
file's password directive.
.\"
.TP
.B \-w
Specifies the username used if prompted when gaining enable privileges.  The
command-line option overrides any user or enauser directives found in
.IR .cloginrc .
The default is the current Unix username.
.\"
.TP
.B \-x
Similar to the
.B \-c
option;
.B \-x
specifies a file with commands to run on each of the routers.  The commands
must not expect additional input, such as 'copy rcp startup-config' does.
For example:
.PP
.in +1i
.nf
show version
show logging
.fi
.in -1i
.\"
.TP
.B \-y
Specifies the encryption algorithm for use with the
.BR ssh (1)
\-c option.  The default encryption type is often not supported.  See the
.BR ssh (1)
man page for details.  The default is 3des.
.El
.\"
.SH RETURNS
If the login script fails for any of the devices on the command-line, the
exit value of the script will be non-zero and the value will be the number
of failures.
.\"
.SH ENVIRONMENT
.B clogin
recognizes the following environment variables.
.PP
.TP
.B CISCO_USER
Overrides the user directive found in the
.IR .cloginrc
file, but may be overridden by the
.B \-u
option.
.\"
.TP
.B CLOGIN
.B clogin
will not change the banner on your xterm window if this includes the
character 'x'.
.\"
.TP
.B CLOGINRC
Specifies an alternative location for the
.IR .cloginrc
file, like the \fB\-f\fP option.
.\"
.TP
.B HOME
Normally set by
.BR login (1)
to the user's home directory,
HOME is used by
.B clogin
to locate the
.IR .cloginrc
configuration file.
.El
.SH FILES
.ta \w'xHOME/xcloginrc  'u 
\fI$HOME/.cloginrc\fR   Configuration file.
.SH "SEE ALSO"
.BR cloginrc (5),
.BR expect (1)
.\"
.SH CAVEATS
.B clogin
expects CatOS devices to have a prompt which includes a '>',
such as "router> (enable)".  It uses this to determine, for example,
whether the command to disable the pager is "set length 0" or "term length 0".
.PP
The HP Procurve switches that are Foundry OEMs use flogin, not hlogin.
.PP
The Extreme is supported by
.B clogin,
but it has no concept of an "enabled" privilege level.  You must
set autoenable for these devices in your
.IR .cloginrc .
.\"
.SH BUGS
Do not use greater than (>) or pound sign (#) in device banners.  These
are the normal terminating characters of device prompts and the login
scripts need to locate the initial prompt.  Afterward, the full prompt
is collected and makes a more precise match so that the scripts know
when the device is ready for the next command.
.PP
All these login scripts for separate devices should be rolled into one.
This goal is exceedingly difficult.
.PP
The HP Procurve switch and Cisco AGM CLIs rely heavily upon terminal escape
codes for cursor/screen manipulation and assumes a vt100 terminal type.
They do not provide a way to set a different terminal type or adjust this
behavior.
The resulting escape codes make automating interaction with these devices
very difficult or impossible.
Thus bin/hpuifilter, which must be found in the user's PATH, is used by
hlogin to filter these escape sequences.
While this works for rancid's collection, there are side effects for
interactive logins via hlogin; most of which are formatting annoyances that
may be remedied by typing CTRL-R to reprint the current line.
.PP
WARNING: repeated ssh login failures to HP Procurves cause the switch's
management interface to lock-up (this includes snmp, ping) and sometimes
it will crash.  This is with the latest firmware; 5.33 at the time of this
writing.