1clogin(1)                   General Commands Manual                  clogin(1)
2
3
4

NAME

6       clogin - Cisco login script
7

SYNOPSIS

9       clogin  [-autoenable]  [-noenable]  [-dhiSV]  [-m|M] [-c  command] [-E
10       var=x] [-e  enable-password] [-f   cloginrc-file]  [-p   user-password]
11       [-s   script-file] [-t  timeout] [-u  username] [-v  vty-password] [-w
12       enable-username]  [-x   command-file]  [-y    ssh_cypher_type]   router
13       [router...]
14

DESCRIPTION

16       clogin is an expect(1) script to automate the process of logging into a
17       Cisco router, Catalyst switch, Arista switch, Extreme  switch,  Juniper
18       ERX/E-series,  or  Redback router.  There are complementary scripts for
19       A10, Alteon, Avocent (Cyclades), Bay  Networks  (nortel),  Cisco  Small
20       Business  devices,  ADC-kentrox EZ-T3 mux, Fortinet firewalls, Foundry,
21       HP Procurve switches and Cisco AGMs, Hitachi routers, Juniper Networks,
22       MRV  optical  switch,  Mikrotik  routers,  Netscreen  firewalls,  Nokia
23       (Alcatel-Lucent), Netscaler, Riverstone, Netopia, Cisco  WLCs,  Extreme
24       devices  and  Xirrus  arrays or Arrcus routers, named a10login, alogin,
25       avologin, blogin, csblogin, elogin, flogin, fnlogin,  hlogin,  htlogin,
26       jlogin, mrvlogin, mtlogin, nlogin, noklogin, nslogin, rivlogin, tlogin,
27       wlogin, xlogin, and xilogin, respectively.  Lastly, plogin is  a  poly-
28       login  script  using  the  router.db(5)  files of rancid groups and the
29       rancid.types.base(5) and rancid.types.conf(5) files to determine  which
30       login script to execute for the device type of the given device.
31
32       clogin  reads  the  .cloginrc file for its configuration, then connects
33       and logs into each of the routers specified on the command line in  the
34       order  listed.   Command-line  options  exist  to  override some of the
35       directives found in the .cloginrc configuration file.
36
37       The command-line options are as follows:
38
39       -S     Save the configuration on exit, if the device prompts at  logout
40              time.  This only has affect when used with -c.
41
42       -V     Prints package name and version strings.
43
44       -c     Command  to  be  run  on  each  router list on the command-line.
45              Multiple commands maybe listed by  separating  them  with  semi-
46              colons  (;).   The  argument  should  be  quoted  to avoid shell
47              expansion.
48
49       -d     Enable expect debugging.
50
51       -E     Specifies a variable to  pass  through  to  scripts  (-s).   For
52              example, the command-line option -Efoo=bar will produce a global
53              variable by the name Efoo with the initial value "bar".
54
55       -e     Specify a password to be supplied when gaining enable privileges
56              on  the  router(s).   Also  see  the  password  directive of the
57              .cloginrc file.
58
59       -f     Specifies an  alternate  configuration  file.   The  default  is
60              $HOME/.cloginrc.
61
62       -h     Display usage line and exit.
63
64       -i     Enter interactive mode after processing -[cx] options.
65
66       -[mM]  Display  .cloginrc  information  for  matching lines; either the
67              first match (-m) or all matches (-M), then  exit.   The  display
68              format is:
69
70              look-up variable:filename:line number: glob
71
72       -p     Specifies  a  password associated with the user specified by the
73              -u option, user directive of the .cloginrc  file,  or  the  Unix
74              username of the user.
75
76       -s     The  filename of an expect(1) script which will be sourced after
77              the login is successful and is expected  to  return  control  to
78              clogin,  with  the  connection  to the router intact, when it is
79              done.  Note that clogin disables log_user of expect(1)when -s is
80              used.  Example script(s) can be found in share/rancid/*.exp.
81
82       -t     Alters the timeout interval; the period that clogin waits for an
83              individual command to return a prompt or the  login  process  to
84              produce a prompt or failure.  The argument is in seconds.
85
86       -u     Specifies  the  username  used  when prompted.  The command-line
87              option overrides any user directive  found  in  .cloginrc.   The
88              default is the current Unix username.
89
90       -v     Specifies  a  vty  password,  that  which  is  prompted for upon
91              connection to the router.  This overrides the  vty  password  of
92              the .cloginrc file's password directive.
93
94       -w     Specifies  the  username  used  if  prompted when gaining enable
95              privileges.  The  command-line  option  overrides  any  user  or
96              enauser  directives  found  in  .cloginrc.   The  default is the
97              current Unix username.
98
99       -x     Similar to the -c option; -x specifies a file with  commands  to
100              run  on  each  of  the  routers.   The  commands must not expect
101              additional input, such as 'copy rcp startup-config'  does.   For
102              example:
103
104                 show version
105                 show logging
106
107       -y     Specifies  the  encryption  algorithm for use with the ssh(1) -c
108              option.  The default encryption type  is  often  not  supported.
109              See the ssh(1) man page for details.  The default is 3des.
110

RETURNS

112       If  the  login script fails for any of the devices on the command-line,
113       the exit value of the script will be non-zero and the value will be the
114       number of failures.
115

ENVIRONMENT

117       clogin recognizes the following environment variables.
118
119       CISCO_USER
120              Overrides  the  user  directive found in the .cloginrc file, but
121              may be overridden by the -u option.
122
123       CLOGIN clogin will not change the banner on your xterm window  if  this
124              includes the character 'x'.
125
126       CLOGINRC
127              Specifies  an  alternative location for the .cloginrc file, like
128              the -f option.
129
130       HOME   Normally set by login(1) to the user's home directory,  HOME  is
131              used by clogin to locate the .cloginrc configuration file.
132

FILES

134       $HOME/.cloginrc   Configuration file.
135

SEE ALSO

137       cloginrc(5), expect(1)
138

CAVEATS

140       clogin  expects  CatOS  devices  to have a prompt which includes a '>',
141       such as "router> (enable)".  It uses this to  determine,  for  example,
142       whether  the  command  to  disable the pager is "set length 0" or "term
143       length 0".
144
145       The HP Procurve switches that are Foundry OEMs use flogin, not hlogin.
146
147       The Extreme is supported by  clogin,  but  it  has  no  concept  of  an
148       "enabled"  privilege  level.  You must set autoenable for these devices
149       in your .cloginrc.
150
151       The -S option is a recent addition, it may not be supported in  all  of
152       the login scripts or for every target device.
153

BUGS

155       Do  not  use  greater  than  (>) or pound sign (#) in device banners or
156       hostnames or prompts.  These are the normal terminating  characters  of
157       device prompts and the login scripts need to locate the initial prompt.
158       Afterward, the full prompt is collected and makes a more precise  match
159       so that the scripts know when the device is ready for the next command.
160
161       All these login scripts for separate devices should be rolled into one.
162       This goal is exceedingly difficult.
163
164       The HP Procurve switch, Motorola BSR, and Cisco AGM CLIs  rely  heavily
165       upon terminal escape codes for cursor/screen manipulation and assumes a
166       vt100 terminal type.  They do not provide a  way  to  set  a  different
167       terminal type or adjust this behavior.  The resulting escape codes make
168       automating interaction with these devices very difficult or impossible.
169       Thus bin/hpuifilter, which must be found in the user's PATH, is used by
170       hlogin to filter these escape sequences.  While this works for rancid's
171       collection,  there  are side effects for interactive logins via hlogin;
172       most of which are formatting annoyances that may be remedied by  typing
173       CTRL-R to reprint the current line.
174
175       WARNING: repeated ssh login failures to HP Procurves cause the switch's
176       management  interface  to  lock-up  (this  includes  snmp,  ping)   and
177       sometimes it will crash.  This is with the latest firmware; 5.33 at the
178       time of this writing.
179
180
181
182                                 12 July 2019                        clogin(1)
Impressum