1clogin(1) General Commands Manual clogin(1)
2
6 clogin - Cisco login script
7
9 clogin [-autoenable] [-noenable] [-dhiSV] [-m|M] [-c command] [-E
10 var=x] [-e enable-password] [-f cloginrc-file] [-p user-password]
11 [-s script-file] [-t timeout] [-u username] [-v vty-password] [-w
12 enable-username] [-x command-file] [-y ssh_cypher_type] router
13 [router...]
14
16 clogin is an expect(1) script to automate the process of logging into a
17 Cisco router, Catalyst switch, Arista switch, Extreme switch, Juniper
18 ERX/E-series, or Redback router. There are complementary scripts for
19 A10, Alteon, Avocent (Cyclades), Bay Networks (nortel), Cisco Small
20 Business devices, ADC-kentrox EZ-T3 mux, Fortinet firewalls, Foundry,
21 HP Procurve switches and Cisco AGMs, Hitachi routers, Juniper Networks,
22 MRV optical switch, Mikrotik routers, Netscreen firewalls, Nokia
23 (Alcatel-Lucent), Netscaler, Riverstone, Netopia, Cisco WLCs, Extreme
24 devices and Xirrus arrays or Arrcus routers, named a10login, alogin,
25 avologin, blogin, csblogin, elogin, flogin, fnlogin, hlogin, htlogin,
26 jlogin, mrvlogin, mtlogin, nlogin, noklogin, nslogin, rivlogin, tlogin,
27 wlogin, xlogin, and xilogin, respectively. Lastly, plogin is a poly-
28 login script using the router.db(5) files of rancid groups and the
29 rancid.types.base(5) and rancid.types.conf(5) files to determine which
30 login script to execute for the device type of the given device.
31 clogin reads the .cloginrc file for its configuration, then connects
33 and logs into each of the routers specified on the command line in the
34 order listed. Command-line options exist to override some of the
35 directives found in the .cloginrc configuration file.
36 The command-line options are as follows:
38 -S Save the configuration on exit, if the device prompts at logout
40 time. This only has affect when used with -c.
41 -V Prints package name and version strings.
43 -c Command to be run on each router list on the command-line.
45 Multiple commands maybe listed by separating them with semi-
46 colons (;). The argument should be quoted to avoid shell
47 expansion.
48 -d Enable expect debugging.
50 -E Specifies a variable to pass through to scripts (-s). For
52 example, the command-line option -Efoo=bar will produce a global
53 variable by the name Efoo with the initial value "bar".
54 -e Specify a password to be supplied when gaining enable privileges
56 on the router(s). Also see the password directive of the
57 .cloginrc file.
58 -f Specifies an alternate configuration file. The default is
60 $HOME/.cloginrc.
61 -h Display usage line and exit.
63 -i Enter interactive mode after processing -[cx] options.
65 -[mM] Display .cloginrc information for matching lines; either the
67 first match (-m) or all matches (-M), then exit. The display
68 format is:
69 look-up variable:filename:line number: glob
71 -p Specifies a password associated with the user specified by the
73 -u option, user directive of the .cloginrc file, or the Unix
74 username of the user.
75 -s The filename of an expect(1) script which will be sourced after
77 the login is successful and is expected to return control to
78 clogin, with the connection to the router intact, when it is
79 done. Note that clogin disables log_user of expect(1)when -s is
80 used. Example script(s) can be found in share/rancid/*.exp.
81 -t Alters the timeout interval; the period that clogin waits for an
83 individual command to return a prompt or the login process to
84 produce a prompt or failure. The argument is in seconds.
85 -u Specifies the username used when prompted. The command-line
87 option overrides any user directive found in .cloginrc. The
88 default is the current Unix username.
89 -v Specifies a vty password, that which is prompted for upon
91 connection to the router. This overrides the vty password of
92 the .cloginrc file's password directive.
93 -w Specifies the username used if prompted when gaining enable
95 privileges. The command-line option overrides any user or
96 enauser directives found in .cloginrc. The default is the
97 current Unix username.
98 -x Similar to the -c option; -x specifies a file with commands to
100 run on each of the routers. The commands must not expect
101 additional input, such as 'copy rcp startup-config' does. For
102 example:
103 show version
105 show logging
106 -y Specifies the encryption algorithm for use with the ssh(1) -c
108 option. The default encryption type is often not supported.
109 See the ssh(1) man page for details. The default is 3des.
110
112 If the login script fails for any of the devices on the command-line,
113 the exit value of the script will be non-zero and the value will be the
114 number of failures.
115
117 clogin recognizes the following environment variables.
118 CISCO_USER
120 Overrides the user directive found in the .cloginrc file, but
121 may be overridden by the -u option.
122 CLOGIN clogin will not change the banner on your xterm window if this
124 includes the character 'x'.
125 CLOGINRC
127 Specifies an alternative location for the .cloginrc file, like
128 the -f option.
129 HOME Normally set by login(1) to the user's home directory, HOME is
131 used by clogin to locate the .cloginrc configuration file.
132
134 $HOME/.cloginrc Configuration file.
135
137 cloginrc(5), expect(1)
138
140 clogin expects CatOS devices to have a prompt which includes a '>',
141 such as "router> (enable)". It uses this to determine, for example,
142 whether the command to disable the pager is "set length 0" or "term
143 length 0".
144 The HP Procurve switches that are Foundry OEMs use flogin, not hlogin.
146 The Extreme is supported by clogin, but it has no concept of an
148 "enabled" privilege level. You must set autoenable for these devices
149 in your .cloginrc.
150 The -S option is a recent addition, it may not be supported in all of
152 the login scripts or for every target device.
153
155 Do not use greater than (>) or pound sign (#) in device banners or
156 hostnames or prompts. These are the normal terminating characters of
157 device prompts and the login scripts need to locate the initial prompt.
158 Afterward, the full prompt is collected and makes a more precise match
159 so that the scripts know when the device is ready for the next command.
160 All these login scripts for separate devices should be rolled into one.
162 This goal is exceedingly difficult.
163 The HP Procurve switch, Motorola BSR, and Cisco AGM CLIs rely heavily
165 upon terminal escape codes for cursor/screen manipulation and assumes a
166 vt100 terminal type. They do not provide a way to set a different
167 terminal type or adjust this behavior. The resulting escape codes make
168 automating interaction with these devices very difficult or impossible.
169 Thus bin/hpuifilter, which must be found in the user's PATH, is used by
170 hlogin to filter these escape sequences. While this works for rancid's
171 collection, there are side effects for interactive logins via hlogin;
172 most of which are formatting annoyances that may be remedied by typing
173 CTRL-R to reprint the current line.
174 WARNING: repeated ssh login failures to HP Procurves cause the switch's
176 management interface to lock-up (this includes snmp, ping) and
177 sometimes it will crash. This is with the latest firmware; 5.33 at the
178 time of this writing.
179 12 July 2019 clogin(1)