1clogin(1) General Commands Manual clogin(1)
2
6 clogin - Cisco login script
7
9 clogin [-autoenable] [-noenable] [-dhiSV] [-m|M] [-c command] [-E
10 var=x] [-e enable-password] [-f cloginrc-file] [-p user-password]
11 [-s script-file] [-t timeout] [-u username] [-v vty-password] [-w
12 enable-username] [-x command-file] [-y ssh_cypher_type] router
13 [router...]
14
16 clogin is an expect(1) script to automate the process of logging into a
17 Cisco router, Catalyst switch, Arista switch, Extreme switch, Juniper
18 ERX/E-series, or Redback router. There are complementary scripts for
19 A10, Alteon, Avocent (Cyclades), Bay Networks (nortel), Brocade, Cisco
20 Small Business devices, ADC-kentrox EZ-T3 mux, Fortinet firewalls,
21 Foundry, Cisco Firepower, HP Procurve switches and Cisco AGMs, Hitachi
22 routers, Juniper Networks, MRV optical switch, Mikrotik routers,
23 Netscreen firewalls, Nokia (Alcatel-Lucent), Netscaler, Riverbed
24 Steelhead, Riverstone, Netopia, Cisco WLCs, Extreme devices and Xirrus
25 arrays or Arrcus routers, named a10login, alogin, avologin, blogin,
26 brlogin, csblogin, elogin, flogin, fnlogin, fxlogin, hlogin, htlogin,
27 jlogin, mrvlogin, mtlogin, nlogin, noklogin, nslogin, rblogin,
28 rivlogin, tlogin, wlogin, xlogin, and xilogin, respectively. Lastly,
29 plogin is a poly-login script using the router.db(5) files of rancid
30 groups and the rancid.types.base(5) and rancid.types.conf(5) files to
31 determine which login script to execute for the device type of the
32 given device.
33 clogin reads the .cloginrc file for its configuration, then connects
35 and logs into each of the routers specified on the command line in the
36 order listed. Command-line options exist to override some of the
37 directives found in the .cloginrc configuration file.
38 The command-line options are as follows:
40 -S Save the configuration on exit, if the device prompts at logout
42 time. This only has affect when used with -c.
43 -V Prints package name and version strings.
45 -c Command to be run on each router list on the command-line.
47 Multiple commands maybe listed by separating them with semi-
48 colons (;). The argument should be quoted to avoid shell
49 expansion.
50 -d Enable expect debugging.
52 -E Specifies a variable to pass through to scripts (-s). For
54 example, the command-line option -Efoo=bar will produce a global
55 variable by the name Efoo with the initial value "bar".
56 -e Specify a password to be supplied when gaining enable privileges
58 on the router(s). Also see the password directive of the
59 .cloginrc file.
60 -f Specifies an alternate configuration file. The default is
62 $HOME/.cloginrc.
63 -h Display usage line and exit.
65 -i Enter interactive mode after processing -[cx] options.
67 -[mM] Display .cloginrc information for matching lines; either the
69 first match (-m) or all matches (-M), then exit. The display
70 format is:
71 look-up variable:filename:line number: glob
73 -p Specifies a password associated with the user specified by the
75 -u option, user directive of the .cloginrc file, or the Unix
76 username of the user.
77 -s The filename of an expect(1) script which will be sourced after
79 the login is successful and is expected to return control to
80 clogin, with the connection to the router intact, when it is
81 done. Note that clogin disables log_user of expect(1)when -s is
82 used. Example script(s) can be found in share/rancid/*.exp.
83 -t Alters the timeout interval; the period that clogin waits for an
85 individual command to return a prompt or the login process to
86 produce a prompt or failure. The argument is in seconds.
87 -u Specifies the username used when prompted. The command-line
89 option overrides any user directive found in .cloginrc. The
90 default is the current Unix username.
91 -v Specifies a vty password, that which is prompted for upon
93 connection to the router. This overrides the vty password of
94 the .cloginrc file's password directive.
95 -w Specifies the username used if prompted when gaining enable
97 privileges. The command-line option overrides any user or
98 enauser directives found in .cloginrc. The default is the
99 current Unix username.
100 -x Similar to the -c option; -x specifies a file with commands to
102 run on each of the routers. The commands must not expect
103 additional input, such as 'copy rcp startup-config' does. For
104 example:
105 show version
107 show logging
108 -y Specifies the encryption algorithm for use with the ssh(1) -c
110 option. The default encryption type is often not supported.
111 See the ssh(1) man page for details. The default is 3des.
112
114 If the login script fails for any of the devices on the command-line,
115 the exit value of the script will be non-zero and the value will be the
116 number of failures.
117
119 clogin recognizes the following environment variables.
120 CISCO_USER
122 Overrides the user directive found in the .cloginrc file, but
123 may be overridden by the -u option.
124 CLOGIN clogin will not change the banner on your xterm window if this
126 includes the character 'x'.
127 CLOGINRC
129 Specifies an alternative location for the .cloginrc file, like
130 the -f option.
131 HOME Normally set by login(1) to the user's home directory, HOME is
133 used by clogin to locate the .cloginrc configuration file.
134
136 $HOME/.cloginrc Configuration file.
137
139 cloginrc(5), expect(1)
140
142 clogin expects CatOS devices to have a prompt which includes a '>',
143 such as "router> (enable)". It uses this to determine, for example,
144 whether the command to disable the pager is "set length 0" or "term
145 length 0".
146 The HP Procurve switches that are Foundry OEMs use flogin, not hlogin.
148 The -S option is a recent addition, it may not be supported in all of
150 the login scripts or for every target device.
151
153 Do not use greater than (>) or pound sign (#) in device banners or
154 hostnames or prompts. These are the normal terminating characters of
155 device prompts and the login scripts need to locate the initial prompt.
156 Afterward, the full prompt is collected and makes a more precise match
157 so that the scripts know when the device is ready for the next command.
158 All these login scripts for separate devices should be rolled into one.
160 This goal is exceedingly difficult.
161 The HP Procurve switch, Motorola BSR, and Cisco AGM CLIs rely heavily
163 upon terminal escape codes for cursor/screen manipulation and assumes a
164 vt100 terminal type. They do not provide a way to set a different
165 terminal type or adjust this behavior. The resulting escape codes make
166 automating interaction with these devices very difficult or impossible.
167 Thus bin/hpuifilter, which must be found in the user's PATH, is used by
168 hlogin to filter these escape sequences. While this works for rancid's
169 collection, there are side effects for interactive logins via hlogin;
170 most of which are formatting annoyances that may be remedied by typing
171 CTRL-R to reprint the current line.
172 WARNING: repeated ssh login failures to HP Procurves cause the switch's
174 management interface to lock-up (this includes snmp, ping) and
175 sometimes it will crash. This is with the latest firmware; 5.33 at the
176 time of this writing.
177 5 May 2020 clogin(1)