1cloginrc(5) File Formats Manual cloginrc(5)
2
6 .cloginrc - clogin configuration file
7
9 .cloginrc contains configuration information for alogin(1), blogin(1),
10 clogin(1), csblogin(1), elogin(1), flogin(1), fnlogin(1), hlogin(1),
11 htlogin(1), jlogin(1), nlogin(1), nslogin(1), rivlogin(1), and
12 wlogin(1), such as usernames, passwords, ssh encryption type, etc., and
13 is read at run-time.
14 Each line contains either white-space (blank line), a comment which
16 begins with the comment character '#' and may be preceded by white-
17 space, or one of the directives listed below.
18 Each line containing a directive is of the form:
20 add <directive> <hostname glob> {<value>} [{<value>} ...]
22 or
24 include {<file>}
26 Note: the braces ({}) surrounding the values is significant when the
28 values include TCL meta-characters. Best common practice is to always
29 enclose the values in braces. If a value includes a (left or right)
30 brace, space character, ampersand or blackslash, those characters must
31 be backslash-escaped, as in:
32 add user <hostname glob> {foo\}bar}
34 add user <hostname glob> {foo\ bar}
35 Other special characters may be escaped without error, if desired.
37 As .cloginrc is searched for a directive matching a hostname, it is
39 always the first matching instance of a directive, one whose hostname
40 glob expression matches the hostname, which is used. For example;
41 looking up the "password" directive for hostname foo in a .cloginrc
42 file containing
43 add password * {bar} {table}
45 add password foo {bar} {table}
46 would return the first line, even though the second is an exact match.
48 .cloginrc is expected to exist in the user's home directory and must
50 not be readable, writable, or executable by "others". .cloginrc should
51 be mode 0600, or 0640 if it is to be shared with other users who are
52 members of the same unix group. See chgrp(1) and chmod(1) for more
53 information on ownership and file modes.
54
56 The accepted directives are (alphabetically):
57 add autoenable <router name glob> {[01]}
59 When using locally defined usernames or AAA, it is possible to
60 have a login which is automatically enabled. This is, that user
61 has enable privileges without the need to execute the enable
62 command. The router's prompt is different for enabled mode,
63 ending with a # rather than a >.
64 Example: add autoenable * {1}
66 Default: 0
68 zero, meaning that the user is not automatically enabled and
70 clogin should execute the enable command to gain enable
71 privileges, unless negated by the noenable directive or
72 -noenable command-line option.
73 Also see the noenable directive.
75 add cyphertype <router name glob> {<ssh encryption type>}
77 cyphertype defines which encryption algorithm is used with ssh
78 version 1. A device may not support the type ssh uses by
79 default. See ssh(1)'s -c option for details.
80 Default: empty
82 add enableprompt <router name glob> {"<enable prompt>"}
84 When using AAA with a Cisco router or switch, it is possible to
85 redefine the prompt the device presents to the user for the
86 enable password. enableprompt may be used to adjust the prompt
87 that clogin should look for when trying to login. Note that
88 enableprompt can be a Tcl style regular expression.
89 Example: add enableprompt rc*.example.net {"\[Ee]nter\ the\
91 enable\ password:"}
92 Default: "\[Pp]assword:"
94 add enablecmd <router name glob> {<enable command>}
96 This defines the command on the device used to enter enabled or
97 super-user mode. For example, in Cisco IOS the command is
98 "enable".
99 add enauser <router name glob> {<username>}
101 This is only needed if a device prompts for a username when
102 gaining enable privileges and where this username is different
103 from that defined by or the default of the user directive.
104 add identity <router name glob> {<ssh identity file path>}
106 May be used to specify an alternate identity file for use with
107 ssh(1). See ssh's -i option for details.
108 Default: your default identity file. see ssh(1).
110 add method <router name glob> {ssh} [{...}]
112 Defines, in order, the connection methods to use for a device
113 from the set {ssh, telnet, rsh}. Method ssh and telnet may have
114 a suffix, indicating an alternate TCP port, of the form ":port".
115 Note: Different versions of telnet treat the specification of a
117 port differently. In particular, BSD derived telnets do not do
118 option negotiation when a port is given. Some devices, Extreme
119 switches for example, have undesirable telnet default options
120 such as linemode. In the BSD case, to enable option negotiation
121 when specifying a port the method should be "{telnet:-23}" or,
122 better, add "mode character" to .telnetrc. See telnet(1) for
123 more information on telnet command-line syntax, telnet options,
124 and .telnetrc.
125 Example: add method * {ssh} {telnet:3000} {rsh}
127 Which would cause clogin to first attempt an ssh connection to
129 the device and if that were to fail with connection refused, a
130 telnet connection to port 3000 would be tried, and then a rsh
131 connection.
132 Note that not all platforms support all of these connection
134 methods.
135 Default: {telnet} {ssh}
137 add noenable <router name glob> {1}
139 clogin will not try to gain enable privileges when noenable is
140 matched for a device. This is equivalent to clogin's -noenable
141 command-line option.
142 Note that this directive is meaningless for jlogin(1), nlogin(1)
144 and clogin(1) [for Extreme] which do not have the concept of
145 "enabled" and/or no way to elevate privleges once logged in; a
146 user either has the necessary privleges or doesn't.
147 add passphrase <router name glob> {"<SSH passphrase>"}
149 Specify the SSH passphrase. Note that this may be particular to
150 an identity directive. The passphrase will default to the
151 password for the given router.
152 Example: add passphrase rc*.example.net {the\ bird\ goes\ tweet}
154 add passprompt <router name glob> {"<password prompt>"}
156 When using AAA with a Cisco router or switch, it is possible to
157 redefine the prompt the device presents to the user for the
158 password. passprompt may be used to adjust the prompt that
159 clogin should look for when trying to login. Note that
160 passprompt can be a Tcl style regular expression.
161 Example: add passprompt rc*.example.net {"\[Ee]nter\ the\
163 password:"}
164 Default: "(\[Pp]assword|passwd):"
166 add password <router name glob> {<vty passwd>} [{<enable passwd>}]
168 Specifies a vty password, that which is prompted for upon the
169 connection to the router. The last argument is the enable
170 password and need not be specified if the device also has a
171 matching noenable or autoenable directive or the corresponding
172 command-line options are used.
173 add prompt <router name glob> {<regex>}
175 Match login prompt, or initial login prompt in the case of some
176 of the login scripts. This is provided only as a work-around
177 for login banners that contain forbidden characters that
178 conflict with CLI prompt markers.
179 Note that not all login scripts support this.
181 add sshcmd <router name glob> {<ssh>}
183 <ssh> is the name of the ssh executable. OpenSSH uses a
184 command-line option to specify the protocol version, but other
185 implementations use a separate binary such as "ssh1". sshcmd
186 allows this to be adjusted as necessary for the local
187 environment.
188 sshcmd also allows the user to add any other command-line
190 options, such as altering the offered key exchange algorithms.
191 For example: add sshcmd * {ssh\ -o\ KexAlgorithms=+diffie-
192 hellman-group1-sha1}
193 Default: ssh
195 add timeout <router name glob> {<seconds>}
197 Time in seconds that the login script will wait for input from
198 the device before timeout.
199 Default: device dependent
201 add telnetcmd <router name glob> {<telnet>}
203 <telnet> is the name of the telnet executable. telnetcmd allows
204 this to be adjusted as necessary for the local environment.
205 telnetcmd also allows the user to add any other command-line
207 options, such as force IPv4. For example: add telnetcmd *
208 {telnet\ -K4}
209 Default: telnet -K
211 add user <router name glob> {<username>}
213 Specifies a username clogin should use if or when prompted for
214 one.
215 Default: $USER (or $LOGNAME), i.e.: your Unix username.
217 add userpassword <router name glob> {<user password>}
219 Specifies a password to be associated with a user, if different
220 from that defined with the password directive.
221 add userprompt <router name glob> {"<username prompt>"}
223 When using AAA with a Cisco router or switch, it is possible to
224 redefine the prompt the device presents to the user for the
225 username. userprompt may be used to adjust the prompt that
226 clogin should look for when trying to login. Note that
227 userprompt can be a Tcl style regular expression.
228 Example: add userprompt rc*.example.net {"\[Ee]nter\ your\
230 username:"}
231 Default: "(Username|login|user name):"
233 include {<file>}
235 <file> is the pathname of an additional .cloginrc file to
236 include at that point. It is evaluated immediately. That is
237 important with regard to the order of matching hostnames for a
238 given directive, as mentioned above. This is useful if you have
239 your own .cloginrc plus an additional .cloginrc file that is
240 shared among a group of folks.
241 If <file> is not a full pathname, $HOME/ will be prepended.
243 Example: include {.cloginrc.group}
245
247 $HOME/.cloginrc Configuration file described here.
248 share/rancid/cloginrc.sample A sample .cloginrc.
249
251 .cloginrc is interpreted directly by Tcl, so its syntax follows that of
252 Tcl. Errors may produce quite unexpected results.
253
255 clogin(1), glob(3), tclsh(1)
256 12 April 2017 cloginrc(5)