Man Linux: Main Page and Category List

NAME

        .cloginrc - clogin configuration file

DESCRIPTION

       .cloginrc  contains configuration information for alogin(1), blogin(1),
       clogin(1),  elogin(1),  flogin(1),  hlogin(1),  htlogin(1),  jlogin(1),
       nlogin(1), nslogin(1), rivlogin(1), and tntlogin(1), such as usernames,
       passwords, ssh encryption type, etc., and is read at run-time.

       Each line contains either white-space (blank  line),  a  comment  which
       begins  with  the  comment  character ’#’ and may be preceded by white-
       space, or one of the directives listed below.

       Each line containing a directive is of the form:

                 add <directive> <hostname glob> {<value>} [{<value>} ...]

                 or

                 include {<file>}

       Note: the braces ({}) surrounding the values is  significant  when  the
       values  include TCL meta-characters.  Best common practice is to always
       enclose the values in braces.  If a value includes a  (left  or  right)
       brace or space character, it must be backslash-escaped, as in:

                 add user <hostname glob> {foo\}bar}
                 add user <hostname glob> {foo\ bar}

       As  .cloginrc  is  searched  for a directive matching a hostname, it is
       always the first matching instance of a directive, one  whose  hostname
       glob  expression  matches  the  hostname,  which is used.  For example;
       looking up the "password" directive for hostname  foo  in  a  .cloginrc
       file containing

                 add password *   {bar} {table}
                 add password foo {bar} {table}

       would  return the first line, even though the second is an exact match.

       .cloginrc is expected to exist in the user’s home  directory  and  must
       not be readable, writable, or executable by "others".  .cloginrc should
       be mode 0600, or 0640 if it is to be shared with other  users  who  are
       members  of  the  same  unix group.  See chgrp(1) and chmod(1) for more
       information on ownership and file modes.

DIRECTIVES

       The accepted directives are (alphabetically):

       add autoenable <router name glob> {[01]}
              When using locally defined usernames or AAA, it is  possible  to
              have a login which is automatically enabled.  This is, that user
              has enable privileges without the need  to  execute  the  enable
              command.   The  router’s  prompt  is different for enabled mode,
              ending with a # rather than a >.

              Example: add autoenable * {1}

              Default: 0

              zero, meaning that the user is  not  automatically  enabled  and
              clogin   should  execute  the  enable  command  to  gain  enable
              privileges,  unless  negated  by  the  noenable   directive   or
              -noenable command-line option.

              Also see the noenable directive.

       add cyphertype <router name glob> {<ssh encryption type>}
              cyphertype  defines which encryption algorithm is used with ssh.
              A device may not support the type  ssh  uses  by  default.   See
              ssh(1)’s -c option for details.

              Default: {3des}

       add enableprompt <router name glob> {"<enable prompt>"}
              When  using AAA with a Cisco router or switch, it is possible to
              redefine the prompt the device presents  to  the  user  for  the
              enable  password.  enableprompt may be used to adjust the prompt
              that clogin should look for when trying  to  login.   Note  that
              enableprompt can be a Tcl style regular expression.

              Example:  add  enableprompt  rc*.example.net  {"\[Ee]nter\  the\
              enable\ password:"}

              Default: "\[Pp]assword:"

       add enauser <router name glob> {<username>}
              This is only needed if a device  prompts  for  a  username  when
              gaining  enable  privileges and where this username is different
              from that defined by or the default of the user directive.

       add identity <router name glob> {<ssh identity file path>}
              May be used to specify an alternate identity file for  use  with
              ssh(1).  See ssh’s -i option for details.

              Default: your default identity file.  see ssh(1).

       add method <router name glob> {ssh} [{...}]
              Defines,  in  order,  the connection methods to use for a device
              from the set {ssh, telnet,  rsh}.   Method  telnet  may  have  a
              suffix, indicating an alternate TCP port, of the form ":port".

              Note:  Different versions of telnet treat the specification of a
              port differently.  In particular, BSD derived telnets do not  do
              option  negotiation when a port is given.  Some devices, Extreme
              switches for example, have undesirable  telnet  default  options
              such as linemode.  In the BSD case, to enable option negotiation
              when specifying a port the method should  be  "{telnet:-23}"  or
              you should add "mode character" to .telnetrc.  See telnet(1) for
              more information on telnet command-line syntax, telnet  options,
              and .telnetrc.

              Example: add method * {ssh} {telnet:-3000} {rsh}

              Which  would  cause clogin to first attempt an ssh connection to
              the device and if that were to fail with connection  refused,  a
              telnet  connection  to  port 3000 would be tried, and then a rsh
              connection.

              Note that not all platforms  support  all  of  these  connection
              methods.

              Default: {telnet} {ssh}

       add noenable <router name glob> {1}
              clogin  will  not try to gain enable privileges when noenable is
              matched for a device.  This is equivalent to clogin’s  -noenable
              command-line option.

              Note that this directive is meaningless for jlogin(1), nlogin(1)
              and clogin(1) [for Extreme] which do not  have  the  concept  of
              "enabled"  and/or  no way to elevate privleges once logged in; a
              user either has the necessary privleges or doesn’t.

       add passphrase <router name glob> {"<SSH passphrase>"}
              Specify the SSH passphrase.  Note that this may be particular to
              an  identity  directive.   The  passphrase  will  default to the
              password for the given router.

              Example: add passphrase rc*.example.net {the\ bird\ goes\ tweet}

       add passprompt <router name glob> {"<password prompt>"}
              When  using AAA with a Cisco router or switch, it is possible to
              redefine the prompt the device presents  to  the  user  for  the
              password.   passprompt  may  be  used  to adjust the prompt that
              clogin  should  look  for  when  trying  to  login.   Note  that
              passprompt can be a Tcl style regular expression.

              Example:   add   passprompt  rc*.example.net  {"\[Ee]nter\  the\
              password:"}

              Default: "(\[Pp]assword|passwd):"

       add password <router name glob> {<vty passwd>} [{<enable passwd>}]
              Specifies a vty password, that which is prompted  for  upon  the
              connection  to  the  router.   The  last  argument is the enable
              password and need not be specified if  the  device  also  has  a
              matching  noenable  or autoenable directive or the corresponding
              command-line options are used.

       add sshcmd <router name glob> {<ssh>}
              <ssh> is the  name  of  the  ssh  executable.   OpenSSH  uses  a
              command-line  option  to specify the protocol version, but other
              implementations use a separate binary such  as  "ssh1".   sshcmd
              allows   this   to  be  adjusted  as  necessary  for  the  local
              environment.

              Default: ssh

       add timeout <router name glob> {<seconds>}
              Time in seconds that the login script will wait for  input  from
              the device before timeout.

              Default: device dependent

       add user <router name glob> {<username>}
              Specifies  a  username clogin should use if or when prompted for
              one.

              Default: $USER (or $LOGNAME), i.e.: your Unix username.

       add userpassword <router name glob> {<user password>}
              Specifies a password to be associated with a user, if  different
              from that defined with the password directive.

       add userprompt <router name glob> {"<username prompt>"}
              When  using AAA with a Cisco router or switch, it is possible to
              redefine the prompt the device presents  to  the  user  for  the
              username.   userprompt  may  be  used  to adjust the prompt that
              clogin  should  look  for  when  trying  to  login.   Note  that
              userprompt can be a Tcl style regular expression.

              Example:   add  userprompt  rc*.example.net  {"\[Ee]nter\  your\
              username:"}

              Default: "(Username|login|user name):"

       include {<file>}
              <file> is the  pathname  of  an  additional  .cloginrc  file  to
              include  at  that  point.  It is evaluated immediately.  That is
              important with regard to the order of matching hostnames  for  a
              given directive, as mentioned above.  This is useful if you have
              your own .cloginrc plus an additional  .cloginrc  file  that  is
              shared among a group of folks.

              If <file> is not a full pathname, $HOME/ will be prepended.

              Example: include {.cloginrc.group}

FILES

       $HOME/.cloginrc               Configuration file described here.
       share/rancid/cloginrc.sample  A sample .cloginrc.

ERRORS

       .cloginrc is interpreted directly by Tcl, so its syntax follows that of
       Tcl.  Errors may produce quite unexpected results.

SEE ALSO

       clogin(1), glob(3), tclsh(1)

                                9 February 2009                    cloginrc(5)