Provided by: rancid_3.9-1build1_amd64 bug

NAME

        .cloginrc - clogin configuration file

DESCRIPTION

       .cloginrc   contains   configuration  information  for  alogin(1),  blogin(1),  clogin(1),
       elogin(1),   flogin(1),   hlogin(1),   htlogin(1),   jlogin(1),   nlogin(1),   nslogin(1),
       rivlogin(1),  and  wlogin(1), such as usernames, passwords, ssh encryption type, etc., and
       is read at run-time.

       Each line contains either white-space (blank  line),  a  comment  which  begins  with  the
       comment  character '#' and may be preceded by white-space, or one of the directives listed
       below.

       Each line containing a directive is of the form:

                 add <directive> <hostname glob> {<value>} [{<value>} ...]

                 or

                 include {<file>}

       Note: the braces ({}) surrounding the values is significant when the  values  include  TCL
       meta-characters.   Best  common  practice is to always enclose the values in braces.  If a
       value includes a (left or right) brace, space character, ampersand  or  blackslash,  those
       characters must be backslash-escaped, as in:

                 add user <hostname glob> {foo\}bar}
                 add user <hostname glob> {foo\ bar}

       Other special characters may be escaped without error, if desired.

       As  .cloginrc  is  searched  for  a  directive matching a hostname, it is always the first
       matching instance of a directive, one whose hostname glob expression matches the hostname,
       which  is  used.   For  example; looking up the "password" directive for hostname foo in a
       .cloginrc file containing

                 add password *   {bar} {table}
                 add password foo {bar} {table}

       would return the first line, even though the second is an exact match.

       .cloginrc is expected to exist in the user's home directory  and  must  not  be  readable,
       writable,  or  executable by "others".  .cloginrc should be mode 0600, or 0640 if it is to
       be shared with other users who are members of the  same  unix  group.   See  chgrp(1)  and
       chmod(1) for more information on ownership and file modes.

DIRECTIVES

       The accepted directives are (alphabetically):

       add autoenable <router name glob> {[01]}
              When  using  locally defined usernames or AAA, it is possible to have a login which
              is automatically enabled.  This is, that user has  enable  privileges  without  the
              need  to  execute the enable command.  The router's prompt is different for enabled
              mode, ending with a # rather than a >.

              Example: add autoenable * {1}

              Default: 0

              zero, meaning that the user is not automatically enabled and clogin should  execute
              the  enable  command  to  gain  enable  privileges,  unless negated by the noenable
              directive or -noenable command-line option.

              Also see the noenable directive.

       add cyphertype <router name glob> {<ssh encryption type>}
              cyphertype defines which encryption algorithm is used with ssh version 1.  A device
              may not support the type ssh uses by default.  See ssh(1)'s -c option for details.

              Default: empty

       add enableprompt <router name glob> {"<enable prompt>"}
              When using AAA with a Cisco router or switch, it is possible to redefine the prompt
              the device presents to the user for the enable password.  enableprompt may be  used
              to  adjust  the prompt that clogin should look for when trying to login.  Note that
              enableprompt can be a Tcl style regular expression.

              Example: add enableprompt rc*.example.net {"\[Ee]nter\ the\ enable\ password:"}

              Default: "\[Pp]assword:"

       add enablecmd <router name glob> {<enable command>}
              This defines the command on the device used to enter enabled  or  super-user  mode.
              For example, in Cisco IOS the command is "enable".

       add enauser <router name glob> {<username>}
              This  is  only  needed  if  a  device  prompts  for  a username when gaining enable
              privileges and where this username is different from that defined by or the default
              of the user directive.

       add identity <router name glob> {<ssh identity file path>}
              May  be  used to specify an alternate identity file for use with ssh(1).  See ssh's
              -i option for details.

              Default: your default identity file.  see ssh(1).

       add method <router name glob> {ssh} [{...}]
              Defines, in order, the connection methods to use for a device from  the  set  {ssh,
              telnet, rsh}.  Method ssh and telnet may have a suffix, indicating an alternate TCP
              port, of the form ":port".

              Note: Different versions of telnet treat the specification of a  port  differently.
              In  particular,  BSD  derived  telnets  do not do option negotiation when a port is
              given.  Some devices, Extreme switches for example, have undesirable telnet default
              options  such  as  linemode.   In  the  BSD case, to enable option negotiation when
              specifying a port the  method  should  be  "{telnet:-23}"  or,  better,  add  "mode
              character" to .telnetrc.  See telnet(1) for more information on telnet command-line
              syntax, telnet options, and .telnetrc.

              Example: add method * {ssh} {telnet:3000} {rsh}

              Which would cause clogin to first attempt an ssh connection to the  device  and  if
              that  were  to fail with connection refused, a telnet connection to port 3000 would
              be tried, and then a rsh connection.

              Note that not all platforms support all of these connection methods.

              Default: {telnet} {ssh}

       add noenable <router name glob> {1}
              clogin will not try to gain enable  privileges  when  noenable  is  matched  for  a
              device.  This is equivalent to clogin's -noenable command-line option.

              Note that this directive is meaningless for jlogin(1), nlogin(1) and clogin(1) [for
              Extreme] which do not have the concept  of  "enabled"  and/or  no  way  to  elevate
              privleges once logged in; a user either has the necessary privleges or doesn't.

       add passphrase <router name glob> {"<SSH passphrase>"}
              Specify  the  SSH  passphrase.   Note  that  this  may be particular to an identity
              directive.  The passphrase will default to the password for the given router.

              Example: add passphrase rc*.example.net {the\ bird\ goes\ tweet}

       add passprompt <router name glob> {"<password prompt>"}
              When using AAA with a Cisco router or switch, it is possible to redefine the prompt
              the device presents to the user for the password.  passprompt may be used to adjust
              the prompt that clogin should look for when trying to login.  Note that  passprompt
              can be a Tcl style regular expression.

              Example: add passprompt rc*.example.net {"\[Ee]nter\ the\ password:"}

              Default: "(\[Pp]assword|passwd):"

       add password <router name glob> {<vty passwd>} [{<enable passwd>}]
              Specifies  a  vty  password,  that which is prompted for upon the connection to the
              router.  The last argument is the enable password and need not be specified if  the
              device  also  has  a matching noenable or autoenable directive or the corresponding
              command-line options are used.

       add prompt <router name glob> {<regex>}
              Match login prompt, or initial login prompt in  the  case  of  some  of  the  login
              scripts.   This  is  provided  only as a work-around for login banners that contain
              forbidden characters that conflict with CLI prompt markers.

              Note that not all login scripts support this.

       add sshcmd <router name glob> {<ssh>}
              <ssh> is the name of the ssh executable.  OpenSSH uses  a  command-line  option  to
              specify  the protocol version, but other implementations use a separate binary such
              as "ssh1".   sshcmd  allows  this  to  be  adjusted  as  necessary  for  the  local
              environment.

              sshcmd also allows the user to add any other command-line options, such as altering
              the offered  key  exchange  algorithms.   For  example:  add  sshcmd  *  {ssh\  -o\
              KexAlgorithms=+diffie-hellman-group1-sha1}

              Default: ssh

       add timeout <router name glob> {<seconds>}
              Time  in  seconds  that the login script will wait for input from the device before
              timeout.

              Default: device dependent

       add telnetcmd <router name glob> {<telnet>}
              <telnet> is the name of  the  telnet  executable.   telnetcmd  allows  this  to  be
              adjusted as necessary for the local environment.

              telnetcmd also allows the user to add any other command-line options, such as force
              IPv4.  For example: add telnetcmd * {telnet\ -K4}

              Default: telnet -K

       add user <router name glob> {<username>}
              Specifies a username clogin should use if or when prompted for one.

              Default: $USER (or $LOGNAME), i.e.: your Unix username.

       add userpassword <router name glob> {<user password>}
              Specifies a password to be associated with a user, if different from  that  defined
              with the password directive.

       add userprompt <router name glob> {"<username prompt>"}
              When using AAA with a Cisco router or switch, it is possible to redefine the prompt
              the device presents to the user for the username.  userprompt may be used to adjust
              the  prompt that clogin should look for when trying to login.  Note that userprompt
              can be a Tcl style regular expression.

              Example: add userprompt rc*.example.net {"\[Ee]nter\ your\ username:"}

              Default: "(Username|login|user name):"

       include {<file>}
              <file> is the pathname of an additional .cloginrc file to include  at  that  point.
              It  is  evaluated  immediately.   That  is  important  with  regard to the order of
              matching hostnames for a given directive, as mentioned above.  This  is  useful  if
              you  have your own .cloginrc plus an additional .cloginrc file that is shared among
              a group of folks.

              If <file> is not a full pathname, $HOME/ will be prepended.

              Example: include {.cloginrc.group}

FILES

       $HOME/.cloginrc               Configuration file described here.
       share/rancid/cloginrc.sample  A sample .cloginrc.

ERRORS

       .cloginrc is interpreted directly by Tcl, so its syntax follows that of Tcl.   Errors  may
       produce quite unexpected results.

SEE ALSO

       clogin(1), glob(3), tclsh(1)

                                          12 April 2017                               cloginrc(5)