Provided by: rancid_2.3.6-2_amd64 bug

NAME

        .cloginrc - clogin configuration file

DESCRIPTION

       .cloginrc   contains   configuration  information  for  alogin(1),  blogin(1),  clogin(1),
       elogin(1),   flogin(1),   hlogin(1),   htlogin(1),   jlogin(1),   nlogin(1),   nslogin(1),
       rivlogin(1), and tntlogin(1), such as usernames, passwords, ssh encryption type, etc., and
       is read at run-time.

       Each line contains either white-space (blank  line),  a  comment  which  begins  with  the
       comment  character '#' and may be preceded by white-space, or one of the directives listed
       below.

       Each line containing a directive is of the form:

                 add <directive> <hostname glob> {<value>} [{<value>} ...]

                 or

                 include {<file>}

       Note: the braces ({}) surrounding the values is significant when the  values  include  TCL
       meta-characters.   Best  common  practice is to always enclose the values in braces.  If a
       value includes a (left or right) brace or space character, it must  be  backslash-escaped,
       as in:

                 add user <hostname glob> {foo\}bar}
                 add user <hostname glob> {foo\ bar}

       As  .cloginrc  is  searched  for  a  directive matching a hostname, it is always the first
       matching instance of a directive, one whose hostname glob expression matches the hostname,
       which  is  used.   For  example; looking up the "password" directive for hostname foo in a
       .cloginrc file containing

                 add password *   {bar} {table}
                 add password foo {bar} {table}

       would return the first line, even though the second is an exact match.

       .cloginrc is expected to exist in the user's home directory  and  must  not  be  readable,
       writable,  or  executable by "others".  .cloginrc should be mode 0600, or 0640 if it is to
       be shared with other users who are members of the  same  unix  group.   See  chgrp(1)  and
       chmod(1) for more information on ownership and file modes.

DIRECTIVES

       The accepted directives are (alphabetically):

       add autoenable <router name glob> {[01]}
              When  using  locally defined usernames or AAA, it is possible to have a login which
              is automatically enabled.  This is, that user has  enable  privileges  without  the
              need  to  execute the enable command.  The router's prompt is different for enabled
              mode, ending with a # rather than a >.

              Example: add autoenable * {1}

              Default: 0

              zero, meaning that the user is not automatically enabled and clogin should  execute
              the  enable  command  to  gain  enable  privileges,  unless negated by the noenable
              directive or -noenable command-line option.

              Also see the noenable directive.

       add cyphertype <router name glob> {<ssh encryption type>}
              cyphertype defines which encryption algorithm is used with ssh.  A device  may  not
              support the type ssh uses by default.  See ssh(1)'s -c option for details.

              Default: {3des}

       add enableprompt <router name glob> {"<enable prompt>"}
              When using AAA with a Cisco router or switch, it is possible to redefine the prompt
              the device presents to the user for the enable password.  enableprompt may be  used
              to  adjust  the prompt that clogin should look for when trying to login.  Note that
              enableprompt can be a Tcl style regular expression.

              Example: add enableprompt rc*.example.net {"\[Ee]nter\ the\ enable\ password:"}

              Default: "\[Pp]assword:"

       add enauser <router name glob> {<username>}
              This is only needed if  a  device  prompts  for  a  username  when  gaining  enable
              privileges and where this username is different from that defined by or the default
              of the user directive.

       add identity <router name glob> {<ssh identity file path>}
              May be used to specify an alternate identity file for use with ssh(1).   See  ssh's
              -i option for details.

              Default: your default identity file.  see ssh(1).

       add method <router name glob> {ssh} [{...}]
              Defines,  in  order,  the connection methods to use for a device from the set {ssh,
              telnet, rsh}.  Method telnet may have a suffix, indicating an alternate  TCP  port,
              of the form ":port".

              Note:  Different  versions of telnet treat the specification of a port differently.
              In particular, BSD derived telnets do not do option  negotiation  when  a  port  is
              given.  Some devices, Extreme switches for example, have undesirable telnet default
              options such as linemode.  In the BSD  case,  to  enable  option  negotiation  when
              specifying  a  port  the  method  should  be "{telnet:-23}" or you should add "mode
              character" to .telnetrc.  See telnet(1) for more information on telnet command-line
              syntax, telnet options, and .telnetrc.

              Example: add method * {ssh} {telnet:-3000} {rsh}

              Which  would  cause  clogin to first attempt an ssh connection to the device and if
              that were to fail with connection refused, a telnet connection to port  3000  would
              be tried, and then a rsh connection.

              Note that not all platforms support all of these connection methods.

              Default: {telnet} {ssh}

       add noenable <router name glob> {1}
              clogin  will  not  try  to  gain  enable  privileges when noenable is matched for a
              device.  This is equivalent to clogin's -noenable command-line option.

              Note that this directive is meaningless for jlogin(1), nlogin(1) and clogin(1) [for
              Extreme]  which  do  not  have  the  concept  of "enabled" and/or no way to elevate
              privleges once logged in; a user either has the necessary privleges or doesn't.

       add passphrase <router name glob> {"<SSH passphrase>"}
              Specify the SSH passphrase.  Note that  this  may  be  particular  to  an  identity
              directive.  The passphrase will default to the password for the given router.

              Example: add passphrase rc*.example.net {the\ bird\ goes\ tweet}

       add passprompt <router name glob> {"<password prompt>"}
              When using AAA with a Cisco router or switch, it is possible to redefine the prompt
              the device presents to the user for the password.  passprompt may be used to adjust
              the  prompt that clogin should look for when trying to login.  Note that passprompt
              can be a Tcl style regular expression.

              Example: add passprompt rc*.example.net {"\[Ee]nter\ the\ password:"}

              Default: "(\[Pp]assword|passwd):"

       add password <router name glob> {<vty passwd>} [{<enable passwd>}]
              Specifies a vty password, that which is prompted for upon  the  connection  to  the
              router.   The last argument is the enable password and need not be specified if the
              device also has a matching noenable or autoenable directive  or  the  corresponding
              command-line options are used.

       add sshcmd <router name glob> {<ssh>}
              <ssh>  is  the  name  of the ssh executable.  OpenSSH uses a command-line option to
              specify the protocol version, but other implementations use a separate binary  such
              as  "ssh1".   sshcmd  allows  this  to  be  adjusted  as  necessary  for  the local
              environment.

              Default: ssh

       add timeout <router name glob> {<seconds>}
              Time in seconds that the login script will wait for input from  the  device  before
              timeout.

              Default: device dependent

       add user <router name glob> {<username>}
              Specifies a username clogin should use if or when prompted for one.

              Default: $USER (or $LOGNAME), i.e.: your Unix username.

       add userpassword <router name glob> {<user password>}
              Specifies  a  password to be associated with a user, if different from that defined
              with the password directive.

       add userprompt <router name glob> {"<username prompt>"}
              When using AAA with a Cisco router or switch, it is possible to redefine the prompt
              the device presents to the user for the username.  userprompt may be used to adjust
              the prompt that clogin should look for when trying to login.  Note that  userprompt
              can be a Tcl style regular expression.

              Example: add userprompt rc*.example.net {"\[Ee]nter\ your\ username:"}

              Default: "(Username|login|user name):"

       include {<file>}
              <file>  is  the  pathname of an additional .cloginrc file to include at that point.
              It is evaluated immediately.  That  is  important  with  regard  to  the  order  of
              matching  hostnames  for  a given directive, as mentioned above.  This is useful if
              you have your own .cloginrc plus an additional .cloginrc file that is shared  among
              a group of folks.

              If <file> is not a full pathname, $HOME/ will be prepended.

              Example: include {.cloginrc.group}

FILES

       $HOME/.cloginrc               Configuration file described here.
       share/rancid/cloginrc.sample  A sample .cloginrc.

ERRORS

       .cloginrc  is  interpreted directly by Tcl, so its syntax follows that of Tcl.  Errors may
       produce quite unexpected results.

SEE ALSO

       clogin(1), glob(3), tclsh(1)

                                         9 February 2009                              cloginrc(5)