Provided by: rancid_2.3.6-2_i386 bug

NAME

        .cloginrc - clogin configuration file

DESCRIPTION

       .cloginrc  contains configuration information for alogin(1), blogin(1),
       clogin(1),  elogin(1),  flogin(1),  hlogin(1),  htlogin(1),  jlogin(1),
       nlogin(1), nslogin(1), rivlogin(1), and tntlogin(1), such as usernames,
       passwords, ssh encryption type, etc., and is read at run-time.

       Each line contains either white-space (blank  line),  a  comment  which
       begins  with  the  comment  character '#' and may be preceded by white-
       space, or one of the directives listed below.

       Each line containing a directive is of the form:

                 add <directive> <hostname glob> {<value>} [{<value>} ...]

                 or

                 include {<file>}

       Note: the braces ({}) surrounding the values is  significant  when  the
       values  include TCL meta-characters.  Best common practice is to always
       enclose the values in braces.  If a value includes a  (left  or  right)
       brace or space character, it must be backslash-escaped, as in:

                 add user <hostname glob> {foo\}bar}
                 add user <hostname glob> {foo\ bar}

       As  .cloginrc  is  searched  for a directive matching a hostname, it is
       always the first matching instance of a directive, one  whose  hostname
       glob  expression  matches  the  hostname,  which is used.  For example;
       looking up the "password" directive for hostname  foo  in  a  .cloginrc
       file containing

                 add password *   {bar} {table}
                 add password foo {bar} {table}

       would return the first line, even though the second is an exact match.

       .cloginrc  is  expected  to exist in the user's home directory and must
       not be readable, writable, or executable by "others".  .cloginrc should
       be  mode  0600,  or 0640 if it is to be shared with other users who are
       members of the same unix group.  See chgrp(1)  and  chmod(1)  for  more
       information on ownership and file modes.

DIRECTIVES

       The accepted directives are (alphabetically):

       add autoenable <router name glob> {[01]}
              When  using  locally defined usernames or AAA, it is possible to
              have a login which is automatically enabled.  This is, that user
              has  enable  privileges  without  the need to execute the enable
              command.  The router's prompt is  different  for  enabled  mode,
              ending with a # rather than a >.

              Example: add autoenable * {1}

              Default: 0

              zero,  meaning  that  the  user is not automatically enabled and
              clogin  should  execute  the  enable  command  to  gain   enable
              privileges,   unless   negated  by  the  noenable  directive  or
              -noenable command-line option.

              Also see the noenable directive.

       add cyphertype <router name glob> {<ssh encryption type>}
              cyphertype defines which encryption algorithm is used with  ssh.
              A  device  may  not  support  the type ssh uses by default.  See
              ssh(1)'s -c option for details.

              Default: {3des}

       add enableprompt <router name glob> {"<enable prompt>"}
              When using AAA with a Cisco router or switch, it is possible  to
              redefine  the  prompt  the  device  presents to the user for the
              enable password.  enableprompt may be used to adjust the  prompt
              that  clogin  should  look  for when trying to login.  Note that
              enableprompt can be a Tcl style regular expression.

              Example:  add  enableprompt  rc*.example.net  {"\[Ee]nter\  the\
              enable\ password:"}

              Default: "\[Pp]assword:"

       add enauser <router name glob> {<username>}
              This  is  only  needed  if  a device prompts for a username when
              gaining enable privileges and where this username  is  different
              from that defined by or the default of the user directive.

       add identity <router name glob> {<ssh identity file path>}
              May  be  used to specify an alternate identity file for use with
              ssh(1).  See ssh's -i option for details.

              Default: your default identity file.  see ssh(1).

       add method <router name glob> {ssh} [{...}]
              Defines, in order, the connection methods to use  for  a  device
              from  the  set  {ssh,  telnet,  rsh}.   Method telnet may have a
              suffix, indicating an alternate TCP port, of the form ":port".

              Note: Different versions of telnet treat the specification of  a
              port  differently.  In particular, BSD derived telnets do not do
              option negotiation when a port is given.  Some devices,  Extreme
              switches  for  example,  have undesirable telnet default options
              such as linemode.  In the BSD case, to enable option negotiation
              when  specifying  a  port the method should be "{telnet:-23}" or
              you should add "mode character" to .telnetrc.  See telnet(1) for
              more  information on telnet command-line syntax, telnet options,
              and .telnetrc.

              Example: add method * {ssh} {telnet:-3000} {rsh}

              Which would cause clogin to first attempt an ssh  connection  to
              the  device  and if that were to fail with connection refused, a
              telnet connection to port 3000 would be tried, and  then  a  rsh
              connection.

              Note  that  not  all  platforms  support all of these connection
              methods.

              Default: {telnet} {ssh}

       add noenable <router name glob> {1}
              clogin will not try to gain enable privileges when  noenable  is
              matched  for a device.  This is equivalent to clogin's -noenable
              command-line option.

              Note that this directive is meaningless for jlogin(1), nlogin(1)
              and  clogin(1)  [for  Extreme]  which do not have the concept of
              "enabled" and/or no way to elevate privleges once logged  in;  a
              user either has the necessary privleges or doesn't.

       add passphrase <router name glob> {"<SSH passphrase>"}
              Specify the SSH passphrase.  Note that this may be particular to
              an identity directive.   The  passphrase  will  default  to  the
              password for the given router.

              Example: add passphrase rc*.example.net {the\ bird\ goes\ tweet}

       add passprompt <router name glob> {"<password prompt>"}
              When  using AAA with a Cisco router or switch, it is possible to
              redefine the prompt the device presents  to  the  user  for  the
              password.   passprompt  may  be  used  to adjust the prompt that
              clogin  should  look  for  when  trying  to  login.   Note  that
              passprompt can be a Tcl style regular expression.

              Example:   add   passprompt  rc*.example.net  {"\[Ee]nter\  the\
              password:"}

              Default: "(\[Pp]assword|passwd):"

       add password <router name glob> {<vty passwd>} [{<enable passwd>}]
              Specifies a vty password, that which is prompted  for  upon  the
              connection  to  the  router.   The  last  argument is the enable
              password and need not be specified if  the  device  also  has  a
              matching  noenable  or autoenable directive or the corresponding
              command-line options are used.

       add sshcmd <router name glob> {<ssh>}
              <ssh> is the  name  of  the  ssh  executable.   OpenSSH  uses  a
              command-line  option  to specify the protocol version, but other
              implementations use a separate binary such  as  "ssh1".   sshcmd
              allows   this   to  be  adjusted  as  necessary  for  the  local
              environment.

              Default: ssh

       add timeout <router name glob> {<seconds>}
              Time in seconds that the login script will wait for  input  from
              the device before timeout.

              Default: device dependent

       add user <router name glob> {<username>}
              Specifies  a  username clogin should use if or when prompted for
              one.

              Default: $USER (or $LOGNAME), i.e.: your Unix username.

       add userpassword <router name glob> {<user password>}
              Specifies a password to be associated with a user, if  different
              from that defined with the password directive.

       add userprompt <router name glob> {"<username prompt>"}
              When  using AAA with a Cisco router or switch, it is possible to
              redefine the prompt the device presents  to  the  user  for  the
              username.   userprompt  may  be  used  to adjust the prompt that
              clogin  should  look  for  when  trying  to  login.   Note  that
              userprompt can be a Tcl style regular expression.

              Example:   add  userprompt  rc*.example.net  {"\[Ee]nter\  your\
              username:"}

              Default: "(Username|login|user name):"

       include {<file>}
              <file> is the  pathname  of  an  additional  .cloginrc  file  to
              include  at  that  point.  It is evaluated immediately.  That is
              important with regard to the order of matching hostnames  for  a
              given directive, as mentioned above.  This is useful if you have
              your own .cloginrc plus an additional  .cloginrc  file  that  is
              shared among a group of folks.

              If <file> is not a full pathname, $HOME/ will be prepended.

              Example: include {.cloginrc.group}

FILES

       $HOME/.cloginrc               Configuration file described here.
       share/rancid/cloginrc.sample  A sample .cloginrc.

ERRORS

       .cloginrc is interpreted directly by Tcl, so its syntax follows that of
       Tcl.  Errors may produce quite unexpected results.

SEE ALSO

       clogin(1), glob(3), tclsh(1)

                                9 February 2009                    cloginrc(5)