[c-nsp] Creating a read-only user for RANCID
Chris Marlatt
cmarlatt at rxsec.com
Fri Feb 17 08:58:41 EST 2012
On 02/17/2012 07:47 AM, James Bensley wrote:
> Hello everyone,
>
> I am trying to make a read only user on a device for rancid to login
> in with. The problem is that when I telnet in as the rancid user, and
> authenticate, I am dropped strait into priviledge exec mode which has
> a different prompt ('#'- hash, instead of '>' - greater than), which
> throws off the rancid expect script and it justs hangs.
>
> I have made a custom privilege level for the rancid user but this is
> the part that seems to be the problem. When logging in with my normal
> user, which has the default priviledge level of 15, it doesn't have
> this problem (I drop into user exec mode, and have to type
> enable...etc). Is there perhaps another way around this?
>
> How can I stop the switch from automatically entering privilidge exec mode?
Wouldn't setting "add autoenable switch_name 1" in your .clogin file
resolve this?
I actually do this in tacacs and just restrict that user to the handful
of commands I know it's going to be running.
Regards,
Chris
More information about the cisco-nsp
mailing list