Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. RANCID>
  3. Users
Fortinet private key problem
ugob at lubik
Jul 25, 2019, 11:52 AM
Post #1 of 3 (679 views)
Permalink
Hi,

I'm trying to get rancid to work with my Fortinet device. It seems to work
OK, except for the fact that it doesn't collect the whole config. It looks
like it's stuck in the removal of the private key. It stops like this:

# set private-key "-----BEGIN ENCRYPTED PRIVATE KEY-----
# <removed>
Connection to server.xxx.xxx closed.

I checked the code for filter cycling RSA private keys, but I don't know
where would be the problem.

Any help or suggestion would be appreciated.

Thanks,

--
Ugo Bellavance (ugob@lubik.ca)
Re: Fortinet private key problem [ In reply to ]
heas at shrubbery
Jul 25, 2019, 12:17 PM
Post #2 of 3 (678 views)
Permalink
Thu, Jul 25, 2019 at 02:52:42PM -0400, Ugo Bellavance:
> Hi,
>
> I'm trying to get rancid to work with my Fortinet device. It seems to work
> OK, except for the fact that it doesn't collect the whole config. It looks
> like it's stuck in the removal of the private key. It stops like this:
>
> # set private-key "-----BEGIN ENCRYPTED PRIVATE KEY-----
> # <removed>
> Connection to server.xxx.xxx closed.
>
> I checked the code for filter cycling RSA private keys, but I don't know
> where would be the problem.
>
> Any help or suggestion would be appreciated.

what version of rancid? show us example input. test that you can run the
command with the login script and receive the full output.

_______________________________________________
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss
Re: Fortinet private key problem [ In reply to ]
ugob at lubik
Jul 26, 2019, 6:31 AM
Post #3 of 3 (677 views)
Permalink
I found a fix:

In fnrancid (version 3724 2017-08-01 17:58:06Z), I had to change the regex
a bit because on my system (Fortiweb, not Fortigate), the double quote is
on another line.

I haven't been able to make it work with the new line (tried \n and \r\n)
and it didn't work so I just removed the double quote in the regex.

# if (/^\s*-----END (RSA|ENCRYPTED) PRIVATE KEY-----"/) {
if (/^\s*-----END (RSA|ENCRYPTED) PRIVATE KEY-----/) {

I'm not sure how future-proof this is but tips are welcome to make the
regex work with this input:


OSnA0DuUpx2/FvoFbJM9jmx=
-----END ENCRYPTED PRIVATE KEY-----
"
unset passwd

Thanks,

On Thu, Jul 25, 2019 at 3:17 PM john heasley <heas@shrubbery.net> wrote:

> Thu, Jul 25, 2019 at 02:52:42PM -0400, Ugo Bellavance:
> > Hi,
> >
> > I'm trying to get rancid to work with my Fortinet device. It seems to
> work
> > OK, except for the fact that it doesn't collect the whole config. It
> looks
> > like it's stuck in the removal of the private key. It stops like this:
> >
> > # set private-key "-----BEGIN ENCRYPTED PRIVATE KEY-----
> > # <removed>
> > Connection to server.xxx.xxx closed.
> >
> > I checked the code for filter cycling RSA private keys, but I don't know
> > where would be the problem.
> >
> > Any help or suggestion would be appreciated.
>
> what version of rancid? show us example input. test that you can run the
> command with the login script and receive the full output.
>


--
Ugo Bellavance (ugob@lubik.ca)

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal