||FreeBSD General Commands Manual
clogin - Cisco login script
clogin [-autoenable] [-noenable] [-dhiSV]
[-m|M] [-c command] [-E var=x]
[-e enable-password] [-f cloginrc-file]
[-p user-password] [-s script-file]
[-t timeout] [-u username] [-v
vty-password] [-w enable-username] [-x
command-file] [-y ssh_cypher_type] router [router...]
clogin is an expect(1) script to automate the process of logging
into a Cisco router, Catalyst switch, Arista switch, Extreme switch, Juniper
ERX/E-series, or Redback router. There are complementary scripts for A10,
Alteon, Avocent (Cyclades), Bay Networks (nortel), Brocade, Cisco Small
Business devices, ADC-kentrox EZ-T3 mux, Fortinet firewalls, Foundry, Cisco
Firepower, HP Procurve switches and Cisco AGMs, Hitachi routers, Juniper
Networks, MRV optical switch, Mikrotik routers, Netscreen firewalls, Nokia
(Alcatel-Lucent), Netscaler, Riverbed Steelhead, Riverstone, Netopia, Cisco
WLCs, Extreme devices and Xirrus arrays or Arrcus routers, named
a10login, alogin, avologin, blogin,
brlogin, csblogin, elogin, flogin, fnlogin,
fxlogin, hlogin, htlogin, jlogin, mrvlogin,
mtlogin, nlogin, noklogin, nslogin,
rblogin, rivlogin, tlogin, wlogin, xlogin,
and xilogin, respectively. Lastly, plogin is a poly-login script
using the router.db(5) files of rancid groups and the
rancid.types.base(5) and rancid.types.conf(5) files to determine
which login script to execute for the device type of the given device.
clogin reads the .cloginrc file for its
configuration, then connects and logs into each of the routers specified on
the command line in the order listed. Command-line options exist to override
some of the directives found in the .cloginrc configuration file.
The command-line options are as follows:
- Save the configuration on exit, if the device prompts at logout time. This
only has affect when used with -c.
- Prints package name and version strings.
- Command to be run on each router list on the command-line. Multiple
commands maybe listed by separating them with semi-colons (;). The
argument should be quoted to avoid shell expansion.
- Enable expect debugging.
- Specifies a variable to pass through to scripts (-s). For example, the
command-line option -Efoo=bar will produce a global variable by the name
Efoo with the initial value "bar".
- Specify a password to be supplied when gaining enable privileges on the
router(s). Also see the password directive of the .cloginrc
- Specifies an alternate configuration file. The default is
- Display usage line and exit.
- Enter interactive mode after processing -[cx] options.
- Display .cloginrc information for matching lines; either the first
match (-m) or all matches (-M), then exit. The display format is:
look-up variable:filename:line number: glob
- Specifies a password associated with the user specified by the -u
option, user directive of the .cloginrc file, or the Unix username
of the user.
- The filename of an expect(1) script which will be sourced after the
login is successful and is expected to return control to clogin,
with the connection to the router intact, when it is done. Note that
clogin disables log_user of expect(1)when
-s is used. Example script(s) can be found in
- Alters the timeout interval; the period that clogin waits for an
individual command to return a prompt or the login process to produce a
prompt or failure. The argument is in seconds.
- Specifies the username used when prompted. The command-line option
overrides any user directive found in .cloginrc. The default is the
current Unix username.
- Specifies a vty password, that which is prompted for upon connection to
the router. This overrides the vty password of the .cloginrc file's
- Specifies the username used if prompted when gaining enable privileges.
The command-line option overrides any user or enauser directives found in
.cloginrc. The default is the current Unix username.
- Similar to the -c option; -x specifies a file with commands
to run on each of the routers. The commands must not expect additional
input, such as 'copy rcp startup-config' does. For example:
If the login script fails for any of the devices on the command-line, the exit
value of the script will be non-zero and the value will be the number of
clogin recognizes the following environment variables.
- Specifies the encryption algorithm for use with the ssh(1) -c
option. The default encryption type is often not supported. See the
ssh(1) man page for details. The default is 3des.
$HOME/.cloginrc Configuration file.
clogin expects CatOS devices to have a prompt which includes a '>',
such as "router> (enable)". It uses this to determine, for
example, whether the command to disable the pager is "set length 0"
or "term length 0".
- Overrides the user directive found in the .cloginrc file, but may
be overridden by the -u option.
- clogin will not change the banner on your xterm window if this
includes the character 'x'.
- Specifies an alternative location for the .cloginrc file, like the
- Normally set by login(1) to the user's home directory, HOME is used
by clogin to locate the .cloginrc configuration file.
The HP Procurve switches that are Foundry OEMs use flogin, not
The -S option is a recent addition, it may not be supported in all
of the login scripts or for every target device.
Do not use greater than (>) or pound sign (#) in device banners or hostnames
or prompts. These are the normal terminating characters of device prompts and
the login scripts need to locate the initial prompt. Afterward, the full
prompt is collected and makes a more precise match so that the scripts know
when the device is ready for the next command.
All these login scripts for separate devices should be rolled into
one. This goal is exceedingly difficult.
The HP Procurve switch, Motorola BSR, and Cisco AGM CLIs rely
heavily upon terminal escape codes for cursor/screen manipulation and
assumes a vt100 terminal type. They do not provide a way to set a different
terminal type or adjust this behavior. The resulting escape codes make
automating interaction with these devices very difficult or impossible. Thus
bin/hpuifilter, which must be found in the user's PATH, is used by hlogin to
filter these escape sequences. While this works for rancid's collection,
there are side effects for interactive logins via hlogin; most of which are
formatting annoyances that may be remedied by typing CTRL-R to reprint the
WARNING: repeated ssh login failures to HP Procurves cause the
switch's management interface to lock-up (this includes snmp, ping) and
sometimes it will crash. This is with the latest firmware; 5.33 at the time
of this writing.
Visit the GSP FreeBSD Man Page Interface.
Output converted with ManDoc.