Backing Up an Opengear Console With Rancid

Recently deployed some Opengear serial consoles (love them, they work great). I needed a way to back them up in some kind of automated fashion. Turns out Opengear has written some scripts to work with Rancid .

These work well, as you would expect. Follow the directions, nothing complicated. One thing I did notice is that if you connect to the device as root (yes, we all know nobody ever does that because security), it will put the hashed passwords into the extracted config. Maybe not a big deal, they are hashed, but its slightly odd since it happens regardless of whether you have FILTER_PWD enabled, or its friends, which normally filter out sensitive thing. The solution is to connect as a non-root user (create a rancid user?) and then you get a ‘permission denied’ for reading /etc/shadow, but you also don’t see the hashed passwords.

The second thing I noticed is that the config backup doesn’t include the custom OpenVPN config. Make sure you back this up independently.

Footnotes and References