1. I created an SSH key as the rancid user, with no password:
/bin/su - rancid -c "ssh-keygen -b 2048 -t rsa"
2. I created an SSH key based user on the SBCs (I have a HA pair, so I did this on the primary) - and I used the public key I created in step one (i.e., ~rancid/.ssh/id_rsa.pub - just remember that the format is very strict. You should match, more or less, the example below. The comment goes at the beginning, and not at the end like openssh)
ssh-pub-key import authorized-key rancid
IMPORTANT:
Please paste SSH public key in the format defined in RFC 4716.
Terminate the key with ";" to exit.......
---- BEGIN SSH2 PUBLIC KEY ----
Comment: My rancid user's public key
AAAAB3NzaC1yc2EAAAasdasdawdawdhZj07+93RKwx0RXcwaaadawdawdaefZuc6ePw+3G9jiZUcyxFb8Td9sc700HtZLN0CtezZKHsC+bJPp0oocb9ykAIzO9xs3vOs55aadwdad21d12fq==
---- END SSH2 PUBLIC KEY ----;
I usually create host file entries for rancid, as not all of the hosts are in dns, and some have multiple addresses. But, it's entirely up to you. The key format above is strict. Make sure there are no empty spaces at the end of lines.
3. modify .cloginrc and add the following (assuming your SBC is called mysbc1.myfqdn.local
add password mysbc1.myfqdn.local noRealPasswordNecessaryJustFillThisInWithGarbage
add autoenable mysbc1.myfqdn.local 1
add user mysbc1.myfqdn.local rancid
add method mysbc1.myfqdn.local ssh
4. log into the SBC with the actual rancid user, just so the rancid user will add the host to its ssh_known_hosts file
5. add the SBC to the router.db for your particular environment:
mysbc1.myfqdn.local:cisco:up
6. Now, you should be all set. Run Rancid as you would, normally. For instance, I have a COLO called pac1:
/bin/su - rancid -c "/usr/local/rancid/bin/rancid-run pac1