; Change the settings below to suit your needs. ; No leading spaces are allowed and comments always start with a ";" (semi-colon). ; DO NOT change the name of the section header. ; You may create copies of this file and pass to the tool like this: ; ./reach.py --config_file= [TOOL DEFAULTS] ; Do not change this! ; REQUIRED SETTINGS ; ---------------------------------------------- ; Define default hosts inventory to use. It needs to be a comma separated file with a header row. ; Be sure to define the matching HOST_MARKER (text displayed when processing) ; and KEY_COLUMN (IP used for connections) below. ; May be overridden in the command-line as: -i HOSTS_INVENTORY_FILE : /path/inventory.csv ; Define default Key Column for the IP address or Hostname to use for connections. ; May be overridden in the command-line as: -k IP_OR_HOST_COLUMN : IP_Address ; Define the string format displayed when processing hosts. ; $HF_# where # is the column number from the inventory file above. ; Try ./reach.py --host_fields to display the column headers HOST_DISPLAY_FORMAT : $HF_4@$HF_1 ($HF_2): $HF_3 ; ---------------------------------------------- ; OPTIONAL SETTINGS (But highly recommended to be set for convenience) ; Uncomment by removing the leading ';' to use. ; ---------------------------------------------- ; Optional but highly recommended for security. Suggest this file is in a separate ; directory with chmod 600 permissions. ; File containing a cipher key. A string of exactly 32 random characters used ; for password obfuscation in the config or in inputs using $CT= ;CIPHER_KEY_FILE : /path/.reach_cipher-key ; Optional, uncomment this and set to True to force reach to use SSH agent authentication only. ; By default reach will try authentication in the following order: agent, private key, user/pass ; SSH_USER_NAME is required is this is set to True ;SSH_AGENT_ONLY : True ; ---------------------------------------------- ; The next 3 items (SSH_USER_NAME, SSH_PASSWORD_CIPHER, SSH_PRIVATE_KEY) depends on how you ; want to authenticate. If you want to use the same values for ALL hosts, you may define them ; directly here. If you want to use per-host values, then the values need to exist in the host file ; as its own column, then define them here as $HF_# (column value). ; For example: SSH_USER_NAME : $HF_4 ; Try ./reach.py --host_fields to display the column headers ; Although these are optional, you don't want to type a user / password every time! So set these: ; Optional, uncomment this if you don't want to be prompted each time for a user name to use. ; May be overridden in the command-line as: --username= ; Required if SSH_AGENT_ONLY is set to True ;SSH_USER_NAME : myuser ; Or to define per-host (change column # to suit) : ;SSH_USER_NAME : $HF_4 ; Optional, uncomment this if you don't want to be prompted each time for a password to use. ; Cipher text rsa key passphrase or password ; May be overridden in the command-line as: --username= ; To generate the cipher text: ./reach.py --cipher_text= ;SSH_PASSWORD_CIPHER : Tl0RREQsHQcYXBY= ; Or to define per-host (change column # to suit) : ;SSH_PASSWORD_CIPHER : $HF_5 ; Optional, uncomment this to use the specified RSA private (not public) key. ; This must be in OpenSSH format, not Putty PPK ; May be overridden in the command-line as: --private_key= ;SSH_PRIVATE_KEY_FILE : /path/rsa_private_key ; Or to define per-host (change column # to suit) : ;SSH_PRIVATE_KEY_FILE : $HF_8 ; ---------------------------------------------- ; Set this to True if you want to blindly trust hosts or False to use the system known_hosts file ; If you're having connection issues, it is likely that you haven't connected to the host manually ; in which case, you either need to do so, or set this to True one time to add to known_hosts file SSH_TRUST_HOSTS : False ; Number of seconds before the connection attempt times out. SSH_CONNECTION_TIMEOUT : 5 ; Important to set this higher than your longest running command you plan to run. But set it too high ; Reach won't move to the next command if the command hangs. SSH_COMMAND_TIMEOUT : 10 ; Optional, will log in "logs" directory if this is commented. ;LOGS_DIRECTORY : /path/logs/ ; Valid values: DEBUG, INFO, WARNING, ERROR, CRITICAL LOG_LEVEL : DEBUG ; Safe to leave all as False or comment. Change to suit. SHOW_HOST_DURATION : False SHOW_CONSOLE_OUTPUT : False RUN_IN_SIMULATION_MODE : False DEBUG_FLAG : False NO_DESTRUCTIVE_PROMPT : False ; Safe to leave commented. This is the prompt regex. These are characters to expect on hosts. ; Change only if you know what you're doing. Separate different prompt with | ; Example: ;PROMPT_REGEX : ([$#] |> )$ ; Default is: ;PROMPT_REGEX : [$#>]( )?$