Gavin Jones
2014-10-07 07:27:48 UTC
Hi All,
There I have an issue for RHEL7 with SSH and older Cisco IOS's to login.
What happens is the KeyExchange stops the SSH Connection from retrieving
the config from the switch.
[***@ranc01 ~]# ssh -v ***@switch1
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<3072<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
Connection closed by switch1
- The fix is to change the keyexchange algorithm for the host. (but this
does not fix rancid)
vim /etc/ssh/ssh_config && ~/.ssh/config
chmod -v 600 ~/.ssh/config
[***@ranc01 ~]#
Host 192.168.1.1
KexAlgorithms diffie-hellman-group14-sha1
Host 192.168.1.1
KexAlgorithms diffie-hellman-group14-sha1
Now I can ssh fine from the terminal, however in RANCID it still fails.
I see you have cyphertype as a parameter for the .cloginrc but NO
KexAlgorithms option, you can have a read in the man ssh_config for more
info.
Had issues on both these IOS's:
sh ver
Cisco IOS Software, C1900 Software (C1900-UNIVERSALK9_NPE-M), Version
15.0(1)M3, RELEASE SOFTWARE (fc2)
sh ver
Cisco IOS Software, 2800 Software (C2800NM-IPBASEK9-M), Version 12.4(20)T6,
RELEASE SOFTWARE (fc2)
Here is the version of SSH:
[***@ranc01 ~]# rpm -qa | grep -i openssh-clients
openssh-clients-6.4p1-8.el7.x86_64
These are the errors I get in the RANCID log:
switch01: missed cmd(s): all commands
switch01 clogin error: Error: Connection closed (ssh): switch01
switch01: End of run not found
Anyone else had similar experiences?
Thanks
There I have an issue for RHEL7 with SSH and older Cisco IOS's to login.
What happens is the KeyExchange stops the SSH Connection from retrieving
the config from the switch.
[***@ranc01 ~]# ssh -v ***@switch1
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<3072<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
Connection closed by switch1
- The fix is to change the keyexchange algorithm for the host. (but this
does not fix rancid)
vim /etc/ssh/ssh_config && ~/.ssh/config
chmod -v 600 ~/.ssh/config
[***@ranc01 ~]#
Host 192.168.1.1
KexAlgorithms diffie-hellman-group14-sha1
Host 192.168.1.1
KexAlgorithms diffie-hellman-group14-sha1
Now I can ssh fine from the terminal, however in RANCID it still fails.
I see you have cyphertype as a parameter for the .cloginrc but NO
KexAlgorithms option, you can have a read in the man ssh_config for more
info.
Had issues on both these IOS's:
sh ver
Cisco IOS Software, C1900 Software (C1900-UNIVERSALK9_NPE-M), Version
15.0(1)M3, RELEASE SOFTWARE (fc2)
sh ver
Cisco IOS Software, 2800 Software (C2800NM-IPBASEK9-M), Version 12.4(20)T6,
RELEASE SOFTWARE (fc2)
Here is the version of SSH:
[***@ranc01 ~]# rpm -qa | grep -i openssh-clients
openssh-clients-6.4p1-8.el7.x86_64
These are the errors I get in the RANCID log:
switch01: missed cmd(s): all commands
switch01 clogin error: Error: Connection closed (ssh): switch01
switch01: End of run not found
Anyone else had similar experiences?
Thanks