Discussion:
[rancid] Mikrotik login with strong ssh
Jason Ede
2017-10-29 09:06:59 UTC
Permalink
On my rancid (3.1) I want to use strong encryption on the mikrotiks, but will allow rancid to connect the to the weaker ones then I need to modify cyphertype in mtlogin on line 521 to the below.

"aes192-ctr,aes192-cbc"

From my experience so far it seems to work on all versions of RouterOS v 6. Just putting this here in case others looking for it.

Jason
Alexander Griesser
2017-10-30 06:49:49 UTC
Permalink
Hi Jason,

please note that you can also add the cyphertype directly in .cloginrc for any given device, so you do not have to hack the binaries:

add cyphertype 192.168.0.1 aes192-ctr,aes192-cbc

Best,

Alexander Griesser
Head of Systems Operations

ANEXIA Internetdienstleistungs GmbH

E-Mail: ***@anexia-it.com<mailto:***@anexia-it.com>
Web: http://www.anexia-it.com<http://www.anexia-it.com/>

Anschrift Hauptsitz Klagenfurt: Feldkirchnerstraße 140, 9020 Klagenfurt
Geschäftsführer: Alexander Windbichler
Firmenbuch: FN 289918a | Gerichtsstand: Klagenfurt | UID-Nummer: AT U63216601

Von: Rancid-discuss [mailto:rancid-discuss-***@shrubbery.net] Im Auftrag von Jason Ede
Gesendet: Sonntag, 29. Oktober 2017 10:07
An: rancid-***@shrubbery.net
Betreff: [rancid] Mikrotik login with strong ssh

On my rancid (3.1) I want to use strong encryption on the mikrotiks, but will allow rancid to connect the to the weaker ones then I need to modify cyphertype in mtlogin on line 521 to the below.

"aes192-ctr,aes192-cbc"

From my experience so far it seems to work on all versions of RouterOS v 6. Just putting this here in case others looking for it.

Jason
heasley
2017-10-30 07:48:46 UTC
Permalink
Post by Alexander Griesser
Hi Jason,
add cyphertype 192.168.0.1 aes192-ctr,aes192-cbc
that should be quoted

add cyphertype 192.168.0.1 {aes192-ctr,aes192-cbc}

and, if you udate rancid, it was changed to not force a particular version,
so it will use whatever ssh's default list is or whatever the ~/.ssh/config
has set.
Post by Alexander Griesser
Best,
Alexander Griesser
Head of Systems Operations
ANEXIA Internetdienstleistungs GmbH
Web: http://www.anexia-it.com<http://www.anexia-it.com/>
Anschrift Hauptsitz Klagenfurt: Feldkirchnerstraße 140, 9020 Klagenfurt
Geschäftsführer: Alexander Windbichler
Firmenbuch: FN 289918a | Gerichtsstand: Klagenfurt | UID-Nummer: AT U63216601
Gesendet: Sonntag, 29. Oktober 2017 10:07
Betreff: [rancid] Mikrotik login with strong ssh
On my rancid (3.1) I want to use strong encryption on the mikrotiks, but will allow rancid to connect the to the weaker ones then I need to modify cyphertype in mtlogin on line 521 to the below.
"aes192-ctr,aes192-cbc"
Post by Jason Ede
From my experience so far it seems to work on all versions of RouterOS v 6. Just putting this here in case others looking for it.
Jason
_______________________________________________
Rancid-discuss mailing list
http://www.shrubbery.net/mailman/listinfo/rancid-discuss
Loading...