Discussion:
[rancid] ssh issues connecting Cisco ASR
Delmiro Campelo
2015-06-12 05:45:59 UTC
Permalink
Has anyone run into this issue? i'm able to run clogin against other Cisco
devices, but having some issues when I try Cisco ASR router.

[***@router ~]$ ./bin/clogin router
router
spawn ssh -c 3des -x -l admin router
Connection closed by 10.3.9.20
Error: Connection closed (ssh):


Log messages in the router:
Jun 12 00:26:21.943 CST: %SSH-3-DH_RANGE_FAIL: Client DH key range mismatch
with maximum configured DH key on server
Jun 12 00:26:22.241 CST: %SSH-3-DH_RANGE_FAIL: Client DH key range mismatch
with maximum configured DH key on server
Jun 12 00:26:22.616 CST: %SSH-3-DH_RANGE_FAIL: Client DH key range mismatch
with maximum configured DH key on server

Thanks,
Delmiro
Nick Hilliard
2015-06-12 14:25:39 UTC
Permalink
Post by Delmiro Campelo
Has anyone run into this issue? i'm able to run clogin against other Cisco
devices, but having some issues when I try Cisco ASR router.
http://stackoverflow.com/questions/25341773/cisco-ssh-key-exchange-fails-from-ubuntu-14-04-client-dh-key-range-mismatch
Nick
Mark Tinka
2015-06-12 14:29:34 UTC
Permalink
This issue also hit FreeBSD, after an SSH update a few months ago.

The inline fix as mentioned in the URL below from Nick will work.

Otherwise, you can also add the below to /etc/ssh/ssh_config:

Host *
KexAlgorithms diffie-hellman-group1-sha1

This works on FreeBSD.

Mark.
Post by Delmiro Campelo
Has anyone run into this issue? i'm able to run clogin against other Cisco
devices, but having some issues when I try Cisco ASR router.
http://stackoverflow.com/questions/25341773/cisco-ssh-key-exchange-fails-from-ubuntu-14-04-client-dh-key-range-mismatch
Nick
_______________________________________________
Rancid-discuss mailing list
http://www.shrubbery.net/mailman/listinfo/rancid-discuss
.
Delmiro Campelo
2015-06-12 15:46:43 UTC
Permalink
thank you Mark, this worked perfectly in my red hat server. I appreciate
the help of you all.
Post by Mark Tinka
This issue also hit FreeBSD, after an SSH update a few months ago.
The inline fix as mentioned in the URL below from Nick will work.
Host *
KexAlgorithms diffie-hellman-group1-sha1
This works on FreeBSD.
Mark.
Has anyone run into this issue? i'm able to run clogin against other Cisco
devices, but having some issues when I try Cisco ASR router.
http://stackoverflow.com/questions/25341773/cisco-ssh-key-exchange-fails-from-ubuntu-14-04-client-dh-key-range-mismatch
Nick
_______________________________________________
.
Loading...