vi /root/.ssh/known_hosts and delete the first line, then re-run clogin.<br clear="all"><br>-- Eric Cables<br>
<br><br><div class="gmail_quote">On Tue, Apr 13, 2010 at 1:19 PM, Wagner Pereira <span dir="ltr"><<a href="mailto:wpereira@pop-sp.rnp.br">wpereira@pop-sp.rnp.br</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;">
Ryan,<br>
<br>
I changed this:<br>
add method 10.0.0.2 {telnet} {ssh}<br>
<br>
To this:<br>
add method 10.0.0.2 {ssh} {telnet}<br>
<br>
<br>
But now, the error has changed...(ok, if "Update the SSH known_hosts<br>
file accordingly." is the answer, how can I do that?)<br>
<br>
-----------------------<br>
<div class="im">/home/rancid/bin/clogin 10.0.0.2<br>
10.0.0.2<br>
spawn telnet 10.0.0.2<br>
Trying 10.0.0.2...<br>
telnet: Unable to connect to remote host: Connection refused<br>
spawn ssh -c 3des -x -l root 10.0.0.2<br>
</div>@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@<br>
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @<br>
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@<br>
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!<br>
Someone could be eavesdropping on you right now (man-in-the-middle attack)!<br>
It is also possible that the RSA host key has just been changed.<br>
The fingerprint for the RSA key sent by the remote host is<br>
8f:23:61:b6:03:36:e0:7c:d2:e6:5c:0c:37:5d:c5:fe.<br>
Please contact your system administrator.<br>
Add correct host key in /root/.ssh/known_hosts to get rid of this message.<br>
Offending key in /root/.ssh/known_hosts:1<br>
RSA host key for 10.0.0.2 has changed and you have requested strict<br>
checking.<br>
Host key verification failed.<br>
<br>
Error: The host key for 10.0.0.2 has changed. Update the SSH<br>
known_hosts file accordingly.<br>
-----------------------<br>
<br>
--<br>
<div class="im"><br>
Wagner Pereira<br>
<br>
PoP-SP/RNP - Ponto de Presença da RNP em São Paulo<br>
CCE/USP - Centro de Computação Eletrônica da Universidade de São Paulo<br>
<a href="http://www.pop-sp.rnp.br" target="_blank">http://www.pop-sp.rnp.br</a><br>
Tel. (11) 3091-8901<br>
<br>
<br>
</div>Em 13/4/2010 16:54, Ryan West escreveu:<br>
<div><div></div><div class="h5">> Command line check that you connect to that device using telnet or ssh. If you can't, fix that first. If you want to connect via SSH, then change your connection method in your .cloginrc file.<br>
><br>
> -ryan<br>
><br>
><br>
>> -----Original Message-----<br>
>> From: <a href="mailto:rancid-discuss-bounces@shrubbery.net">rancid-discuss-bounces@shrubbery.net</a> [mailto:<a href="mailto:rancid-discuss-">rancid-discuss-</a><br>
>> <a href="mailto:bounces@shrubbery.net">bounces@shrubbery.net</a>] On Behalf Of Wagner Pereira<br>
>> Sent: Tuesday, April 13, 2010 3:47 PM<br>
>> Cc: <a href="mailto:rancid-discuss@shrubbery.net">rancid-discuss@shrubbery.net</a><br>
>> Subject: [rancid] Re: New device on .cloginrc<br>
>><br>
>> Ryan,<br>
>><br>
>> You were right concerning to the rsa key.<br>
>><br>
>> I ran the "crypto key generate rsa" command in my Cisco router, choosing<br>
>> 1024 bits. It worked.<br>
>><br>
>> But now the error changed, as follows (it seems like the ssh connection<br>
>> method was not tried):<br>
>><br>
>> ---------------------<br>
>> /home/rancid/bin/clogin 10.0.0.2<br>
>> 10.0.0.2<br>
>> spawn telnet 10.0.0.2<br>
>> Trying 10.0.0.2...<br>
>> telnet: Unable to connect to remote host: No route to host<br>
>><br>
>> Error: Couldn't login: 10.0.0.2<br>
>> ---------------------<br>
>><br>
>> What's next?<br>
>><br>
>> --<br>
>><br>
>> Wagner Pereira<br>
>><br>
>> PoP-SP/RNP - Ponto de Presença da RNP em São Paulo<br>
>> CCE/USP - Centro de Computação Eletrônica da Universidade de São Paulo<br>
>> <a href="http://www.pop-sp.rnp.br" target="_blank">http://www.pop-sp.rnp.br</a><br>
>> Tel. (11) 3091-8901<br>
>><br>
>><br>
>> Em 13/4/2010 10:41, Ryan West escreveu:<br>
>><br>
>>><br>
>>><br>
>>>> -----Original Message-----<br>
>>>> Sent: Tuesday, April 13, 2010 9:34 AM<br>
>>>> To: <a href="mailto:rancid-discuss@shrubbery.net">rancid-discuss@shrubbery.net</a><br>
>>>> Subject: [rancid] Re: New device on .cloginrc<br>
>>>><br>
>>>> Hi, Marty.<br>
>>>><br>
>>>> It sounds wrong, I suppose, because the Rancid is still running over<br>
>>>> other device perfectly.<br>
>>>><br>
>>>> Then, I ran this:<br>
>>>> ----------------------<br>
>>>> /home/rancid/bin/clogin 10.0.0.2<br>
>>>> 10.0.0.2<br>
>>>> spawn telnet 10.0.0.2<br>
>>>> Trying 10.0.0.2...<br>
>>>> telnet: Unable to connect to remote host: Connection refused<br>
>>>> spawn ssh -c 3des -x -l root 10.0.0.2<br>
>>>> ssh_rsa_verify: RSA modulus too small: 512< minimum 768 bits<br>
>>>> key_verify failed for server_host_key<br>
>>>><br>
>>>> Error: Couldn't login: 10.0.0.2<br>
>>>> ----------------------<br>
>>>><br>
>>>><br>
>>> Try googling the ss_rsa_verify output. I imagine the device you're<br>
>>><br>
>> connecting to is rather old, you should try to run a 1024 bit key at the<br>
>> minimum. I would recommend using a 2048 bit key if you can, but if it's an<br>
>> older device, be prepared to wait a while. You may be able to change how<br>
>> RANCID connects to the device, but I think you would be off gen'ing a new key<br>
>> on the device instead.<br>
>><br>
>>> -ryan<br>
>>><br>
>>><br>
>> _______________________________________________<br>
>> Rancid-discuss mailing list<br>
>> <a href="mailto:Rancid-discuss@shrubbery.net">Rancid-discuss@shrubbery.net</a><br>
>> <a href="http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss" target="_blank">http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss</a><br>
>><br>
_______________________________________________<br>
Rancid-discuss mailing list<br>
<a href="mailto:Rancid-discuss@shrubbery.net">Rancid-discuss@shrubbery.net</a><br>
<a href="http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss" target="_blank">http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss</a><br>
</div></div></blockquote></div><br>