[rancid] Re: New device on .cloginrc

Eric Cables ecables at gmail.com
Tue Apr 13 20:32:19 UTC 2010


vi /root/.ssh/known_hosts and delete the first line, then re-run clogin.

-- Eric Cables


On Tue, Apr 13, 2010 at 1:19 PM, Wagner Pereira <wpereira at pop-sp.rnp.br>wrote:

> Ryan,
>
> I changed this:
> add method 10.0.0.2 {telnet} {ssh}
>
> To this:
> add method 10.0.0.2 {ssh} {telnet}
>
>
> But now, the error has changed...(ok, if  "Update the SSH known_hosts
> file accordingly." is the answer, how can I do that?)
>
> -----------------------
> /home/rancid/bin/clogin 10.0.0.2
> 10.0.0.2
> spawn telnet 10.0.0.2
> Trying 10.0.0.2...
> telnet: Unable to connect to remote host: Connection refused
> spawn ssh -c 3des -x -l root 10.0.0.2
> @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
> @    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
> @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
> IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
> Someone could be eavesdropping on you right now (man-in-the-middle attack)!
> It is also possible that the RSA host key has just been changed.
> The fingerprint for the RSA key sent by the remote host is
> 8f:23:61:b6:03:36:e0:7c:d2:e6:5c:0c:37:5d:c5:fe.
> Please contact your system administrator.
> Add correct host key in /root/.ssh/known_hosts to get rid of this message.
> Offending key in /root/.ssh/known_hosts:1
> RSA host key for 10.0.0.2 has changed and you have requested strict
> checking.
> Host key verification failed.
>
> Error: The host key for 10.0.0.2 has changed.  Update the SSH
> known_hosts file accordingly.
> -----------------------
>
> --
>
> Wagner Pereira
>
> PoP-SP/RNP - Ponto de Presença da RNP em São Paulo
> CCE/USP - Centro de Computação Eletrônica da Universidade de São Paulo
> http://www.pop-sp.rnp.br
> Tel. (11) 3091-8901
>
>
> Em 13/4/2010 16:54, Ryan West escreveu:
> > Command line check that you connect to that device using telnet or ssh.
>  If you can't, fix that first.  If you want to connect via SSH, then change
> your connection method in your .cloginrc file.
> >
> > -ryan
> >
> >
> >> -----Original Message-----
> >> From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-
> >> bounces at shrubbery.net] On Behalf Of Wagner Pereira
> >> Sent: Tuesday, April 13, 2010 3:47 PM
> >> Cc: rancid-discuss at shrubbery.net
> >> Subject: [rancid] Re: New device on .cloginrc
> >>
> >> Ryan,
> >>
> >> You were right concerning to the rsa key.
> >>
> >> I ran the "crypto key generate rsa" command in my Cisco router, choosing
> >> 1024 bits. It worked.
> >>
> >> But now the error changed, as follows (it seems like the ssh connection
> >> method was not tried):
> >>
> >> ---------------------
> >> /home/rancid/bin/clogin 10.0.0.2
> >> 10.0.0.2
> >> spawn telnet 10.0.0.2
> >> Trying 10.0.0.2...
> >> telnet: Unable to connect to remote host: No route to host
> >>
> >> Error: Couldn't login: 10.0.0.2
> >> ---------------------
> >>
> >> What's next?
> >>
> >> --
> >>
> >> Wagner Pereira
> >>
> >> PoP-SP/RNP - Ponto de Presença da RNP em São Paulo
> >> CCE/USP - Centro de Computação Eletrônica da Universidade de São Paulo
> >> http://www.pop-sp.rnp.br
> >> Tel. (11) 3091-8901
> >>
> >>
> >> Em 13/4/2010 10:41, Ryan West escreveu:
> >>
> >>>
> >>>
> >>>> -----Original Message-----
> >>>> Sent: Tuesday, April 13, 2010 9:34 AM
> >>>> To: rancid-discuss at shrubbery.net
> >>>> Subject: [rancid] Re: New device on .cloginrc
> >>>>
> >>>> Hi, Marty.
> >>>>
> >>>> It sounds wrong, I suppose, because the Rancid is still running over
> >>>> other device perfectly.
> >>>>
> >>>> Then, I ran this:
> >>>> ----------------------
> >>>> /home/rancid/bin/clogin 10.0.0.2
> >>>> 10.0.0.2
> >>>> spawn telnet 10.0.0.2
> >>>> Trying 10.0.0.2...
> >>>> telnet: Unable to connect to remote host: Connection refused
> >>>> spawn ssh -c 3des -x -l root 10.0.0.2
> >>>> ssh_rsa_verify: RSA modulus too small: 512<   minimum 768 bits
> >>>> key_verify failed for server_host_key
> >>>>
> >>>> Error: Couldn't login: 10.0.0.2
> >>>> ----------------------
> >>>>
> >>>>
> >>> Try googling the ss_rsa_verify output.  I imagine the device you're
> >>>
> >> connecting to is rather old, you should try to run a 1024 bit key at the
> >> minimum.  I would recommend using a 2048 bit key if you can, but if it's
> an
> >> older device, be prepared to wait a while.  You may be able to change
> how
> >> RANCID connects to the device, but I think you would be off gen'ing a
> new key
> >> on the device instead.
> >>
> >>> -ryan
> >>>
> >>>
> >> _______________________________________________
> >> Rancid-discuss mailing list
> >> Rancid-discuss at shrubbery.net
> >> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
> >>
> _______________________________________________
> Rancid-discuss mailing list
> Rancid-discuss at shrubbery.net
> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20100413/23b00af1/attachment.html 


More information about the Rancid-discuss mailing list