[rancid] RHEL7 RANCID 3.1 SSH KeyExchange

Gavin Jones gavinj84 at gmail.com
Tue Oct 7 07:27:48 UTC 2014

Hi All,

There I have an issue for RHEL7 with SSH and older Cisco IOS's to login.

What happens is the KeyExchange stops the SSH Connection from retrieving
the config from the switch.

[rancid at ranc01 ~]# ssh -v user at switch1

debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<3072<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
Connection closed by switch1

- The fix is to change the keyexchange algorithm for the host. (but this
does not fix rancid)

vim /etc/ssh/ssh_config  &&  ~/.ssh/config
chmod -v 600  ~/.ssh/config

[root at ranc01 ~]#

      KexAlgorithms diffie-hellman-group14-sha1
      KexAlgorithms diffie-hellman-group14-sha1

Now I can ssh fine from the terminal, however in RANCID it still fails.

 I see you have cyphertype as a parameter for the .cloginrc but NO
 KexAlgorithms option, you can have a read in the man ssh_config for more

Had issues on both these IOS's:

sh ver
Cisco IOS Software, C1900 Software (C1900-UNIVERSALK9_NPE-M), Version
15.0(1)M3, RELEASE SOFTWARE (fc2)

sh ver
Cisco IOS Software, 2800 Software (C2800NM-IPBASEK9-M), Version 12.4(20)T6,

Here is the version of SSH:

[root at ranc01 ~]# rpm -qa | grep -i openssh-clients

These are the errors I get in the RANCID log:

switch01: missed cmd(s): all commands
switch01 clogin error: Error: Connection closed (ssh): switch01
switch01: End of run not found

Anyone else had similar experiences?

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20141007/a09111a4/attachment.html>

More information about the Rancid-discuss mailing list