[rancid] Issues with the latest version of OpenSSH and Rancid 3.2-2.

Alan McKinnon alan.mckinnon at gmail.com
Mon Dec 28 21:50:54 UTC 2015 

On 28/12/2015 23:30, Sebastien.Boulianne at cpu.ca wrote:
> WOW. Thanks for your very fast answer. It's appreciate.
> It works perfectly...
> 
> AND for that, do you have a clue Lee ?
> 
> bin/flogin b.10.10.84.8
> b.10.10.84.8
> spawn ssh -1 -c aes256-cbc -x -l admin b.10.10.84.8
> ssh1 is not supported
> 
> Error: Couldn't login


Now you have a real problem. I could be wrong on the details, I believe
debian now disables all support for ssh1 protocol in openssh-7 and
above. In other words, you will never use that ssh to log into that
device - the code is not there.

Do check the Changelogs for your distro, debian and derivatives are very
good at listing exactly what changed. If ssh1 support is indeed gone you
have three options:

Does flogin then attempt an ssh2 login which succeeds?
If so, you must modify flogin to prevent it trying ssh1 protocol.

Other than that, you have some options, none of them especially nice:

1. downgrade openssh on the rancid host to 6.x
2. replace the network device with something shipped this millenium
3. install the openssh sources and recompile with ssh1 support enabled


You were always going to have to deal with this sometime, now is a good
time. ssh1 should have died by fire 10 or more years ago

/alanm





> 
> Sébastien Boulianne
> 
> -----Message d'origine-----
> De : Lee [mailto:ler762 at gmail.com] 
> Envoyé : 28 décembre 2015 15:55
> À : Sebastien Boulianne <Sebastien.Boulianne at cpu.ca>
> Cc : rancid-discuss at shrubbery.net
> Objet : Re: [rancid] Issues with the latest version of OpenSSH and Rancid 3.2-2.
> 
> Hi,
> 
> On 12/28/15, Sebastien.Boulianne at cpu.ca <Sebastien.Boulianne at cpu.ca> wrote:
>> Hi all,
>>
>> I upgraded my debian os to the latest version and I saw there is an 
>> issue with the latest version of OpenSSH.
>>
>> dpkg -l | grep openssh
>> ii  openssh-client                   1:7.1p1-5                    amd64
>>   secure shell (SSH) client, for secure access to remote machines
>> ii  openssh-server                   1:7.1p1-5                    amd64
>>   secure shell (SSH) server, for secure access from remote machines
>> ii  openssh-sftp-server              1:7.1p1-5                    amd64
>>   secure shell (SSH) sftp server module, for SFTP access from remote 
>> machine
>>
>> I got this error...
>>
>> bin/flogin tr.1
>> tr.1
>> spawn ssh -c 3des -x -l cpu_backup tr.1 Unknown cipher type '3des'
>>
>> Error: Couldn't login
>>
>> Anyone ever had this problem ?
>> How did fix it ?
> 
> change cyphertype in ~/.cloginrc to aes256-cbc - ie.
> 
> add method      * {ssh}
> # add cyphertype        * {3des}
> add cyphertype  * {aes256-cbc}
> 
> Regards,
> Lee
> _______________________________________________
> Rancid-discuss mailing list
> Rancid-discuss at shrubbery.net
> http://www.shrubbery.net/mailman/listinfo/rancid-discuss
> 


-- 
Alan McKinnon
alan.mckinnon at gmail.com

More information about the Rancid-discuss mailing list