[rancid] As one door closes, another opens... ssh failing with (some) Cisco devices after OS upgrade?
Howard Jones
howie at thingy.com
Sun May 17 10:05:38 UTC 2015
On 16/05/2015 22:31, Alex DEKKER wrote:
> On 16/05/15 11:08, Howard Jones wrote:
>> Evidently those specific devices don't meet some minimum standard
>> that the openssh folks enforce.
>>
> There is an option you can pass to SSH ['-o
> KexAlgorithms=diffie-hellman-group14-sha1'] to allow it to connect to
> older versions of IOS. The error emitted by SSH isn't much help at all.
>
Aha! That's the one. Thanks, Alex.
So for the archive, the complete fix is to create a shell script
(local/ssh-old-kex for me):
#!/bin/sh
ssh -o KexAlgorithms=diffie-hellman-group14-sha1 $*
Then for the affected devices, add this in .cloginrc
add sshcmd oldrouter /opt/rancid/local/ssh-old-kex
More information about the Rancid-discuss
mailing list