[rancid] As one door closes, another opens... ssh failing with (some) Cisco devices after OS upgrade?

Howard Jones howie at thingy.com
Sun May 17 10:05:38 UTC 2015

On 16/05/2015 22:31, Alex DEKKER wrote:
> On 16/05/15 11:08, Howard Jones wrote:
>>  Evidently those specific devices don't meet some minimum standard 
>> that the openssh folks enforce.
> There is an option you can pass to SSH ['-o 
> KexAlgorithms=diffie-hellman-group14-sha1'] to allow it to connect to 
> older versions of IOS. The error emitted by SSH isn't much help at all.
Aha! That's the one. Thanks, Alex.

So for the archive, the complete fix is to create a shell script 
(local/ssh-old-kex for me):

ssh -o KexAlgorithms=diffie-hellman-group14-sha1 $*

Then for the affected devices, add this in .cloginrc

add sshcmd oldrouter /opt/rancid/local/ssh-old-kex

More information about the Rancid-discuss mailing list