[rancid] As one door closes, another opens... ssh failing with (some) Cisco devices after OS upgrade?

Nick Hilliard nick at foobar.org
Sun May 17 12:58:56 UTC 2015

On 16/05/2015 22:31, Alex DEKKER wrote:
> On 16/05/15 11:08, Howard Jones wrote:
>>  Evidently those specific devices don't meet some minimum standard that
>> the openssh folks enforce.
> There is an option you can pass to SSH ['-o
> KexAlgorithms=diffie-hellman-group14-sha1'] to allow it to connect to older
> versions of IOS. The error emitted by SSH isn't much help at all.

or on ios config:

ip ssh dh min size 4096

This doesn't work on all IOS images but if it works, it's a useful
workaround where upgrading is a problem.


More information about the Rancid-discuss mailing list