[rancid] clogin and rancid good, rancid-run fails

Jethro R Binks jethro.binks at strath.ac.uk
Tue Oct 27 18:48:50 UTC 2015 

On Tue, 27 Oct 2015, Ken Celenza wrote:

> > Sent: Tuesday, October 27, 2015 at 8:35 AM
> > From: "Alex DEKKER" <rancid at ale.cx>
> >
> > Can you SSH onto them from that box without any special parameters to 
> > SSH? ISTR recent-ish versions of OpenSSH deprecating the algorithms [or 
> > the default key size, perhaps?] used by older IOS, which means you have 
> > to add some -o option to make it work.
> > 
> > alexd
> 
> I think this is it. It's still weird that it works fine with ./rancid 
> but not ./rancid-run. That being said, I turned on telnet, it worked 
> fine, and I got a list of the packages that were updated. No changes to 
> perl or expect, but openssh was updated and I found this.

Holy Batman;

I've had a problem with a couple of systems for a while which I've only 
half-heartedly looked at, and then when I set them to 'down' forgot about 
completely for a while more.

But inspired by the above comments, I tested each of /usr/bin/ssh and 
/usr/local/bin/ssh, and the latter works but the former does not.  This 
explains why, like one of the OPs, rancid-run on the command-line worked, 
but not when run from cron - a variant of the usual reason, that the 
environment is different (in this case, $PATH).

I changed the order in the PATH in rancid.conf, and now it can connect to 
the systems concerned (and I see form the diffs that they started to fail 
after an update that changed some SSL/TLS settings).

The system /usr/bin/ssh was giving the following error:

no matching cipher found: client aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc at lysator.liu.se server aes128-ctr,aes192-ctr,aes256-ctr

Unfortunately his never made it to a rancid logfile that I could see so I 
was completely in the dark.  Is there any way that ssh errors like this 
could be caught and logged?

Happy Jethro.

.  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .
Jethro R Binks, Network Manager,
Information Services Directorate, University Of Strathclyde, Glasgow, UK

The University of Strathclyde is a charitable body, registered in
Scotland, number SC015263.

More information about the Rancid-discuss mailing list