[rancid] clogin and rancid good, rancid-run fails

Ken Celenza ken.celenza at mail.com
Tue Oct 27 19:27:37 UTC 2015 


> Sent: Tuesday, October 27, 2015 at 1:04 PM
> From: "Lee Rian (CENSUS/TCO FED)" <lee.e.rian at census.gov>
> To: "Ken Celenza" <ken.celenza at mail.com>, "rancid-discuss at shrubbery.net" <rancid-discuss at shrubbery.net>
> Subject: Re: [rancid] clogin and rancid good, rancid-run fails
>
> > openssh was updated and I found this.
> >
> > https://www.suse.com/support/kb/doc.php?id=7016904
> 
> hrmm.. interesting.  I ran into problems after upgrading to openssh 7.something but it was very consistent - things either worked or no.  It didn't make any difference using clogin or rancid-run
> 
> > Trying to get it downgraded.
> 
> Can you try a few things before downgrading?
> 
> My .cloginrc - don't use 3DES for ssh:
> # add cyphertype        * {3des}
> add cyphertype  * {aes256-cbc}
> 
> My ~/.ssh/config - allow sha1
> KexAlgorithms +diffie-hellman-group1-sha1
> 
> I don't remember if this was required or no, but I did
> ssh-keygen -l -f ~/.ssh/known_hosts | sort -rn
> 
> and regenerated the ssh keys on anything that had a key length < 1024 bits
> 
> Regards,
> Lee
> 
> 
> ________________________________________
> From: Rancid-discuss <rancid-discuss-bounces at shrubbery.net> on behalf of Ken Celenza <ken.celenza at mail.com>
> Sent: Tuesday, October 27, 2015 12:23 PM
> To: rancid-discuss at shrubbery.net
> Subject: Re: [rancid] clogin and rancid good, rancid-run fails
> 
> > Sent: Tuesday, October 27, 2015 at 8:35 AM
> > From: "Alex DEKKER" <rancid at ale.cx>
> > To: rancid-discuss at shrubbery.net
> > Subject: Re: [rancid] clogin and rancid good, rancid-run fails
> >
> > On 26/10/15 18:25, Ken Celenza wrote:
> > >
> > > They are all: 12.4(24)T(X) code, cisco routers
> > >
> > > e.g.
> > > 12.4(24)T
> > > 12.4(24)T4
> > > 12.4(24)T6
> > > 12.4(24)T8
> > >
> > > routers
> > > 7204VXR
> > > 7206VXR
> > > 3825
> > > 3845
> > > 1841
> > >
> >
> > Can you SSH onto them from that box without any special parameters to
> > SSH? ISTR recent-ish versions of OpenSSH deprecating the algorithms [or
> > the default key size, perhaps?] used by older IOS, which means you have
> > to add some -o option to make it work.
> >
> > alexd
> > _______________________________________________
> > Rancid-discuss mailing list
> > Rancid-discuss at shrubbery.net
> > http://www.shrubbery.net/mailman/listinfo/rancid-discuss
> >
> 
> I think this is it. It's still weird that it works fine with ./rancid but not ./rancid-run. That being said, I turned on telnet, it worked fine, and I got a list of the packages that were updated. No changes to perl or expect, but openssh was updated and I found this.
> 
> https://www.suse.com/support/kb/doc.php?id=7016904
> 
> Trying to get it downgraded.
> 
> Thanks for everyone's help, and I'll report back if it did in fact fix the issue.
> _______________________________________________
> Rancid-discuss mailing list
> Rancid-discuss at shrubbery.net
> http://www.shrubbery.net/mailman/listinfo/rancid-discuss
> 



It did not work with those changes. I did not adjust my known_host file, but I have my known_host always sent to null, so it should not be an issue.

More information about the Rancid-discuss mailing list