[rancid] clogin and rancid good, rancid-run fails

Ken Celenza ken.celenza at mail.com
Tue Oct 27 19:32:44 UTC 2015 


> Sent: Tuesday, October 27, 2015 at 2:48 PM
> From: "Jethro R Binks" <jethro.binks at strath.ac.uk>
> To: rancid-discuss at shrubbery.net
> Subject: Re: [rancid] clogin and rancid good, rancid-run fails
>
> On Tue, 27 Oct 2015, Ken Celenza wrote:
> 
> > > Sent: Tuesday, October 27, 2015 at 8:35 AM
> > > From: "Alex DEKKER" <rancid at ale.cx>
> > >
> > > Can you SSH onto them from that box without any special parameters to 
> > > SSH? ISTR recent-ish versions of OpenSSH deprecating the algorithms [or 
> > > the default key size, perhaps?] used by older IOS, which means you have 
> > > to add some -o option to make it work.
> > > 
> > > alexd
> > 
> > I think this is it. It's still weird that it works fine with ./rancid 
> > but not ./rancid-run. That being said, I turned on telnet, it worked 
> > fine, and I got a list of the packages that were updated. No changes to 
> > perl or expect, but openssh was updated and I found this.
> 
> Holy Batman;
> 
> I've had a problem with a couple of systems for a while which I've only 
> half-heartedly looked at, and then when I set them to 'down' forgot about 
> completely for a while more.
> 
> But inspired by the above comments, I tested each of /usr/bin/ssh and 
> /usr/local/bin/ssh, and the latter works but the former does not.  This 
> explains why, like one of the OPs, rancid-run on the command-line worked, 
> but not when run from cron - a variant of the usual reason, that the 
> environment is different (in this case, $PATH).
> 
> I changed the order in the PATH in rancid.conf, and now it can connect to 
> the systems concerned (and I see form the diffs that they started to fail 
> after an update that changed some SSL/TLS settings).
> 
> The system /usr/bin/ssh was giving the following error:
> 
> no matching cipher found: client aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc at lysator.liu.se server aes128-ctr,aes192-ctr,aes256-ctr
> 
> Unfortunately his never made it to a rancid logfile that I could see so I 
> was completely in the dark.  Is there any way that ssh errors like this 
> could be caught and logged?
> 
> Happy Jethro.
> 
> .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .
> Jethro R Binks, Network Manager,
> Information Services Directorate, University Of Strathclyde, Glasgow, UK
> 
> The University of Strathclyde is a charitable body, registered in
> Scotland, number SC015263.
> _______________________________________________
> Rancid-discuss mailing list
> Rancid-discuss at shrubbery.net
> http://www.shrubbery.net/mailman/listinfo/rancid-discuss
> 


Brilliant!! So yes, I can confirm when running ssh from /usr/bin it fails, when I run the ssh I have it works no problem. Now what's still weird is my $path it shows /usr/bin second, but when I run it via rancid-run, it comes up first and fails, not exactly sure why. I was able to confirm this by monitoring my processes spawning with "strace -feprocess $SHELL" 

I saw this:
[pid  6384] execve("/src/rancid/rancid/bin/ssh", ["ssh", "-c", "3des", "-x", "-l", "user", "device", "-o", "UserKnownHostsFile=/dev/null", "-o", "StrictHostKeyChecking=no"], [/* 68 vars */]) = -1 ENOENT (No such file or directory)
[pid  6384] execve("/src/rancid/rancid//ssh", ["ssh", "-c", "3des", "-x", "-l", "user", "device", "-o", "UserKnownHostsFile=/dev/null", "-o", "StrictHostKeyChecking=no"], [/* 68 vars */]) = -1 ENOENT (No such file or directory)
[pid  6384] execve("/usr/bin/ssh", ["ssh", "-c", "3des", "-x", "-l", "user", "device", "-o", "UserKnownHostsFile=/dev/null", "-o", "StrictHostKeyChecking=no"], [/* 68 vars */]) = 0
[pid  6384] arch_prctl(ARCH_SET_FS, 0x7fc8024117c0) = 0
[pid  6384] exit_group(255)             = ?
Process 6384 detached
[pid  6383] --- SIGCHLD (Child exited) @ 0 (0) ---
[pid  6383] wait4(6384, [{WIFEXITED(s) && WEXITSTATUS(s) == 255}], 0, NULL) = 6384
[pid  6383] clone(Process 6387 attached
child_stack=0, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x7f4eddb709d0) = 6387
[pid  6387] --- SIGWINCH (Window changed) @ 0 (0) ---
[pid  6387] clone(Process 6388 attached
child_stack=0, flags=CLONE_PARENT_SETTID|SIGCHLD, parent_tidptr=0x7ffe9f44aeb8) = 6388

In reference to: 
"""  This explains why, like one of the OPs, rancid-run on the command-line worked, but not when run from cron - a variant of the usual reason, that the environment is different (in this case, $PATH). """

Actually didn't work via command line or cron.

More information about the Rancid-discuss mailing list