[rancid] Nexus 9k Login Crypto

heasley heas at shrubbery.net
Thu Dec 29 17:53:31 UTC 2016

Thu, Dec 29, 2016 at 03:08:32AM +0000, Piegorsch, Weylin William:
> Regarding type “cisco-nx”, is there a need to take into account the Nexus 9000 crypto support?
> See here:
> http://www.cisco.com/c/en/us/support/docs/switches/nexus-9000-series-switches/200663-Unable-to-SSH-into-Nexus-9K-fatal.html
> I found that my default setting yielded:
> [rancid at localhost ~]$ clogin Nexus-9k
> Nexus-9k
> spawn telnet Nexus-9k
> Trying
> telnet: connect to address Connection refused
> spawn ssh -c 3des -x -l rancid Nexus-9k
> no matching cipher found: client 3des-cbc server aes128-ctr,aes192-ctr,aes256-ctr
> Error: Couldn't login: Nexus-9k
> [rancid at localhost ~]$
> However, if I added the line to my .cloginrc:
> add cyphertype Nexus-9k {aes128-ctr,aes192-ctr,aes256-ctr}

thats fine.

> Then everything worked fine (I’ll spare everyone the output).
> I’m not clear this is a rancid issue, or a local system issue.  Is it something at least worth noting?

previous versions of rancid forced 3des, apparently including your version.
just use the cyphertype or upgrade, and you may still need to specify
cyphertype for the device.  also see the FAQ.

More information about the Rancid-discuss mailing list