[rancid] RANCID Not Honoring cyphertype in .cloginrc

Bob Franzke bob.franzke at altn.com
Wed Nov 16 19:48:38 UTC 2016


Greetings,
 
I am trying to get RANCID to use a different cyphertype. I have the following in my .cloginrc file:
 
add method      alteon*.altn.int                {ssh}
add cyphertype  alteon*.altn.int                {aes256-ctr}
add user        alteon*.altn.int                {user}
add password    alteon*.altn.int                {*******}
add autoenable  alteon*.altn.int                1
 
I am trying to access Alteon devices using the alogin script. As far as I know I should be able to add the cyphertype directive in the cloginrc file and have the spawned SSH session use the specified cipher when connecting. With the above add cyphertype line in the file, I get the following when running the alogin script:
 
$ /usr/local/libexec/rancid/alogin alteon-a.colo.altn.int
alteon-a.colo.altn.int
spawn ssh -c 3des -x -l user alteon-a.colo.altn.int
no matching cipher found: client 3des-cbc server aes256-ctr,aes192-ctr,aes128-ctr,arcfour
 
Error: Couldn't login
$
 
It looks to me like alogin is ignoring the cyphertype line and using 3des for the connection. In a recent software update, it seems Radware removed 3des ciphers by default for Alteon devices so the connection fails. AFAIK all I need to do to specify ciphers for the connection is add it to the .cloginrc file. Is there anything else that needs to be done here? Incidentally, that same behavior occurs when running the clogin script. The cyphertype value just seems to be ignored. Does my .cloginrc config look reasonable?
 
Version information:
 
$ pkg version | grep rancid
rancid-2.3.8_6                     =
$ pkg version | grep expect
expect-5.45.3                      =
$ uname -a
FreeBSD netmon.altn.int 9.3-RELEASE-p43 FreeBSD 9.3-RELEASE-p43 #0: Sat May 28 00:19:32 UTC 2016     root at amd64-builder.daemonology.net:/usr/obj/usr/src/sys/GENERIC  amd64
 
I saw some information regarding configuring the SSH Daemon to support certain ciphers, but I am not sure it relevant to issuing connections to other servers. I don’t have any added ciphers in my ssh config file but am told the default set should support connections like the one above.
 
Any help here would be appreciated. I am not sure what else to look for. Thanks in advance.
 
Bob
 
 
Robert Franzke
Network Administrator
Alt-N Technologies, Ltd. | Grapevine, TX
Office 817.601.3222 x234 | Mobile 972.746.5470
http://www.altn.com
 
Sent using Alt-N's own MDaemon Messaging Server
Now available with BYOD Mobile Device Management,
Document Sharing, Hijacked Account Detection and more.
 
Get to know the Alt-N family by liking us on Facebook!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20161116/f16f5a7d/attachment.html>


More information about the Rancid-discuss mailing list