[rancid] RANCID Not Honoring cyphertype in .cloginrc

Bob Franzke bob.franzke at altn.com
Fri Jan 6 00:56:38 UTC 2017 

OK -M switch reveals the issue:

/usr/local/libexec/rancid/clogin -M alteon-a.colo.altn.int
alteon-a.colo.altn.int

cyphertype:/home/rancid/.cloginrc:108: * 3des 

The. So I looked in the .cloginrc and found the problem:

# set ssh encryption type, dflt: 3des
add cyphertype *                {3des}

This was set up above my long time additions in an example section so I missed it. Somehow was uncommented (no doubt to my endless experimenting). I corrected it and now get this:

$ /usr/local/libexec/rancid/alogin alteon-a.colo.altn.int
alteon-a.colo.altn.int
spawn ssh -c aes256-ctr -x -l admin alteon-a.colo.altn.int
admin at alteon-a.colo.altn.int's password:

Works like a charm when you do things right. The -M switch was quite helpful so thanks very much for pointing it out. Really appreciate the time and all the help. I am in business.

Regards-

Bob



-----Original Message-----
From: heasley [mailto:heas at shrubbery.net] 
Sent: Thursday, January 05, 2017 6:33 PM
To: Bob Franzke
Cc: heasley; rancid-discuss at shrubbery.net
Subject: Re: [rancid] RANCID Not Honoring cyphertype in .cloginrc

Thu, Jan 05, 2017 at 06:17:21PM -0600, Bob Franzke:
> Thanks for the reply. See below:
> 
> root at netmon:/usr/home/bob # /usr/local/libexec/rancid/clogin -V rancid 
> 3.6.1

hrm; 3des does not appear in the source.

> root at netmon:/usr/home/bob #
> 
> I did not show output before but did try using alogin as well and got the same result:
> 
> $ /usr/local/libexec/rancid/alogin alteon-a.colo.altn.int 
> alteon-a.colo.altn.int spawn ssh -c 3des -x -l admin 
> alteon-a.colo.altn.int no matching cipher found: client 3des-cbc 
> server aes256-ctr,aes192-ctr,aes128-ctr,arcfour
> 
> Error: Couldn't login
> 
> Maybe the wildcard character in the .cloginrc for alteon devices is messing it up. It seems to work for the other directives (passwords, etc.) just not cyphertype. Maybe I'll try to just add a specific line to handle alteons without the wildcard character and see if that gets me anything.
> 
> Can you confirm the  bracketed cyphertype option is correct ({aes256-ctr})?

yes.  also try clogin -[Mm] hostname (cant recall if i added these options to alogin) to see if its coming from your cloginrc.

> 
> -----Original Message-----
> From: heasley [mailto:heas at shrubbery.net]
> Sent: Thursday, January 05, 2017 5:54 PM
> To: Bob Franzke
> Cc: heasley; rancid-discuss at shrubbery.net
> Subject: Re: [rancid] RANCID Not Honoring cyphertype in .cloginrc
> 
> Thu, Jan 05, 2017 at 04:44:58PM -0600, Bob Franzke:
> > Thanks for the reply here. I finally got some time to upgrade rancid. See here:
> > 
> > $ pkg version | grep rancid
> > rancid3-3.6.1                      =
> > 
> > 3.6.1 instead of the suggested 3.5.1 but I assume functionality is still there in 3.6.1. I am still having issues though:
> 
> its either in your cloginrc, you have a rogue clogin or you do not actually have rancid 3.6.1.  what does /usr/local/libexec/rancid/clogin -V claim?
> 
> 
> > $ /usr/local/libexec/rancid/clogin alteon-a.colo.altn.int
> 
> btw, alogin is for alteon stuff.  also see plogin.
> 
> > alteon-a.colo.altn.int
> > spawn ssh -c 3des -x -l admin alteon-a.colo.altn.int no matching 
> > cipher found: client 3des-cbc server 
> > aes256-ctr,aes192-ctr,aes128-ctr,arcfour

More information about the Rancid-discuss mailing list