[rancid] ssh problems

Doug Hughes doug.hughes at keystonenap.com
Thu May 11 01:42:15 UTC 2017


I had some problems with newer ASAs too. Try this in your .cloginrc

add cyphertype <device_here> aes256-cbc


On 5/10/2017 5:44 PM, Wayne Eisenberg wrote:
>
> Hi all,
>
>  
>
> I was setting up a new ASA 5545 to be part of our happy family, and it
> would not let rancid/ssh login to it, although putty has no problem.
> The output I get is:
>
>  
>
> [rancid at hosted]$ ssh -vvv -c aes256-cbc -x -l <***> <x.x.x.x>
>
> OpenSSH_5.1p1, OpenSSL 0.9.8i 15 Sep 2008
>
> debug1: Reading configuration data /etc/ssh/ssh_config
>
> debug2: ssh_connect: needpriv 0
>
> debug1: Connecting to [x.x.x.x] port 22.
>
> debug1: Connection established.
>
> debug1: identity file /home/rancid/.ssh/identity type -1
>
> debug3: Not a RSA1 key file /home/rancid/.ssh/id_rsa.
>
> debug2: key_type_from_name: unknown key type '-----BEGIN'
>
> debug3: key_read: missing keytype
>
> debug3: key_read: missing whitespace
>
> debug3: key_read: missing whitespace
>
> debug3: key_read: missing whitespace
>
> debug3: key_read: missing whitespace
>
> debug3: key_read: missing whitespace
>
> debug3: key_read: missing whitespace
>
> debug3: key_read: missing whitespace
>
> debug3: key_read: missing whitespace
>
> debug3: key_read: missing whitespace
>
> debug3: key_read: missing whitespace
>
> debug3: key_read: missing whitespace
>
> debug3: key_read: missing whitespace
>
> debug3: key_read: missing whitespace
>
> debug3: key_read: missing whitespace
>
> debug3: key_read: missing whitespace
>
> debug3: key_read: missing whitespace
>
> debug3: key_read: missing whitespace
>
> debug3: key_read: missing whitespace
>
> debug3: key_read: missing whitespace
>
> debug3: key_read: missing whitespace
>
> debug3: key_read: missing whitespace
>
> debug3: key_read: missing whitespace
>
> debug3: key_read: missing whitespace
>
> debug3: key_read: missing whitespace
>
> debug3: key_read: missing whitespace
>
> debug2: key_type_from_name: unknown key type '-----END'
>
> debug3: key_read: missing keytype
>
> debug1: identity file /home/rancid/.ssh/id_rsa type 1
>
> debug1: identity file /home/rancid/.ssh/id_dsa type -1
>
> ssh_exchange_identification: Connection closed by remote host
>
>  
>
> The relevant part of the firewall config:
>
> ssh scopy enable
>
> ssh y.y.y.y z.z.z.z outside
>
> ssh 0.0.0.0 0.0.0.0 inside
>
> ssh timeout 30
>
> ssh key-exchange group dh-group1-sha1
>
>  
>
> I suspect the key-exchange group line is the issue, but dang if I can
> figure out how to resolve it. I do not have any problems with using
> ssh on any other device at all. So yes, I have an id_rsa file that
> seems to be just fine since I connect to all the other devices.
>
>  
>
> The /etc/ssh/ssh_config file is only comments, no commands in there.
> If I try to add a line for KexAlgorithms, ssh gives me an error, ‘bad
> configuration option’.
>
>  
>
> ssh –V => OpenSSH_5.1p1, OpenSSL 0.9.8i 15 Sep 2008
>
> ssh –Q is not a valid option
>
>  
>
>  
>
> Any ideas?
>
>  
>
> Thanks,
>
> Wayne
>
>  
>
>
> ------------------------------------------------------------------------
>
> The information in this Internet e-mail (and any attachments) is
> confidential, may be legally privileged and is intended solely for the
> Addressee(s) named above. If you are not the intended recipient, or
> the employee or agent responsible for delivering it to the intended
> recipient, then any dissemination or copying of this e-mail (and any
> attachments) is prohibited and may be unlawful. If you received this
> e-mail in error, please immediately notify us by e-mail or telephone,
> then delete the message. Thank you.
>
>
> _______________________________________________
> Rancid-discuss mailing list
> Rancid-discuss at shrubbery.net
> http://www.shrubbery.net/mailman/listinfo/rancid-discuss

-- 
Doug Hughes
Keystone NAP
Fairless Hills, PA
1.844.KEYBLOCK (539.2562) 	

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20170510/054310fb/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: keystone-nap.png
Type: image/png
Size: 3476 bytes
Desc: not available
URL: <http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20170510/054310fb/attachment.png>


More information about the Rancid-discuss mailing list