Date: Wed, 14 Jan 2015 08:49:55 -0800 From: Kevin Oberman <rkoberman@gmail.com> To: =?UTF-8?B?TWFya28gQ3VwYcSH?= <marko.cupac@mimar.rs> Cc: FreeBSD Ports ML <freebsd-ports@freebsd.org> Subject: Re: net-mgmt/rancid and cisco ssh kexagorhitms Message-ID: <CAN6yY1vDoMK3XAChD_DSO7vn%2BTN9vouts7N1rf4omc-JG3UEog@mail.gmail.com> In-Reply-To: <20150114153511.8ed616814cfc49ed21826e28@mimar.rs> References: <20150114153511.8ed616814cfc49ed21826e28@mimar.rs>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Jan 14, 2015 at 6:35 AM, Marko Cupa=C4=87 <marko.cupac@mimar.rs> wr= ote: > Hi, > > as of FreeBSD 9.3, it is not possible to ssh into some cisco routers > (namely 1921 and 3925 in my case), unless option -o KexAlgorithms=3D > diffie-hellman-group14-sha1 is specified. Probably, as a consequence, > rancid stopped working for these routers since I upgraded OS on which > it is installed to 9.3. > > How can I make this work again? > > Thank you in advance, > -- > Marko Cupa=C4=87 > https://www.mimar.rs This looks like an issue that should go to the RANCiD developers upstream. It's a rather trivial thing to adjust the expect script for clogin to deal with this, though it probably should be more than just adding the option to the ssh command to make it specific to the routers that actually require it. I suspect that OpenSSH portable has removed this key exchange mechanism as a default due to concerns with SHA1, but that is just a guess as I have not been following either RANCiD or OpenSSH since I retired. I do suspect that adding this option to clogin is all that is required to get it working for you, though. Just look through clogin for 'ssh' to find the commands. (Note that there are probably at least two cases and you probably want to change all of them. -- R. Kevin Oberman, Network Engineer, Retired E-mail: rkoberman@gmail.com
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAN6yY1vDoMK3XAChD_DSO7vn%2BTN9vouts7N1rf4omc-JG3UEog>