From owner-freebsd-ports@FreeBSD.ORG Wed Jan 14 16:49:56 2015 Return-Path: Delivered-To: freebsd-ports@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 44E014F0 for ; Wed, 14 Jan 2015 16:49:56 +0000 (UTC) Received: from mail-ig0-x230.google.com (mail-ig0-x230.google.com [IPv6:2607:f8b0:4001:c05::230]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 0902EB05 for ; Wed, 14 Jan 2015 16:49:56 +0000 (UTC) Received: by mail-ig0-f176.google.com with SMTP id b16so7829216igk.3 for ; Wed, 14 Jan 2015 08:49:55 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:cc:content-type; bh=SF3m5T1zsoZwYjDK4Fpm67pyiS0rhw7/fbKZc1bamOo=; b=yy+fpvjFjF2KQBDUZQgF20/VsZsIG/0atd6LR5SPMuuaTAC1mKtML81p1TpGYjfWss ce0wkplcBXTytPKMk4cXhE5VpGuTLUM9vVTm18ONWkqXS4JSL3QbJzGul7DqS9XlAl1E u5Xy3XXOrteYq/pax5ZJG4/ZwqhUmTVZAboCP6EvOo2Ldm2lgFnbW3FifiklT2PGIz+N 9IIQ/1T1vl8FtjGa9iiqG3KMM1pVbgs4fZ67MEYyvt715pAD3z6i/EjDa0TXKswyZYR/ P7tYKp8T/pb78CXPgBcy8LX9zmW+yudat4iRiBeo7szdI7/hfeXLHXCWrF8pEspMTDj2 Tlyg== MIME-Version: 1.0 X-Received: by 10.107.168.18 with SMTP id r18mr5160470ioe.76.1421254195425; Wed, 14 Jan 2015 08:49:55 -0800 (PST) Sender: kob6558@gmail.com Received: by 10.107.52.19 with HTTP; Wed, 14 Jan 2015 08:49:55 -0800 (PST) In-Reply-To: <20150114153511.8ed616814cfc49ed21826e28@mimar.rs> References: <20150114153511.8ed616814cfc49ed21826e28@mimar.rs> Date: Wed, 14 Jan 2015 08:49:55 -0800 X-Google-Sender-Auth: Xl_QZ94PGzX98aEhCdBlcDWvBLU Message-ID: Subject: Re: net-mgmt/rancid and cisco ssh kexagorhitms From: Kevin Oberman To: =?UTF-8?B?TWFya28gQ3VwYcSH?= Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.18-1 Cc: FreeBSD Ports ML X-BeenThere: freebsd-ports@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: Porting software to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 14 Jan 2015 16:49:56 -0000 On Wed, Jan 14, 2015 at 6:35 AM, Marko Cupa=C4=87 wr= ote: > Hi, > > as of FreeBSD 9.3, it is not possible to ssh into some cisco routers > (namely 1921 and 3925 in my case), unless option -o KexAlgorithms=3D > diffie-hellman-group14-sha1 is specified. Probably, as a consequence, > rancid stopped working for these routers since I upgraded OS on which > it is installed to 9.3. > > How can I make this work again? > > Thank you in advance, > -- > Marko Cupa=C4=87 > https://www.mimar.rs This looks like an issue that should go to the RANCiD developers upstream. It's a rather trivial thing to adjust the expect script for clogin to deal with this, though it probably should be more than just adding the option to the ssh command to make it specific to the routers that actually require it. I suspect that OpenSSH portable has removed this key exchange mechanism as a default due to concerns with SHA1, but that is just a guess as I have not been following either RANCiD or OpenSSH since I retired. I do suspect that adding this option to clogin is all that is required to get it working for you, though. Just look through clogin for 'ssh' to find the commands. (Note that there are probably at least two cases and you probably want to change all of them. -- R. Kevin Oberman, Network Engineer, Retired E-mail: rkoberman@gmail.com