ssh negotiate problem - no matching cipher found

CiscoTestAutomation / pyats-docker

Dockerfile and scripts for pyATS

Apache License 2.0

39 stars 11 forks source link

ssh negotiate problem - no matching cipher found #4

Closed urskog84 closed 4 years ago

urskog84 commented 4 years ago

[2020-03-06 21:29:09,144] +++ Unicon plugin ios +++
Unable to negotiate with 192.168.1.55 port 22: no matching cipher found. Their offer: aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc

[2020-03-06 21:29:09,168] +++ connection to spawn: ssh -l admin 192.168.1.55 -p 22, id: 140467210717896 +++
[2020-03-06 21:29:09,169] connection to fspipswi001

After update the continaer ciscotestautomation/pyats:20.1 to 20.2 i get above error

tahigash commented 4 years ago

@urskog84 sorry for late update. This is because OpenSSH on docker image was upgraded and the newer one doesn't use those ciper specs which device offers by default.

This can be resolved by specifying the ciper spec explicitly via ssh_options like below.


devices:
    RouterA:
      (snip)
      connections:
        ssh:
          protocol: ssh
          ip: 10.1.1.1
          port: 22
          ssh_options: -c aes256-cbc   # <<< HERE