Open barte91 opened 8 years ago
chrpinedo
commented
8 years ago Nowadays I don't have switches to check your problem. I can only maintain the repo and accept pull-request provided by other committers.
I don't know if anyone can provide more information on this problem.
barte91
commented
8 years ago Thanks for update Christian, i hopeanyone have a soluion!
barte91
commented
8 years ago Hi Christian,
I found a bug,in csblogin file, there isn't a enable password and the script use "lcli" command instead "enable" in line 425. For my use i'm set a static password on line 432 but there ins't a method to pass a enable password from .cloginrc file? I think this could be interesting for many user...
itcarecloud
commented
7 years ago Hi. After few days of thinking and imprecations with my rancid config and stacked SG500 my config finally works. I have no idea why but my Rancid v 3.3.X had problems with connectiong to the switches.
The biggest issue was failed connection via csblogin (default cslogin works, csblogin failed). It needed to add a line in .cloginrc add cyphertype my.switch.com {aes256-cbc}
Cause I've tested some versions of csblogin and csbrancid I dont know which one is from what source. Below is my config which works 100% (for me). I hope that it will help someone. csblogin/csbrancid is available to download an correct version. If someone need i can upload.
csblogin
$Id: csblogin,v 1.3 2010-01-28 13:12:00 bjorn Exp $
rancid 2.3.2a8
csbrancid $Id: csbrancid,v 1.4 2009-06-06 14:04:25 bjorn Exp $ rancid 2.3.2a8
.cloginrc file add autoenable my.switch.com {1} add method my.switch.com {ssh} add password my.switch.com {hereismypassword} <<push your pass here add user my.switch.com {hereismyswitchlogin} <<push your login here add userprompt my.switch.com {"User Name:"} add cyphertype my.switch.com {aes256-cbc}
rancid.types.conf (in /etc/rancid/...) cisco-sb;script;csbrancid cisco-sb;login;csblogin
router.db (in the path folder) my.switch.com;cisco-sb;up
I've seen that several versions of penguin (linux) has multiple syntax. Please check the files router.db, rancid.types.conf where records are separated by ;
Some OS versions need " : " against " ; "
Im not a linux guy so not sure why its so.
After all, please be sure that all of the csblogin/csbrancid files have correct privileges. I hope it'll help.
chrpinedo
commented
7 years ago It seems to be a problem with the new default settings of SSH program. This error is mentioned at the FAQ file of RANCID 3.6.2:
5) O/S specific
5a) General
Q. After an O/S upgrade, ssh logins are failing errors such as:
Unable to negotiate with IP port 22: no matching key exchange method found. Their offer: diffie-hellman-group1-sha1
or
%SSH-3-DH_RANGE_FAIL: Client DH key range mismatch with maximum configured DH key on server.
A. The latest openssh has dropped support for less secure ciphers, but many devices
do not support the newer ciphers, kex, etc. Work-arounds:
Set a different cipher in your .cloginrc, eg:
add cyphertype * {aes256-cbc}
Re-enable the old kex method in your ssh_config (weakdh.org):
Host *
GSSAPIAuthentication yes
KexAlgorithms +diffie-hellman-group1-sha1
Increase the key size in Cisco config:
ip ssh dh min size 4096
@Ragn4rok I assume this was your problem.
MrYobe
commented
6 years ago @chrpinedo I seem to be having the same problem even after doing as advised. As a normal user I can ssh into a cisco switch just fine without a problem but rancid login is failing. please see below:
root@ubuntuserver1:~# /usr/lib/rancid/bin/clogin -f /var/lib/rancid/.cloginrc ServerRoom.Sw serverroom.sw spawn ssh -c aes256-cbc -x -l rancid serverroom.sw Unable to negotiate with 192.168.1.125 port 22: no matching key exchange method found. Their offer: diffie-hellman-group1-sha1
Where else should i check?
Hi,
I've a problem in login with Cisco SG500 series, I test csblogin but I cann't login to the switch in ssh, do you have a solution?
Thanks a lot