Exscript needs to negotiate ciphers automatically with older SSH systems...

[mpennington-te]

Exscript has problems logging into systems which need changes to allowed SSH2 ciphers... Exscript will fail on this host...

Example script:

from Exscript.util.interact import read_login
from Exscript.protocols import SSH2

account = read_login()
conn = SSH2(driver='generic')
conn.connect('some.old.system.localdomain')
conn.login(account)
conn.execute('term len 0')
conn.execute('show version')
version_output = conn.response
conn.send('exit\r')
conn.close()

To be explicit, this is what I see when I try to login manually...

% ssh myuser@some.old.system.localdomain
Unable to negotiate with 172.16.1.251 port 22: no matching cipher found. Their offer: aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc

If I manually change options, such as: ssh -c 3des-cbc some.old.system.localdomain, then the ssh session works.

Issue #190 worked around the problem a different way... but Exscript should have a way to handle it without modifying ~/.ssh/config

[mpenning]

I fixed the problem by forcing paramiko to downgrade ssh session params for this host...

from Exscript.util.interact import read_login
from Exscript.protocols import SSH2
import paramiko

### Ask paramiko to downgrade ciphers and kex algorithms...
### Begin problem resolution...
paramiko.Transport._preferred_ciphers = ('aes128-cbc', '3des-cbc',)
paramiko.Transport._preferred_kex = ('diffie-hellman-group-exchange-sha1', 'diffie-hellman-group14-sha1', 'diffie-hellman-group1-sha1',)
###  End problem resolution...

account = read_login()
conn = SSH2(driver='generic')
conn.connect('some.old.system.localdomain')
conn.login(account)
conn.execute('term len 0')
conn.execute('show version')
version_output = conn.response
conn.send('exit\r')
conn.close()

[mpenning]

@egroeper please close this ticket out when you have time... I opened the ticket while I was working for Cisco, but I left and don't have access to those credentials now...