hunnymonster
commented
3 months ago Similar story here with a Cisco IOS XE 17.12.3 device... All working well for 17.9.5, but upon upgrade to 17.12.3 the Oxidized collector can no longer connect - with an hmac negotiation error...
SSH from the OS on the same host is working without error.
ssh_from_os.txt oxidized_hmac.txt oxidized-debug.txt
Edit to add oxidized debug - strange to note that debug indicated net-ssh 5.2.0 being used... when it is no longer on this host at all (replaced by 7.2.3)
Ruby Gems: net-ssh (7.2.3) oxidized (0.30.1) oxidized-script (0.6.0) oxidized-web (0.13.1)
As I say, continues to collect from 17.9.5 & below.
chrisch80
Hi,
how can I update ciphers for Oxidized to allow the following / add always the newest possible: set system services ssh ciphers "aes128-gcm@openssh.com" set system services ssh ciphers "aes256-gcm@openssh.com"
We have disabled all other ciphers on our Juniper boxes because of bug: https://supportportal.juniper.net/s/article/2024-05-Reference-Advisory-Junos-OS-and-Junos-OS-Evolved-Multiple-CVEs-reported-in-OpenSSH?language=en_US https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48795
Unfortunately Oxidized (0.29.1) is currently not able to backup those devices which only allow ciphers aes128-gcm and aes256-gcm.
SSH from this Linux Host (where Oxidized is running) to the devices is working fine, therefore it seems Oxidized is not using the OS implementations?
thx & br Chris