If you ever needed a TFTP or an anonymous FTP server to transfer files, logs, or crash debugs to and from your network devices it can be a little tricky if you don’t have anything setup. There are some free quick programs out there if you are in a pinch for one-time transfers but if you ever wanted to have something in infrastructure that is ready to go for this kind of stuff just follow this tutorial below. I’m using the latest version of Centos 7 minimal, we need to add some house keeping items first so let’s get started! Continue reading
Well its 2016 and you still have that one-of-kind Cisco ISR 2811 or 3845 running in the environment? You followed and installed Rancid, all the new stuff works like it should but when you try to connect to that “one-of-kind” 2811 with Rancid it closes the connection…
This is a simple fix and the bug is reported here: LINK. The bug is something with OpenSSH which is installed on your Linux operating system and Rancid rides on top of it. You would have the same issue if you just tried SSH to thing directly from your Rancid machine. The bug looked to be fixed starting OpenSSH 6.9 but as right now at least in Centos 7 the version it goes up to is OpenSSH 6.6. You can verify this by using sshd -V to output the OpenSSH version you are using.
Simple fix is to modify the ssh_config file usually located at /etc/ssh/ssh_config and at the bottom of the file put the host you are connecting to. Copy what you have in your router.db file meaning if you are using DNS names put DNS names of the devices that won’t connect into this file. If you are using IP address use IP address in this file. In this example I’m using IP addresses and DNS names, the following is at the bottom of the ssh_config file:
# Custom Rancid Configuration (Issues with Connecting SSH with Older Devices) # Bug Report 740307 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=740307 # Host 192.168.3.1 KexAlgorithms=diffie-hellman-group14-sha1 # Host Router03.example.com KexAlgorithms=diffie-hellman-group14-sha1 # Host Router02.example.com KexAlgorithms=diffie-hellman-group14-sha1 #
You should be good to go after that. You can test this by using clogin or by connecting directly. If you noticed on the bug report you could also up the Diffie-Hellman size to 4096 on the router itself by using the ip ssh dh min size 4096 command as well. I hope this helps if you ever need it 🙂
Let’s start out 2016 with setting up a logging system called Graylog. If you have not used Graylog before then I encourage you to check it out. This is an open source log management system and is pretty flexible as it can capture, index and analyze almost anything. Once up and running this system can be scaled out for an enterprise wide log management system. High availability, clustered, and replicated is what Graylog thrives on. In this demo I am going to have two systems. One is the Graylog server, web server and will also have a Mongo database. The other system will be an Elasticsearch node which is what will have the actual data stored in and indexed. For bigger “production” ready setups you just scale this out to separate systems. Continue reading
In my last post I talked about installing Rancid on Centos 7 so be sure to check that out. In this post we now want to actually use Rancid so I’ll walk through on how to setup Rancid to login into network equipment and get configurations. To recap: Rancid is a great tool to help monitor a device configuration for any changes. It also keeps track of them by using CVS (Concurrent Version System) for backups, so you can go back and compare versions or revert to a previous configuration. Rancid supports multiple hardware from Cisco, HP, Dell, Juniper and more. This is all open-source so you can create custom scripts or add commands to really make this a personal repository that fits your company. Continue reading
In this post I want to walk though the steps to install Rancid on CentOS 7 minimal. Rancid is a great tool to help monitor a device configuration for any changes. It also keeps track of them by using CVS (Concurrent Version System) for backups, so you can go back and compare versions or revert to a previous configuration. Rancid supports multiple hardware from Cisco, HP, Dell, Juniper and more. This is all open-source so you can create custom scripts or add commands to really make this a personal repository that fits your company. During this install guide several things are required when we install Rancid, I have tired to make this as simple as possible but its not just a type and watch it install. You have to customize some of the scripts to make Rancid work like it should. Read it though and follow along.