Rancid can’t SSH to older ISRs?

Well its 2016 and you still have that one-of-kind Cisco ISR 2811 or 3845 running in the environment? You followed and installed Rancid, all the new stuff works like it should but when you try to connect to that “one-of-kind” 2811 with Rancid it closes the connection… :/

This is a simple fix and the bug is reported here: LINK. The bug is something with OpenSSH which is installed on your Linux operating system and Rancid rides on top of it. You would have the same issue if you just tried SSH to thing directly from your Rancid machine. The bug looked to be fixed starting OpenSSH 6.9 but as right now at least in Centos 7 the version it goes up to is OpenSSH 6.6. You can verify this by using sshd -V to output the OpenSSH version you are using.

Simple fix is to modify the ssh_config file usually located at /etc/ssh/ssh_config and at the bottom of the file put the host you are connecting to. Copy what you have in your router.db file meaning if you are using DNS names put DNS names of the devices that won’t connect into this file. If you are using IP address use IP address in this file. In this example I’m using IP addresses and DNS names, the following is at the bottom of the ssh_config file:

# Custom Rancid Configuration (Issues with Connecting SSH with Older Devices)
# Bug Report 740307 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=740307
#
Host 192.168.3.1
	KexAlgorithms=diffie-hellman-group14-sha1
#
Host Router03.example.com
	KexAlgorithms=diffie-hellman-group14-sha1
#
Host Router02.example.com
	KexAlgorithms=diffie-hellman-group14-sha1
#

You should be good to go after that. You can test this by using clogin or by connecting directly. If you noticed on the bug report you could also up the Diffie-Hellman size to 4096 on the router itself by using the ip ssh dh min size 4096 command as well. I hope this helps if you ever need it 🙂

Advertisements

iPerf Throughput Testing

speedTesting a network’s throughput is a good move, if you are testing a new service you stood up or making sure you getting what you paid for. iPerf is good free open source tool when there isn’t really a need to use commercial more expensive tools. In this short tutorial I’ll go over how to configure iPerf which is a CLI tool so let’s get started. Continue reading “iPerf Throughput Testing”

Cisco VIRL – Update

VIRL-logo-eCisco released VIRL almost a year ago and it’s not at the 1.0 version yet but it’s getting close as they have done some good work towards the product since it first lunched. Cisco VIRL is like GNS3 which is simulation platform that runs Cisco’s current operating systems so instead of buying used Cisco hardware you can run this program on your computer. This software is geared towards proof-of-concept designs, for personal and training on Cisco Certifications. Let’s talk about it!

Continue reading “Cisco VIRL – Update”

Passed the 640-911 DCICN

Cisco started this exam back in 2012 and I have thought/semi-studied about this test for about over a year now, just did not feel comfy about it until recently. I took the test last week and passed, however there were some questions on the exam I noticed that weren’t on the exam blueprint so that kind of surprised me. I was happy to still be able to pass the exam but I was caught off guard. So with that I’ll let you know what I used to study and what areas I think might help so you won’t be as “surprised” as I was. Continue reading “Passed the 640-911 DCICN”

Converting Hexadecimal to Decimal and Binary

The purpose of this post is to reference the CCNA Data Center (640-911) exam. This exam starts the conversation of IPv6 and since IPv6 is hexadecimal this post starts the talk about how we look at a hexadecimal values and learn how to convert them to binary and decimal. If you know subnetting skills then this won’t be that difficult. If you are new then check out The Wonders of Binary post as well as Part 1 and Part 2 of subnetting. Let’s get started! Continue reading “Converting Hexadecimal to Decimal and Binary”