Rancid can’t SSH to older ISRs?

Well its 2016 and you still have that one-of-kind Cisco ISR 2811 or 3845 running in the environment? You followed and installed Rancid, all the new stuff works like it should but when you try to connect to that “one-of-kind” 2811 with Rancid it closes the connection… :/

This is a simple fix and the bug is reported here: LINK. The bug is something with OpenSSH which is installed on your Linux operating system and Rancid rides on top of it. You would have the same issue if you just tried SSH to thing directly from your Rancid machine. The bug looked to be fixed starting OpenSSH 6.9 but as right now at least in Centos 7 the version it goes up to is OpenSSH 6.6. You can verify this by using sshd -V to output the OpenSSH version you are using.

Simple fix is to modify the ssh_config file usually located at /etc/ssh/ssh_config and at the bottom of the file put the host you are connecting to. Copy what you have in your router.db file meaning if you are using DNS names put DNS names of the devices that won’t connect into this file. If you are using IP address use IP address in this file. In this example I’m using IP addresses and DNS names, the following is at the bottom of the ssh_config file:

# Custom Rancid Configuration (Issues with Connecting SSH with Older Devices)
# Bug Report 740307 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=740307
#
Host 192.168.3.1
	KexAlgorithms=diffie-hellman-group14-sha1
#
Host Router03.example.com
	KexAlgorithms=diffie-hellman-group14-sha1
#
Host Router02.example.com
	KexAlgorithms=diffie-hellman-group14-sha1
#

You should be good to go after that. You can test this by using clogin or by connecting directly. If you noticed on the bug report you could also up the Diffie-Hellman size to 4096 on the router itself by using the ip ssh dh min size 4096 command as well. I hope this helps if you ever need it 🙂

Copy Running-Config From PowerShell

powershell-logoI will be up front on this I really never had that much experience with power-shell scripts but I wanted a quick way to connect to routers and switches and issue the show run command and have that script output everything into one file. So some searching around I decided to drive into power-shell to see if I could get something to work. Continue reading

How to Configure SSH on Dell Power-Connect

Although not dealing with Cisco directly Dell switches are around in network closets and with my limited experience with them I thought this would be a perfect blog post to show the differences between Dell and Cisco. I like to think of Dell CLI like a dumb downed version of the Cisco CLI so I had some time to play around with a Dell 6248P switch and wanted to figure out how to get SSH working in the thing. Couple searches around the web and some guess and check methods I was able to get SSH working and disable telnet sessions from connecting to the switch. Compared to a Cisco switch dell has few commands when configuring SSH. This switch was configured with an IP address and user name and passwords before I touched it but I don’t think would too hard to figure out. 🙂 Continue reading

Configuring SSH

Today this tutorial is going be talking about how to configure SSH on a Cisco router or switch. SSH or Secure Shell encrypts the data that is sent from the terminal application to the device. Making if far more safer when it is compared to telnet which sends the data in plain text. Continue reading