01-11-2022 07:04 PM
I'm working with Ansible 2.9 and when I try to run Ad-Hoc commands or plays I get errors stating my ssh
ansible -m ios_ping -a "dest=10.88.2.21" testboxes
SSH password:
ys2021_b2046r301_test.srf.local | FAILED! => {
"changed": false,
"msg": "Connection type ssh is not valid for this module"
}
Is there a way to change the Key Exchange algorithm from:
ip ssh server algorithm kex ?
diffie-hellman-group-exchange-sha1 DH_GRPX_SHA1 diffie-hellman key exchange algorithm
diffie-hellman-group14-sha1 DH_GRP14_SHA1 diffie-hellman key exchange algorithm
to anyone of the below or a combinaton?
ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,ext-info-c server diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
01-11-2022 08:53 PM
Hi
you might have a cipher issue but the error message you gave is related to a missing network plugin.
do you have configured any host vars or group vars?
here a thread I’m sure can help you (this is a common issue):
01-11-2022 09:18 PM
I am assuming that "host" in the line "/home/admin/ansible/hosts" is the file which contains
[backups]
raphael ansible_host=192.168.1.20
where "backups" is under all:
children:
backups:
192.168.1.20
switch:
<someIP>
Please forgive my noobyness, I'm transitioning from Redhat Ansible training to real life Ansible deployment and this material wasn't covered, only how to code. Their labs are self contained and you just install them with wget and then start working.
01-12-2022 01:21 AM
check this thread how you can connect using ansible to devices using ciphers :
01-12-2022 07:44 PM
Is it possible to add key exchange that will upgrade the switch from , diffie-hellman-group-exchange-sha1 and diffie-hellman-group14-sha1? Apparently sha1 is no longer STIG allowable. I thought that to upgrade my key exchanges I would have to upgrade the IOS.
01-13-2022 04:05 AM
upgrading the SSH v2 to get new cipher is addon and more secure.
01-14-2022 01:51 PM
Looks like the 16.12.X train is heading to EOL/EOS this year. We will be moving to Amsterdam 17.3.X or 17.4.X. I read another post on an unrelated search that Key Exchanges of SHA1 are no longer used. This should solve our issue.
We are already using SSH V2 based on policy.
I've had to fix weak ciphers before, e.g. AES128-ctr, AES128-cbc but haven't ever done KEX.
ej
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide