Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3225
Views
0
Helpful
3
Replies

Cant login ssh with ansible because of cipher error from cisco

PeoriaGarfield34010
Level 1
Level 1

‎10-26-2020 09:42 PM

cSo I am trying to automate cisco configuration in Debian OS with Ansible, the problem is when I tried to test the playbook for connection and command with:

ansible student1 -m raw -a  "show version | include IOS"

I get this error:

fatal: [r1]: UNREACHABLE! => changed=false
  msg: 'Failed to connect to the host via ssh: Unable to negotiate with 10.30.1.231 port 2201: no matching cipher found. Their offer: aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc'
  unreachable: true

Is there a way to pass the cipher to Ansible? When connecting using SSH, I always use -c aes128-cbc and it always works out, but I dont know how Ansible handles cipher in SSH. My devices are on cisco and its in a version where pubkey-chain doesnt exist, and its not mine as well. Any suggestion?

 
MyGiftCardSite
Labels:
0 Helpful
3 Replies 3

ngkin2010
Level 7
Level 7

‎10-26-2020 10:34 PM

https://ansible-docs.readthedocs.io/zh/stable-2.0/rst/intro_inventory.html

 

You may refer to the argument ansible_ssh_common_args

ansible_ssh_common_args
  This setting is always appended to the default command line for
  sftp, scp, and ssh. Useful to configure a ``ProxyCommand`` for a
  certain host (or group).

And your inventory file:

[servers]
x.x.x.x ansible_ssh_common_arg="-o Ciphers=aes128-cbc,3des-cbc"
0 Helpful

Grantham12
Level 1
Level 1

‎06-18-2021 03:04 AM

Interesting topic for a blog. I have been searching the Internet for fun and came upon your website. Fabulous post. Thanks a ton for sharing your knowledge! It is great to see that some people still put in an effort into managing their websites. I'll be sure to check back again real soon.

 

MyAARPMedicare

0 Helpful

Callum5529
Level 1
Level 1

‎07-16-2021 04:36 AM - edited ‎07-19-2021 08:52 AM

Multiple options are available.

For using the CLI add --ssh-extra-args -c aes128-cbc

To use a config file:

In your /etc/ansible/ansible.cfg file, set:

[ssh_connection]
-C -o ControlMaster=auto -o ControlPersist=60s -c aes128-cbc

mythdhr

0 Helpful
Customers Also Viewed These Support Documents