[rancid] ssh problems

Scott Granados scott.granados at gmail.com
Wed May 10 21:48:02 UTC 2017


You didn’t by chance generate this key your using on a windows device and then SCP it to your asa did you?  All the white space errors are jumping out at me making me think there’s a problem in the CR / LF handling but that’s an absolute pure guess so please add as many grains of salt as you feel is warranted.:)


> On May 10, 2017, at 5:44 PM, Wayne Eisenberg <Wayne.Eisenberg at CarolinasIT.com> wrote:
> 
> Hi all,
> 
> I was setting up a new ASA 5545 to be part of our happy family, and it would not let rancid/ssh login to it, although putty has no problem. The output I get is:
> 
> [rancid at hosted]$ ssh -vvv -c aes256-cbc -x -l <***> <x.x.x.x>
> OpenSSH_5.1p1, OpenSSL 0.9.8i 15 Sep 2008
> debug1: Reading configuration data /etc/ssh/ssh_config
> debug2: ssh_connect: needpriv 0
> debug1: Connecting to [x.x.x.x] port 22.
> debug1: Connection established.
> debug1: identity file /home/rancid/.ssh/identity type -1
> debug3: Not a RSA1 key file /home/rancid/.ssh/id_rsa.
> debug2: key_type_from_name: unknown key type '-----BEGIN'
> debug3: key_read: missing keytype
> debug3: key_read: missing whitespace
> debug3: key_read: missing whitespace
> debug3: key_read: missing whitespace
> debug3: key_read: missing whitespace
> debug3: key_read: missing whitespace
> debug3: key_read: missing whitespace
> debug3: key_read: missing whitespace
> debug3: key_read: missing whitespace
> debug3: key_read: missing whitespace
> debug3: key_read: missing whitespace
> debug3: key_read: missing whitespace
> debug3: key_read: missing whitespace
> debug3: key_read: missing whitespace
> debug3: key_read: missing whitespace
> debug3: key_read: missing whitespace
> debug3: key_read: missing whitespace
> debug3: key_read: missing whitespace
> debug3: key_read: missing whitespace
> debug3: key_read: missing whitespace
> debug3: key_read: missing whitespace
> debug3: key_read: missing whitespace
> debug3: key_read: missing whitespace
> debug3: key_read: missing whitespace
> debug3: key_read: missing whitespace
> debug3: key_read: missing whitespace
> debug2: key_type_from_name: unknown key type '-----END'
> debug3: key_read: missing keytype
> debug1: identity file /home/rancid/.ssh/id_rsa type 1
> debug1: identity file /home/rancid/.ssh/id_dsa type -1
> ssh_exchange_identification: Connection closed by remote host
> 
> The relevant part of the firewall config:
> ssh scopy enable
> ssh y.y.y.y z.z.z.z outside
> ssh 0.0.0.0 0.0.0.0 inside
> ssh timeout 30
> ssh key-exchange group dh-group1-sha1
> 
> I suspect the key-exchange group line is the issue, but dang if I can figure out how to resolve it. I do not have any problems with using ssh on any other device at all. So yes, I have an id_rsa file that seems to be just fine since I connect to all the other devices.
> 
> The /etc/ssh/ssh_config file is only comments, no commands in there. If I try to add a line for KexAlgorithms, ssh gives me an error, ‘bad configuration option’.
> 
> ssh –V => OpenSSH_5.1p1, OpenSSL 0.9.8i 15 Sep 2008
> ssh –Q is not a valid option
> 
> 
> Any ideas?
> 
> Thanks,
> Wayne
> 
> 
> 
> The information in this Internet e-mail (and any attachments) is confidential, may be legally privileged and is intended solely for the Addressee(s) named above. If you are not the intended recipient, or the employee or agent responsible for delivering it to the intended recipient, then any dissemination or copying of this e-mail (and any attachments) is prohibited and may be unlawful. If you received this e-mail in error, please immediately notify us by e-mail or telephone, then delete the message. Thank you.
> _______________________________________________
> Rancid-discuss mailing list
> Rancid-discuss at shrubbery.net <mailto:Rancid-discuss at shrubbery.net>
> http://www.shrubbery.net/mailman/listinfo/rancid-discuss <http://www.shrubbery.net/mailman/listinfo/rancid-discuss>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20170510/d5a6289e/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: Message signed with OpenPGP
URL: <http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20170510/d5a6289e/attachment.sig>


More information about the Rancid-discuss mailing list