<div>I use add cyphertype <device> aes256-cbc for all of our ASA-5*-X models, and it works.<br/>
<br/>
<br/>
<font color="#888888"><font color="#888888">Sent from my android device.</font></font><br/><br/>-----Original Message-----<br/>From: james machado <hvgeekwtrvl@gmail.com><br/>To: "Piegorsch, Weylin William" <weylin@bu.edu><br/>Cc: "rancid-discuss@shrubbery.net" <rancid-discuss@shrubbery.net><br/>Sent: Mon, 05 Mar 2018 18:31<br/>Subject: Re: [rancid] New Cisco ASA Login Failure<br/><br/></div><div dir="ltr">This is due to changes in the supported encryption methods in the updated IOS's and ASA softwares.  in your .cloginrc you will want to add a line:<div><br></div><div>add cyphertype <device> {encryption method}</div><div><br></div><div>you can find an encryption method your systems are happy with by doing the following:</div><div><br></div><div>ssh -vv <device></div><div>[...]</div><div>debug2: mac_setup: found hmac-sha1</div><div>debug1: kex: server->client aes128-ctr hmac-sha1 none</div><div>debug2: mac_setup: found hmac-sha1</div><div>debug1: kex: client->server aes128ctr hmac-sha1 none</div><div>[...]</div><div><br></div><div>with my ASA's i use {aes256-ctr}.</div><div><br></div><div>james</div><div><br></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Mon, Mar 5, 2018 at 6:48 AM, Piegorsch, Weylin William <span dir="ltr"><<a href="mailto:weylin@bu.edu" target="_blank">weylin@bu.edu</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">





<div lang="EN-US" link="#0563C1" vlink="#954F72">
<div class="m_-7707247181176579198WordSection1">
<p class="MsoNormal"><span style="font-size:11.0pt">Hello,<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">I have a Cisco ASA 5506X device I just deployed (running 9.8(2)20 version), that rancid’s not logging into properly.  Clogincrc is set to method {telnet ssh} because there’s a plethora of really really old
 devices that hang when I try the other way around (and we haven’t been funded to refresh them nor authorized to remove them).<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">Here’s what rancid shows:<u></u><u></u></span></p>
<p class="m_-7707247181176579198p1"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:windowtext"><u></u> <u></u></span></p>
<p class="m_-7707247181176579198p1"><span class="m_-7707247181176579198s1"><span style="font-size:10.0pt">[rancid@nsgv-prod-59 ~]$ rancid -V<u></u><u></u></span></span></p>
<p class="m_-7707247181176579198p1"><span class="m_-7707247181176579198s1"><span style="font-size:10.0pt">rancid 3.4.1<u></u><u></u></span></span></p>
<p class="m_-7707247181176579198p1"><span class="m_-7707247181176579198s1"><span style="font-size:10.0pt">[rancid@nsgv-prod-59 ~]$<u></u><u></u></span></span></p>
<p class="m_-7707247181176579198p1"><span class="m_-7707247181176579198s1"><span style="font-size:10.0pt">[rancid@nsgv-prod-59 ~]$<u></u><u></u></span></span></p>
<p class="m_-7707247181176579198p1"><span class="m_-7707247181176579198s1"><span style="font-size:10.0pt">[rancid@nsgv-prod-59 ~]$<u></u><u></u></span></span></p>
<p class="m_-7707247181176579198p1"><span class="m_-7707247181176579198s1"><span style="font-size:10.0pt">[rancid@nsgv-prod-59 ~]$ clogin xxxxxxxxxx</span></span><span style="font-size:10.0pt"><u></u><u></u></span></p>
<p class="m_-7707247181176579198p1"><span class="m_-7707247181176579198s1"><span style="font-size:10.0pt">xxxxxxxxxx <u></u><u></u></span></span></p>
<p class="m_-7707247181176579198p1"><span class="m_-7707247181176579198s1"><span style="font-size:10.0pt">spawn telnet xxxxxxxxxx</span></span><span style="font-size:10.0pt"><u></u><u></u></span></p>
<p class="m_-7707247181176579198p1"><span class="m_-7707247181176579198s1"><span style="font-size:10.0pt">Trying yyyyyyy...</span></span><span style="font-size:10.0pt"><u></u><u></u></span></p>
<p class="m_-7707247181176579198p1"><span class="m_-7707247181176579198s1"><span style="font-size:10.0pt">telnet: connect to address yyyyyyy: Connection refused</span></span><span style="font-size:10.0pt"><u></u><u></u></span></p>
<p class="m_-7707247181176579198p1"><span class="m_-7707247181176579198s1"><span style="font-size:10.0pt">spawn ssh -2 -c aes128-ctr,aes192-ctr,aes256-<wbr>ctr,aes128-cbc,3des-cbc,<wbr>aes192-cbc,aes256-cbc -x -l rancid xxxxxxxxxx</span></span><span style="font-size:10.0pt"><u></u><u></u></span></p>
<p class="m_-7707247181176579198p2"><span style="font-size:10.0pt"><u></u> <u></u></span></p>
<p class="m_-7707247181176579198p1"><span class="m_-7707247181176579198s1"><span style="font-size:10.0pt">+-----------------------------<wbr>-------+</span></span><span style="font-size:10.0pt"><u></u><u></u></span></p>
<p class="m_-7707247181176579198p1"><span class="m_-7707247181176579198s1"><span style="font-size:10.0pt">| </span></span><span class="m_-7707247181176579198apple-converted-space"><span style="font-size:10.0pt">       
</span></span><span class="m_-7707247181176579198s1"><span style="font-size:10.0pt">BOSTON UNIVERSITY</span></span><span class="m_-7707247181176579198apple-converted-space"><span style="font-size:10.0pt">         
</span></span><span class="m_-7707247181176579198s1"><span style="font-size:10.0pt">|</span></span><span style="font-size:10.0pt"><u></u><u></u></span></p>
<p class="m_-7707247181176579198p1"><span class="m_-7707247181176579198s1"><span style="font-size:10.0pt">+-----------------------------<wbr>-------+</span></span><span style="font-size:10.0pt"><u></u><u></u></span></p>
<p class="m_-7707247181176579198p1"><span class="m_-7707247181176579198s1"><span style="font-size:10.0pt">| </span></span><span class="m_-7707247181176579198apple-converted-space"><span style="font-size:10.0pt">       
</span></span><span class="m_-7707247181176579198s1"><span style="font-size:10.0pt">!! </span></span><span class="m_-7707247181176579198apple-converted-space"><span style="font-size:10.0pt"> 
</span></span><span class="m_-7707247181176579198s1"><span style="font-size:10.0pt">WARNING </span></span><span class="m_-7707247181176579198apple-converted-space"><span style="font-size:10.0pt"> 
</span></span><span class="m_-7707247181176579198s1"><span style="font-size:10.0pt">!!</span></span><span class="m_-7707247181176579198apple-converted-space"><span style="font-size:10.0pt">         
</span></span><span class="m_-7707247181176579198s1"><span style="font-size:10.0pt">|</span></span><span style="font-size:10.0pt"><u></u><u></u></span></p>
<p class="m_-7707247181176579198p1"><span class="m_-7707247181176579198s1"><span style="font-size:10.0pt">| </span></span><span class="m_-7707247181176579198apple-converted-space"><span style="font-size:10.0pt">     
</span></span><span class="m_-7707247181176579198s1"><span style="font-size:10.0pt">AUTHORIZED ACCESS ONLY!</span></span><span class="m_-7707247181176579198apple-converted-space"><span style="font-size:10.0pt">     
</span></span><span class="m_-7707247181176579198s1"><span style="font-size:10.0pt">|</span></span><span style="font-size:10.0pt"><u></u><u></u></span></p>
<p class="m_-7707247181176579198p1"><span class="m_-7707247181176579198s1"><span style="font-size:10.0pt">| Access to this system is permitted |</span></span><span style="font-size:10.0pt"><u></u><u></u></span></p>
<p class="m_-7707247181176579198p1"><span class="m_-7707247181176579198s1"><span style="font-size:10.0pt">| for authorized</span></span><span class="m_-7707247181176579198apple-converted-space"><span style="font-size:10.0pt"> 
</span></span><span class="m_-7707247181176579198s1"><span style="font-size:10.0pt">persons only.</span></span><span class="m_-7707247181176579198apple-converted-space"><span style="font-size:10.0pt"> 
</span></span><span class="m_-7707247181176579198s1"><span style="font-size:10.0pt">All |</span></span><span style="font-size:10.0pt"><u></u><u></u></span></p>
<p class="m_-7707247181176579198p1"><span class="m_-7707247181176579198s1"><span style="font-size:10.0pt">| connections</span></span><span class="m_-7707247181176579198apple-converted-space"><span style="font-size:10.0pt">   
</span></span><span class="m_-7707247181176579198s1"><span style="font-size:10.0pt">are</span></span><span class="m_-7707247181176579198apple-converted-space"><span style="font-size:10.0pt">   
</span></span><span class="m_-7707247181176579198s1"><span style="font-size:10.0pt">logged </span></span><span class="m_-7707247181176579198apple-converted-space"><span style="font-size:10.0pt"> 
</span></span><span class="m_-7707247181176579198s1"><span style="font-size:10.0pt">and |</span></span><span style="font-size:10.0pt"><u></u><u></u></span></p>
<p class="m_-7707247181176579198p1"><span class="m_-7707247181176579198s1"><span style="font-size:10.0pt">| monitored.</span></span><span class="m_-7707247181176579198apple-converted-space"><span style="font-size:10.0pt">   
</span></span><span class="m_-7707247181176579198s1"><span style="font-size:10.0pt">By </span></span><span class="m_-7707247181176579198apple-converted-space"><span style="font-size:10.0pt"> 
</span></span><span class="m_-7707247181176579198s1"><span style="font-size:10.0pt">accessing</span></span><span class="m_-7707247181176579198apple-converted-space"><span style="font-size:10.0pt"> 
</span></span><span class="m_-7707247181176579198s1"><span style="font-size:10.0pt">this |</span></span><span style="font-size:10.0pt"><u></u><u></u></span></p>
<p class="m_-7707247181176579198p1"><span class="m_-7707247181176579198s1"><span style="font-size:10.0pt">| system,</span></span><span class="m_-7707247181176579198apple-converted-space"><span style="font-size:10.0pt"> 
</span></span><span class="m_-7707247181176579198s1"><span style="font-size:10.0pt">you</span></span><span class="m_-7707247181176579198apple-converted-space"><span style="font-size:10.0pt"> 
</span></span><span class="m_-7707247181176579198s1"><span style="font-size:10.0pt">acknowledge that use |</span></span><span style="font-size:10.0pt"><u></u><u></u></span></p>
<p class="m_-7707247181176579198p1"><span class="m_-7707247181176579198s1"><span style="font-size:10.0pt">| of</span></span><span class="m_-7707247181176579198apple-converted-space"><span style="font-size:10.0pt"> 
</span></span><span class="m_-7707247181176579198s1"><span style="font-size:10.0pt">this and</span></span><span class="m_-7707247181176579198apple-converted-space"><span style="font-size:10.0pt"> 
</span></span><span class="m_-7707247181176579198s1"><span style="font-size:10.0pt">any other technology |</span></span><span style="font-size:10.0pt"><u></u><u></u></span></p>
<p class="m_-7707247181176579198p1"><span class="m_-7707247181176579198s1"><span style="font-size:10.0pt">| at Boston University is subject to |</span></span><span style="font-size:10.0pt"><u></u><u></u></span></p>
<p class="m_-7707247181176579198p1"><span class="m_-7707247181176579198s1"><span style="font-size:10.0pt">| the terms of the Boston University |</span></span><span style="font-size:10.0pt"><u></u><u></u></span></p>
<p class="m_-7707247181176579198p1"><span class="m_-7707247181176579198s1"><span style="font-size:10.0pt">| Conditions</span></span><span class="m_-7707247181176579198apple-converted-space"><span style="font-size:10.0pt"> 
</span></span><span class="m_-7707247181176579198s1"><span style="font-size:10.0pt">of</span></span><span class="m_-7707247181176579198apple-converted-space"><span style="font-size:10.0pt"> 
</span></span><span class="m_-7707247181176579198s1"><span style="font-size:10.0pt">Use and</span></span><span class="m_-7707247181176579198apple-converted-space"><span style="font-size:10.0pt"> 
</span></span><span class="m_-7707247181176579198s1"><span style="font-size:10.0pt">Policy on |</span></span><span style="font-size:10.0pt"><u></u><u></u></span></p>
<p class="m_-7707247181176579198p1"><span class="m_-7707247181176579198s1"><span style="font-size:10.0pt">| Computing</span></span><span class="m_-7707247181176579198apple-converted-space"><span style="font-size:10.0pt"> 
</span></span><span class="m_-7707247181176579198s1"><span style="font-size:10.0pt">Ethics; </span></span><span class="m_-7707247181176579198apple-converted-space"><span style="font-size:10.0pt"> 
</span></span><span class="m_-7707247181176579198s1"><span style="font-size:10.0pt">please </span></span><span class="m_-7707247181176579198apple-converted-space"><span style="font-size:10.0pt"> 
</span></span><span class="m_-7707247181176579198s1"><span style="font-size:10.0pt">see: |</span></span><span style="font-size:10.0pt"><u></u><u></u></span></p>
<p class="m_-7707247181176579198p1"><span class="m_-7707247181176579198s1"><span style="font-size:10.0pt">| <a href="http://www.bu.edu/computing/ethics" target="_blank">http://www.bu.edu/computing/<wbr>ethics</a> |</span></span><span style="font-size:10.0pt"><u></u><u></u></span></p>
<p class="m_-7707247181176579198p1"><span class="m_-7707247181176579198s1"><span style="font-size:10.0pt">| for details. </span>
</span><span class="m_-7707247181176579198apple-converted-space"><span style="font-size:10.0pt">                     
</span></span><span class="m_-7707247181176579198s1"><span style="font-size:10.0pt">|</span></span><span style="font-size:10.0pt"><u></u><u></u></span></p>
<p class="m_-7707247181176579198p1"><span class="m_-7707247181176579198s1"><span style="font-size:10.0pt">+-----------------------------<wbr>-------+</span></span><span style="font-size:10.0pt"><u></u><u></u></span></p>
<p class="m_-7707247181176579198p2"><span style="font-size:10.0pt"><u></u> <u></u></span></p>
<p class="m_-7707247181176579198p1"><span class="m_-7707247181176579198s1"><span style="font-size:10.0pt">rancid@xxxxxxxxxx 's password:</span></span><span class="m_-7707247181176579198apple-converted-space"><span style="font-size:10.0pt"> </span></span><span style="font-size:10.0pt"><u></u><u></u></span></p>
<p class="m_-7707247181176579198p1"><span class="m_-7707247181176579198s1"><span style="font-size:10.0pt">User rancid logged in to xxxxxxxxxx</span></span><span style="font-size:10.0pt"><u></u><u></u></span></p>
<p class="m_-7707247181176579198p1"><span class="m_-7707247181176579198s1"><span style="font-size:10.0pt">Logins over the last 2 days: 12.</span></span><span class="m_-7707247181176579198apple-converted-space"><span style="font-size:10.0pt"> 
</span></span><span class="m_-7707247181176579198s1"><span style="font-size:10.0pt">Last login: 08:39:20 EST Mar 5 2018 from zzzzzzz</span></span><span style="font-size:10.0pt"><u></u><u></u></span></p>
<p class="m_-7707247181176579198p1"><span class="m_-7707247181176579198s1"><span style="font-size:10.0pt">Failed logins since the last login: 0.
</span></span><span class="m_-7707247181176579198apple-converted-space"><span style="font-size:10.0pt"> </span></span><span style="font-size:10.0pt"><u></u><u></u></span></p>
<p class="m_-7707247181176579198p1"><span class="m_-7707247181176579198s1"><span style="font-size:10.0pt">Type help or '?' for a list of available commands.</span></span><span style="font-size:10.0pt"><u></u><u></u></span></p>
<p class="m_-7707247181176579198p1"><span class="m_-7707247181176579198s1"><span style="font-size:10.0pt">xxxxxxxxxx/pri/act> rancid</span></span><span style="font-size:10.0pt"><u></u><u></u></span></p>
<p class="m_-7707247181176579198p1"><span class="m_-7707247181176579198apple-converted-space"><span style="font-size:10.0pt">                          
</span></span><span class="m_-7707247181176579198s1"><span style="font-size:10.0pt">^</span></span><span style="font-size:10.0pt"><u></u><u></u></span></p>
<p class="m_-7707247181176579198p1"><span class="m_-7707247181176579198s1"><span style="font-size:10.0pt">ERROR: % Invalid input detected at '^' marker.</span></span><span style="font-size:10.0pt"><u></u><u></u></span></p>
<p class="m_-7707247181176579198p1"><span class="m_-7707247181176579198s1"><span style="font-size:10.0pt">xxxxxxxxxx/pri/act> en</span></span><span style="font-size:10.0pt"><u></u><u></u></span></p>
<p class="m_-7707247181176579198p1"><span class="m_-7707247181176579198s1"><span style="font-size:10.0pt">Error: Unrecognized command, check your enable command</span></span><span style="font-size:10.0pt"><u></u><u></u></span></p>
<p class="m_-7707247181176579198p1"><span class="m_-7707247181176579198s1"><span style="font-size:10.0pt">able</span></span><span style="font-size:10.0pt"><u></u><u></u></span></p>
<p class="m_-7707247181176579198p1"><span class="m_-7707247181176579198s1"><span style="font-size:10.0pt">Password:</span></span><span class="m_-7707247181176579198apple-converted-space"><span style="font-size:10.0pt"> </span></span><span style="font-size:10.0pt"><u></u><u></u></span></p>
<p class="m_-7707247181176579198p1"><span class="m_-7707247181176579198s1"><span style="font-size:10.0pt">Password:</span></span><span class="m_-7707247181176579198apple-converted-space"><span style="font-size:10.0pt"> </span></span><span style="font-size:10.0pt"><u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"><u></u> <u></u></span></p>
</div>
</div>

<br>______________________________<wbr>_________________<br>
Rancid-discuss mailing list<br>
<a href="mailto:Rancid-discuss@shrubbery.net">Rancid-discuss@shrubbery.net</a><br>
<a href="http://www.shrubbery.net/mailman/listinfo/rancid-discuss" rel="noreferrer" target="_blank">http://www.shrubbery.net/<wbr>mailman/listinfo/rancid-<wbr>discuss</a><br></blockquote></div><br></div>