Aw snap!  I even replied to that thread :-(

Thanks for pointing this out.


From: james machado <>
Date: Monday, March 5, 2018 at 7:18 PM
To: Weylin Piegorsch <>
Cc: "" <>
Subject: Re: [rancid] New Cisco ASA Login Failure

That's what i get for replying too soon.  It looks like your getting hit with 
the "last login" item that came up on the list in January.


On Mon, Mar 5, 2018 at 12:09 PM, Piegorsch, Weylin William 
<<>> wrote:
Thanks James.  Except, I can get the login prompt fine, which means the SSH 
cyphersuite negotiated well enough; and, I have no problems with any of my 
other ASAs running various code versions between 8.3 and 9.7.  See also below.

[rancid@rancid-server ~]$ egrep -B 7 "^add cypher" .cloginrc


# cryptographic cypher support for Nexus 9000 running 7.0(3)I2(1) and later


# This also works fine for all other campus devices

# 22 Sep 2015


add cyphertype * 

[rancid@rancid-server ~]

From: james machado <<>>
Date: Monday, March 5, 2018 at 12:18 PM
To: Weylin Piegorsch <<>>
Cc: "<>" 
Subject: Re: [rancid] New Cisco ASA Login Failure

This is due to changes in the supported encryption methods in the updated IOS's 
and ASA softwares.  in your .cloginrc you will want to add a line:

add cyphertype <device> {encryption method}

you can find an encryption method your systems are happy with by doing the 

ssh -vv <device>
debug2: mac_setup: found hmac-sha1
debug1: kex: server->client aes128-ctr hmac-sha1 none
debug2: mac_setup: found hmac-sha1
debug1: kex: client->server aes128ctr hmac-sha1 none

with my ASA's i use {aes256-ctr}.


On Mon, Mar 5, 2018 at 6:48 AM, Piegorsch, Weylin William 
<<>> wrote:

I have a Cisco ASA 5506X device I just deployed (running 9.8(2)20 version), 
that rancid’s not logging into properly.  Clogincrc is set to method {telnet 
ssh} because there’s a plethora of really really old devices that hang when I 
try the other way around (and we haven’t been funded to refresh them nor 
authorized to remove them).

Here’s what rancid shows:

[rancid@nsgv-prod-59 ~]$ rancid -V

rancid 3.4.1

[rancid@nsgv-prod-59 ~]$

[rancid@nsgv-prod-59 ~]$

[rancid@nsgv-prod-59 ~]$

[rancid@nsgv-prod-59 ~]$ clogin xxxxxxxxxx


spawn telnet xxxxxxxxxx

Trying yyyyyyy...

telnet: connect to address yyyyyyy: Connection refused

spawn ssh -2 -c 
aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc -x 
-l rancid xxxxxxxxxx


|         BOSTON UNIVERSITY          |


|         !!   WARNING   !!          |


| Access to this system is permitted |

| for authorized  persons only.  All |

| connections    are    logged   and |

| monitored.    By   accessing  this |

| system,  you  acknowledge that use |

| of  this and  any other technology |

| at Boston University is subject to |

| the terms of the Boston University |

| Conditions  of  Use and  Policy on |

| Computing  Ethics;   please   see: |

| |

| for details.                       |


rancid@xxxxxxxxxx 's password:

User rancid logged in to xxxxxxxxxx

Logins over the last 2 days: 12.  Last login: 08:39:20 EST Mar 5 2018 from 

Failed logins since the last login: 0.

Type help or '?' for a list of available commands.

xxxxxxxxxx/pri/act> rancid


ERROR: % Invalid input detected at '^' marker.

xxxxxxxxxx/pri/act> en

Error: Unrecognized command, check your enable command




Rancid-discuss mailing list<>

Rancid-discuss mailing list

Reply via email to