Introduction
You've performed a code upgrade on an ASA firewall and suddenly Rancid decides it won't login. You'll get the message:spawn ssh -c 3des -x -l <user> <device> no matching cipher found: client 3des-cbc server aes128-cbc,aes192-cbc,aes256-cbc,aes128-ctr Error: Couldn't login: <device>This basically means that the default 3des cipher is unsupported on the ASA.
Resolution
The answer is quite simple. Just needs a one liner in the .cloginrc to prefer aes ciphers:add cyphertype * aes128-ctr,aes128-cbc,3des-cbcAccess has resumed. Great post with some more detail: https://layer77.net/2016/12/16/ssh-cipher-updates-in-cisco-asa-9-4312-breaking-rancid/
Leave a comment
Your email address will not be published. Comments are moderated before appearing.