Your message dated Sun, 11 Sep 2016 14:38:57 +0200
with message-id <20160911123857.ga13...@sesse.net>
and subject line Re: Bug#837397: broke SSH to HP devices
has caused the Debian Bug report #837397,
regarding broke SSH to HP devices
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
837397: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=837397
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: rancid
Version: 3.5.0-1
Severity: grave
Hi,
We're running this through the jessie backport (3.5.0-1~bpo8+1), but given that
there are no changes (just a straight rebuild), I guess it should apply to the
base, too.
Since the upgrade, SSH to all of our HP switches have been broken:
rancid@pannekake:~$ hrancid -d duskalhoremye.samfundet.no
executing hlogin -t 90 -c"show version;show flash;show
system-information;show system information;show module;show stack;show tech
transceivers;show config files;show config status;write term"
duskalhoremye.samfundet.no
duskalhoremye.samfundet.no clogin error: Error: Couldn't login
duskalhoremye.samfundet.no clogin error: Error: Couldn't login
duskalhoremye.samfundet.no: missed cmd(s): all commands
duskalhoremye.samfundet.no: End of run not found
;
It seems that somehow, it's picking up an empty cipher type and tries to
authenticate with that:
rancid@pannekake:~$ hlogin -t 90 -c"show version;show flash;show
system-information;show system information;show module;show stack;show tech
transceivers" duskalhoremye.samfundet.no
duskalhoremye.samfundet.no
spawn hpuifilter -- ssh -c -x -l admin duskalhoremye.samfundet.no
Unknown cipher type ''
Error: Couldn't login
The only workaround I've found is to force one in .cloginrc for the given
device (nothing else has cyphertype):
add cyphertype *.samfundet.no 3des
But this is highly suboptimal -- it precludes negotiation of the strongest
possible cipher depending on the device.
-- System Information:
Debian Release: 8.5
APT prefers stable
APT policy: (750, 'stable'), (500, 'proposed-updates')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 4.7.0 (SMP w/40 CPU cores)
Locale: LANG=en_DK.UTF-8, LC_CTYPE=en_DK.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages rancid depends on:
ii adduser 3.113+nmu3
ii cvs 2:1.12.13+real-15
ii debconf [debconf-2.0] 1.5.56
ii expect 5.45-6
ii git 1:2.8.0~rc3+next.20160316-1
ii iputils-ping [ping] 3:20121221-5+b2
ii libc6 2.19-18+deb8u4
ii libperl4-corelibs-perl 0.003-1
ii openssh-client 1:6.7p1-5+deb8u3
ii passwd 1:4.2-3+deb8u1
ii perl 5.20.2-3+deb8u6
ii ssh 1:6.7p1-5+deb8u3
rancid recommends no packages.
Versions of packages rancid suggests:
ii diffstat 1.58-1
-- Configuration Files:
/etc/rancid/rancid.conf changed [not included]
-- debconf-show failed
--- End Message ---
--- Begin Message ---
Version: 3.5.1-1
On Sun, Sep 11, 2016 at 02:31:33PM +0200, Roland Rosenfeld wrote:
> I also prepared a backports version, but I wait until 3.5.1-1 touched
> testing before uploading this to the archive. If you like, you'll
> find the backports version on
> http://www.spinnaker.de/debian/unoff/rancid.html alternatively you can
> install the sid version on jessie, which is also installable.
>
> Please tell me, whether this really fixes this issue, since I don't
> have any HP switches available and cannot try this myself...
3.5.1-1 from sid (running on jessie) does indeed fix the problem.
Marking as such so that BTS versioning has all the right info.
/* Steinar */
--
Homepage: https://www.sesse.net/
--- End Message ---
