Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Not able to retrieve configuration for Cisco IOS XE Software, Version 17.12.03 #3352

Open
thomasbruchet opened this issue Dec 19, 2024 · 0 comments

Comments

@thomasbruchet
Copy link

thomasbruchet commented Dec 19, 2024

Hello;

I've an issue with connection to and Cisco IOS XE Software, Version 17.12.03

Oxidized was installed by a former colleague who no longer works here, and I've taken over the subject, but I don't have all the control he might have had.
He installed it with the docker container and maybe that's where the problem lies.

From the host machine, I have no problem connecting to the switch.

xxxxxxxxxxxx:~# ssh -v  [email protected]
OpenSSH_7.9p1 Debian-10+deb10u4, OpenSSL 1.1.1n  15 Mar 2022
debug1: Reading configuration data /root/.ssh/config
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Connecting to 10.200.99.125 [10.200.99.125] port 22.
debug1: Connection established.
debug1: identity file /root/.ssh/id_rsa type 0
debug1: identity file /root/.ssh/id_rsa-cert type -1
debug1: identity file /root/.ssh/id_dsa type -1
debug1: identity file /root/.ssh/id_dsa-cert type -1
debug1: identity file /root/.ssh/id_ecdsa type -1
debug1: identity file /root/.ssh/id_ecdsa-cert type -1
debug1: identity file /root/.ssh/id_ed25519 type -1
debug1: identity file /root/.ssh/id_ed25519-cert type -1
debug1: identity file /root/.ssh/id_xmss type -1
debug1: identity file /root/.ssh/id_xmss-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_7.9p1 Debian-10+deb10u4
debug1: Remote protocol version 2.0, remote software version Cisco-1.25
debug1: match: Cisco-1.25 pat Cisco-1.* compat 0x60000000
debug1: Authenticating to 10.200.99.125:22 as 'xxxxxxxxxxxx'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: [email protected]
debug1: kex: host key algorithm: ssh-rsa
debug1: kex: server->client cipher: aes128-ctr MAC: [email protected] compression: none
debug1: kex: client->server cipher: aes128-ctr MAC: [email protected] compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ssh-rsa SHA256:o+UBEebLKXmI/FLBVPoVwXj83TUAHOzpfujbzKdKvr0
debug1: Host '10.200.99.125' is known and matches the RSA host key.
debug1: Found key in /root/.ssh/known_hosts:67
debug1: rekey after 4294967296 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey after 4294967296 blocks
debug1: Will attempt key: /root/.ssh/id_rsa RSA SHA256:pLeWjgcA2acvPtQbSCeK1th77JY3PEa7weIggkyQCQQ
debug1: Will attempt key: /root/.ssh/id_dsa
debug1: Will attempt key: /root/.ssh/id_ecdsa
debug1: Will attempt key: /root/.ssh/id_ed25519
debug1: Will attempt key: /root/.ssh/id_xmss
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<ssh-rsa,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,x509v3-ecdsa-sha2-nistp256,x509v3-ecdsa-sha2-nistp384,x509v3-ecdsa-sha2-nistp521,rsa-sha2-256,rsa-sha2-512,x509v3-rsa2048-sha256>
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,keyboard-interactive,password
debug1: Next authentication method: publickey
debug1: Offering public key: /root/.ssh/id_rsa RSA SHA256:pLeWjgcA2acvPtQbSCeK1th77JY3PEa7weIggkyQCQQ
debug1: Authentications that can continue: publickey,keyboard-interactive,password
debug1: Trying private key: /root/.ssh/id_dsa
debug1: Trying private key: /root/.ssh/id_ecdsa
debug1: Trying private key: /root/.ssh/id_ed25519
debug1: Trying private key: /root/.ssh/id_xmss
debug1: Next authentication method: keyboard-interactive
Password:
debug1: Authentication succeeded (keyboard-interactive).
Authenticated to 10.200.99.125 ([10.200.99.125]:22).
debug1: channel 0: new [client-session]
debug1: Entering interactive session.
debug1: pledge: network
debug1: Sending environment.
debug1: Sending env LANG = fr_FR.UTF-8
xxxxxxxxxxx1#

However, when I ask Oxidized to connect to retrieve the configuration, nothing comes back and the log file is empty.

/opt/docker/apps/oxidized/data# cat logs/10.200.99.125-ssh

Here are the oxidized logs

/opt/docker/apps/oxidized/data# docker logs e11c582084e9 -f -n 30
Dec 19 08:00:49 e11c582084e9 oxidized[26]: 10.200.99.125 raised Net::SSH::Exception (rescued RuntimeError) with msg "could not settle on hmac_client algorithm"
Reloading config...
Dec 19 08:01:45 e11c582084e9 oxidized[26]: lib/oxidized/nodes.rb: Loading nodes
Dec 19 08:01:45 e11c582084e9 oxidized[26]: lib/oxidized/nodes.rb: Loaded 90 nodes
Dec 19 08:01:46 e11c582084e9 oxidized[26]: negotiating protocol version
Dec 19 08:01:46 e11c582084e9 oxidized[26]: sending KEXINIT
Dec 19 08:01:46 e11c582084e9 oxidized[26]: got KEXINIT from server
Dec 19 08:01:46 e11c582084e9 oxidized[26]: negotiating algorithms
Dec 19 08:01:46 e11c582084e9 oxidized[26]: 10.200.99.125 raised Net::SSH::Exception (rescued RuntimeError) with msg "could not settle on hmac_client algorithm"
Dec 19 08:03:00 e11c582084e9 oxidized[26]: 10.200.99.125 raised Errno::ETIMEDOUT with msg "Connection timed out - connect(2) for "10.200.99.125" port 23"
Dec 19 08:03:00 e11c582084e9 oxidized[26]: client_name:device_name not found, removed while collecting?
Dec 19 08:03:57 e11c582084e9 oxidized[26]: 10.200.99.125 raised Errno::ETIMEDOUT with msg "Connection timed out - connect(2) for "10.200.99.125" port 23"
Dec 19 08:03:57 e11c582084e9 oxidized[26]: client_name:device_name status no_connection, retry attempt 1
Dec 19 08:03:57 e11c582084e9 oxidized[26]: negotiating protocol version
Dec 19 08:03:57 e11c582084e9 oxidized[26]: sending KEXINIT
Dec 19 08:03:57 e11c582084e9 oxidized[26]: got KEXINIT from server
Dec 19 08:03:57 e11c582084e9 oxidized[26]: negotiating algorithms
Dec 19 08:03:57 e11c582084e9 oxidized[26]: 10.200.99.125 raised Net::SSH::Exception (rescued RuntimeError) with msg "could not settle on hmac_client algorithm"
Dec 19 08:06:08 e11c582084e9 oxidized[26]: 10.200.99.125 raised Errno::ETIMEDOUT with msg "Connection timed out - connect(2) for "10.200.99.125" port 23"
Dec 19 08:06:08 e11c582084e9 oxidized[26]: client_name:device_name status no_connection, retry attempt 2
Dec 19 08:06:08 e11c582084e9 oxidized[26]: negotiating protocol version
Dec 19 08:06:08 e11c582084e9 oxidized[26]: sending KEXINIT
Dec 19 08:06:08 e11c582084e9 oxidized[26]: got KEXINIT from server
Dec 19 08:06:08 e11c582084e9 oxidized[26]: negotiating algorithms
Dec 19 08:06:08 e11c582084e9 oxidized[26]: 10.200.99.125 raised Net::SSH::Exception (rescued RuntimeError) with msg "could not settle on hmac_client algorithm"
Dec 19 08:08:19 e11c582084e9 oxidized[26]: 10.200.99.125 raised Errno::ETIMEDOUT with msg "Connection timed out - connect(2) for "10.200.99.125" port 23"
Dec 19 08:08:19 e11c582084e9 oxidized[26]: client_name:device_name status no_connection, retries exhausted, giving up
Reloading config...
Dec 19 08:11:46 e11c582084e9 oxidized[26]: lib/oxidized/nodes.rb: Loading nodes
Dec 19 08:11:47 e11c582084e9 oxidized[26]: lib/oxidized/nodes.rb: Loaded 90 nodes

Here is the log from the docker itself, I did not replied yes, to not create more issue than this one and to be able to debug in that state.

root@e11c582084e9:/# ssh -v  [email protected]
OpenSSH_7.6p1 Ubuntu-4ubuntu0.3, OpenSSL 1.0.2n  7 Dec 2017
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Connecting to 10.200.99.125 [10.200.99.125] port 22.
debug1: Connection established.
debug1: permanently_set_uid: 0/0
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_rsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_ecdsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_ed25519-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_7.6p1 Ubuntu-4ubuntu0.3
debug1: Remote protocol version 2.0, remote software version Cisco-1.25
debug1: match: Cisco-1.25 pat Cisco-1.* compat 0x60000000
debug1: Authenticating to 10.200.99.125:22 as 'xxxxxxxxxxxxx'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: rsa-sha2-512
debug1: kex: server->client cipher: [email protected] MAC: <implicit> compression: none
debug1: kex: client->server cipher: [email protected] MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ssh-rsa SHA256:o+UBEebLKXmI/FLBVPoVwXj83TUAHOzpfujbzKdKvr0
The authenticity of host '10.200.99.125 (10.200.99.125)' can't be established.
RSA key fingerprint is SHA256:o+UBEebLKXmI/FLBVPoVwXj83TUAHOzpfujbzKdKvr0.
Are you sure you want to continue connecting (yes/no)?

Here is the oxidized configuration in file: "router.db "
client_name:device_name:10.200.99.125:Cisco

Here is the oxidized configuration in file: "config"

xxxxxxxxxxx:/opt/docker/apps/oxidized/data# cat config
---
interval: 21600
use_syslog: true
log: ~/.config/oxidied/logs
debug: true
model: ios
resolve_dns: false
threads: 30
use_max_threads: true
timeout: 180
retries: 2
prompt: !ruby/regexp /^([\w.@-]+[#>]\s?)$/
rest: 0.0.0.0:8888
next_adds_job: true

#pid: ~/.config/oxidized/oxidized.pid
pid: /dev/null

ssh_no_keepalive: false

vars:
#  auth_methods: [ "none", "password", "keyboard-interactive" ] -- edit 18/12/2024
  auth_methods: [ "none", "publickey", "password", "keyboard-interactive" ]

  remove_secret: false

input:
#  default: ssh, telnet -- edit 18/12/2024
default: ssh
  debug: true
  ssh:
    secure: false

output:
  default: git
  file:
    directory: ~/.config/oxidized/configs

  git:
    user: adm-oxid
    email: [email protected]
    single_repo: true
    repo: ~/.config/oxidized/devices.git/.git

source:
  default: csv
  csv:
    file: ~/.config/oxidized/router.db
    delimiter: !ruby/regexp /:/
    map:
      group: 0
      name: 1
      ip: 2
      model: 3
      username: 4
      password: 5
      enable_password: 6

hooks:
  hook_backup_ok:
    type: exec
    events: [node_success]
    cmd: 'echo "Node success $OX_NODE_NAME" >> /tmp/ox_node_success.log'


# Pour gérer les exceptions :
models:
  asa:
    vars:
      enable: password
#  ios:
#    vars:
#      enable: password
  aloha:
    username: adminaccount
    password: password
  aireos:
    username: adminaccount
    password: password
#  powerconnect:
#    vars:
#      enable: true
  powerconnect6224:
    vars:
      enable: true




model_map:
  Asa: asa
  Cisco: ios
  Fortigate: fortios
  Brocade: fabricos
  DELL Powerconnect: powerconnect
  powerconnect6224: powerconnect6224
#  PowerConnect: PowerConnect
  DELL nSeries: delln
  HP: procurve
  Radware: linkproof
  Lenovo: ibm
  HAProxy: aloha
  WCL: aireos
  Backbone: backbone
  PaloAlto: panos
  Checkpoint: gaiaos
  Nexus: nxos
  ArubaAP: arubaapos

username: adminaccount
password: password

I've looked into it and it's an error that seems to append but my linux knowledge is not enought to work on it, but either there's no effective solution or I don't know how to implement it.

Could you please help me?
Is answer yes will bypass the error for everytime ?

Thank you.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant