Mailing List Archive

Mon, Sep 12, 2005 at 11:51:08AM -0400, Hopper, Faron W.:
>
> I have been reading the list archives and the man page for cloginrc trying to determine how to set the .cloginrc file to allow connectivity to a device that requires ssh version 1. The only thing that looks like it would do this is the add sshcmd <> command.
>
> The man pages says that to redefine sshcmd, do the following....
>
> add sshcmd {<ssh>}
> <ssh> is the name of the ssh executable. OpenSSH uses a
> command-line option to specify the protocol version, but other
> implementations use a separate binary such as "ssh1". sshcmd
> allows this to be adjusted as necessary for the local
> environment.
>
> Default: ssh
>
> so if I set it to add sshcmd {/usr/bin/ssh -1} it would appear to me to set ssh for every connection to use version 1.
> Is this the right thing to do? I only need it for 3 devices.

the manpage is missing the glob, sorry. it is the same as the method directive.

add sshcmd <router name glob> {<ssh>}

Paul,
Thank you for your response. I didn't think of trying the ssh config. I figured that since RANCID was able to pass the hostname and the cipher type to the ssh executable when it called it, that it would be just a matter of specifying the protocol. I looked at the /etc/ssh_config and it appears to be using the default of 2,1. There was no ~/.ssh/config so I am inclined to beleive that it should drop down to version 1 automagically.
I created an ~/.ssh/config file and put this in it

hosts x.x.x.x
protocol 1

and that allowed me to ssh to those devices.

Thanks,
Faron

-----Original Message-----
From: Paul Frommeyer [mailto:paul@palas.com]
Sent: Mon 9/12/2005 1:02 PM
To: Hopper, Faron W.
Subject: Re: how can I use ssh ver 1 for a device?

In reply to your message of Mon, 12 Sep 2005 11:51:08 -0400:

| I have been reading the list archives and the man page for cloginrc trying=
| to determine how to set the =2Ecloginrc file to allow connectivity to a=
| device that requires ssh version 1=2E The only thing that looks like it=
| would do this is the add sshcmd <> command=2E =0D

Of course, I'm sure There's More Than One Way To Do It, but IMO, you're
swimming upstream. Were I you, I would pry over at your SSH client
setup rather than the RANCID scripts. Specifically, IIRC, both SSH2 and
OpenSSH allow the specification of which protocol to use as part of a
host profile in the ssh_config file (for OpenSSH, it's done with the option
keyword "Protocol"; see ssh_config(5) ). So, simply create a profile
(either in the global server config or for the user RANCID is running as)
for the host you need to reach via V1, specifying that only the V1 protocol
should be used. That should take care of everthing, without having to
"explain" anything to RANCID, or specify any command line opts to ssh.

FWIW,
Paul

P.S. As with most things, I've found the O'Reilly book on SSH to be
indispensable when wrassling with that particular software, and it has
in-depth sections for client configuration.

Paul Frommeyer Senior Networking Consultant paul at palas.com