Hi Sagar, Yes, I tried settings ansible_network_cli_ssh_type = libssh and ansible_network_cli_ssh_type=paramiko but no success. I think libssh is the default ssh type for ansible.
I wanted to know if ansible supports Cisco IOS soft version: 12.2(55)SE10. This version will not allow you to change KEX algo or any other crypto information. Thanks Bikram On Sun, Jul 9, 2023 at 1:26 PM Sagar Paul <[email protected]> wrote: > Hey Bikram, > > Do you face a similar issue when the connection is set to libssh? > Try using ansible_network_cli_ssh_type=libssh > And, would you share some details of your environment, and which appliance > version you are using? > > Regards, > > Sagar Paul > > On Sat, Jul 8, 2023 at 11:37 AM Dick Visser <[email protected]> wrote: > >> What does your inventory look like? >> >> On Fri, 7 Jul 2023 at 21:07, Bikram <[email protected]> wrote: >> >>> Hi Team, >>> >>> >>> While I am trying to run an ansible playbook to connect to a Cisco IOS >>> switch, it is throwing me the following error which is related >>> to KexAlgorithms (diffie-hellman-group1-sha1). >>> >>> >>> Ansible-playbook run log: >>> >>> [FinAdmin@gns-ansible playbooks]$ ansible-playbook >>> image_copy_cisco_ios.yaml --limit 'twddxcsw04' >>> >>> >>> PLAY [Copy image file to device] >>> ************************************************************************************************************************************************************ >>> >>> >>> >>> TASK [ twddxcsw04 Normalize variables] >>> ********************************************************************************************************************************************************* >>> >>> ok: [ twddxcsw04 ] >>> >>> >>> >>> TASK [Get Hardware Type of Remote Device.] >>> ************************************************************************************************************************************************** >>> >>> fatal: [ twddxcsw04 ]: FAILED! => {"changed": false, "msg": "ssh >>> connection failed: ssh connect failed: kex error : no match for method kex >>> algos: server [diffie-hellman-group1-sha1], client [curve25519-sha256, >>> [email protected] >>> ,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1]"} >>> >>> >>> >>> PLAY RECAP >>> ********************************************************************************************************************************************************************************** >>> >>> twddxcsw04 : ok=1 changed=0 unreachable=0 >>> failed=1 skipped=0 rescued=0 ignored=0 >>> >>> >>> >>> >>> I tried to fix it by adding Kex Algo to '/etc/ssh/ssh_config file'. >>> After that I can ssh to the switch >>> >>> [Host 10.xx.xx.* >>> >>> KexAlgorithms +diffie-hellman-group1-sha1] >>> >>> >>> SSH output: >>> >>> >>> [Admin@ gns-ansible playbooks]$ ssh user1@ <[email protected]> >>> twddxcsw04 >>> >>> C >>> >>> >>> ******************************************************************************** >>> >>> >>> ******************************************************************************** >>> >>> ** WARNING! WARNING! >>> WARNING! ** >>> >>> >>> ******************************************************************************** >>> >>> >>> ******************************************************************************** >>> >>> ** Unauthorized access to this system is strictly >>> prohibited ** >>> >>> ** Unauthorized access will be subject to legal >>> action ** >>> >>> ** If you are not authorized to access this >>> system ** >>> >>> ** D I S C O N N E C T I M M E D I A T E L Y >>> ! ** >>> >>> >>> ******************************************************************************** >>> >>> (user1@ <[email protected]>twddxcsw04 ) Password: >>> >>> >>> >>> Even after adding the Kex Algo to the file above, ansible is giving me >>> the same error. I also tried to add an argument as variable to the vars >>> file as below but no luck. >>> >>> >>> ansible_ssh_common_args: '-o KexAlgorithms=+diffie-hellman-group1-sha1 >>> -o HostKeyAlgorithms=+ssh-rsa -o Ciphers=+aes256-cbc' >>> >>> >>> In summary, even though ssh works, ansible-playbook fails. >>> >>> >>> A resolution is much appreciated. >>> >>> >>> Thank you. >>> >>> Bikram Biswas >>> >>> >>> >>> -- >>> You received this message because you are subscribed to the Google >>> Groups "Ansible Project" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to [email protected]. >>> To view this discussion on the web visit >>> https://groups.google.com/d/msgid/ansible-project/CAEFfMJQbSjJknKyJsY9YhmOObssb-%2BChcRnqRcVsGWco1d1gKA%40mail.gmail.com >>> <https://groups.google.com/d/msgid/ansible-project/CAEFfMJQbSjJknKyJsY9YhmOObssb-%2BChcRnqRcVsGWco1d1gKA%40mail.gmail.com?utm_medium=email&utm_source=footer> >>> . >>> >> -- >> Sent from Gmail Mobile >> >> -- >> You received this message because you are subscribed to the Google Groups >> "Ansible Project" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/ansible-project/CAF8BbLat4saM0O36wMVcHyKetcRMe1NODSDqxA3dE9T2Zq8HNw%40mail.gmail.com >> <https://groups.google.com/d/msgid/ansible-project/CAF8BbLat4saM0O36wMVcHyKetcRMe1NODSDqxA3dE9T2Zq8HNw%40mail.gmail.com?utm_medium=email&utm_source=footer> >> . >> > -- > You received this message because you are subscribed to the Google Groups > "Ansible Project" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/ansible-project/CAEs9WgY5P0HDUehidA_oDdaT-ptYYfxAsR9SLByRNBr_qc%3DqTA%40mail.gmail.com > <https://groups.google.com/d/msgid/ansible-project/CAEs9WgY5P0HDUehidA_oDdaT-ptYYfxAsR9SLByRNBr_qc%3DqTA%40mail.gmail.com?utm_medium=email&utm_source=footer> > . > -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CAEFfMJQtVTnGD-Z5dmnRpm7J5QCVwP4SJq0_yPOpvxxOXukrEQ%40mail.gmail.com.
