====== Ansible Cisco - Testando o acesso com o Ansible ======
===== Testando acesso SSH =====
$ ssh cisco@172.16.100.3
Unable to negotiate with 172.16.100.3 port 22: no matching key exchange method found. Their offer: diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
$ ssh -oKexAlgorithms=+diffie-hellman-group1-sha1 -oHostKeyAlgorithms=+ssh-rsa -c 3des-cbc,aes256-ctr cisco@172.16.100.3
(cisco@172.16.100.3) Password:
S1>enable
Password:
S1#exit
Connection to 172.16.100.3 closed by remote host.
Connection to 172.16.100.3 closed.
===== Tornando a correção de forma persistente =====
$ cat ~/.ssh/config
Host *
Ciphers aes192-ctr,3des-cbc
KexAlgorithms=+diffie-hellman-group1-sha1
HostKeyAlgorithms=+ssh-rsa
$ ssh cisco@172.16.100.7
The authenticity of host '172.16.100.7 (172.16.100.7)' can't be established.
RSA key fingerprint is SHA256:RSpOiUN0mC+kxk86qQoytzvd84PkBpUx+oH+kXNELBk.
This key is not known by any other names
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '172.16.100.7' (RSA) to the list of known hosts.
(cisco@172.16.100.7) Password:
R1>enable
Password:
R1#exit
Connection to 172.16.100.7 closed by remote host.
Connection to 172.16.100.7 closed.
===== Inventário =====
$ cd /etc/ansible/
$ sudo su
# ls
ansible.cfg hosts roles
# vim hosts +$
[switchs]
172.16.100.3
172.16.100.4
172.16.100.5
172.16.100.6
[routers]
172.16.100.7
172.16.100.8
===== Testando a conexão com o ansible =====
# ansible all -m ping -u cisco -k
SSH password:
172.16.100.4 | UNREACHABLE! => {
"changed": false,
"msg": "Failed to connect to the host via ssh: Unable to negotiate with 172.16.100.4 port 22: no matching key exchange method found. Their offer: diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1",
"unreachable": true
}
172.16.100.3 | UNREACHABLE! => {
"changed": false,
"msg": "Failed to connect to the host via ssh: Unable to negotiate with 172.16.100.3 port 22: no matching key exchange method found. Their offer: diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1",
"unreachable": true
}
172.16.100.5 | UNREACHABLE! => {
"changed": false,
"msg": "Failed to connect to the host via ssh: Unable to negotiate with 172.16.100.5 port 22: no matching key exchange method found. Their offer: diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1",
"unreachable": true
}
172.16.100.7 | UNREACHABLE! => {
"changed": false,
"msg": "Failed to connect to the host via ssh: Unable to negotiate with 172.16.100.7 port 22: no matching key exchange method found. Their offer: diffie-hellman-group1-sha1",
"unreachable": true
}
172.16.100.6 | UNREACHABLE! => {
"changed": false,
"msg": "Failed to connect to the host via ssh: Unable to negotiate with 172.16.100.6 port 22: no matching key exchange method found. Their offer: diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1",
"unreachable": true
}
172.16.100.8 | UNREACHABLE! => {
"changed": false,
"msg": "Failed to connect to the host via ssh: Unable to negotiate with 172.16.100.8 port 22: no matching key exchange method found. Their offer: diffie-hellman-group1-sha1",
"unreachable": true
}
===== Corrigindo erro de conexão =====
# vim hosts +$
[all:vars]
ansible_connection=ansible.netcommon.network_cli
ansible_network_os=cisco.ios.ios
ansible_become=yes
ansible_become_method=enable
# ansible all -m ping -u cisco -k
SSH password:
[WARNING]: ansible-pylibssh not installed, falling back to paramiko
[WARNING]: ansible-pylibssh not installed, falling back to paramiko
[WARNING]: ansible-pylibssh not installed, falling back to paramiko
[WARNING]: ansible-pylibssh not installed, falling back to paramiko
[WARNING]: ansible-pylibssh not installed, falling back to paramiko
172.16.100.3 | SUCCESS => {
"changed": false,
"ping": "pong"
}
172.16.100.5 | SUCCESS => {
"changed": false,
"ping": "pong"
}
172.16.100.6 | SUCCESS => {
"changed": false,
"ping": "pong"
}
172.16.100.7 | SUCCESS => {
"changed": false,
"ping": "pong"
}
172.16.100.4 | SUCCESS => {
"changed": false,
"ping": "pong"
}
[WARNING]: ansible-pylibssh not installed, falling back to paramiko
172.16.100.8 | SUCCESS => {
"changed": false,
"ping": "pong"
}
# apt install python3-pip
# pip install ansible-pylibssh
# ansible all -m ping -u cisco -k
SSH password:
172.16.100.7 | SUCCESS => {
"changed": false,
"ping": "pong"
}
172.16.100.5 | SUCCESS => {
"changed": false,
"ping": "pong"
}
172.16.100.3 | SUCCESS => {
"changed": false,
"ping": "pong"
}
172.16.100.4 | SUCCESS => {
"changed": false,
"ping": "pong"
}
172.16.100.6 | SUCCESS => {
"changed": false,
"ping": "pong"
}
172.16.100.8 | SUCCESS => {
"changed": false,
"ping": "pong"
}
===== Referências =====
- [[https://docs.ansible.com/ansible/latest/network/getting_started/network_connection_options.html|Working with network connection options]]
- [[https://docs.ansible.com/ansible/latest/network/user_guide/platform_ios.html|IOS Platform Options]]