Table of Contents

Ansible Cisco - Testando o acesso com o Ansible

Testando acesso SSH

$ ssh cisco@172.16.100.3
Unable to negotiate with 172.16.100.3 port 22: no matching key exchange method found. Their offer: diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
$ ssh -oKexAlgorithms=+diffie-hellman-group1-sha1 -oHostKeyAlgorithms=+ssh-rsa -c 3des-cbc,aes256-ctr cisco@172.16.100.3
(cisco@172.16.100.3) Password: 
S1>enable 
Password: 
S1#exit
Connection to 172.16.100.3 closed by remote host.
Connection to 172.16.100.3 closed.

Tornando a correção de forma persistente

$ cat ~/.ssh/config
Host *
  Ciphers aes192-ctr,3des-cbc
  KexAlgorithms=+diffie-hellman-group1-sha1
  HostKeyAlgorithms=+ssh-rsa
$ ssh cisco@172.16.100.7
The authenticity of host '172.16.100.7 (172.16.100.7)' can't be established.
RSA key fingerprint is SHA256:RSpOiUN0mC+kxk86qQoytzvd84PkBpUx+oH+kXNELBk.
This key is not known by any other names
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '172.16.100.7' (RSA) to the list of known hosts.
(cisco@172.16.100.7) Password: 
 
R1>enable
Password: 
R1#exit
Connection to 172.16.100.7 closed by remote host.
Connection to 172.16.100.7 closed.

Inventário

$ cd /etc/ansible/
$ sudo su
# ls
ansible.cfg  hosts  roles
# vim hosts +$
[switchs]
172.16.100.3
172.16.100.4
172.16.100.5
172.16.100.6
 
[routers]
172.16.100.7
172.16.100.8

Testando a conexão com o ansible

# ansible all -m ping -u cisco -k
SSH password: 
172.16.100.4 | UNREACHABLE! => {
    "changed": false,
    "msg": "Failed to connect to the host via ssh: Unable to negotiate with 172.16.100.4 port 22: no matching key exchange method found. Their offer: diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1",
    "unreachable": true
}
172.16.100.3 | UNREACHABLE! => {
    "changed": false,
    "msg": "Failed to connect to the host via ssh: Unable to negotiate with 172.16.100.3 port 22: no matching key exchange method found. Their offer: diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1",
    "unreachable": true
}
172.16.100.5 | UNREACHABLE! => {
    "changed": false,
    "msg": "Failed to connect to the host via ssh: Unable to negotiate with 172.16.100.5 port 22: no matching key exchange method found. Their offer: diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1",
    "unreachable": true
}
172.16.100.7 | UNREACHABLE! => {
    "changed": false,
    "msg": "Failed to connect to the host via ssh: Unable to negotiate with 172.16.100.7 port 22: no matching key exchange method found. Their offer: diffie-hellman-group1-sha1",
    "unreachable": true
}
172.16.100.6 | UNREACHABLE! => {
    "changed": false,
    "msg": "Failed to connect to the host via ssh: Unable to negotiate with 172.16.100.6 port 22: no matching key exchange method found. Their offer: diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1",
    "unreachable": true
}
172.16.100.8 | UNREACHABLE! => {
    "changed": false,
    "msg": "Failed to connect to the host via ssh: Unable to negotiate with 172.16.100.8 port 22: no matching key exchange method found. Their offer: diffie-hellman-group1-sha1",
    "unreachable": true
}

Corrigindo erro de conexão

# vim hosts +$
[all:vars]
ansible_connection=ansible.netcommon.network_cli
ansible_network_os=cisco.ios.ios
ansible_become=yes
ansible_become_method=enable
# ansible all -m ping -u cisco -k
SSH password: 
[WARNING]: ansible-pylibssh not installed, falling back to paramiko
[WARNING]: ansible-pylibssh not installed, falling back to paramiko
[WARNING]: ansible-pylibssh not installed, falling back to paramiko
[WARNING]: ansible-pylibssh not installed, falling back to paramiko
[WARNING]: ansible-pylibssh not installed, falling back to paramiko
172.16.100.3 | SUCCESS => {
    "changed": false,
    "ping": "pong"
}
172.16.100.5 | SUCCESS => {
    "changed": false,
    "ping": "pong"
}
172.16.100.6 | SUCCESS => {
    "changed": false,
    "ping": "pong"
}
172.16.100.7 | SUCCESS => {
    "changed": false,
    "ping": "pong"
}
172.16.100.4 | SUCCESS => {
    "changed": false,
    "ping": "pong"
}
[WARNING]: ansible-pylibssh not installed, falling back to paramiko
172.16.100.8 | SUCCESS => {
    "changed": false,
    "ping": "pong"
}
# apt install python3-pip
# pip install ansible-pylibssh
# ansible all -m ping -u cisco -k
SSH password: 
172.16.100.7 | SUCCESS => {
    "changed": false,
    "ping": "pong"
}
172.16.100.5 | SUCCESS => {
    "changed": false,
    "ping": "pong"
}
172.16.100.3 | SUCCESS => {
    "changed": false,
    "ping": "pong"
}
172.16.100.4 | SUCCESS => {
    "changed": false,
    "ping": "pong"
}
172.16.100.6 | SUCCESS => {
    "changed": false,
    "ping": "pong"
}
172.16.100.8 | SUCCESS => {
    "changed": false,
    "ping": "pong"
}

Referências

  1. Working with network connection options
  2. IOS Platform Options