fix(iosxe): allow deprecated ssh-rsa algorithm (fixes #498)

SRC-doo · Feb 21, 2025 · bb1dc65 · bb1dc65
1 parent 34eb2f5
commit bb1dc65
Show file tree

Hide file tree

Showing 2 changed files with 12 additions and 1 deletion.
diff --git a/Dockerfile b/Dockerfile
@@ -50,6 +50,15 @@ RUN addgroup -S -g 10001 netbox && \
   chown -R netbox:netbox /app
 USER netbox:netbox
 
+# Also allow deprecated ssh algorithims for older devices
+# See https://github.com/SRC-doo/netbox-ssot/issues/498
+RUN mkdir -p /home/netbox/.ssh/ && \
+cat <<EOF > /home/netbox/.ssh/config
+Host *
+  HostKeyAlgorithms +ssh-rsa
+  PubkeyAcceptedKeyTypes +ssh-rsa
+EOF
+
 WORKDIR /app
 
 COPY --from=builder --chown=netbox:netbox /app/cmd/netbox-ssot/main ./main

diff --git a/internal/source/ios-xe/iosxe.go b/internal/source/ios-xe/iosxe.go
@@ -33,7 +33,9 @@ func (is *IOSXESource) Init() error {
 		options.WithAuthUsername(is.SourceConfig.Username),
 		options.WithAuthPassword(is.SourceConfig.Password),
 		options.WithPort(is.SourceConfig.Port),
-		options.WithAuthNoStrictKey(), // inside container we can't confirm ssh key
+		options.WithAuthNoStrictKey(),
+		// See https://github.com/SRC-doo/netbox-ssot/issues/498
+		options.WithSSHConfigFile("~/.ssh/config"),
 	)
 	if err != nil {
 		return fmt.Errorf("failed to create driver: %s", err)