Enable SSH Cyphers

[gonzalu]

How can I tell jazigo to use a specific SSH cypher? A lot of our routers have older code that does not support newer protocols.

In my ssh config file, I have enabled these but jazigo is ignoring these settings.

Is there a way to ask jazigo to pay attention to ssh config in user folder ( ~/.ssh/config ) or global settings ( /etc/ssh/ssh_config ) ??

Alternatively, allow the actual ssh command to be specified in the jazigo host config?

Thank you for your help.

[udhos]

Hi,

I have just added these device properties into v0.13.0 to specify the ssh ciphers in a per-device basis:

    sshclearciphers: true # remove all default ciphers
    sshaddciphers:
        - aes128-ctr      # add cipher aes128-ctr

However I noticed the cipher 3des-cbc I used to specify hard-coded for IOS XR is no longer supported by current Go SSH libs. I don't know how to work around this issue to allow old ciphers.

Yes, one could hack jazigo to make it to consider ciphers defined in ~/.ssh/config, however it would not help with the more critical issue that current Go libraries reject many old ciphers.

One thing you might want to try is to use the pseudo model called "runprog".
It allows you to call an external program to collect the configuration for you.
You could point it to a shell script that invokes ssh, for instance.

https://github.com/udhos/jazigo#calling-an-external-program

    runprog:
    - /usr/local/bin/my-script.sh
    - parameter-for-my-script

When jazigo calls your program, it sets up these env vars for your program to use:

    JAZIGO_DEV_ID=deviceid
    JAZIGO_DEV_HOSTPORT=host[:port] -- port is optional
    JAZIGO_DEV_USER=username
    JAZIGO_DEV_PASS=password

Your program should output the config to standard output, then jazigo will handle it as usual.