How to connect Cisco ASA

Get Help
1

My playbook:

  • name: Show version for the ASA
    gather_facts: false
    hosts: ASA_FW
    vars:
    ansible_network_os: cisco.asa.asa
    ansible_connection: ansible.netcommon.network_cli
    ansible_ssh_extra_args: “-o KexAlgorithms=+diffie-hellman-group1-sha1”
    tasks:
    • name: Show the ASA version
      cisco.asa.asa_command:
      commands:
      • show version
        register: output
    • name: Display the running configuration
      debug:
      var: output.stdout_lines

The error message:
{
“module_stdout”: “”,
“module_stderr”: “ssh connection failed: ssh connect failed: kex error : no match for method kex algos: server [diffie-hellman-group1-sha1], client [curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1]”,
“msg”: “MODULE FAILURE\nSee stdout/stderr for the exact error”,
“_ansible_no_log”: null,
“changed”: false
}

2

Welcome to the forum!
You can try switching to paramiko, which should support the diffie-hellman-group1-sha1 KEX algorithm.

- name: Show version for the ASA
  gather_facts: false
  hosts: ASA_FW
  vars:
    ansible_network_os: cisco.asa.asa
    ansible_connection: ansible.netcommon.network_cli
    ansible_network_cli_ssh_type: paramiko
1 Like
3

You’re terrific. I thought about using paramiko, like this ansible_connection: paramiko, but I didn’t expect to use ansible_network_cli_ssh_type: paramiko, very appreciated.

1 Like
4

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.