You’ve performed a code upgrade on an ASA firewall and suddenly Rancid decides it won’t login. You’ll get the message:
spawn ssh -c 3des -x -l <user> <device> no matching cipher found: client 3des-cbc server aes128-cbc,aes192-cbc,aes256-cbc,aes128-ctr Error: Couldn't login: <device>
This basically means that the default 3des cipher is unsupported on the ASA.
The answer is quite simple. Just needs a one liner in the .cloginrc to prefer aes ciphers:
add cyphertype * aes128-ctr,aes128-cbc,3des-cbc
Access has resumed. Great post with some more detail: