An Ansible playbook using the ios_config module fails with the error 'unable to open connection'. The network device is reachable via SSH from the Ansible control node. What is the most likely cause?
Unsupported key exchange algorithm causes SSH connection failure.
Why this answer
The error 'unable to open connection' indicates that Ansible cannot establish an SSH session with the device, even though the device is reachable. Since the device is reachable via SSH from the control node, the most likely cause is a mismatch in SSH key exchange algorithms, where the device only supports older algorithms (e.g., diffie-hellman-group1-sha1) that are not enabled by default in modern SSH clients. This is a common issue when connecting to legacy Cisco IOS devices that lack updated SSH configurations.
Exam trap
Cisco often tests the distinction between SSH transport errors (key exchange, ciphers) and authentication/authorization errors, leading candidates to incorrectly blame credentials or privilege levels when the actual issue is a cryptographic algorithm mismatch.
How to eliminate wrong answers
Option A is wrong because invalid username/password would typically produce an 'Authentication failed' or 'Permission denied' error, not 'unable to open connection', which occurs before authentication. Option B is wrong because privilege level 15 is required for executing configuration commands, not for establishing the SSH connection itself; a lower privilege level would cause a different error like 'privilege level is not sufficient'. Option D is wrong because the ios_config module uses SSH (via CLI) by default, not NETCONF; NETCONF is used by the ios_netconf module, and the error message is specific to SSH connection failure.