cancel
Showing results for 
Search instead for 
Did you mean: 

Python eaps_checker script: problems connecting via Paramiko SSH

Python eaps_checker script: problems connecting via Paramiko SSH

Patrick_Hanft
New Contributor
Hi@all, my first post here!

I'm trying to use python to gather different information from different switches, which is why I started with the eaps_checker script posted on github, to connect to switches and execute commands there. I also did tests, using exactly this script. It allows to connect either via telnet or via SSH using paramiko library.

While connecting with telnet worked for both, the original eaps_checker and my own script, as long as we had telnet enabled, I now need to use SSH for connecting, as telnet was disabled for security reasons.

Unfortunately connecting via SSH does neither work with the original eaps_checker nor with my own script (which does basically exactly the same). Trying to use OpenSSH manually I get errors like

no matching key exchange method found. Their offer: diffie-hellman-group1-sha1
which is not nice, but as I think now, not really the root cause.

The error for eaps_checker.py and my script looks like this:

python2 ~/workspace/github/ExtremeScripting/EXOS/Python/eaps_checker/check_eaps.py -f Alle_IPs.txt -u admin -p XXXXX --ssh [Eaps checker version 1.01] [+] Checking switch: 10.4.0.10 Traceback (most recent call last): File "/home/patrick/workspace/github/ExtremeScripting/EXOS/Python/eaps_checker/check_eaps.py", line 365, in main() File "/home/patrick/workspace/github/ExtremeScripting/EXOS/Python/eaps_checker/check_eaps.py", line 331, in main MySess = SSH2EXOS(switch,args.user,args.password) File "/home/patrick/workspace/github/ExtremeScripting/EXOS/Python/eaps_checker/check_eaps.py", line 80, in __init__ self.client.connect(switch,username=user,password=password) File "/usr/lib/python2.7/site-packages/paramiko/client.py", line 380, in connect look_for_keys, gss_auth, gss_kex, gss_deleg_creds, gss_host) File "/usr/lib/python2.7/site-packages/paramiko/client.py", line 597, in _auth raise saved_exception paramiko.ssh_exception.AuthenticationException: Authentication failed.
Unfortunately I'm not really a huge python expert, so my skills in debugging the problem myself might not be the best. So my hope is, somebody here also ran into this or a similar problem, while trying to use paramiko library for connecting with SSH to an XOS switch.

Used ExtremeXOS version is 15.6.4.2 v1564b2-patch1-3
12 REPLIES 12

Stephane_Grosj1
Extreme Employee
Looking at Paramiko web page, you're certainly right this is not using openssh.
You have an authentication failure in your error message:

File "/usr/lib/python2.7/site-packages/paramiko/client.py", line 597, in _auth raise saved_exception paramiko.ssh_exception.AuthenticationException: Authentication failed.
So, this must be related to a bad algorithm (that's my guess). Paramiko library must have some options to use a given algorithm.

googled it a bit:
https://github.com/paramiko/paramiko/issues/391

Patrick_Hanft
New Contributor
Hi Stephane,

thank you for your reply!

Actually I did not have the impression, that the paramiko library uses openssh for connecting, but I can not judge that.

What I did not mention but already tried, was adding this to my .ssh/config:

Host 10.*
KexAlgorithms=+diffie-hellman-group1-sha1
HostkeyAlgorithms ssh-dss
which I assume should handle this issue – if it was the root cause and paramiko uses openssh which should be aware of this setting. Unfortunately this did not help.

On the other hand: unfortunately most switches concerned are not of a -G2 series (and we are right in the middle of a critical project phase where changing the major EXOS release would not be the best idea, we think  ), which means I can not test against EXOS 21.1+ (well, I might try on a VM setup next week).

So, I am wondering: anyone here who can reproduce issues with eaps_checker and ssh? Or even could confirm that these issues are fixed with EXOS 21.1+ – or, of course, that there are no such issues with an older version of openssh or paramiko respectively?

Thanks again and best regards!

Stephane_Grosj1
Extreme Employee
Hi,

I believe you already found the issue. The ssh library is certainly using a recent version of openssh and on that EXOS release the ssh server uses a legacy method which is not used by default anymore: http://www.openssh.com/legacy.html

Running 21.1+ you should not have an issue as the ssh server has been upgraded.

So you might need something like that to ssh:

ssh admin@X -oKexAlgorithms=+diffie-hellman-group1-sha1 -oHostKeyAlgorithms=+ssh-dss



GTM-P2G8KFN