This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Extreme Networks
- Community List
- Switching & Routing
- ExtremeSwitching (EXOS/Switch Engine)
- RE: Python eaps_checker script: problems connectin...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Python eaps_checker script: problems connecting via Paramiko SSH
Python eaps_checker script: problems connecting via Paramiko SSH
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
05-20-2016 12:54 PM
Hi@all, my first post here!
I'm trying to use python to gather different information from different switches, which is why I started with the eaps_checker script posted on github, to connect to switches and execute commands there. I also did tests, using exactly this script. It allows to connect either via telnet or via SSH using paramiko library.
While connecting with telnet worked for both, the original eaps_checker and my own script, as long as we had telnet enabled, I now need to use SSH for connecting, as telnet was disabled for security reasons.
Unfortunately connecting via SSH does neither work with the original eaps_checker nor with my own script (which does basically exactly the same). Trying to use OpenSSH manually I get errors like
no matching key exchange method found. Their offer: diffie-hellman-group1-sha1
which is not nice, but as I think now, not really the root cause.
The error for eaps_checker.py and my script looks like this:
python2 ~/workspace/github/ExtremeScripting/EXOS/Python/eaps_checker/check_eaps.py -f Alle_IPs.txt -u admin -p XXXXX --ssh [Eaps checker version 1.01] [+] Checking switch: 10.4.0.10 Traceback (most recent call last): File "/home/patrick/workspace/github/ExtremeScripting/EXOS/Python/eaps_checker/check_eaps.py", line 365, in main() File "/home/patrick/workspace/github/ExtremeScripting/EXOS/Python/eaps_checker/check_eaps.py", line 331, in main MySess = SSH2EXOS(switch,args.user,args.password) File "/home/patrick/workspace/github/ExtremeScripting/EXOS/Python/eaps_checker/check_eaps.py", line 80, in __init__ self.client.connect(switch,username=user,password=password) File "/usr/lib/python2.7/site-packages/paramiko/client.py", line 380, in connect look_for_keys, gss_auth, gss_kex, gss_deleg_creds, gss_host) File "/usr/lib/python2.7/site-packages/paramiko/client.py", line 597, in _auth raise saved_exception paramiko.ssh_exception.AuthenticationException: Authentication failed.
Unfortunately I'm not really a huge python expert, so my skills in debugging the problem myself might not be the best. So my hope is, somebody here also ran into this or a similar problem, while trying to use paramiko library for connecting with SSH to an XOS switch.
Used ExtremeXOS version is 15.6.4.2 v1564b2-patch1-3
I'm trying to use python to gather different information from different switches, which is why I started with the eaps_checker script posted on github, to connect to switches and execute commands there. I also did tests, using exactly this script. It allows to connect either via telnet or via SSH using paramiko library.
While connecting with telnet worked for both, the original eaps_checker and my own script, as long as we had telnet enabled, I now need to use SSH for connecting, as telnet was disabled for security reasons.
Unfortunately connecting via SSH does neither work with the original eaps_checker nor with my own script (which does basically exactly the same). Trying to use OpenSSH manually I get errors like
no matching key exchange method found. Their offer: diffie-hellman-group1-sha1
which is not nice, but as I think now, not really the root cause.
The error for eaps_checker.py and my script looks like this:
python2 ~/workspace/github/ExtremeScripting/EXOS/Python/eaps_checker/check_eaps.py -f Alle_IPs.txt -u admin -p XXXXX --ssh [Eaps checker version 1.01] [+] Checking switch: 10.4.0.10 Traceback (most recent call last): File "/home/patrick/workspace/github/ExtremeScripting/EXOS/Python/eaps_checker/check_eaps.py", line 365, in main() File "/home/patrick/workspace/github/ExtremeScripting/EXOS/Python/eaps_checker/check_eaps.py", line 331, in main MySess = SSH2EXOS(switch,args.user,args.password) File "/home/patrick/workspace/github/ExtremeScripting/EXOS/Python/eaps_checker/check_eaps.py", line 80, in __init__ self.client.connect(switch,username=user,password=password) File "/usr/lib/python2.7/site-packages/paramiko/client.py", line 380, in connect look_for_keys, gss_auth, gss_kex, gss_deleg_creds, gss_host) File "/usr/lib/python2.7/site-packages/paramiko/client.py", line 597, in _auth raise saved_exception paramiko.ssh_exception.AuthenticationException: Authentication failed.
Unfortunately I'm not really a huge python expert, so my skills in debugging the problem myself might not be the best. So my hope is, somebody here also ran into this or a similar problem, while trying to use paramiko library for connecting with SSH to an XOS switch.
Used ExtremeXOS version is 15.6.4.2 v1564b2-patch1-3
12 REPLIES 12
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
05-21-2016 07:57 AM
Looking at Paramiko web page, you're certainly right this is not using openssh.
You have an authentication failure in your error message:
File "/usr/lib/python2.7/site-packages/paramiko/client.py", line 597, in _auth raise saved_exception paramiko.ssh_exception.AuthenticationException: Authentication failed.
So, this must be related to a bad algorithm (that's my guess). Paramiko library must have some options to use a given algorithm.
googled it a bit:
https://github.com/paramiko/paramiko/issues/391
You have an authentication failure in your error message:
File "/usr/lib/python2.7/site-packages/paramiko/client.py", line 597, in _auth raise saved_exception paramiko.ssh_exception.AuthenticationException: Authentication failed.
So, this must be related to a bad algorithm (that's my guess). Paramiko library must have some options to use a given algorithm.
googled it a bit:
https://github.com/paramiko/paramiko/issues/391
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
05-21-2016 06:51 AM
Hi Stephane,
thank you for your reply!
Actually I did not have the impression, that the paramiko library uses openssh for connecting, but I can not judge that.
What I did not mention but already tried, was adding this to my .ssh/config:
Host 10.*
KexAlgorithms=+diffie-hellman-group1-sha1
HostkeyAlgorithms ssh-dss
which I assume should handle this issue – if it was the root cause and paramiko uses openssh which should be aware of this setting. Unfortunately this did not help.
On the other hand: unfortunately most switches concerned are not of a -G2 series (and we are right in the middle of a critical project phase where changing the major EXOS release would not be the best idea, we think ), which means I can not test against EXOS 21.1+ (well, I might try on a VM setup next week).
So, I am wondering: anyone here who can reproduce issues with eaps_checker and ssh? Or even could confirm that these issues are fixed with EXOS 21.1+ – or, of course, that there are no such issues with an older version of openssh or paramiko respectively?
Thanks again and best regards!
thank you for your reply!
Actually I did not have the impression, that the paramiko library uses openssh for connecting, but I can not judge that.
What I did not mention but already tried, was adding this to my .ssh/config:
Host 10.*
KexAlgorithms=+diffie-hellman-group1-sha1
HostkeyAlgorithms ssh-dss
which I assume should handle this issue – if it was the root cause and paramiko uses openssh which should be aware of this setting. Unfortunately this did not help.
On the other hand: unfortunately most switches concerned are not of a -G2 series (and we are right in the middle of a critical project phase where changing the major EXOS release would not be the best idea, we think ), which means I can not test against EXOS 21.1+ (well, I might try on a VM setup next week).
So, I am wondering: anyone here who can reproduce issues with eaps_checker and ssh? Or even could confirm that these issues are fixed with EXOS 21.1+ – or, of course, that there are no such issues with an older version of openssh or paramiko respectively?
Thanks again and best regards!
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
05-21-2016 06:29 AM
Hi,
I believe you already found the issue. The ssh library is certainly using a recent version of openssh and on that EXOS release the ssh server uses a legacy method which is not used by default anymore: http://www.openssh.com/legacy.html
Running 21.1+ you should not have an issue as the ssh server has been upgraded.
So you might need something like that to ssh:
ssh admin@X -oKexAlgorithms=+diffie-hellman-group1-sha1 -oHostKeyAlgorithms=+ssh-dss
I believe you already found the issue. The ssh library is certainly using a recent version of openssh and on that EXOS release the ssh server uses a legacy method which is not used by default anymore: http://www.openssh.com/legacy.html
Running 21.1+ you should not have an issue as the ssh server has been upgraded.
So you might need something like that to ssh:
ssh admin@X -oKexAlgorithms=+diffie-hellman-group1-sha1 -oHostKeyAlgorithms=+ssh-dss
