Support Public key authentication to connect to switches

CCI-MOC / hil

Hardware Isolation Layer, formerly Hardware as a Service

Apache License 2.0

24 stars 54 forks source link

Support Public key authentication to connect to switches #922

Closed naved001 closed 6 years ago

naved001 commented 6 years ago

This adds support for the Dell Powerconnect switch and Cisco Nexus.

Configuring the Dell N3000 to use pubkey was a mess. I did configure it and could login using my key, it wasn't smooth though.

naved:~/pubkey-ssh/hil$ ssh switch.ipmi.cluster -l naved

R5-PA-C01-U39# (I PRESSED any key here)
Password:Login of naved failed (then I pressed enter)
R5-PA-C01-U39>
R5-PA-C01-U39>en

R5-PA-C01-U39#

Don't know why it tells me about login failed when I did login correctly? Ideally, I would want to reset the switch config and start with a clean slate, but I can't do it since it's a shared switch.

zenhack commented 6 years ago

@naved001, now that #923 is merged, rebasing should fix the tests.

naved001 commented 6 years ago

I have refactored the n3000 too, but I couldn't test pubkey auth on it for the reasons described in the title. It works normally with password though.

For the other 2 switches, I ran *network deployment tests with both kind of users (password, and pub key).

naved001 commented 6 years ago

Re: the prompt stuff in the dell switch.

If we send it some random string.

(Pdb) p console.after
'\r\n\r% Unrecognized command\r\nconsole#'

our string of interest is separated by new line so we can extract it.

But if we send a new line to the switch, this is how console.after looks like

(Pdb) p console.after
'\r\n\r\r\x1b[Kconsole#'

we can't get the prompt name from this since our string of interest in not separated by new lines. It has \x1b and [K in between, which seem like escape sequences for something (text formatting?).

Edit: apparently \x1b[ is some ANSI stuff (erase line or something)

naved001 commented 6 years ago

@zenhack I think I should remove the fixme from dell.py because to me it doesn't look like we can do anything about it. I'll just leave the comment there explaining what's going on.

naved001 commented 6 years ago

@zenhack updated the comments and docstring.

@mosayyebzadeh could you give this a second review?

mosayyebzadeh commented 6 years ago

Everything seems fine to me. Just change the document and I will approve it.

naved001 commented 6 years ago

Just change the document and I will approve it.

@mosayyebzadeh what do you want changed in the documents?

mosayyebzadeh commented 6 years ago

Highlight this part in the document or make it noticeable: "There should be no "enable" password."

naved001 commented 6 years ago

@mosayyebzadeh done. Also, I noticed that it was in the wrong section; so I put it up on top because it's applicable for all switches.

zenhack commented 6 years ago

LGTM, merging.