Error "unable to set terminal parameters" with RSA-auth

[mammuthus]

ansible.cfg

host_key_checking = False
private_key_file = /huawei_priv_rsa
remote_user = userrsa

/playbooks/huawei2.yml

- name: CloudEngine command test
  hosts: test
  connection: local
  gather_facts: no
  vars:
    cli:
      host: "{{ inventory_hostname }}"
      port: "22"
#      username: "{{ username }}"
#      password: "{{ password }}"
      transport: cli

  tasks:
  - name: "Run display version on remote devices"
    ce_command:
      commands:
        - display version
      provider: "{{ cli }}"
    register: diver
  - name: Debug registered var
    debug: var=diver.stdout_lines

[mammuthus]

2019-07-12 08:49:31,265 p=6197 u=root |  TASK [Run display version on remote devices] ********************************************************************************************************************************************************************
2019-07-12 08:49:31,653 p=6214 u=root | paramiko [10.46.20.3] starting thread (client mode): 0xc740b090L
2019-07-12 08:49:31,653 p=6214 u=root | paramiko [10.46.20.3] Local version/idstring: SSH-2.0-paramiko_2.1.1
2019-07-12 08:49:31,657 p=6214 u=root | paramiko [10.46.20.3] Remote version/idstring: SSH-2.0--
2019-07-12 08:49:31,657 p=6214 u=root | paramiko [10.46.20.3] Connected (version 2.0, client -)
2019-07-12 08:49:31,659 p=6214 u=root | paramiko [10.46.20.3] kex algos:[u'diffie-hellman-group-exchange-sha1', u'diffie-hellman-group14-sha1'] server key:[u'ecdsa-sha2-nistp521', u'ssh-dss', u'ssh-rsa'] client encrypt:[u'aes256-ctr', u'aes128-ctr', u'aes256-cbc', u'aes128-cbc', u'3des-cbc'] server encrypt:[u'aes256-ctr', u'aes128-ctr', u'aes256-cbc', u'aes128-cbc', u'3des-cbc'] client mac:[u'hmac-sha2-256', u'hmac-sha2-256-96', u'hmac-sha1', u'hmac-sha1-96', u'hmac-md5', u'hmac-md5-96'] server mac:[u'hmac-sha2-256', u'hmac-sha2-256-96', u'hmac-sha1', u'hmac-sha1-96', u'hmac-md5', u'hmac-md5-96'] client compress:[u'none', u'zlib'] server compress:[u'none', u'zlib'] client lang:[u''] server lang:[u''] kex follows?False
2019-07-12 08:49:31,659 p=6214 u=root | paramiko [10.46.20.3] Kex agreed: diffie-hellman-group14-sha1
2019-07-12 08:49:31,660 p=6214 u=root | paramiko [10.46.20.3] Cipher agreed: aes128-ctr
2019-07-12 08:49:31,660 p=6214 u=root | paramiko [10.46.20.3] MAC agreed: hmac-sha2-256
2019-07-12 08:49:31,661 p=6214 u=root | paramiko [10.46.20.3] Compression agreed: none
2019-07-12 08:49:33,292 p=6214 u=root | paramiko [10.46.20.3] kex engine KexGroup14 specified hash_algo <built-in function openssl_sha1>
2019-07-12 08:49:33,293 p=6214 u=root | paramiko [10.46.20.3] Switch to new keys ...
2019-07-12 08:49:33,324 p=6214 u=root | paramiko [10.46.20.3] Trying key 30ccecf4d860a19d07b44d1647c80b69 from /home/mammuthus/huawei_priv_rsa
2019-07-12 08:49:33,470 p=6214 u=root | paramiko [10.46.20.3] userauth is OK
2019-07-12 08:49:33,482 p=6214 u=root | paramiko [10.46.20.3] Authentication (publickey) successful!
2019-07-12 08:49:33,497 p=6214 u=root | paramiko [10.46.20.3] [chan 0] Max packet in: 32768 bytes
2019-07-12 08:49:33,501 p=6214 u=root | paramiko [10.46.20.3] [chan 0] Max packet out: 32768 bytes
2019-07-12 08:49:33,502 p=6214 u=root | paramiko [10.46.20.3] Secsh channel 0 opened.
2019-07-12 08:49:33,509 p=6214 u=root | paramiko [10.46.20.3] [chan 0] Sesch channel 0 request ok
2019-07-12 08:49:33,514 p=6214 u=root | paramiko [10.46.20.3] [chan 0] Sesch channel 0 request ok
2019-07-12 08:49:33,708 p=6197 u=root |  network_os is set to ce
2019-07-12 08:49:33,714 p=6197 u=root |  fatal: [10.46.20.3]: FAILED! => {"msg": "unable to set terminal parameters"}
2019-07-12 08:49:33,716 p=6197 u=root |  PLAY RECAP ******************************************************************************************************************************************************************************************************
2019-07-12 08:49:33,716 p=6197 u=root |  10.46.20.3                 : ok=0    changed=0    unreachable=0    failed=1    skipped=0    rescued=0    ignored=0
2019-07-12 08:49:33,776 p=6207 u=root |  shutdown complete
2019-07-12 08:49:33,875 p=6214 u=root | paramiko [10.46.20.3] EOF in transport thread

[yuandongx]

The connection has been established， in fact. [10.46.20.3]: FAILED! => {"msg": "unable to set terminal parameters"} told us that ' failed to execute the command. screen-length 0 temporary .Maybe you can have a try, this command run succesfuly whether or not. By the way comment your ansible version and software version. Thanks.

[mammuthus]

Host:

ansible 2.8.1
python version = 2.7.5 (default, Jun 20 2019, 20:27:34)
CentOS Linux release 7.6.1810 (kernel 5.1.16-1)

Huawei switch:

Huawei Versatile Routing Platform Software
VRP (R) software, Version 5.170 (S5720 V200R011C10SPC600)

I try to executescreen-length 0 temporary manually, got:

screen-length 0 temporary
Info: The configuration takes effect on the current user terminal interface only.

After that, I try to run my playbook, but got the same error: fatal: [10.46.20.3]: FAILED! => {"msg": "unable to set terminal parameters"}

But I have external log vault so I can check activity on my switch:

2019-07-16 11:52:35.932 | Jul
-- | --
Jul 16 2019 08:52:36 huawei-400-1 %%01SSH/5/SSH_CONNECT_CLOSED(s)[26144]:SSH connect was closed. (IP=10.46.20.254, VPNInstanceName= , UserName=userrsa)
2019-07-16 11:52:35.701 | Jul

Jul 16 2019 08:52:35 huawei-400-1 %%01SHELL/5/LOGOUT(s)[26142]:The user succeeded in logging out of VTY0. (UserType=SSH, UserName=userrsa, Ip=10.46.20.254, VpnName=)
2019-07-16 11:52:35.700 | Jul

Jul 16 2019 08:52:35 huawei-400-1 %%01SHELL/5/CMDRECORD(s)[26143]:Recorded command information. (Task=VT0, Ip=**, VpnName=, User=**, AuthenticationMethod="Null", Command="undo debugging all")
2019-07-16 11:52:35.428 | Jul

Jul 16 2019 08:52:35 huawei-400-1 %%01SHELL/5/CMDRECORDFAILED(s)[26141]:Recorded command information. (Task=VT0, Ip=10.46.20.254, VpnName=, User=userrsa, AuthenticationMethod="Rsa", Command="screen-length 0 temporary", Result=no permission to run the command)
2019-07-16 11:52:35.245 | Jul

Jul 16 2019 08:52:35 huawei-400-1 %%01SHELL/5/LOGIN(s)[26140]:The user succeeded in logging in to VTY0. (UserType=SSH, UserName=userrsa, AuthenticationMethod="Rsa", Ip=10.46.20.254, VpnName=)
2019-07-16 11:50:48.421 | Jul
 ```

So i really had auth success.

[mammuthus]

It was issue caused by privelege level. I forgot about RSA users inherits their priveleges from vty interface, not from a local-user settings. So

user-interface vty 0 4
authentication-mode aaa
user privilege level 15

fixed it for me.

[yuandongx]

Good. But I found that your switch version is S5720 V200R011C10SPC600 not CEXXXX which has a 'CE' prefix. Pay a attention that S and CE are different Series Switchs and you are using ce modules to run your tasks.

[mammuthus]

Okay one more question if you don't mind.

Are CE modules not compatible with non-CE switches? Or some may be compatible but without any warrancy? For example, ce_command seems work fine.

I just want to realize what modules I must use with non-CE switches like S5700.

[yuandongxx]

In fact, CE and S are different Series . It will not work well when using netconf API。 And they all have their own commands. I think that there are some common commands when connection is network_cli. And others, Just depend on your commands.

[mammuthus]

But in this case what is the difference between using ce_command and network_cli?

[yuandongx]

ce_command run commands via network_cli(a connection type). Others modules may load config via netconf(anther connection type use netconf API)