search

knipknap / exscript

A Python module making Telnet and SSH easy
MIT License
364 stars 136 forks source link

SSH2 login failed #160

Open memogharib opened 6 years ago

memogharib commented 6 years ago

import Exscript from Exscript.protocols import SSH2,Account device = SSH2(debug=9) acc = Account("xxxx","xxxxx") device.connect("HOST1",port=9090) print device.response print device.get_remote_version() print device.get_banner() print device.is_dummy() device.login(acc) print device.response

'''''''''''''''''''' output 👍

generic: Rejecting ssh-rsa host key for HOST1: 5cf53be5446cb97a4941aad09e3b29a8 None SSH-2.0-OpenSSH_4.3 None False generic: Attempting to authenticate xxxx generic: auth_none failed, supported: [u'publickey', u'password'] generic: Rejecting ssh-rsa host key for HOST1: 5cf53be5446cb97a4941aad09e3b29a8 generic: Authenticating with _paramiko_auth_agent generic: Authentication with _paramiko_auth_agent failed: auth agent found no keys generic: Rejecting ssh-rsa host key for HOST1: 5cf53be5446cb97a4941aad09e3b29a8 generic: Authenticating with _paramiko_auth_autokey generic: Authentication with _paramiko_auth_autokey failed: Failed to authenticate with given username and password/key generic: Rejecting ssh-rsa host key for HOST1: 5cf53be5446cb97a4941aad09e3b29a8 generic: Authenticating with _paramiko_authpassword generic: Attempting to app-authenticate tarek.anis. generic: waiting for: ['[\r\n][^\r\n](?:bad secrets|denied|invalid|too short|incorrect|connection timed out|failed|failure)', '(user ?name|user|login): $', u'(?:s\/Key|otp-md5) (\d+) (\S+)(?=\s|[\r\n])', 'password:? $', '[\r\n](?:[^0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ\!\"\#\$\%\&\\'\(\)\*\+\,\-\.\/\:\;\<\=\>\?\@\[\\\]\^\_\`\{\|\}\~\ \\t\\n\\r\\x0b\\x0c]|[\x1b\x07\x00]*)[\[\<]?\w+(?:(?:(?:[\w+\-]+)\@)?(?:[\w+\-\.]+))?:?(?:(?:(?:(?:[\w\+\-\.]+))?(?:/(?:[\w\+\-\.]+))*/?)|~(?:(?:(?:[\w\+\-\.]+))?(?:/(?:[\w\+\-\.]+))*/?)?)?[: ]?(?:(?:(?:(?:[\w\+\-\.]+))?(?:/(?:[\w\+\-\.]+))*/?)|~(?:(?:(?:[\w\+\-\.]+))?(?:/(?:[\w\+\-\.]+))*/?)?)?(?:\((?:[\w\+\-\.]+)\))?[\]\-]?[#>%\$\]] ?[^0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ\!\"\#\$\%\&\\'\(\)\\+\,\-\.\/\:\;\<\=\>\?\@\[\\\]\^\_\`\{\|\}\~\ \\t\\n\\r\\x0b\\x0c]\Z'] generic: Expecting a prompt generic: Expected pattern: ["'[\\r\\n][^\\r\\n](?:bad secrets|denied|invalid|too short|incorrect|connection timed out|failed|failure)'", "'(user ?name|user|login): $'", "u'(?:s\\/Key|otp-md5) (\\d+) (\\S+)(?=\\s|[\\r\\n])'", "'password:? $'", '\'[\\r\\n](?:[^0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ\\!\\"\\#\\$\\%\\&\\\\'\\(\\)\\*\\+\\,\\-\\.\\/\\:\\;\\<\\=\\>\\?\\@\\[\\\\\\]\\^\\_\\`\\{\\|\\}\\~\\ \\\t\\\n\\\r\\\x0b\\\x0c]|[\\x1b\\x07\\x00])[\\[\\<]?\\w+(?:(?:(?:[\\w+\\-]+)\\@)?(?:[\\w+\\-\\.]+))?:?(?:(?:(?:(?:[\\w\\+\\-\\.]+))?(?:/(?:[\\w\\+\\-\\.]+))/?)|~(?:(?:(?:[\\w\\+\\-\\.]+))?(?:/(?:[\\w\\+\\-\\.]+))/?)?)?[: ]?(?:(?:(?:(?:[\\w\\+\\-\\.]+))?(?:/(?:[\\w\\+\\-\\.]+))/?)|~(?:(?:(?:[\\w\\+\\-\\.]+))?(?:/(?:[\\w\\+\\-\\.]+))/?)?)?(?:\\((?:[\\w\\+\\-\\.]+)\\))?[\\]\\-]?[#>%\\$\\]] ?[^0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ\\!\\"\\#\\$\\%\\&\\\\'\\(\\)\\*\\+\\,\\-\\.\\/\\:\\;\\<\\=\\>\\?\\@\\[\\\\\\]\\^\\\\`\\{\\|\\}\\~\\ \\\t\\\n\\\r\\\x0b\\\x0c]\\Z\''] ericsson_ban: Protocol: driver replaced: generic -> ericsson_ban ericsson_ban: Protocol.app_authenticate(): driver replaced ericsson_ban: waiting for: ['Login failed', 'user:', u'(?:s\/Key|otp-md5) (\d+) (\S+)(?=\s|[\r\n])', 'pass:', '[\r\n][\-\w+\.]+(?:\([^\)]+\))?[%#] ?$|(?:\(y/n\)\[n\])'] ericsson_ban: Expecting a prompt ericsson_ban: Expected pattern: ["'Login failed'", "'user:'", "u'(?:s\\/Key|otp-md5) (\\d+) (\\S+)(?=\\s|[\\r\\n])'", "'pass:'", "'[\\r\\n][\\-\\w+\\.]+(?:\\([^\\)]+\\))?[%#] ?$|(?:\\(y/n\\)\\[n\\])'"]

Traceback (most recent call last): File "C:/Python27/ssh test.py", line 11, in device.authenticate(acc) File "C:\Python27\lib\site-packages\Exscript\protocols\protocol.py", line 699, in authenticate self.app_authenticate(app_account, flush=flush) File "C:\Python27\lib\site-packages\Exscript\protocols\protocol.py", line 868, in app_authenticate self._app_authenticate(account, password, flush, bailout) File "C:\Python27\lib\site-packages\Exscript\protocols\protocol.py", line 772, in _app_authenticate raise TimeoutException(msg) TimeoutException: Buffer: u''

'''''''''''''''' please is there are any solution for it

derek-shnosh commented 6 years ago

EDIT

I'm getting better results when I bypass the multi-auth loop by changing line 283 of ssh2.py to call on auth_password intead of auth_none. This seems like it'll be a sufficient workaround for my current use-case, cisco ZTP.

self.client.auth_none(username) self.client.auth_password(username, password)

I'm wondering if IOS-XE 16.3.x doesn't like the rapid subsequent connections spawned by the _authentication_reconnect_hack call.

I am having the same issue with IOS-XE version 16.3.6.

SCRIPT

#!/usr/bin/env python

from Exscript.util.start import start
from Exscript import Account, Host
from Exscript.util.file import get_accounts_from_file
from Exscript.util.file import get_hosts_from_file

cred = get_accounts_from_file('/etc/ztp/ref/cred')
switch = get_hosts_from_file('/etc/ztp/ref/host', default_protocol='ssh2')

def post_cfg(job, host, conn):
        conn.execute('conf t')
        conn.execute('no vstack')
        conn.execute('no ip http ser')
        conn.execute('no ip http secure-s')
        conn.execute('no ip http authen')
        conn.execute('end')
        conn.execute('write mem')
        conn.send('exit\r')

with open('/etc/ztp/ref/post_cfg.log', "w+") as fp:
        start(cred, switch, post_cfg, stdout=fp)

I can execute the script fine once, but if I do it again shortly after, I get the following;

10.18.64.5 error: Buffer: u''
Traceback (most recent call last):
  File "/usr/local/lib/python2.7/dist-packages/Exscript/workqueue/job.py", line 78, in run
    self.function(self)
  File "/usr/local/lib/python2.7/dist-packages/Exscript/queue.py", line 102, in _wrapped
    result = func(job, host, conn, *args, **kwargs)
  File "/usr/local/lib/python2.7/dist-packages/Exscript/util/decorator.py", line 117, in decorated
    conn.login(flush=flush)
  File "/usr/local/lib/python2.7/dist-packages/Exscript/protocols/protocol.py", line 674, in login
    self.authenticate(account, flush=False)
  File "/usr/local/lib/python2.7/dist-packages/Exscript/protocols/protocol.py", line 699, in authenticate
    self.app_authenticate(app_account, flush=flush)
  File "/usr/local/lib/python2.7/dist-packages/Exscript/protocols/protocol.py", line 868, in app_authenticate
    self._app_authenticate(account, password, flush, bailout)
  File "/usr/local/lib/python2.7/dist-packages/Exscript/protocols/protocol.py", line 772, in _app_authenticate
    raise TimeoutException(msg)
TimeoutException: Buffer: u''

But from the switch I can see the SSH session establish, here is a log from a successful pass, and then a fail;

Switch log from first run, SUCCESS

*Jul 27 2018 17:22:59.879 PDT: %SSH-5-SSH2_SESSION: SSH2 Session request from 10.19.128.202 (tty = 1) using crypto cipher 'aes128-ctr', hmac 'hmac-sha1' Succeeded
*Jul 27 2018 17:23:00.428 PDT: %SSH-5-SSH2_SESSION: SSH2 Session request from 10.19.128.202 (tty = 2) using crypto cipher 'aes128-ctr', hmac 'hmac-sha1' Succeeded
*Jul 27 2018 17:23:00.765 PDT: %SSH-5-SSH2_SESSION: SSH2 Session request from 10.19.128.202 (tty = 3) using crypto cipher 'aes128-ctr', hmac 'hmac-sha1' Succeeded
*Jul 27 2018 17:23:01.117 PDT: %SSH-5-SSH2_SESSION: SSH2 Session request from 10.19.128.202 (tty = 4) using crypto cipher 'aes128-ctr', hmac 'hmac-sha1' Succeeded
*Jul 27 2018 17:23:01.329 PDT: %SSH-5-SSH2_USERAUTH: User 'provision' authentication for SSH2 Session from 10.19.128.202 (tty = 4) using crypto cipher 'aes128-ctr', hmac 'hmac-sha1' Succeeded
*Jul 27 2018 17:23:01.375 PDT: %PARSER-5-CFGLOG_LOGGEDCMD: User:provision  logged command:!exec: enable
*Jul 27 2018 17:23:01.428 PDT: %PARSER-5-CFGLOG_LOGGEDCMD: User:provision  logged command:no vstack 
*Jul 27 2018 17:23:01.497 PDT: %PARSER-5-CFGLOG_LOGGEDCMD: User:provision  logged command:no ip http server 
*Jul 27 2018 17:23:01.554 PDT: %PARSER-5-CFGLOG_LOGGEDCMD: User:provision  logged command:no ip http secure-server 
*Jul 27 2018 17:23:01.613 PDT: %PARSER-5-CFGLOG_LOGGEDCMD: User:provision  logged command:no ip http authentication 
*Jul 27 2018 17:23:01.727 PDT: %SYS-5-CONFIG_I: Configured from console by provision on vty4 (10.19.128.202)
*Jul 27 2018 17:23:03.593 PDT: %SSH-5-SSH2_CLOSE: SSH2 Session from 10.19.128.202 (tty = 4) for user 'provision' using crypto cipher 'aes128-ctr', hmac 'hmac-sha1' closed
*Jul 27 2018 17:23:03.679 PDT: %SSH-5-SSH2_USERAUTH: User '' authentication for SSH2 Session from 10.19.128.202 (tty = 1) using crypto cipher 'aes128-ctr', hmac 'hmac-sha1' Failed
*Jul 27 2018 17:23:03.680 PDT: %SSH-5-SSH2_CLOSE: SSH2 Session from 10.19.128.202 (tty = 1) for user '' using crypto cipher 'aes128-ctr', hmac 'hmac-sha1' closed
*Jul 27 2018 17:23:03.779 PDT: %SSH-5-SSH2_USERAUTH: User '' authentication for SSH2 Session from 10.19.128.202 (tty = 3) using crypto cipher 'aes128-ctr', hmac 'hmac-sha1' Failed
*Jul 27 2018 17:23:03.780 PDT: %SSH-5-SSH2_CLOSE: SSH2 Session from 10.19.128.202 (tty = 3) for user '' using crypto cipher 'aes128-ctr', hmac 'hmac-sha1' closed
*Jul 27 2018 17:23:03.833 PDT: %SSH-5-SSH2_USERAUTH: User '' authentication for SSH2 Session from 10.19.128.202 (tty = 2) using crypto cipher 'aes128-ctr', hmac 'hmac-sha1' Failed
*Jul 27 2018 17:23:03.833 PDT: %SSH-5-SSH2_CLOSE: SSH2 Session from 10.19.128.202 (tty = 2) for user '' using crypto cipher 'aes128-ctr', hmac 'hmac-sha1' closed

Switch log from subsequent run, FAIL Note: I ran a who command while waiting for the script to fail and close the connection to show that the user was authenticated.

*Jul 27 2018 17:24:07.343 PDT: %SSH-5-SSH2_SESSION: SSH2 Session request from 10.19.128.202 (tty = 1) using crypto cipher 'aes128-ctr', hmac 'hmac-sha1' Succeeded
*Jul 27 2018 17:24:07.914 PDT: %SSH-5-SSH2_SESSION: SSH2 Session request from 10.19.128.202 (tty = 2) using crypto cipher 'aes128-ctr', hmac 'hmac-sha1' Succeeded
*Jul 27 2018 17:24:08.263 PDT: %SSH-5-SSH2_SESSION: SSH2 Session request from 10.19.128.202 (tty = 3) using crypto cipher 'aes128-ctr', hmac 'hmac-sha1' Succeeded
*Jul 27 2018 17:24:08.809 PDT: %SSH-5-SSH2_SESSION: SSH2 Session request from 10.19.128.202 (tty = 4) using crypto cipher 'aes128-ctr', hmac 'hmac-sha1' Succeeded
*Jul 27 2018 17:24:09.020 PDT: %SSH-5-SSH2_USERAUTH: User 'provision' authentication for SSH2 Session from 10.19.128.202 (tty = 4) using crypto cipher 'aes128-ctr', hmac 'hmac-sha1' Succeeded
switch#who
    Line       User       Host(s)              Idle       Location
*  2 vty 0     admin      idle                 00:00:00 10.19.1.109
   3 vty 1     provision    idle                 00:00:22 10.19.128.202
   4 vty 2                idle                 00:00:21 10.19.128.202
   5 vty 3                idle                 00:00:20 10.19.128.202
   6 vty 4     provision    idle                 00:00:20 10.19.128.202

  Interface    User               Mode         Idle     Peer Address
*Jul 27 2018 17:24:39.156 PDT: %SSH-5-SSH2_USERAUTH: User '' authentication for SSH2 Session from 10.19.128.202 (tty = 1) using crypto cipher 'aes128-ctr', hmac 'hmac-sha1' Failed
*Jul 27 2018 17:24:39.156 PDT: %SSH-5-SSH2_CLOSE: SSH2 Session from 10.19.128.202 (tty = 1) for user '' using crypto cipher 'aes128-ctr', hmac 'hmac-sha1' closed
*Jul 27 2018 17:24:39.256 PDT: %SSH-5-SSH2_USERAUTH: User '' authentication for SSH2 Session from 10.19.128.202 (tty = 3) using crypto cipher 'aes128-ctr', hmac 'hmac-sha1' Failed
*Jul 27 2018 17:24:39.256 PDT: %SSH-5-SSH2_CLOSE: SSH2 Session from 10.19.128.202 (tty = 3) for user '' using crypto cipher 'aes128-ctr', hmac 'hmac-sha1' closed
*Jul 27 2018 17:24:39.292 PDT: %SSH-5-SSH2_USERAUTH: User '' authentication for SSH2 Session from 10.19.128.202 (tty = 2) using crypto cipher 'aes128-ctr', hmac 'hmac-sha1' Failed
*Jul 27 2018 17:24:39.292 PDT: %SSH-5-SSH2_CLOSE: SSH2 Session from 10.19.128.202 (tty = 2) for user '' using crypto cipher 'aes128-ctr', hmac 'hmac-sha1' closed
*Jul 27 2018 17:24:39.292 PDT: %SSH-5-SSH2_CLOSE: SSH2 Session from 10.19.128.202 (tty = 4) for user '' using crypto cipher 'aes128-ctr', hmac 'hmac-sha1' closed

I created a new script to get debug output, logs from switch are identical as they were from the original script;

Debug Script

#!/usr/bin/env python

from Exscript import Account
from Exscript.protocols import SSH2

cred = Account("provision","******")
conn = SSH2(debug=9)
conn.connect('10.18.64.5')
print conn.response
print conn.get_remote_version()
print conn.get_banner()
print conn.is_dummy()
conn.login(cred)
print conn.response  

conn.execute('conf t')
conn.execute('no vstack')
conn.execute('no ip http ser')
conn.execute('no ip http secure-s')
conn.execute('no ip http authen')
conn.execute('end')
conn.execute('wr mem')
conn.send('exit\r')
conn.close()

First pass, Success

generic: Rejecting ssh-rsa host key for 10.18.64.5: 022f60cc74452ea5d2163e1465bd0c2f
None
SSH-2.0-Cisco-1.25
None
False
generic: Attempting to authenticate provision.
generic: auth_none failed, supported: [u'publickey', u'keyboard-interactive', u'password']
generic: Rejecting ssh-rsa host key for 10.18.64.5: 022f60cc74452ea5d2163e1465bd0c2f
generic: Authenticating with _paramiko_auth_agent
generic: Authentication with _paramiko_auth_agent failed: auth agent found no keys
generic: Rejecting ssh-rsa host key for 10.18.64.5: 022f60cc74452ea5d2163e1465bd0c2f
generic: Authenticating with _paramiko_auth_autokey
generic: Authentication with _paramiko_auth_autokey failed: Failed to authenticate with given username and password/key
generic: Rejecting ssh-rsa host key for 10.18.64.5: 022f60cc74452ea5d2163e1465bd0c2f
generic: Authenticating with _paramiko_auth_interactive
generic: Attempting to app-authenticate provision.
generic: waiting for: ['[\\r\\n][^\\r\\n]*(?:bad secrets|denied|invalid|too short|incorrect|connection timed out|failed|failure)', '(user ?name|user|login): *$', u'(?:s\\/key|otp-md4) (\\d+) (\\S+)(?=\\s|[\\r\\n])', 'password:? *$', '[\\r\\n](?:[^0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ\\!\\"\\#\\$\\%\\&\\\'\\(\\)\\*\\+\\,\\-\\.\\/\\:\\;\\<\\=\\>\\?\\@\\[\\\\\\]\\^\\_\\`\\{\\|\\}\\~\\ \\\t\\\n\\\r\\\x0b\\\x0c]*|[\\x1b\\x07\\x00]*)[\\[\\<]?\\w+(?:(?:(?:[\\w+\\-]+)\\@)?(?:[\\w+\\-\\.]+))?:?(?:(?:(?:(?:[\\w\\+\\-\\._]+))?(?:/(?:[\\w\\+\\-\\._]+))*/?)|~(?:(?:(?:[\\w\\+\\-\\._]+))?(?:/(?:[\\w\\+\\-\\._]+))*/?)?)?[: ]?(?:(?:(?:(?:[\\w\\+\\-\\._]+))?(?:/(?:[\\w\\+\\-\\._]+))*/?)|~(?:(?:(?:[\\w\\+\\-\\._]+))?(?:/(?:[\\w\\+\\-\\._]+))*/?)?)?(?:\\((?:[\\w\\+\\-\\._]+)\\))?[\\]\\-]?[#>%\\$\\]] ?[^0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ\\!\\"\\#\\$\\%\\&\\\'\\(\\)\\*\\+\\,\\-\\.\\/\\:\\;\\<\\=\\>\\?\\@\\[\\\\\\]\\^\\_\\`\\{\\|\\}\\~\\ \\\t\\\n\\\r\\\x0b\\\x0c]*\\Z']
generic: Expecting a prompt
generic: Expected pattern: ["'[\\\\r\\\\n][^\\\\r\\\\n]*(?:bad secrets|denied|invalid|too short|incorrect|connection timed out|failed|failure)'", "'(user ?name|user|login): *$'", "u'(?:s\\\\/key|otp-md4) (\\\\d+) (\\\\S+)(?=\\\\s|[\\\\r\\\\n])'", "'password:? *$'", '\'[\\\\r\\\\n](?:[^0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ\\\\!\\\\"\\\\#\\\\$\\\\%\\\\&\\\\\\\'\\\\(\\\\)\\\\*\\\\+\\\\,\\\\-\\\\.\\\\/\\\\:\\\\;\\\\<\\\\=\\\\>\\\\?\\\\@\\\\[\\\\\\\\\\\\]\\\\^\\\\_\\\\`\\\\{\\\\|\\\\}\\\\~\\\\ \\\\\\t\\\\\\n\\\\\\r\\\\\\x0b\\\\\\x0c]*|[\\\\x1b\\\\x07\\\\x00]*)[\\\\[\\\\<]?\\\\w+(?:(?:(?:[\\\\w+\\\\-]+)\\\\@)?(?:[\\\\w+\\\\-\\\\.]+))?:?(?:(?:(?:(?:[\\\\w\\\\+\\\\-\\\\._]+))?(?:/(?:[\\\\w\\\\+\\\\-\\\\._]+))*/?)|~(?:(?:(?:[\\\\w\\\\+\\\\-\\\\._]+))?(?:/(?:[\\\\w\\\\+\\\\-\\\\._]+))*/?)?)?[: ]?(?:(?:(?:(?:[\\\\w\\\\+\\\\-\\\\._]+))?(?:/(?:[\\\\w\\\\+\\\\-\\\\._]+))*/?)|~(?:(?:(?:[\\\\w\\\\+\\\\-\\\\._]+))?(?:/(?:[\\\\w\\\\+\\\\-\\\\._]+))*/?)?)?(?:\\\\((?:[\\\\w\\\\+\\\\-\\\\._]+)\\\\))?[\\\\]\\\\-]?[#>%\\\\$\\\\]] ?[^0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ\\\\!\\\\"\\\\#\\\\$\\\\%\\\\&\\\\\\\'\\\\(\\\\)\\\\*\\\\+\\\\,\\\\-\\\\.\\\\/\\\\:\\\\;\\\\<\\\\=\\\\>\\\\?\\\\@\\\\[\\\\\\\\\\\\]\\\\^\\\\_\\\\`\\\\{\\\\|\\\\}\\\\~\\\\ \\\\\\t\\\\\\n\\\\\\r\\\\\\x0b\\\\\\x0c]*\\\\Z\'']
ios: Protocol: driver replaced: generic -> ios
ios: Protocol.app_authenticate(): driver replaced
ios: waiting for: ['[\\r\\n][^\\r\\n]*(?:bad secrets|denied|invalid|too short|incorrect|connection timed out|failed|failure)', 'user ?name: ?$', u'(?:s\\/key|otp-md4) (\\d+) (\\S+)(?=\\s|[\\r\\n])', '(?:[\\r\\n][Pp]assword: ?|last resort password:)$', '[\\r\\n][\\-\\w+\\.:/]+(?:\\([^\\)]+\\))?[>#] ?$']
ios: Expecting a prompt
ios: Expected pattern: ["'[\\\\r\\\\n][^\\\\r\\\\n]*(?:bad secrets|denied|invalid|too short|incorrect|connection timed out|failed|failure)'", "'user ?name: ?$'", "u'(?:s\\\\/key|otp-md4) (\\\\d+) (\\\\S+)(?=\\\\s|[\\\\r\\\\n])'", "'(?:[\\\\r\\\\n][Pp]assword: ?|last resort password:)$'", "'[\\\\r\\\\n][\\\\-\\\\w+\\\\.:/]+(?:\\\\([^\\\\)]+\\\\))?[>#] ?$'"]
ios: Shell prompt received.
ios: Expecting a prompt
ios: Expected pattern: ["'[\\\\r\\\\n][\\\\-\\\\w+\\\\.:/]+(?:\\\\([^\\\\)]+\\\\))?[>#] ?$'"]
ios: Checking u'\r' for errors
ios: Calling driver.auto_authorize().
ios: Sending 'enable\r'
ios: Attempting to app-authorize provision.
ios: waiting for: ['[\\r\\n][^\\r\\n]*(?:bad secrets|denied|invalid|too short|incorrect|connection timed out|failed|failure)', 'user ?name: ?$', u'(?:s\\/key|otp-md4) (\\d+) (\\S+)(?=\\s|[\\r\\n])', '(?:[\\r\\n][Pp]assword: ?|last resort password:)$', '[\\r\\n][\\-\\w+\\.:/]+(?:\\([^\\)]+\\))?[>#] ?$']
ios: Expecting a prompt
ios: Expected pattern: ["'[\\\\r\\\\n][^\\\\r\\\\n]*(?:bad secrets|denied|invalid|too short|incorrect|connection timed out|failed|failure)'", "'user ?name: ?$'", "u'(?:s\\\\/key|otp-md4) (\\\\d+) (\\\\S+)(?=\\\\s|[\\\\r\\\\n])'", "'(?:[\\\\r\\\\n][Pp]assword: ?|last resort password:)$'", "'[\\\\r\\\\n][\\\\-\\\\w+\\\\.:/]+(?:\\\\([^\\\\)]+\\\\))?[>#] ?$'"]
ios: Shell prompt received.
ios: Expecting a prompt
ios: Expected pattern: ["'[\\\\r\\\\n][\\\\-\\\\w+\\\\.:/]+(?:\\\\([^\\\\)]+\\\\))?[>#] ?$'"]
ios: Checking u'enable\r' for errors
enable
ios: Sending u'conf t\r'
ios: Expecting a prompt
ios: Expected pattern: ["'[\\\\r\\\\n][\\\\-\\\\w+\\\\.:/]+(?:\\\\([^\\\\)]+\\\\))?[>#] ?$'"]
ios: Checking u'conf t\r\nEnter configuration commands, one per line.  End with CNTL/Z.\r' for errors
ios: Sending u'no vstack\r'
ios: Expecting a prompt
ios: Expected pattern: ["'[\\\\r\\\\n][\\\\-\\\\w+\\\\.:/]+(?:\\\\([^\\\\)]+\\\\))?[>#] ?$'"]
ios: Checking u'no vstack\r' for errors
ios: Sending u'no ip http ser\r'
ios: Expecting a prompt
ios: Expected pattern: ["'[\\\\r\\\\n][\\\\-\\\\w+\\\\.:/]+(?:\\\\([^\\\\)]+\\\\))?[>#] ?$'"]
ios: Checking u'no ip http ser\r' for errors
ios: Sending u'no ip http secure-s\r'
ios: Expecting a prompt
ios: Expected pattern: ["'[\\\\r\\\\n][\\\\-\\\\w+\\\\.:/]+(?:\\\\([^\\\\)]+\\\\))?[>#] ?$'"]
ios: Checking u'no ip http secure-s\r' for errors
ios: Sending u'no ip http authen\r'
ios: Expecting a prompt
ios: Expected pattern: ["'[\\\\r\\\\n][\\\\-\\\\w+\\\\.:/]+(?:\\\\([^\\\\)]+\\\\))?[>#] ?$'"]
ios: Checking u'no ip http authen\r' for errors
ios: Sending u'end\r'
ios: Expecting a prompt
ios: Expected pattern: ["'[\\\\r\\\\n][\\\\-\\\\w+\\\\.:/]+(?:\\\\([^\\\\)]+\\\\))?[>#] ?$'"]
ios: Checking u'end\r' for errors
ios: Sending u'wr mem\r'
ios: Expecting a prompt
ios: Expected pattern: ["'[\\\\r\\\\n][\\\\-\\\\w+\\\\.:/]+(?:\\\\([^\\\\)]+\\\\))?[>#] ?$'"]
ios: Checking u'wr mem\r\nBuilding configuration...\r\n[OK]\r' for errors
ios: Sending 'exit\r'

Second pass, FAIL

generic: Rejecting ssh-rsa host key for 10.18.64.5: 022f60cc74452ea5d2163e1465bd0c2f
None
SSH-2.0-Cisco-1.25
None
False
generic: Attempting to authenticate provision.
generic: auth_none failed, supported: [u'publickey', u'keyboard-interactive', u'password']
generic: Rejecting ssh-rsa host key for 10.18.64.5: 022f60cc74452ea5d2163e1465bd0c2f
generic: Authenticating with _paramiko_auth_agent
generic: Authentication with _paramiko_auth_agent failed: auth agent found no keys
generic: Rejecting ssh-rsa host key for 10.18.64.5: 022f60cc74452ea5d2163e1465bd0c2f
generic: Authenticating with _paramiko_auth_autokey
generic: Authentication with _paramiko_auth_autokey failed: Failed to authenticate with given username and password/key
generic: Rejecting ssh-rsa host key for 10.18.64.5: 022f60cc74452ea5d2163e1465bd0c2f
generic: Authenticating with _paramiko_auth_interactive
generic: Attempting to app-authenticate provision.
generic: waiting for: ['[\\r\\n][^\\r\\n]*(?:bad secrets|denied|invalid|too short|incorrect|connection timed out|failed|failure)', '(user ?name|user|login): *$', u'(?:s\\/key|otp-md4) (\\d+) (\\S+)(?=\\s|[\\r\\n])', 'password:? *$', '[\\r\\n](?:[^0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ\\!\\"\\#\\$\\%\\&\\\'\\(\\)\\*\\+\\,\\-\\.\\/\\:\\;\\<\\=\\>\\?\\@\\[\\\\\\]\\^\\_\\`\\{\\|\\}\\~\\ \\\t\\\n\\\r\\\x0b\\\x0c]*|[\\x1b\\x07\\x00]*)[\\[\\<]?\\w+(?:(?:(?:[\\w+\\-]+)\\@)?(?:[\\w+\\-\\.]+))?:?(?:(?:(?:(?:[\\w\\+\\-\\._]+))?(?:/(?:[\\w\\+\\-\\._]+))*/?)|~(?:(?:(?:[\\w\\+\\-\\._]+))?(?:/(?:[\\w\\+\\-\\._]+))*/?)?)?[: ]?(?:(?:(?:(?:[\\w\\+\\-\\._]+))?(?:/(?:[\\w\\+\\-\\._]+))*/?)|~(?:(?:(?:[\\w\\+\\-\\._]+))?(?:/(?:[\\w\\+\\-\\._]+))*/?)?)?(?:\\((?:[\\w\\+\\-\\._]+)\\))?[\\]\\-]?[#>%\\$\\]] ?[^0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ\\!\\"\\#\\$\\%\\&\\\'\\(\\)\\*\\+\\,\\-\\.\\/\\:\\;\\<\\=\\>\\?\\@\\[\\\\\\]\\^\\_\\`\\{\\|\\}\\~\\ \\\t\\\n\\\r\\\x0b\\\x0c]*\\Z']
generic: Expecting a prompt
generic: Expected pattern: ["'[\\\\r\\\\n][^\\\\r\\\\n]*(?:bad secrets|denied|invalid|too short|incorrect|connection timed out|failed|failure)'", "'(user ?name|user|login): *$'", "u'(?:s\\\\/key|otp-md4) (\\\\d+) (\\\\S+)(?=\\\\s|[\\\\r\\\\n])'", "'password:? *$'", '\'[\\\\r\\\\n](?:[^0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ\\\\!\\\\"\\\\#\\\\$\\\\%\\\\&\\\\\\\'\\\\(\\\\)\\\\*\\\\+\\\\,\\\\-\\\\.\\\\/\\\\:\\\\;\\\\<\\\\=\\\\>\\\\?\\\\@\\\\[\\\\\\\\\\\\]\\\\^\\\\_\\\\`\\\\{\\\\|\\\\}\\\\~\\\\ \\\\\\t\\\\\\n\\\\\\r\\\\\\x0b\\\\\\x0c]*|[\\\\x1b\\\\x07\\\\x00]*)[\\\\[\\\\<]?\\\\w+(?:(?:(?:[\\\\w+\\\\-]+)\\\\@)?(?:[\\\\w+\\\\-\\\\.]+))?:?(?:(?:(?:(?:[\\\\w\\\\+\\\\-\\\\._]+))?(?:/(?:[\\\\w\\\\+\\\\-\\\\._]+))*/?)|~(?:(?:(?:[\\\\w\\\\+\\\\-\\\\._]+))?(?:/(?:[\\\\w\\\\+\\\\-\\\\._]+))*/?)?)?[: ]?(?:(?:(?:(?:[\\\\w\\\\+\\\\-\\\\._]+))?(?:/(?:[\\\\w\\\\+\\\\-\\\\._]+))*/?)|~(?:(?:(?:[\\\\w\\\\+\\\\-\\\\._]+))?(?:/(?:[\\\\w\\\\+\\\\-\\\\._]+))*/?)?)?(?:\\\\((?:[\\\\w\\\\+\\\\-\\\\._]+)\\\\))?[\\\\]\\\\-]?[#>%\\\\$\\\\]] ?[^0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ\\\\!\\\\"\\\\#\\\\$\\\\%\\\\&\\\\\\\'\\\\(\\\\)\\\\*\\\\+\\\\,\\\\-\\\\.\\\\/\\\\:\\\\;\\\\<\\\\=\\\\>\\\\?\\\\@\\\\[\\\\\\\\\\\\]\\\\^\\\\_\\\\`\\\\{\\\\|\\\\}\\\\~\\\\ \\\\\\t\\\\\\n\\\\\\r\\\\\\x0b\\\\\\x0c]*\\\\Z\'']
ios: Protocol: driver replaced: generic -> ios
ios: Protocol.app_authenticate(): driver replaced
ios: waiting for: ['[\\r\\n][^\\r\\n]*(?:bad secrets|denied|invalid|too short|incorrect|connection timed out|failed|failure)', 'user ?name: ?$', u'(?:s\\/key|otp-md4) (\\d+) (\\S+)(?=\\s|[\\r\\n])', '(?:[\\r\\n][Pp]assword: ?|last resort password:)$', '[\\r\\n][\\-\\w+\\.:/]+(?:\\([^\\)]+\\))?[>#] ?$']
ios: Expecting a prompt
ios: Expected pattern: ["'[\\\\r\\\\n][^\\\\r\\\\n]*(?:bad secrets|denied|invalid|too short|incorrect|connection timed out|failed|failure)'", "'user ?name: ?$'", "u'(?:s\\\\/key|otp-md4) (\\\\d+) (\\\\S+)(?=\\\\s|[\\\\r\\\\n])'", "'(?:[\\\\r\\\\n][Pp]assword: ?|last resort password:)$'", "'[\\\\r\\\\n][\\\\-\\\\w+\\\\.:/]+(?:\\\\([^\\\\)]+\\\\))?[>#] ?$'"]
Traceback (most recent call last):
  File "/root/1test-ssh.sh", line 13, in <module>
    conn.login(cred)
  File "/usr/local/lib/python2.7/dist-packages/Exscript/protocols/protocol.py", line 674, in login
    self.authenticate(account, flush=False)
  File "/usr/local/lib/python2.7/dist-packages/Exscript/protocols/protocol.py", line 699, in authenticate
    self.app_authenticate(app_account, flush=flush)
  File "/usr/local/lib/python2.7/dist-packages/Exscript/protocols/protocol.py", line 868, in app_authenticate
    self._app_authenticate(account, password, flush, bailout)
  File "/usr/local/lib/python2.7/dist-packages/Exscript/protocols/protocol.py", line 772, in _app_authenticate
    raise TimeoutException(msg)
Exscript.protocols.exception.TimeoutException: Buffer: **u''**
knipknap commented 6 years ago

This is may no longer apply with the latest version in master, since we essentially disabled the authentication hack. Could you please test again?

Another potential fix is being discussed in pull request #173.

bigmars86 commented 5 years ago

The problem now is, that the generic driver has not enabled the hack enymore. There are some IOS devices which need the hack, but they are recognized as IOS after successful authentication:

generic: Rejecting ssh-rsa host key for <xxxx>: <xxxxxxx>
generic: Attempting to authenticate <xxxxxxx>.
generic: auth_none failed, supported: [u'publickey', u'keyboard-interactive', u'password']
generic: Authenticating with _paramiko_auth_agent
generic: Authentication with _paramiko_auth_agent failed: auth agent found no keys
generic: Authenticating with _paramiko_auth_autokey
generic: Trying key <xxxxxxxxxxxxxxxxxx> in /home/<xxxxxxxx>/.ssh/id_rsa
generic: Authentication with _paramiko_auth_autokey failed: Authentication failed.
generic: Authenticating with _paramiko_auth_interactive
generic: _paramiko_auth_interactive: SSHException: No existing session
generic: Authenticating with _paramiko_auth_password
generic: _paramiko_auth_password: SSHException: No existing session
Traceback (most recent call last):
  File "/usr/local/lib/to/to", line 675, in <module>
    device.get_conn().interact(keymap)
  File "/usr/lib/python2.7/site-packages/Exscript/protocols/ssh2.py", line 449, in interact
    return self._open_shell(self.shell, key_handlers, handle_window_size)
  File "/usr/lib/python2.7/site-packages/Exscript/protocols/protocol.py", line 1230, in _open_shell
    return self._open_posix_shell(channel, key_handlers, handle_window_size)
  File "/usr/lib/python2.7/site-packages/Exscript/protocols/protocol.py", line 1153, in _open_posix_shell
    handle_sigwinch(None, None)
  File "/usr/lib/python2.7/site-packages/Exscript/protocols/protocol.py", line 1151, in handle_sigwinch
    self._set_terminal_size(rows, cols)
  File "/usr/lib/python2.7/site-packages/Exscript/protocols/ssh2.py", line 446, in _set_terminal_size
    self.shell.resize_pty(cols, rows)
AttributeError: 'NoneType' object has no attribute 'resize_pty'

After enabling the hack for the generic driver, everything works:

class GenericDriver(Driver):

    def __init__(self):
        Driver.__init__(self, 'generic')
        self.reconnect_between_auth_methods = True

Now I don't know what should be the default behaviour, but it still has to be worked out.

knipknap commented 5 years ago

@bigmars86 the issue that you are describing is unrelated to this bug. It's tracked in issue #166. I'll follow up there.

JohnHay commented 4 years ago

EDIT

I'm getting better results when I bypass the multi-auth loop by changing line 283 of ssh2.py to call on auth_password intead of auth_none. This seems like it'll be a sufficient workaround for my current use-case, cisco ZTP.

~self.client.auth_none(username)~ self.client.auth_password(username, password)

I resorted to the same change and now login to all our routers work again. Maybe a bit of a background, our current setup is using exscript 2.4.8 and python 2.7. We have a variety of network equipment, from Alcatel (now Nokia) SAS-M/T, Arista, Cisco IOS and XR, Juniper and the odd Ocnos an Cumulus devices. I'm currently looking at moving our scripts to python 3.6 and exscript 2.6 (using the new FreeBSD package for it). Our old setup basically just set 

ssh_conn.set_driver("generic")
ssh_conn.set_prompt(re.compile(r'(?:\A|[\r\n])\S+[#>] ?\Z'))

and worked everywhere. I see there are talks about making the login method settable, that would be great, if it will be a way to fix this problem.

mwallraf commented 3 years ago

EDIT Actually it was @derek-shnosh who made the first suggestion, thanks :-)

@JohnHay , thanks for your suggestion, we are taking 6000 backups per day from different kind of equipment (Cisco, OneAccess, Ciena, ..) and this always worked but after moving to a new redhat server with exscript 2.6.3 python 3.8 we had a few hundred devices with the exact same issue (fail on the auth_none() procedure). Debugging SSH and trying different options did not help in finding a solution .. It's actually a very strange problem because we have for example 2 identical hardware devices with identical software and configuration and on 1 router the backup will always work and on the other one it will always fail.

After patching the exscript ssh2.py file like you suggested all backups are now working again !!