Using send_command() to send passwords fails on Netmiko 3.X on Vyatta

[assadniang]

Platform is Vyatta

[an144a@mtlab-auto Vyatta]$ pip3  show netmiko
Name: netmiko
Version: 3.1.1
Summary: Multi-vendor library to simplify Paramiko SSH connections to network devices
Home-page: https://github.com/ktbyers/netmiko
Author: Kirk Byers
Author-email: ktbyers@twb-tech.com
License: MIT
Location: /usr/local/lib/python3.8/site-packages
Requires: paramiko, scp, setuptools, pyserial, textfsm
Required-by: 
[an144a@mtlab-auto Vyatta]$

Here is the manual ssh:

Description:  AT&T vRouter 5600 1908f VNF
Linux wb-sm-1013 4.19.0-trunk-vyatta-amd64 #1 SMP PREEMPT Debian 4.19.93-0vyatta5+1.3 (2020-01-29) x86_64
Last login: Tue Jun 30 15:40:28 2020 from fd:192:168:64::250
vyatta@wb-sm-1013:~$ ssh is_admin@12.80.1.30 routing-instance att-mgmt
* LEGAL NOTICE * 
This system is restricted solely to AT&T authorized users for 
legitimate business purposes only. The actual or attempted 
unauthorized access, use or modification of this system is 
strictly prohibited by AT&T. Unauthorized users are subject to 
Company disciplinary proceedings and/or criminal and civil 
penalties under state, federal or other applicable domestic and 
foreign laws. The use of this system may be monitored and 
recorded for administrative and security reasons. Anyone 
accessing this system expressly consents to such monitoring and 
is advised that if such monitoring reveals possible evidence of 
criminal activity, AT&T may provide the evidence of such 
activity to law enforcement officials. All users must comply 
with AT&T company policies regarding the 
protection of AT&T information assets. 
Password: 
ubmc> exit
Connection to 12.80.1.30 closed.
vyatta@wb-sm-1013:~$ exit
logout
Connection to wb-sm-1013 closed.
[an144a@mtlab-auto Vyatta]$

My script used to work well with 2.4.2, after the upgrade to 3.0 all my expect_string fail with pattern not found:

Here is part of the script that fails, it runs a ssh command, then input the password, after the password input, the expected prompt is "ubmc>", it says that it cannot find the prompt and fails

This was working fine in 2.4.2, but fails in 3.0

output = net_connect.send_command('ssh is_admin@12.80.1.30 routing-instance att-mgmt',expect_string = r'\)\?|:|\$')

        if 'connecting (yes/no)?' in output:
            output += net_connect.send_command('yes', expect_string = r'd:')
            output += net_connect.send_command('abc123', expect_string = r'ubmc>')

        elif 'Password:' in output:
            net_connect.send_command('abc123', expect_string = r'ubmc>')            

        elif 'WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!' in output:
            print('WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!')
            print('Removing entry 12.80.1.30 from ssh_known_hosts file...')
            output += net_connect.send_command('ssh-keygen -f "/home/vyatta/.ssh/vrf/att-mgmt/.ssh/ssh_known_hosts" -R 12.80.1.30')
            vyatta_show_bmc_version()

        elif 'Connection reset by peer' in output:
            print(color.RED + 'Failed to login to uBMC' + color.END)
            print('ssh_exchange_identification:\nread: Connection reset by peer')
            print('Please login to uBMC via console and run this command:\nubmc(config)#configurations reset\nThen try running the script again')
            return

        else:
            print(color.RED + 'Failed to login to uBMC' + color.END)
            print(output)
            return

    else:
        print(color.RED + '\nBMC is not reachable (12.80.1.30)' + color.END)
        print('Please make sure it is the under routing-instance <att-mgmt>')
        print('Trying to SSH to <#ssh is_admin@12.80.1.30 routing-instance att-mgmt> failed')
        return

Output:

>>> Connecting to BMC...
uBMC is alive... 
Trying to SSH into uBMC via routing-instance att-mgmt
Traceback (most recent call last):
  File "/usr/local/lib/python3.8/site-packages/paramiko/channel.py", line 699, in recv
    out = self.in_buffer.read(nbytes, self.timeout)
  File "/usr/local/lib/python3.8/site-packages/paramiko/buffered_pipe.py", line 164, in read
    raise PipeTimeout()
paramiko.buffered_pipe.PipeTimeout

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/usr/local/lib/python3.8/site-packages/netmiko/base_connection.py", line 550, in _read_channel_expect
    new_data = self.remote_conn.recv(MAX_BUFFER)
  File "/usr/local/lib/python3.8/site-packages/paramiko/channel.py", line 701, in recv
    raise socket.timeout()
socket.timeout

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "./uCPE_Vyatta_Check_Version.py", line 248, in <module>
    vyatta_show_bmc_version()
  File "./uCPE_Vyatta_Check_Version.py", line 184, in vyatta_show_bmc_version
    net_connect.send_command('1qaz2wsX', expect_string = r'ubmc>')            
  File "/usr/local/lib/python3.8/site-packages/netmiko/utilities.py", line 347, in wrapper_decorator
    return func(self, *args, **kwargs)
  File "/usr/local/lib/python3.8/site-packages/netmiko/base_connection.py", line 1390, in send_command
    new_data = self.read_until_pattern(pattern=re.escape(cmd))
  File "/usr/local/lib/python3.8/site-packages/netmiko/base_connection.py", line 627, in read_until_pattern
    return self._read_channel_expect(*args, **kwargs)
  File "/usr/local/lib/python3.8/site-packages/netmiko/base_connection.py", line 560, in _read_channel_expect
    raise NetmikoTimeoutException(
netmiko.ssh_exception.NetmikoTimeoutException: Timed-out reading channel, data not available.

Log:

vyatta@wb-sm-1013:~$ 
DEBUG:netmiko:read_channel: 
DEBUG:netmiko:write_channel: b'ssh is_admin@12.80.1.30 routing-instance att-mgmt\n'
DEBUG:netmiko:Pattern is: ssh\ is_admin@12\.80\.1\.30\ routing\-instance\ att\-mgmt
DEBUG:netmiko:_read_channel_expect read_data: ssh is_admin@12.80.1.30 routing-instance att-mgmt

DEBUG:netmiko:Pattern found: ssh\ is_admin@12\.80\.1\.30\ routing\-instance\ att\-mgmt ssh is_admin@12.80.1.30 routing-instance att-mgmt

DEBUG:netmiko:read_channel: 
DEBUG:netmiko:read_channel: 

This system is restricted solely to AT&T authorized users for 
legitimate business purposes only. The actual or attempted 
unauthorized access, use or modification of this system is 
strictly prohibited by AT&T. Unauthorized users are subject to 
Company disciplinary proceedings and/or criminal and civil 
penalties under state, federal or other applicable domestic and 
foreign laws. The use of this system may be monitored and 
recorded for administrative and security reasons. Anyone 
accessing this system expressly consents to such monitoring and 
is advised that if such monitoring reveals possible evidence of 
criminal activity, AT&T may provide the evidence of such 
activity to law enforcement officials. All users must comply 
with AT&T company policies regarding the 
protection of AT&T information assets. 
Password: 
DEBUG:netmiko:read_channel: 
DEBUG:netmiko:write_channel: b'abc123\n'
DEBUG:netmiko:Pattern is: abc123
DEBUG:netmiko:_read_channel_expect read_data: 

DEBUG:netmiko:_read_channel_expect read_data: ubmc> 
[an144a@mtlab-auto Vyatta]$  

[ktbyers]

Netmiko 3.x expects the device to echo the command by default:

So when you send the password:

        if 'connecting (yes/no)?' in output:
            output += net_connect.send_command('yes', expect_string = r'd:')
            output += net_connect.send_command('abc123', expect_string = r'ubmc>')

        elif 'Password:' in output:
            net_connect.send_command('abc123', expect_string = r'ubmc>')            

These don't get echoed so they fail.

Easy fix is to add the argument cmd_verify=False to the relevant send_command() calls.

[assadniang]

Great, it worked

Thank you!

[salekseev]

@assadniang I happen to have one of those old ATT-V150 devices and have been unable to figure out the default uBMC is_admin account password to make it useful (https://github.com/silicom-ltd/uBMC/issues/2#issuecomment-1240887825). Is that something you could share with me, please?