search

ktbyers / netmiko

Multi-vendor library to simplify Paramiko SSH connections to network devices
MIT License
3.59k stars 1.31k forks source link

Non-privileged user command access on HP_Comware #316

Closed mrburkem closed 7 years ago

mrburkem commented 7 years ago

Hello, I have been using netmiko to access some of our HP_Comware switches and it has been working very well for us to this point. I recently upgraded to netmiko v1.1.0 from v0.5.6 and since I have done this my programs have not been working. To this point I have used device_type='cisco_ios' so the first thing I tried when things broke was to try device_type='hp_comware' but neither are working. My code looks like the following: sshUname = '---omitted---' sshPword = '---omitted---' superPword = '---omitted---' switchDef = 'switch-name'

netConnect = ConnectHandler(device_type='hp_comware', ip=switchDef, username=sshUname, password=sshPword)

output = netConnect.send_command("super 3") print output output = netConnect.send_command(superPword) print output output = netConnect.send_command("screen-length disable") print output

The user being used above does not have admin privileges and must do a priv escalation using the "super 3" command and follow it up with a password. These commands are not run from "system-view". When I try to run the code above I get the following output... Please input the password to change the privilege level, press CTRL_C to abort. Password: ^ % Unrecognized command found at '^' position. ^ % Unrecognized command found at '^' position.

If I run this code by changing the user/pw to an administrative user, everything works. Any idea what might be going on?

Thanks in advance! Mark

ktbyers commented 7 years ago

@mrburkem Is this Comware5 or Comware7?

You really shouldn't be doing these commands manually; they should be integrated into the system in the enable() method and login process.

output = netConnect.send_command("super 3")
print output
output = netConnect.send_command(superPword)
print output
output = netConnect.send_command("screen-length disable")
print output

How is "super 3" different than "system-view" for Comware? 'system-view' is what the current code calls for the .enable() method.

That all being said...you might want to replace:

send_command()

with:

send_command_timing()

that might just fix your issue.

mrburkem commented 7 years ago

@ktbyers We are working with Comware 5.

With Comware users can be set to privilege levels 0-3 (Privilege note: 0-VISIT, 1-MONITOR, 2-SYSTEM, 3-MANAGE). The user we login with has privilege level 0 so they must execute the command system 3 to be able to execute any commands in system-view.

That said, I tried using send_command_timing() using default values and it worked! Thank you for sending me in the right direction and thank you SO much for the work you do with this project!!! Your work has changed the way our team operates in a very positive way.