search

ktbyers / netmiko

Multi-vendor library to simplify Paramiko SSH connections to network devices
MIT License
3.49k stars 1.26k forks source link

cisco_wlc_ssh unable to connect to WLC "Pattern not detected: '(?:User:|login as|ssword|(?m:[>#]\\s*$))'" error #3400

Closed stefanopilla closed 3 months ago

stefanopilla commented 3 months ago

Description of Issue/Question

I'm trying to run a set of commands towards a Cisco WLC (Aireos) but netmiko seems to be unable to identify the prompt. I'm using "cisco_wlc_ssh" as device_type but I also tried with "cisco_wlc" running into the same issue. If I connect via ssh to the device the prompt is this:

(venv) xxxxxx@devbox:$ ssh -l admin 10.32.62.5

(Cisco Controller) 
User: admin
Password:*********************
(Cisco Controller) >show ap summary 

Number of APs.................................... 71

Global AP User Name.............................. Not Configured
Global AP Dot1x User Name........................ Not Configured

AP Name             Slots  AP Model              Ethernet MAC       Location          Country  IP Address       Clients
------------------  -----  --------------------  -----------------  ----------------  -------  ---------------  -------
XX-XX              2     XXXXXXXXXXXXXXXXXX    XX:XX:XX:XX:XX:XX     XXXXXXXXXXXX      US       XXX.XXX.XXX.XXX     0

Please note that I have replaced the username with 'admin'.

Setup

Netmiko version

(venv) xxxxxx@devbox:$ pip freeze | grep netmiko
netmiko==4.3.0

Netmiko device_type (if relevant to the issue)

cisco_wlc_ssh

tried also with 

cisco_wlc

Steps to Reproduce the Issue

Error Traceback

SSH connection established to XX.XX.XX.XX:22
Traceback (most recent call last):
  File "/home/user/test.py", line 74, in <module>
    with ConnectHandler(**net_conn) as conn:
  File "/home/user/venv/lib/python3.9/site-packages/netmiko/ssh_dispatcher.py", line 399, in ConnectHandler
    return ConnectionClass(*args, **kwargs)
  File "/home/user/venv/lib/python3.9/site-packages/netmiko/base_connection.py", line 488, in __init__
    self._open()
  File "/home/user/venv/lib/python3.9/site-packages/netmiko/base_connection.py", line 493, in _open
    self.establish_connection()
  File "/home/user/venv/lib/python3.9/site-packages/netmiko/base_connection.py", line 1208, in establish_connection
    self.special_login_handler()
  File "/home/user/venv/lib/python3.9/site-packages/netmiko/cisco/cisco_wlc_ssh.py", line 34, in special_login_handler
    new_data = self.read_until_pattern(pattern=pattern, read_timeout=25.0)
  File "/home/user/venv/lib/python3.9/site-packages/netmiko/base_connection.py", line 746, in read_until_pattern
    raise ReadTimeout(msg)
netmiko.exceptions.ReadTimeout: 

Pattern not detected: '(?:User:|login as|ssword|(?m:[>#]\\s*$))' in output.

Things you might try to fix this:
1. Adjust the regex pattern to better identify the terminating string. Note, in
many situations the pattern is automatically based on the network device's prompt.
2. Increase the read_timeout to a larger value.

You can also look at the Netmiko session_log or debug log for more information.

DEBUG LOG

DEBUG:paramiko.transport:starting thread (client mode): 0x4c9de50
DEBUG:paramiko.transport:Local version/idstring: SSH-2.0-paramiko_3.4.0
DEBUG:paramiko.transport:Remote version/idstring: SSH-2.0-CISCO_WLC
INFO:paramiko.transport:Connected (version 2.0, client CISCO_WLC)
DEBUG:paramiko.transport:=== Key exchange possibilities ===
DEBUG:paramiko.transport:kex algos: diffie-hellman-group-exchange-sha1, diffie-hellman-group14-sha1, diffie-hellman-group1-sha1
DEBUG:paramiko.transport:server key: ssh-rsa, ssh-dss
DEBUG:paramiko.transport:client encrypt: aes128-ctr, aes192-ctr, aes256-ctrarcfour256, arcfour128, aes128-cbc, 3des-cbc, blowfish-cbc, cast128-cbc, aes192-cbc, aes256-cbc, arcfour, rijndael-cbc@lysator.liu.se
DEBUG:paramiko.transport:server encrypt: aes128-ctr, aes192-ctr, aes256-ctrarcfour256, arcfour128, aes128-cbc, 3des-cbc, blowfish-cbc, cast128-cbc, aes192-cbc, aes256-cbc, arcfour, rijndael-cbc@lysator.liu.se
DEBUG:paramiko.transport:client mac: hmac-md5, hmac-sha1, hmac-ripemd160, hmac-ripemd160@openssh.com, hmac-sha1-96, hmac-md5-96, hmac-sha2-256, hmac-sha2-256-96, hmac-sha2-512, hmac-sha2-512-96
DEBUG:paramiko.transport:server mac: hmac-md5, hmac-sha1, hmac-ripemd160, hmac-ripemd160@openssh.com, hmac-sha1-96, hmac-md5-96, hmac-sha2-256, hmac-sha2-256-96, hmac-sha2-512, hmac-sha2-512-96
DEBUG:paramiko.transport:client compress: none, zlib
DEBUG:paramiko.transport:server compress: none, zlib
DEBUG:paramiko.transport:client lang: <none>
DEBUG:paramiko.transport:server lang: <none>DEBUG:paramiko.transport:starting thread (client mode): 0x3066c2e0
DEBUG:paramiko.transport:Local version/idstring: SSH-2.0-paramiko_3.4.0
DEBUG:paramiko.transport:Remote version/idstring: SSH-2.0-CISCO_WLC
INFO:paramiko.transport:Connected (version 2.0, client CISCO_WLC)
DEBUG:paramiko.transport:=== Key exchange possibilities ===
DEBUG:paramiko.transport:kex algos: diffie-hellman-group-exchange-sha1, diffie-hellman-group14-sha1, diffie-hellman-group1-sha1
DEBUG:paramiko.transport:server key: ssh-rsa, ssh-dss
DEBUG:paramiko.transport:client encrypt: aes128-ctr, aes192-ctr, aes256-ctrarcfour256, arcfour128, aes128-cbc, 3des-cbc, blowfish-cbc, cast128-cbc, aes192-cbc, aes256-cbc, arcfour, rijndael-cbc@lysator.liu.se
DEBUG:paramiko.transport:server encrypt: aes128-ctr, aes192-ctr, aes256-ctrarcfour256, arcfour128, aes128-cbc, 3des-cbc, blowfish-cbc, cast128-cbc, aes192-cbc, aes256-cbc, arcfour, rijndael-cbc@lysator.liu.se
DEBUG:paramiko.transport:client mac: hmac-md5, hmac-sha1, hmac-ripemd160, hmac-ripemd160@openssh.com, hmac-sha1-96, hmac-md5-96, hmac-sha2-256, hmac-sha2-256-96, hmac-sha2-512, hmac-sha2-512-96
DEBUG:paramiko.transport:server mac: hmac-md5, hmac-sha1, hmac-ripemd160, hmac-ripemd160@openssh.com, hmac-sha1-96, hmac-md5-96, hmac-sha2-256, hmac-sha2-256-96, hmac-sha2-512, hmac-sha2-512-96
DEBUG:paramiko.transport:client compress: none, zlib
DEBUG:paramiko.transport:server compress: none, zlib
DEBUG:paramiko.transport:client lang: <none>
DEBUG:paramiko.transport:server lang: <none>
DEBUG:paramiko.transport:kex follows: False
DEBUG:paramiko.transport:=== Key exchange agreements ===
DEBUG:paramiko.transport:Kex: diffie-hellman-group-exchange-sha1
DEBUG:paramiko.transport:HostKey: ssh-rsa
DEBUG:paramiko.transport:Cipher: aes128-ctr
DEBUG:paramiko.transport:MAC: hmac-sha2-256
DEBUG:paramiko.transport:Compression: none
DEBUG:paramiko.transport:=== End of kex handshake ===
DEBUG:paramiko.transport:Got server p (2048 bits)
DEBUG:paramiko.transport:kex engine KexGex specified hash_algo <built-in function openssl_sha1>
DEBUG:paramiko.transport:Switch to new keys ...
DEBUG:paramiko.transport:Adding ssh-rsa host key for X.X.X.X: b'06559145202aa42813d78c76c0dc39e3'
DEBUG:paramiko.transport:userauth is OK
INFO:paramiko.transport:Authentication (password) successful!
DEBUG:paramiko.transport:[chan 0] Max packet in: 32768 bytes
DEBUG:paramiko.transport:[chan 0] Max packet out: 32768 bytes
DEBUG:paramiko.transport:Secsh channel 0 opened.
DEBUG:paramiko.transport:[chan 0] Sesch channel 0 request ok
DEBUG:paramiko.transport:[chan 0] Sesch channel 0 request ok
DEBUG:netmiko:read_channel: 
DEBUG:netmiko:read_channel: 
DEBUG:netmiko:read_channel: 
DEBUG:netmiko:read_channel: 
DEBUG:netmiko:read_channel: 
(Cisco Controller) 
User: 
DEBUG:netmiko:Pattern found: ((?:User:|login as|ssword|(?m:[>#]\s*$))) 

(Cisco Controller) 
User:
DEBUG:netmiko:write_channel: b'admin\n'
DEBUG:netmiko:read_channel: 
DEBUG:netmiko:read_channel: 
<...>
DEBUG:netmiko:read_channel: 
DEBUG:netmiko:read_channel: a
DEBUG:netmiko:read_channel: 
DEBUG:netmiko:read_channel: 
DEBUG:netmiko:read_channel: 
DEBUG:netmiko:read_channel: dmin
Password:
DEBUG:netmiko:Pattern found: ((?:User:|login as|ssword|(?m:[>#]\s*$)))  admin
Password
DEBUG:netmiko:write_channel: b'********\n'
<...>
DEBUG:netmiko:read_channel: 
DEBUG:netmiko:read_channel: 
DEBUG:netmiko:read_channel: *********************************
User:**********************
Password:
DEBUG:netmiko:Pattern found: ((?:User:|login as|ssword|(?m:[>#]\s*$))) :*********************************
User:
DEBUG:netmiko:write_channel: b'admin\n'
DEBUG:netmiko:read_channel: 
DEBUG:netmiko:Pattern found: ((?:User:|login as|ssword|(?m:[>#]\s*$))) **********************
Password
DEBUG:netmiko:write_channel: b'********\n'
DEBUG:netmiko:read_channel: 
DEBUG:netmiko:read_channel: 
DEBUG:netmiko:read_channel: 
DEBUG:netmiko:read_channel: 
<...>
DEBUG:netmiko:read_channel: *******
<...>
DEBUG:netmiko:read_channel: 
User:************
DEBUG:netmiko:Pattern found: ((?:User:|login as|ssword|(?m:[>#]\s*$))) :*******
User:
DEBUG:netmiko:write_channel: b'admin\n'
DEBUG:netmiko:read_channel: 
DEBUG:netmiko:read_channel: 
DEBUG:netmiko:read_channel: 
DEBUG:netmiko:read_channel: 
DEBUG:netmiko:read_channel: 
DEBUG:netmiko:read_channel: *********************
Password:**********************
User:
DEBUG:netmiko:Pattern found: ((?:User:|login as|ssword|(?m:[>#]\s*$))) *********************************
Password
DEBUG:netmiko:write_channel: b'********\n'
DEBUG:netmiko:read_channel: 
DEBUG:netmiko:Pattern found: ((?:User:|login as|ssword|(?m:[>#]\s*$))) :**********************
User:
DEBUG:netmiko:write_channel: b'admin\n'
DEBUG:netmiko:read_channel: 
DEBUG:netmiko:read_channel: 
DEBUG:netmiko:read_channel: 
DEBUG:netmiko:read_channel: 
DEBUG:netmiko:read_channel: 
DEBUG:netmiko:read_channel: 
DEBUG:netmiko:read_channel: admin
Password:
DEBUG:netmiko:Pattern found: ((?:User:|login as|ssword|(?m:[>#]\s*$))) admin
Password
DEBUG:netmiko:write_channel: b'********\n'
DEBUG:netmiko:read_channel: 
DEBUG:netmiko:read_channel: 
DEBUG:netmiko:read_channel: 
DEBUG:netmiko:read_channel: 
DEBUG:netmiko:read_channel: 
DEBUG:netmiko:read_channel: *********************************
User:**********************
Password:*******
DEBUG:netmiko:Pattern found: ((?:User:|login as|ssword|(?m:[>#]\s*$))) :*********************************
User:
DEBUG:netmiko:write_channel: b'admin\n'
DEBUG:netmiko:read_channel: 
DEBUG:netmiko:Pattern found: ((?:User:|login as|ssword|(?m:[>#]\s*$))) **********************
Password
DEBUG:netmiko:write_channel: b'********\n'
DEBUG:netmiko:read_channel: 

DEBUG:netmiko:read_channel: 
DEBUG:paramiko.transport:[chan 0] EOF received (0)
DEBUG:paramiko.transport:[chan 0] EOF sent (0)
DEBUG:netmiko:read_channel: 
DEBUG:netmiko:read_channel: 
DEBUG:netmiko:read_channel: 
<..>
DEBUG:netmiko:read_channel: 
DEBUG:netmiko:read_channel: 
DEBUG:netmiko:read_channel: 
DEBUG:netmiko:read_channel: 
DEBUG:paramiko.transport:Received global request "keepalive@openssh.com"
DEBUG:paramiko.transport:Rejecting "keepalive@openssh.com" global request from server.
DEBUG:netmiko:read_channel: 
DEBUG:netmiko:read_channel: 

DEBUG:netmiko:read_channel: 
DEBUG:netmiko:read_channel: 
DEBUG:netmiko:read_channel: 
DEBUG:netmiko:read_channel: 
<...>
DEBUG:netmiko:read_channel: 
DEBUG:netmiko:read_channel: 
DEBUG:netmiko:read_channel: 
DEBUG:paramiko.transport:Received global request "keepalive@openssh.com"
DEBUG:paramiko.transport:Rejecting "keepalive@openssh.com" global request from server.
DEBUG:netmiko:read_channel: 
DEBUG:netmiko:read_channel: 
DEBUG:netmiko:read_channel: 
<...>

Relevant Python code


net_conn = {
    'device_type': device_type,
    'host': ip,
    'username': username,
    'password': password,
    'secret': enable_sec,
    'verbose': True,
    'timeout': 30,
    'global_delay_factor': 2,
    'session_log': 'netmiko_session_log.txt'
}

with ConnectHandler(**net_conn) as conn:
    # Check if the device is alive
    if conn.is_alive():
        output = net_conn.send_command("show ap summary", use_textfsm=True) # tried with use_textfsm = False, same issue

        # Disconnect from the device
        conn.disconnect()
    else:
        # Log error...
ktbyers commented 3 months ago

Looks like the WLC keeps rejecting your credentials (looking at the log output).

ktbyers commented 3 months ago

Also try setting fast_cli: False (as an argument to net_conn dictionary)

stefanopilla commented 3 months ago

Hi @ktbyers,

Thank you for pointing me in the right direction. I had these 2 messages in the logs that threw me off the rails

DEBUG:paramiko.transport:userauth is OK
INFO:paramiko.transport:Authentication (password) successful!

the issue was that my password was not converted correctly to a string from the vault. All good now.

Thank you!