search

ktbyers / netmiko

Multi-vendor library to simplify Paramiko SSH connections to network devices
MIT License
3.63k stars 1.31k forks source link

Issue with Ciphers aes128-gcm@openssh.com, aes256-gcm@openssh.com #3427

Open mpalmieri-ntt opened 7 months ago

mpalmieri-ntt commented 7 months ago

Description of Issue/Question

Hi team, I found an issue about connection to Juniper switch using these Ciphers: aes128-gcm@openssh.com, aes256-gcm@openssh.com.

Setup

Netmiko version

(Paste verbatim output from pip freeze | grep netmiko between quotes below)

netmiko==4.3.0

Netmiko device_type (if relevant to the issue)

(Paste device_type between quotes below)

juniper_junos

Steps to Reproduce the Issue

Error Traceback

(Paste the complete traceback of the exception between quotes below)

Exception (client): Incompatible ssh server (no acceptable ciphers)
Traceback (most recent call last):
  File "/home/marcopalmieri/code/github/ita-jenkins-netw-ent-confbucket-cicd/venv-ita-jenkins-netw-ent-confbucket-cicd/lib/python3.11/site-packages/paramiko/transport.py", line 2194, in run
    self._handler_table[ptype](m)
  File "/home/marcopalmieri/code/github/ita-jenkins-netw-ent-confbucket-cicd/venv-ita-jenkins-netw-ent-confbucket-cicd/lib/python3.11/site-packages/paramiko/transport.py", line 2314, in _negotiate_keys
    self._parse_kex_init(m)
  File "/home/marcopalmieri/code/github/ita-jenkins-netw-ent-confbucket-cicd/venv-ita-jenkins-netw-ent-confbucket-cicd/lib/python3.11/site-packages/paramiko/transport.py", line 2603, in _parse_kex_init
    raise IncompatiblePeer(
paramiko.ssh_exception.IncompatiblePeer: Incompatible ssh server (no acceptable ciphers)

Relevant Python code

(Please try to essentialize your Python code to the minimum code needed to reproduce the issue) (Paste the code between the quotes below)

import os
import yaml
import netmiko

devices = [{'host': 'JUNIPER_SWITCH', 'device_type': 'juniper_junos', 'ip': '10.1.0.1', 'username': 'ADMIN', 'password': 'ADMIN'}]

def backup_junos(net_device):
    """function to get Junos running-config"""
    for n in range(2):
        try:
            net_connect = netmiko.ConnectHandler(**net_device)
            # print("Working on " + net_device['host'])
            filename = net_device["host"] + ".conf"
            showrun = net_connect.send_command("show configuration | display set")
            conf_to_file(filename, showrun)
            output = net_device["host"] + ": OK"
            print(output)
        except Exception:
            output = (
                net_device["host"]
                + ": ERROR [Authentication failed or device unreachable]"
            )
            print(output)
            continue
        else:
            break

for device in devices:
    backup_junos(device)

Relevant network device configuration

This is the cipher configuration on the switch

set system services ssh ciphers "aes128-gcm@openssh.com"
set system services ssh ciphers "aes256-gcm@openssh.com"
ktbyers commented 6 months ago

@mpalmieri-ntt Paramiko (which Netmiko uses for underlying Python SSH) does not support those ciphers (as of today):

https://github.com/paramiko/paramiko/pull/2157