Auto discovery enhancement

[maximumG]

What do you think about enchaning the auto discovery module created in the beginning of 2017 by using SSH discovery instead of SNMP.

The issue I see in using SNMP is that we need to use an extra protocol and extra credentials to perform auto-discovery. This means that auto-discovery only works if you have SNMP enabled on the asset.

I was thinking about doing auto-discovery over a preliminary SSH connection, this way:

1. Try to connect over SSH port using paramiko
2. Use SSH authentication with provided credentials (or maybe application authentication as needed by Cisco WLC)
3. Execute several "discovery commands" (i.e 'show version | inc IOS' on Cisco IOS or 'show version | inc Nexus' or Cisco NX-OS, etc). The idea is that the command's output does not span longer than the default terminal length.
4. Close the SSH connection
5. Based on the output string, return the corresponding driver to be used with the ConnectHandler class.

This way we are only using one unique set of credential for both discovery and real SSH connection for interacting with the asset.

Do you think it's worth working on it ?

[ktbyers]

I am planning on making a terminal_server device_type which does very little post login (i.e. allows the person to do direct read_channel() and write_channel() operations without Netmiko generating an error).

You could probably use this device type to perform your operations.

I wouldn't eliminate SNMP, I would probably just augment it with SSH discovery.

Yes, people would probably find this valuable (if you want to work on it). I can create a terminal_server device_type in the develop branch and let you know when it is done and then you can use that as part of your device discovery (if it is helpful).

[maximumG]

I would be glad to work on this feature to offload you. I think creating this terminal_server device type could be a good starting point to try auto-discovery over SSH.

This discovery feature over SSH could be better than SNMP, even if it won't work in all the cases (i.e : we cannot run any command on Cisco WLC before doing an application authentication). So I think both methods may be used independently or in combination.

It could also be interesting to dig in the remote server version that is sent by any SSH server. I know that IOS driver can be discovered like this as the remote server is Cisco IOS...

ssh -v localhost
Event Log: Server version: SSH-2.0-OpenSSH_5.3

[ktbyers]

@maximumG Okay, there is a terminal_server device_type in the develop branch now.

Yes, I think you can probably get that banner information from Paramiko.

[maximumG]

@ktbyers : Thanks for you quick support, I really appreciate :smile:.

I will start working on this feature next week. Do you already have any insight on how to structure this or am I free to propose anything that is working as expected ?

[ktbyers]

I would keep the SNMP feature (make this independent of the SNMP autodetect). Probably make a separate module ssh_autodetect.py and keep the code in there.

I would probably filter all output responses you get back through the strip_ansi_escape_codes() method (as ANSI escape codes can really mess up the output). I don't see much downside in doing this (as I think it is unlikely you will modify real output i.e. the ANSI codes are pretty specific).

output = net_connect.strip_ansi_escape_codes(output)

[maximumG]

I just finished part of the code in my own fork, develop branch. If you want to take a look at how it is working. Currently I added the support of both Cisco and Huawei device type.

The global idea is that each device type class should have an 'autodetect' static method. These methods will be called by the SSHDetect class to try to auto guess the type base on an accuracy integer between 0 and 99.

[maximumG]

Do you still need this issue to stay opened ?

[ktbyers]

Nope :-)

[thoms27]

Hi,

Is it possible to have an TELNETDetect too ?

Thanks a lot.

Regards,

[ghost]

Where do I find this autodetect feature? is there some example code? I will be doing an audit of many unknown devices in the enterprise.

[ghost]

Stupid question I see it now...

from netmiko.ssh_autodetect import SSHDetect from netmiko.ssh_dispatcher import ConnectHandler remote_device = {'device_type': 'autodetect', 'host': 'remote.host', 'username': 'test', 'password': 'foo'} guesser = SSHDetect(**remote_device) best_match = guesser.autodetect() print(best_match) # Name of the best device_type to use further print(guesser.potential_matches) # Dictionary of the whole matching result

Netmiko connection creation section

remote_device['device_type'] = best_match connection = ConnectHandler(**remote_device)