Open denysaleksandrov opened 4 years ago
dbarrosop
commented
4 years ago Yes, feel free to open the PR for review but I think we should answer with the password only to the password question, otherwise we may be leaking the password (imagine one of the answers to the questions is logged by the server because it wasn't meant to be a secret)
denysaleksandrov
commented
4 years ago Indeed, I will use regex to check if "[p|P]assword:" in a question and answer those with a password.
gwoodwa1
commented
1 year ago I came across the same issue with Arista devices so I came up with this an amended version which checks for the Password prompt plus you could add further things into the switch statement for handling other custom prompts.
func GetSSHConfig(host *gornir.Host, logger gornir.Logger) (*ssh.ClientConfig, error) {
// Handle the interactive prompting for credentials
interactiveAuth := ssh.KeyboardInteractive(
func(user, instruction string, questions []string, echos []bool) ([]string, error) {
answers := make([]string, len(questions))
for i, question := range questions {
switch question {
case "Password: ":
answers[i] = host.Password
default:
answers[i] = "" // Default to empty answer
}
}
return answers, nil
},
)
sshConfig := &ssh.ClientConfig{
User: host.Username,
Auth: []ssh.AuthMethod{interactiveAuth},
HostKeyCallback: ssh.InsecureIgnoreHostKey(),
}
return sshConfig, nil
}
Arista switches, by default, allow only publickey and keyboard-interactive auth methods. Gonir fails to create an ssh connection with the following error:
I fixed this error by adding ssh.KeyboardInteractive method to the ssh.ClientConfig:
ssh.KeyboardInteractive(...) simply answers with host.Password to all questions.
Please let me know if this is good enough to fix this issue, and I will submit a PR.