search

nornir-automation / nornir

Pluggable multi-threaded framework with inventory management to help operate collections of devices
https://nornir.readthedocs.io/
Apache License 2.0
1.4k stars 237 forks source link

Nornir Netmiko connection to AWS EC2 Cisco IOS-XE router fails - can't connect because of SSH Key? #708

Closed fdervisi closed 3 years ago

fdervisi commented 3 years ago

I try to connect via Nornir / Netmiko to an Cisco CSR1k Router. In AWS keys are used and the EC2-USER expect a key authentication.

This is my simple test Nornir Script:

    from nornir_netmiko import netmiko_send_config, netmiko_send_command
    from nornir import InitNornir
    from nornir_utils.plugins.functions import print_result
    from nornir.core.filter import F

    nr = InitNornir(config_file="config.yaml")
    cisco = nr.filter(F(platform="cisco_xe"))

    result = cisco.run(
        task=netmiko_send_command,
        command_string="show arp"
    )

    print_result(result)

And this is my Inventroy:

    ---
    Europe-Cisco-Site1:
      hostname: "18.158.60.42"
      username: "ec2-user"
      password: ""
      platform: "cisco_xe"
      groups:
        - cisco

I would expect that Nornir will handle the authentication automatically and use the keys. It seams this is not happening.

When I try to connect via ssh from the same host to the AWS EC2 Cisco CSR1k everthing works.

Question: Do I need to give some extra options to use the SSH key?

I found something like this but it does not work:

      connection_options:
          paramiko:
              port: 22
              hostname:
              username: "ec2-user"
              password: 
              platform: "cisco_xe"
              extras:
                alt_host_keys: True
                alt_key_file: "/home/coder/.ssh/id_rsa"
                use_keys: True

And this is the error what I get:

    During handling of the above exception, another exception occurred:

    Traceback (most recent call last):
      File "/home/coder/.local/lib/python3.8/site-packages/nornir/core/task.py", line 99, in start
        r = self.task(self, **self.params)
      File "/home/coder/.local/lib/python3.8/site-packages/nornir_netmiko/tasks/netmiko_send_command.py", line 26, in netmiko_send_command
        net_connect = task.host.get_connection(CONNECTION_NAME, task.nornir.config)
      File "/home/coder/.local/lib/python3.8/site-packages/nornir/core/inventory.py", line 494, in get_connection
        self.open_connection(
      File "/home/coder/.local/lib/python3.8/site-packages/nornir/core/inventory.py", line 546, in open_connection
        conn_obj.open(
      File "/home/coder/.local/lib/python3.8/site-packages/nornir_netmiko/connections/netmiko.py", line 59, in open
        connection = ConnectHandler(**parameters)
      File "/home/coder/.local/lib/python3.8/site-packages/netmiko/ssh_dispatcher.py", line 326, in ConnectHandler
        return ConnectionClass(*args, **kwargs)
      File "/home/coder/.local/lib/python3.8/site-packages/netmiko/cisco/cisco_ios.py", line 17, in __init__
        return super().__init__(*args, **kwargs)
      File "/home/coder/.local/lib/python3.8/site-packages/netmiko/base_connection.py", line 350, in __init__
        self._open()
      File "/home/coder/.local/lib/python3.8/site-packages/netmiko/base_connection.py", line 355, in _open
        self.establish_connection()
      File "/home/coder/.local/lib/python3.8/site-packages/netmiko/base_connection.py", line 972, in establish_connection
        raise NetmikoAuthenticationException(msg)
    netmiko.ssh_exception.NetmikoAuthenticationException: Authentication to device failed.

    Common causes of this problem are:
    1. Invalid username and password
    2. Incorrect SSH-key file
    3. Connecting to the wrong device

    Device settings: cisco_xe 3.121.222.37:22

What I'm missing here?

fdervisi commented 3 years ago

Move to discussion , therefore closed the issue