Closed adarsh-chauhan closed 2 years ago
I think this is fixed in netmiko 4.0, but nornir-netmiko still required 3.4.0
ERROR: pip's dependency resolver does not currently take into account all the packages that are installed. This behaviour is the source of the following dependency conflicts.
nornir-netmiko 0.1.2 requires netmiko<4.0.0,>=3.4.0, but you have netmiko 4.0.0 which is incompatible.
Tried following
devdsk:
hostname: 10.10.10.10
groups:
- eu-west-1
platform: linux
data:
jumpbox: True
connection_options:
netmiko:
extras:
key_file: ~/.ssh/id_rsa
use_keys: True
disabled_algorithms:
pubkeys:
- ssh-rsa
- rsa-sha2-256
The disabled_algorithms
takes effect but still getting the error
DEBUG:paramiko.transport:starting thread (client mode): 0x10592a10
DEBUG:paramiko.transport:Local version/idstring: SSH-2.0-paramiko_2.10.3
DEBUG:paramiko.transport:Remote version/idstring: SSH-2.0-OpenSSH_7.4
INFO:paramiko.transport:Connected (version 2.0, client OpenSSH_7.4)
DEBUG:paramiko.transport:=== Key exchange possibilities ===
DEBUG:paramiko.transport:kex algos: curve25519-sha256, curve25519-sha256@libssh.org, ecdh-sha2-nistp256, ecdh-sha2-nistp384, ecdh-sha2-nistp521, diffie-hellman-group-exchange-sha256, diffie-hellman-group16-sha512, diffie-hellman-group18-sha512, diffie-hellman-group-exchange-sha1, diffie-hellman-group14-sha256, diffie-hellman-group14-sha1, diffie-hellman-group1-sha1
DEBUG:paramiko.transport:server key: ssh-rsa, rsa-sha2-512, rsa-sha2-256, ecdsa-sha2-nistp256, ssh-ed25519
DEBUG:paramiko.transport:client encrypt: chacha20-poly1305@openssh.com, aes128-ctr, aes192-ctr, aes256-ctr, aes128-gcm@openssh.com, aes256-gcm@openssh.com, aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, 3des-cbc
DEBUG:paramiko.transport:server encrypt: chacha20-poly1305@openssh.com, aes128-ctr, aes192-ctr, aes256-ctr, aes128-gcm@openssh.com, aes256-gcm@openssh.com, aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, 3des-cbc
DEBUG:paramiko.transport:client mac: umac-64-etm@openssh.com, umac-128-etm@openssh.com, hmac-sha2-256-etm@openssh.com, hmac-sha2-512-etm@openssh.com, hmac-sha1-etm@openssh.com, umac-64@openssh.com, umac-128@openssh.com, hmac-sha2-256, hmac-sha2-512, hmac-sha1
DEBUG:paramiko.transport:server mac: umac-64-etm@openssh.com, umac-128-etm@openssh.com, hmac-sha2-256-etm@openssh.com, hmac-sha2-512-etm@openssh.com, hmac-sha1-etm@openssh.com, umac-64@openssh.com, umac-128@openssh.com, hmac-sha2-256, hmac-sha2-512, hmac-sha1
DEBUG:paramiko.transport:client compress: none, zlib@openssh.com
DEBUG:paramiko.transport:server compress: none, zlib@openssh.com
DEBUG:paramiko.transport:client lang: <none>
DEBUG:paramiko.transport:server lang: <none>
DEBUG:paramiko.transport:kex follows: False
DEBUG:paramiko.transport:=== Key exchange agreements ===
DEBUG:paramiko.transport:Kex: curve25519-sha256@libssh.org
DEBUG:paramiko.transport:HostKey: ssh-ed25519
DEBUG:paramiko.transport:Cipher: aes128-ctr
DEBUG:paramiko.transport:MAC: hmac-sha2-256
DEBUG:paramiko.transport:Compression: none
DEBUG:paramiko.transport:=== End of kex handshake ===
DEBUG:paramiko.transport:kex engine KexCurve25519 specified hash_algo <built-in function openssl_sha256>
DEBUG:paramiko.transport:Switch to new keys ...
DEBUG:paramiko.transport:Adding ssh-ed25519 host key for 10.10.10.10: b'b4c8c90d11ba08dc8243bb8312554ad6'
DEBUG:paramiko.transport:Got EXT_INFO: {'server-sig-algs': b'rsa-sha2-256,rsa-sha2-512'}
DEBUG:paramiko.transport:Trying discovered key b'fc9db78e21554336dba204b193502cde' in /Users/<redacted>/.ssh/id_rsa
DEBUG:paramiko.transport:Adding public certificate /Users/<redacted>/.ssh/id_rsa-cert.pub
DEBUG:paramiko.transport:userauth is OK
DEBUG:paramiko.transport:Finalizing pubkey algorithm for key of type 'ssh-rsa-cert-v01@openssh.com'
DEBUG:paramiko.transport:Our pubkey algorithm list: ['rsa-sha2-512']
DEBUG:paramiko.transport:Server-side algorithm list: ['rsa-sha2-256', 'rsa-sha2-512']
DEBUG:paramiko.transport:Agreed upon 'rsa-sha2-512' pubkey algorithm
INFO:paramiko.transport:Authentication (publickey) failed.
DEBUG:paramiko.transport:Trying discovered key b'f7b9889d1f44f0058ded06fa8bd4befa' in /Users/<redacted>/.ssh/id_rsa
Traceback (most recent call last):
File "/Users/<redacted>/Downloads/skyhook_certificate_upload/test_nornir.py", line 32, in <module>
main()
File "/Users/<redacted>/Downloads/skyhook_certificate_upload/test_nornir.py", line 25, in main
connection = devdsk.inventory.hosts['devdsk'].get_connection("netmiko", devdsk.config)
File "/Library/Frameworks/Python.framework/Versions/3.10/lib/python3.10/site-packages/nornir/core/inventory.py", line 494, in get_connection
self.open_connection(
File "/Library/Frameworks/Python.framework/Versions/3.10/lib/python3.10/site-packages/nornir/core/inventory.py", line 546, in open_connection
conn_obj.open(
File "/Library/Frameworks/Python.framework/Versions/3.10/lib/python3.10/site-packages/nornir_netmiko/connections/netmiko.py", line 59, in open
connection = ConnectHandler(**parameters)
File "/Library/Frameworks/Python.framework/Versions/3.10/lib/python3.10/site-packages/netmiko/ssh_dispatcher.py", line 344, in ConnectHandler
return ConnectionClass(*args, **kwargs)
File "/Library/Frameworks/Python.framework/Versions/3.10/lib/python3.10/site-packages/netmiko/base_connection.py", line 434, in __init__
self._open()
File "/Library/Frameworks/Python.framework/Versions/3.10/lib/python3.10/site-packages/netmiko/base_connection.py", line 439, in _open
self.establish_connection()
File "/Library/Frameworks/Python.framework/Versions/3.10/lib/python3.10/site-packages/netmiko/base_connection.py", line 1021, in establish_connection
self.remote_conn_pre.connect(**ssh_connect_params)
File "/Library/Frameworks/Python.framework/Versions/3.10/lib/python3.10/site-packages/paramiko/client.py", line 435, in connect
self._auth(
File "/Library/Frameworks/Python.framework/Versions/3.10/lib/python3.10/site-packages/paramiko/client.py", line 678, in _auth
key = self._key_from_filepath(
File "/Library/Frameworks/Python.framework/Versions/3.10/lib/python3.10/site-packages/paramiko/client.py", line 598, in _key_from_filepath
key.load_certificate(cert_path)
File "/Library/Frameworks/Python.framework/Versions/3.10/lib/python3.10/site-packages/paramiko/pkey.py", line 663, in load_certificate
raise ValueError(err.format(blob.key_type, self.get_name()))
ValueError: PublicBlob type ssh-rsa-cert-v01@openssh.com incompatible with key type ssh-dss
I can login without password to the 10.10.10.10
Easy fix is to downgrade to Parmiko 2.8.1 (in the near term).
I haven't retrofitted nornir_netmiko to support Netmiko 4.0.0 yet.
Note pip should install Netmiko 4.0.0 if you tell it, it will just complain about it (as per the above).
Closing as this is not a nornir issue, this issue should be opened in the corresponding plugin repo.
Hi Community Dev,
Working with nornir and netmiko to work the form correct with public key via ssh, please verify your yaml file lot of hours... but resolved :)
File: hosts.yaml
---
linux-server:
hostname: '15.xx.x'
port: 22
username: 'apx'
connection_options:
netmiko:
extras:
use_keys: True
key_file: '/home/codespace/.ssh/id_rsa'
platform: 'linux'
Then you need to install the library in your environment. Libraries:
pip install nornir
pip install nornir_netmiko
pip install from nornir_utils
then code python: File: ssh_nornir.py
#!/workspaces/DEVNET/network/iosv/bin/python
from nornir import InitNornir
from nornir_netmiko import netmiko_send_command
from nornir_utils.plugins.functions import print_result
nr = InitNornir(logging={"log_file": "mylogs", "level": "DEBUG"})
result = nr.run(
task = netmiko_send_command,
command_string= "ls",
use_textfsm=True
)
print_result(result)
Note: I hope help to someone in the community, bonne energy!!! :)
Hi Team,
I wanted to understand how can i pass SSH key for auth.
in hosts.yaml i used the following syntax.
however ran into following problem
i and came across
disabled_algorithms
but then how do i pass it when using nornir netmiko plugin