paramiko - public key auth

Florian Lohoff Sat, 15 Apr 2023 01:55:05 -0700

Hi,
i try to get arubaoss_switch going and i am having trouble using ssh
with public key auth. Typically i have the ssh-agent running and i need
to do nothing log into switches.


So i thought this would be sufficient: 

- hosts: all
  gather_facts: False
  collections:
    - arubanetworks.aos_switch
  vars:
    ansible_connection: network_cli
    ansible_network_os: arubanetworks.aos_switch.arubaoss
    ansible_python_interpreter: python3
  tasks:
  - name: Configure top level configuration
    arubanetworks.aos_switch.arubaoss_config:
      lines: hostname {{ inventory_hostname }}
 
It doesnt work. From the Debug log i see this:


[ ... ]
2023-04-15 10:31:42,601 p=2562484 u=flo n=ansible | <192.168.178.16> ESTABLISH 
PARAMIKO SSH CONNECTION FOR USER: None on PORT 22 TO 192.168.178.16
2023-04-15 10:31:46,494 p=2562484 u=flo n=p=2562484 u=flo | paramiko 
[192.168.178.16] | starting thread (client mode): 0x98f34280
2023-04-15 10:31:46,494 p=2562484 u=flo n=p=2562484 u=flo | paramiko 
[192.168.178.16] | Local version/idstring: SSH-2.0-paramiko_2.7.2
2023-04-15 10:31:46,494 p=2562484 u=flo n=p=2562484 u=flo | paramiko 
[192.168.178.16] | Remote version/idstring: SSH-2.0-Mocana SSH 6.3
2023-04-15 10:31:46,494 p=2562484 u=flo n=p=2562484 u=flo | paramiko 
[192.168.178.16] | Connected (version 2.0, client Mocana)
2023-04-15 10:31:46,518 p=2562484 u=flo n=p=2562484 u=flo | paramiko 
[192.168.178.16] | kex algos:['ecdh-sha2-nistp256', 'ecdh-sha2-nistp384', 
'ecdh-sha2-nistp521', 'diffie-hellman-group-exc
hange-sha256', 'diffie-hellman-group14-sha1'] server key:['rsa-sha2-512', 
'rsa-sha2-256', 'ssh-rsa'] client encrypt:['aes256-ctr', 'aes256-cbc', 
'rijndael-...@lysator.liu.se', 'aes192-ctr', 
'aes192-cbc', 'aes128-ctr', 'aes128-cbc', '3des-cbc'] server 
encrypt:['aes256-ctr', 'aes256-cbc', 'rijndael-...@lysator.liu.se', 
'aes192-ctr', 'aes192-cbc', 'aes128-ctr', 'aes128-cbc', '3des
-cbc'] client mac:['hmac-sha2-256', 'hmac-sha1-96', 'hmac-md5', 'hmac-sha1', 
'hmac-md5-96'] server mac:['hmac-sha2-256', 'hmac-sha1-96', 'hmac-md5', 
'hmac-sha1', 'hmac-md5-96'] client compre
ss:['none'] server compress:['none'] client lang:[''] server lang:[''] kex 
follows?False
2023-04-15 10:31:46,518 p=2562484 u=flo n=p=2562484 u=flo | paramiko 
[192.168.178.16] | Kex agreed: ecdh-sha2-nistp256
2023-04-15 10:31:46,519 p=2562484 u=flo n=p=2562484 u=flo | paramiko 
[192.168.178.16] | HostKey agreed: ssh-rsa
2023-04-15 10:31:46,519 p=2562484 u=flo n=p=2562484 u=flo | paramiko 
[192.168.178.16] | Cipher agreed: aes128-ctr
2023-04-15 10:31:46,519 p=2562484 u=flo n=p=2562484 u=flo | paramiko 
[192.168.178.16] | MAC agreed: hmac-sha2-256
2023-04-15 10:31:46,519 p=2562484 u=flo n=p=2562484 u=flo | paramiko 
[192.168.178.16] | Compression agreed: none
2023-04-15 10:31:47,017 p=2562484 u=flo n=p=2562484 u=flo | paramiko 
[192.168.178.16] | kex engine KexNistp256 specified hash_algo <built-in 
function openssl_sha256>
2023-04-15 10:31:47,025 p=2562484 u=flo n=p=2562484 u=flo | paramiko 
[192.168.178.16] | Switch to new keys ...
2023-04-15 10:31:47,026 p=2562484 u=flo n=p=2562484 u=flo | paramiko 
[192.168.178.16] | Trying SSH agent key b'deleted'
2023-04-15 10:31:47,042 p=2562484 u=flo n=p=2562484 u=flo | paramiko 
[192.168.178.16] | userauth is OK

At this point user authentication is done, i am logged in.

2023-04-15 10:31:47,052 p=2562484 u=flo n=p=2562484 u=flo | paramiko 
[192.168.178.16] | Auth banner: b'Todo\n\n'

Thats the MOTD banner.

2023-04-15 10:31:47,096 p=2562484 u=flo n=p=2562484 u=flo | paramiko 
[192.168.178.16] | Authentication type (publickey) not permitted.
2023-04-15 10:31:47,097 p=2562484 u=flo n=p=2562484 u=flo | paramiko 
[192.168.178.16] | Allowed methods: ['password', 'keyboard-interactive']
2023-04-15 10:31:47,097 p=2562484 u=flo n=p=2562484 u=flo | paramiko 
[192.168.178.16] | Trying SSH agent key b'deleted'
2023-04-15 10:31:47,099 p=2562484 u=flo n=p=2562484 u=flo | paramiko 
[192.168.178.16] | EOF in transport thread
2023-04-15 10:31:47,099 p=2562484 u=flo n=p=2562484 u=flo | paramiko 
[192.168.178.16] | Trying SSH agent key b'deleted'
2023-04-15 10:31:47,100 p=2562484 u=flo n=p=2562484 u=flo | paramiko 
[192.168.178.16] | Trying SSH agent key b'deleted'
2023-04-15 10:31:47,202 p=2562484 u=flo n=ansible | shutdown complete

So whats this about? public key auth has already been done and was successful. 
Now
paramiko tells me that it isnt available but still continues using other keys.

This is how it typically looks:

flo@p5:~$ ssh manager@192.168.178.16
Todo

Press any key to continue
Your previous successful login (as manager) was on 2023-04-15 08:18:25     
 from 192.168.178.85
[ ... ]
foobar#

Flo
-- 
Florian Lohoff                                                     f...@zz.de
  Any sufficiently advanced technology is indistinguishable from magic.

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/20230415085457.6axa3rhjovhs77kj%40pax.zz.de.

signature.asc
Description: PGP signature

[ansible-project] arubaoss/network_cli/paramiko - public key auth

Reply via email to