cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

441
Views
0
Helpful
2
Replies
Highlighted
Beginner

CSCuz95753 - Paramiko SSH client, having password auth, fails to connect to IOS

Paramiko SSH client, having password auth, fails to connect to IOS
CSCuz95753
error on ISR 3945 router:
005810: Jun 29 2020 12:40:39.549 UTC: %SSH-3-SERVER_AUTH_METH_ERR: Server does not support/Configured with 'password' Authentication method
 
Any workaround with paramiko/netmiko :-)
Already have the latest IOS version 15.7M6 installed on the router. I understand that downgrading is the only option...
 
Thank you for the suggestions made.
 
 
1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Beginner

So - Finally - with some debugging on the script and on the router - debug ip ssh client -

I noticed that the router was arguing about a PASSWORD value... 

By accident, I encountered this command on a router:

"ip ssh server algorithm authentication public key keyboard password"

 

In my opinion, do check your IP ssh server settings.

 

I tested the script on that router and it worked.

And indeed, I ran the script 'live' :-) and I had some routers responding and some did not. In the end, they all had that line not correctly configured. I guess its time to also adjust that uniformization :-)

BTW, if I continue to make posts like these and solve them myself I will earn more badges (^^Evil Lough!)

Good luck and sleep tight

 

View solution in original post

2 REPLIES 2
Highlighted
Beginner

So - Finally - with some debugging on the script and on the router - debug ip ssh client -

I noticed that the router was arguing about a PASSWORD value... 

By accident, I encountered this command on a router:

"ip ssh server algorithm authentication public key keyboard password"

 

In my opinion, do check your IP ssh server settings.

 

I tested the script on that router and it worked.

And indeed, I ran the script 'live' :-) and I had some routers responding and some did not. In the end, they all had that line not correctly configured. I guess its time to also adjust that uniformization :-)

BTW, if I continue to make posts like these and solve them myself I will earn more badges (^^Evil Lough!)

Good luck and sleep tight

 

View solution in original post

Highlighted
Beginner

This requires a fairly basic adjustment to the paramiko script if you are using the higher level paramiko.client.SSHClient class.  If it is failing auth due to the fix to this bug just change to using the Transport class.  It's just a few more lines.  See below.

 

import paramiko

t = paramiko.Transport((host_or_ip, 22))
t.connect(username=username, password=password)
ssh = paramiko.SSHClient()
ssh._transport = t
stdin, stdout, stderr = ssh.exec_command('show version')

print('OUTPUT')
print(stdout.readlines())
print('ERROR')
print(stderr.readlines())

ssh.close()
t.close()

 

Content for Community-Ad
Cisco Community October 2020 Spotlight Award Winners