Showing results for 
Search instead for 
Did you mean: 

ssh connection to CAP through script.

Pramod Ganigi
Level 1
Level 1


I am trying to make Android ACTS setup for WiFi testing.


I tried with setup as below:
Android DUT (debug) <=> Ubuntu Machine + Python + ACTS "tools /test/connectivity" <=> Cisco WLC2504 <=> Cisco AIR-CAP2602I-A-K9 


As per the config json files, AccessPoint : ssh_config should be there in testbed as below:
            "AccessPoint": [
                    { "ssh_config" :
                                            "user" : "Cisco123",
                                            "host" : ""

Here i provided my Cisco CAP AP user name and IP. (ssh is enabled and i am able to connect via ssh command)


When i running ACT script i am facing connection error as below.

Connection is closed by AP.


  File "/usr/local/lib/python3.6/dist-packages/acts-0.9-py3.6.egg/acts/controllers/utils_lib/ssh/", line 261, in run
    raise Error('Permission denied.', result)
acts.controllers.utils_lib.ssh.connection.Error: ('Permission denied.', job.Result(command=['/usr/bin/ssh', '-o', 'StrictHostKeyChecking=no', '-o', 'UserKnownHostsFile=/dev/null', '-o', 'ConnectTimeout=30', '-o', 'ServerAliveInterval=300', '-o', 'BatchMode=yes', '-a', '-x', '-p', '22', 'Cisco123@', ' echo "CONNECTED: 2f171133-9e80-4eb9-9cbc-bcdbcea27a8f"; ls /sys/class/net;'], stdout=b'', stderr=b"Warning: Permanently added '' (RSA) to the list of known hosts.\r\nPermission denied (publickey,keyboard-interactive,password).\r\n", exit_status=255, duration=0.7998762130737305, did_timeout=False, encoding='utf-8'))


On removing 'BatchMode=yes' option from the scrit command below s the result.



[LGcv7] 2020-08-11 17:02:18.369 INFO [SshConnection |] Starting master ssh connection. []
[LGcv7] 2020-08-11 17:02:48.436 WARNING [SshConnection |] Failed to create master ssh connection, using normal ssh connection. []
Password: <Enter Password>
[LGcv7] 2020-08-11 17:02:53.997 ERROR [SshConnection |] An unknown error has occurred. Job result: job.Result(command=['/usr/bin/ssh', '-o', 'StrictHostKeyChecking=no', '-o', 'UserKnownHostsFile=/dev/null', '-o', 'ConnectTimeout=30', '-o', 'ServerAliveInterval=300', '-a', '-x', '-p', '22', 'Cisco123@', ' term shell ; echo "CONNECTED: d3d33602-d34f-465a-a7b0-30fbcc9111d9"; ls /sys/class/net;'], stdout=b'', stderr=b"Warning: Permanently added '' (RSA) to the list of known hosts.\r\nConnection to closed by remote host.\r\n", exit_status=0, duration=5.541964769363403, did_timeout=False, encoding='utf-8') [][][]
[LGcv7] 2020-08-11 17:02:55.022 ERROR [SshConnection |] Ping result: job.Result(command='ping -c 3 -w 1', stdout=b'PING ( 56(84) bytes of data.\n64 bytes from icmp_seq=1 ttl=255 time=0.329 ms\n\n--- ping statistics ---\n2 packets transmitted, 1 received, 0% packet loss, time 999ms\nrtt min/avg/max/mdev = 0.329/0.329/0.329/0.000 ms\n', stderr=b'', exit_status=1, duration=1.0102488994598389, did_timeout=False, encoding='utf-8') [][][]
[LGcv7] 2020-08-11 17:02:55.023 ERROR Failed to initialize objects for controller AccessPoint, abort!


Please let us know the correct procedure to use ssh from scripts for Cisco APs.




3 Replies 3

Seb Rupik
VIP Alumni
VIP Alumni

Hi there,

Is this a  lightweight AP connected to a WLC? If so you need to permit SSH connections to the AP via the WLC webGUI.

The option is located under each APs 'Advanced' tab: 'Enable SSH'. You also need to define the credentials under Wireless/ Global Credentials.




Thanks for your input.

Is this a  lightweight AP connected to a WLC?  Yes it is connected.

APs option 'Advanced' tab: 'Enable SSH' is enabled. (credentials under Wireless/ Global Credentials also has been given)


I am able to login successfully to WLC and AP with ssh command (with credentials.)

But as i mentioned in my query, when i am trying from scripting, Connection is getting refused.


As per google comment  need to generate own ssh keys and for automation purposes, make the key passphrase-less.  
Command to generate it:
ssh-keygen -f /path/to/where/you/want/your/key -C "this is a key for automated testing"
This generates a public and private key.

The private key needs to be moved to ~/.ssh/id_rsa on the host that is supposed to connect to the IP. The public key needs to be added to the ~/.ssh/authorized_keys file on the AP.

But in AP i didnt find any option to write ~/.ssh/authorized_keys file.


Please share procedure to update ~/.ssh/authorized_keys file in AP or any other method if possible.

Hi there,

I have only configured public key authentication on a router. You AP will be running AireOS, and being a light weight image it will have a very reduced set of commands available, so I doubt what you are trying to do will be possible.

The preferred method to manage your APs should be via the WLC. In particular you should look at the REST API of the WLC. You will then only need to acquire the auth token from the WLC to then be able to issue commands to the APs via the WLC.




Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: