Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
2516
Views
0
Helpful
6
Replies

Failed to SSH to Cisco SMB SG-350 switches using Ansible

Hetch
Level 1
Level 1

‎11-13-2022 06:12 AM

Hello,

I'm trying to use Ansible to configure Cisco SMB SG-350 switches , but its failing to SSH, when trying to gather facts. the error message appears is:

fatal: [10.75.2.2]: FAILED! => {"changed": false, "msg": "Failed to authenticate: ('Bad authentication type', ['']) (allowed_types=[''])"}

[hesham.samir@ncm1 u000]$ ansible-playbook -i routers_switches gather_facts_switches.yml

PLAY [Gather Facts] ****************************************************************************************************************************************************************************************

TASK [CiscoSMB - Gather Facts - subset default] ************************************************************************************************************************************************************
[WARNING]: ansible-pylibssh not installed, falling back to paramiko
[WARNING]: ansible-pylibssh not installed, falling back to paramiko
[WARNING]: ansible-pylibssh not installed, falling back to paramiko
[WARNING]: ansible-pylibssh not installed, falling back to paramiko
[WARNING]: ansible-pylibssh not installed, falling back to paramiko
fatal: [10.75.2.2]: FAILED! => {"changed": false, "msg": "Failed to authenticate: ('Bad authentication type', ['']) (allowed_types=[''])"}
fatal: [10.69.13.2]: FAILED! => {"changed": false, "msg": "Failed to authenticate: ('Bad authentication type', ['']) (allowed_types=[''])"}

 

I can SSH directly to the switches with no issues. did anyone see issue before?

 

Thanks in advance for help.

Regards,

Labels:
0 Helpful
6 Replies 6

balaji.bandi
Hall of Fame
Hall of Fame

‎11-13-2022 06:21 AM

post YML file.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Hetch
Level 1
Level 1

‎11-13-2022 06:45 AM

Below is the playbook YML file.

I'm using ansible_network_os: qaxi.ciscosmb.ciscosmb in the host file.

 

 

- name: Gather Facts
  gather_facts: no
  hosts: switches
  vars:
    - configs_dir: configs

  tasks:
    ###
    # Collect data
    ###
    - name: CiscoSMB - Gather Facts - subset default
      qaxi.ciscosmb.ciscosmb_facts:
        gather_subset:
          - default
      # when: ansible_network_os == 'qaxi.ciscosmb.ciscosmb'

    - name: CiscoSMB - Gather Facts - subset config
      qaxi.ciscosmb.ciscosmb_facts:
        gather_subset:
          - config
      # when: ansible_network_os == 'qaxi.ciscosmb.ciscosmb'

    - name: Create configuration directory
      local_action: file path={{ configs_dir }} state=directory
      run_once: true
      check_mode: no
      changed_when: no

    - name: Save running config
      local_action: copy content={{ ansible_net_config }} dest={{ configs_dir }}/{{ inventory_hostname }}_net_config
0 Helpful

Aleksandra Dargiel
Cisco Employee
Cisco Employee

‎11-17-2022 09:04 AM

Please try to enable password authentication on the switch:

Security > SSH server > SSH user authentication >

 

0 Helpful

Hetch
Level 1
Level 1

‎11-18-2022 07:30 AM

Hi Aleksandra,

Thanks for your reply. in fact GUI is disabled, but SSH is enabled on the switch. also, I can SSH directly from the Ansible Server, but Ansible playbook cannot do. below is the output from direct SSH.

[root@srv1]$ ssh user1@10.69.13.2


*********************************************************************
This node is property of
Unauthorized Access Prohibited. Access will be monitored
*********************************************************************

 

User Name:user1
Password:*************


S01#sh management access-class
Management access-class is enabled, using access-list MGMT

S01#sh management access-list

MGMT
----
permit ip-source 10.0.125.0 mask 255.255.255.0 service ssh
permit ip-source 10.69.13.0 mask 255.255.255.0 service ssh
permit ip-source 192.168.211.16 mask 255.255.255.240 service ssh
permit ip-source 10.172.1.0 mask 255.255.255.0 service ssh
permit ip-source 192.168.211.16 mask 255.255.255.240 service telnet
permit ip-source 10.172.1.0 mask 255.255.255.0 service telnet
permit ip-source 10.0.125.0 mask 255.255.255.0 service telnet
! (Note: all other access implicitly denied)

console-only
------------
deny
! (Note: all other access implicitly denied)

 

Thanks,

0 Helpful

Aleksandra Dargiel
Cisco Employee
Cisco Employee

‎11-21-2022 04:34 AM

I see... and is it working when no MGM ACL?

0 Helpful

Hetch
Level 1
Level 1

‎11-25-2022 01:38 AM

Hi Aleksandra .. good point.

I tried removing the MGMT ACL, but it gave me the same results.

however, I found something interesting, when I try to SSH directly to the swicth, it give a propmt to enter my username again (although I already entered it in the SSH command). I suspect this may cause some problems with Ansible not able to login to the switch.

If I tried to enable  password-auth on the switch (ip ssh password-auth command), would this solve the problem and casue the switch to prompt only for the password ?

Thanks & Regards,

0 Helpful
Customers Also Viewed These Support Documents
Top