Solved: Re: PyATS: Connection failure due to hostkey missmatch

assadniang · ‎11-10-2023

Hello,

How do I handle these connection issues in PyATS?

(.venv) [an144a@DEVAUTOS02 tests]$ python3
Python 3.9.16 (main, Sep 12 2023, 00:00:00) 
[GCC 11.3.1 20221121 (Red Hat 11.3.1-4)] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> from pyats.topology import loader
testbed = loader.load('/opt/labs-scripts/python/pytest/nfv/suites/cisco/sdwan/tests/devices.yaml')
>>> testbed = loader.load('/opt/labs-scripts/python/pytest/nfv/suites/cisco/sdwan/tests/devices.yaml')

>>> 
>>> vcsr_device = testbed.devices['NFX250U210BR10']
>>> vcsr_device.connect()

2023-11-10 14:47:18,472: %UNICON-INFO: +++ NFX250U210BR10 logfile /tmp/NFX250U210BR10-cli-20231110T144718419.log +++

2023-11-10 14:47:18,612: %UNICON-INFO: +++ Unicon plugin iosxe (unicon.plugins.iosxe) +++
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
SHA256:q/1Vhh5WWDFoc/e6xQipzVMt8Wv+26JdkBnFhYEhTMk.
Please contact your system administrator.
Add correct host key in /home/an144a/.ssh/known_hosts to get rid of this message.
Offending RSA key in /home/an144a/.ssh/known_hosts:45
Host key for 172.30.7.180 has changed and you have requested strict checking.
Host key verification failed.


2023-11-10 14:47:21,119: %UNICON-INFO: +++ connection to spawn: ssh -l cisco 172.30.7.180, id: 140699606574320 +++

2023-11-10 14:47:21,121: %UNICON-INFO: connection to NFX250U210BR10

Marcel Zehnder · ‎11-13-2023

Can you try to set the following ssh options in your testbed:

testbed:
	name: IOS_Testbed
	custom:
      		ssh_options: -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null 
devices:
	<SNIP>

View solution in original post

Marcel Zehnder · ‎11-11-2023

Hi

Just delete your known hosts file:

rm -f /home/an144a/.ssh/known_hosts

HTH

assadniang · ‎11-13-2023

Is there a way to have the code handle this issue, instead of me having to go and delete the known_hosts manually everytime I encounter the issue.

Netmiko has a way to handle this issue from the code perspective, I thought PyATS (Genie) would have something similar in the connection option.

bigevilbeard · ‎11-13-2023

Try and set the strict_host_key_checking parameter to False when you connect to the device.

vcsr_device.connect(strict_host_key_checking=False)

Please mark this as helpful or solution accepted to help others
Connect with me https://bigevilbeard.github.io

assadniang · ‎11-13-2023

Still failing to connect

(.venv) [an144a@DEVAUTOS02 tests]$ python3
Python 3.9.16 (main, Sep 12 2023, 00:00:00) 
[GCC 11.3.1 20221121 (Red Hat 11.3.1-4)] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> from pyats.topology import loader
>>> from genie import testbed
>>> testbed = loader.load('/opt/labs-scripts/python/pytest/nfv/suites/cisco/sdwan/tests/devices.yaml')
>>> 
>>> vcsr_device = testbed.devices['NFX250U210BR10']
>>> 
>>> vcsr_device.connect(strict_host_key_checking=False)

2023-11-13 11:45:03,747: %UNICON-INFO: +++ NFX250U210BR10 logfile /tmp/NFX250U210BR10-cli-20231113T114503746.log +++

2023-11-13 11:45:03,751: %UNICON-INFO: +++ Unicon plugin iosxe (unicon.plugins.iosxe) +++
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the RSA key sent by the remote host is


2023-11-13 11:45:04,066: %UNICON-INFO: +++ connection to spawn: ssh -l cisco 172.30.7.180, id: 140160334214384 +++

2023-11-13 11:45:04,066: %UNICON-INFO: connection to NFX250U210BR10
SHA256:q/1Vhh5WWDFoc/e6xQipzVMt8Wv+26JdkBnFhYEhTMk.
Please contact your system administrator.
Add correct host key in /home/an144a/.ssh/known_hosts to get rid of this message.
Offending RSA key in /home/an144a/.ssh/known_hosts:45
Host key for 172.30.7.180 has changed and you have requested strict checking.
Host key verification failed.
Traceback (most recent call last):
  File "src/unicon/eal/backend/pty_backend.py", line 498, in unicon.eal.backend.pty_backend.RawPtySpawn._read
OSError: [Errno 5] Input/output error

The above exception was the direct cause of the following exception:

Traceback (most recent call last):
  File "src/unicon/statemachine/statemachine.py", line 737, in unicon.statemachine.statemachine.StateMachine.go_to
  File "src/unicon/statemachine/statetransition.py", line 478, in unicon.statemachine.statetransition.AnyStateTransition.do_transitions
  File "src/unicon/eal/dialogs.py", line 476, in unicon.eal.dialogs.Dialog.process
  File "src/unicon/eal/dialog_processor.py", line 321, in unicon.eal.dialog_processor.SimpleDialogProcessor.process
  File "src/unicon/eal/dialog_processor.py", line 219, in unicon.eal.dialog_processor.SimpleDialogProcessor.expect_eval_statements
  File "src/unicon/eal/backend/pty_backend.py", line 135, in unicon.eal.backend.pty_backend.RawSpawn.read_update_buffer
  File "src/unicon/eal/backend/pty_backend.py", line 120, in unicon.eal.backend.pty_backend.RawSpawn.read
  File "src/unicon/eal/backend/pty_backend.py", line 501, in unicon.eal.backend.pty_backend.RawPtySpawn._read
unicon.core.errors.EOF: ('Unable to read. Connection closed or not available', OSError(5, 'Input/output error'))

The above exception was the direct cause of the following exception:

Traceback (most recent call last):
  File "src/unicon/bases/connection.py", line 792, in unicon.bases.connection.Connection.connect
  File "src/unicon/bases/routers/connection_provider.py", line 227, in unicon.bases.routers.connection_provider.BaseSingleRpConnectionProvider.connect
  File "src/unicon/bases/routers/connection_provider.py", line 253, in unicon.bases.routers.connection_provider.BaseSingleRpConnectionProvider.establish_connection
  File "src/unicon/statemachine/statemachine.py", line 740, in unicon.statemachine.statemachine.StateMachine.go_to
unicon.core.errors.StateMachineError: Failed while bringing device to "any" state

The above exception was the direct cause of the following exception:

Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "src/pyats/connections/manager.py", line 453, in pyats.connections.manager.ConnectionManager.connect
  File "src/unicon/bases/connection.py", line 799, in unicon.bases.connection.Connection.connect
unicon.core.errors.ConnectionError: failed to connect to NFX250U210BR10
Failed while bringing device to "any" state
>>>

Marcel Zehnder · ‎11-13-2023

Can you try to set the following ssh options in your testbed:

testbed:
	name: IOS_Testbed
	custom:
      		ssh_options: -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null 
devices:
	<SNIP>

assadniang · ‎11-14-2023

Thank you!

Marcel Zehnder · ‎11-14-2023

You're welcome, @assadniang

Marcel Zehnder · ‎11-13-2023

If the above is not working, try to set it under the device connection:

devices:
  devicame:
    os: ios
    connections:
        vty:
            protocol: ssh
            ip: xxx.xxx.xxx.xxx
            ssh_options: -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null