Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1190
Views
0
Helpful
6
Replies

How to establish NETCONF sessions from a remote server to Cisco CSR 1000v using the downloaded RSA key?

khalilmeb
Level 1
Level 1

‎01-22-2019 07:11 AM - edited ‎01-22-2019 07:12 AM

I'm running docker Yang Development Kit for python ydk-py in my remote server Linux Ubuntu. I would like to Establish a connection using with the remote server and my AWS EC2 instance that runs CSR 1000v.

 

I used to access to my router using the following ssh command:

ssh -i "ssh-key.pem" ec2-user@ec2-xx-xx-xx-xxx.us-west-2.compute.amazonaws.com

Where ec2-xx-xx-xx-xxx.us-west-2.compute.amazonaws.com is the hostname, ec2-user is the username and the ssh key is for authentification.

 

As the first step, I want to run the given example in here https://github.com/CiscoDevNet/ydk-py-samples.

 

This is the creation of NETCONF session in the given example:

    provider = NetconfServiceProvider(address="10.0.0.1",
                                      port=830,
                                      username="admin",
                                      password="admin",
                                      protocol="ssh")

 

 

If we take a look, HOSTUSERNAME and PASSWORK are needed to establish the connection between the router and the host machine. It happens that I use SSH key downloaeded from AWS console in order to access to the EC2 instance.

 

In another word, how to establish NETCONF sessions from a remote server to Cisco CSR 1000v using the downloaded RSA key?

 

 

Labels:
0 Helpful
6 Replies 6

khalilmeb
Level 1
Level 1

‎01-22-2019 09:11 AM

I have tried this 

provider = NetconfServiceProvider("ec2-xx-xx-xx-xx.us-west-2.compute.amazonaws.com", 
 "ec2-user", 
 port=830, 
 protocol='ssh', 
 timeout=-1, 
 repo=None, 
 private_key_path="mykey.pem")

I have got this error 

 

Traceback (most recent call last):
  File "hello-ydk.py", line 18, in <module>
    private_key_path="mykey.pem")
TypeError: __init__(): incompatible constructor arguments. The following argument types are supported:
    1. ydk_.providers.NetconfServiceProvider(repo: ydk_.path.Repository, address: unicode, username: unicode, password: unicode, port: int=830L, protocol: unicode=u'ssh', on_demand: bool=True, timeout: int=-1L)
    2. ydk_.providers.NetconfServiceProvider(address: unicode, username: unicode, password: unicode, port: int=830L, protocol: unicode=u'ssh', on_demand: bool=True, common_cache: bool=False, timeout: int=-1L)
    3. ydk_.providers.NetconfServiceProvider(repo: ydk_.path.Repository, address: unicode, username: unicode, private_key_path: unicode, public_key_path: unicode, port: int=830L, on_demand: bool=True, timeout: int=-1L)
    4. ydk_.providers.NetconfServiceProvider(address: unicode, username: unicode, private_key_path: unicode, public_key_path: unicode, port: int=830L, on_demand: bool=True, common_cache: bool=False, timeout: int=-1L)

Invoked with: 'ec2-xx-xx-xx-xx.us-west-2.compute.amazonaws.com', 'ec2-user'; kwargs: repo=None, private_key_path='mykey.pem', protocol='ssh', port=830, timeout=-1
0 Helpful

ygorelik
Cisco Employee
Cisco Employee
In response to khalilmeb

‎01-22-2019 09:54 AM

Hello khalilmeb

The certificate downloaded from server is actually its public key. Therefore please try this:

provider = NetconfServiceProvider("ec2-xx-xx-xx-xx.us-west-2.compute.amazonaws.com",
"ec2-user",
public_key_path="mykey.pem")

The rest of parameters should take default values. I actually prefer to specify full path for the file location to avoid confusion with working directory location.

Regards,

Yan

0 Helpful

khalilmeb
Level 1
Level 1
In response to ygorelik

‎01-23-2019 01:08 AM

Well, this is my code

 provider = NetconfServiceProvider(address="ec2-xx-xx-xx-xx.us-west-2.compute.amazonaws.com",
 username="ec2-user",
 public_key_path="/home/server/shared_files/mykey.pem"
 )

I'm still getting the same error :/ 

 

Traceback (most recent call last):
 File "hello-ydk.py", line 17, in <module>
 public_key_path="/home/server/shared_files/mykey.pem"
TypeError: __init__(): incompatible constructor arguments. The following argument types are supported:
 1. ydk_.providers.NetconfServiceProvider(repo: ydk_.path.Repository, address: unicode, username: unicode, password: unicode, port: int=830L, protocol: unicode=u'ssh', on_demand: bool=True, timeout: int=-1L)
 2. ydk_.providers.NetconfServiceProvider(address: unicode, username: unicode, password: unicode, port: int=830L, protocol: unicode=u'ssh', on_demand: bool=True, common_cache: bool=False, timeout: int=-1L)
 3. ydk_.providers.NetconfServiceProvider(repo: ydk_.path.Repository, address: unicode, username: unicode, private_key_path: unicode, public_key_path: unicode, port: int=830L, on_demand: bool=True, timeout: int=-1L)
 4. ydk_.providers.NetconfServiceProvider(address: unicode, username: unicode, private_key_path: unicode, public_key_path: unicode, port: int=830L, on_demand: bool=True, common_cache: bool=False, timeout: int=-1L)

Invoked with: kwargs: username='ec2-user', public_key_path='/home/server/shared_files/mykey.pem', address='ec2-xx-xx-xx-xx.us-west-2.compute.amazonaws.com'

 

0 Helpful

khalilmeb
Level 1
Level 1
In response to ygorelik

‎01-23-2019 01:27 AM

 In the README file in here https://github.com/CiscoDevNet/ydk-py-samples/blob/master/samples/basic/README.md the running a sample app is the following:

Unless specified by the app, all basic apps take two command line arguments. An optional argument (-v | --verbose) to enable logging and a mandatory argument in URL format that describes the connection details to the networking device (ssh://user:password@device:port):

$ ./nc-read-xr-ip-ntp-oper-10-ydk.py ssh://admin:admin@10.0.0.1

So in my case, it should be like this, right?

$ ./hello-ydk.py ssh://ec2-user:ec2-user@ec2-xx-xx-xx-xx.us-west-2.compute.amazonaws.com

 

But still did not work

from: can't read /var/mail/ydk.services
from: can't read /var/mail/ydk.providers
from: can't read /var/mail/ydk.models.cisco_ios_xr
from: can't read /var/mail/datetime
./hello-ydk.py: 13: ./hello-ydk.py: Syntax error: "(" unexpected (expecting "then")
0 Helpful

khalilmeb
Level 1
Level 1
In response to khalilmeb

‎01-24-2019 05:51 AM

I tired the following.

provider = NetconfServiceProvider(address="ec2-xx-xx-xx-xx.us-west-2.compute.amazonaws.com",
 username="ec2-user", 
 private_key_path="/home/server/shared_files/mykey.pem")

I tried to debug the python script and it turns out that there is a problem with argument type which is private_key_path for the code above

 


-> username="ec2-user",
(Pdb) next
> /home/server/shared_files/hello-ydk.py(15)<module>()
-> private_key_path="/home/server/shared_files/mykey.pem")
(Pdb) next
TypeError: "__init__(): incompatible constructor arguments. The following argument types are supported:\n .../home/server/shared_files/mykey.pem', address='ec2-xx-xx-xx-xx.us-west-2.compute.amazonaws.com'"

 

How can I solve this issue?

0 Helpful

saalvare
Cisco Employee
Cisco Employee

‎02-05-2019 09:50 AM

The NETCONF provider does support key-based authentication. Take a look at the documentation:
http://ydk.cisco.com/py/docs/api/providers/netconf_provider.html
Can't find a working example, but specifying the router public key, user name and no password should suffice.

HTH.
0 Helpful
Customers Also Viewed These Support Documents