Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SSH connection hard-coded to NOT verify host keys #1320

Closed
ed-ud opened this issue Aug 26, 2024 · 2 comments
Closed

SSH connection hard-coded to NOT verify host keys #1320

ed-ud opened this issue Aug 26, 2024 · 2 comments
Assignees
@chidanandpujar
Labels
Type: Bug

Comments

@ed-ud
Copy link

ed-ud commented Aug 26, 2024

Why is there a hard-coded "hostkey_verify=False" here, effectively disabling SSH host key verification...???

https://github.com/Juniper/py-junos-eznc/blame/a64698b280fb717730dddf75a2d4d8cacb2e4775/lib/jnpr/junos/device.py#L1377
@chidanandpujar chidanandpujar self-assigned this Sep 3, 2024
@chidanandpujar
Copy link
Collaborator

chidanandpujar commented Sep 3, 2024
edited
Loading

Hi @ed-ud,
I have added the boolean parameter to read the hostkey_value with True or False.

please find the test log with fix

1) hostkey_verify True,
~/pyez_release_272_py39/py-junos-eznc# cat get_facts.py
from jnpr.junos import Device
from pprint import pprint

dev = Device(host='x.x.x.x', user='xyz', password='xyz', port=22, hostkey_verify=True)
dev.open()
pprint (dev.facts)

/pyez_release_272_py39/py-junos-eznc# python get_facts.py 
/root/pyez_release_272_py39/venv/lib/python3.9/site-packages/paramiko/pkey.py:100: CryptographyDeprecationWarning: TripleDES has been moved to cryptography.hazmat.decrepit.ciphers.algorithms.TripleDES and will be removed from this module in 48.0.0.
  "cipher": algorithms.TripleDES,
/root/pyez_release_272_py39/venv/lib/python3.9/site-packages/paramiko/transport.py:271: CryptographyDeprecationWarning: TripleDES has been moved to cryptography.hazmat.decrepit.ciphers.algorithms.TripleDES and will be removed from this module in 48.0.0.
  "class": algorithms.TripleDES,
Traceback (most recent call last):
  File "/root/pyez_release_272_py39/venv/lib/python3.9/site-packages/junos_eznc-2.7.1+9.ga64698b2.dirty-py3.9.egg/jnpr/junos/device.py", line 1388, in open
    self._conn = netconf_ssh.connect(
  File "/root/pyez_release_272_py39/venv/lib/python3.9/site-packages/ncclient-0.6.15-py3.9.egg/ncclient/manager.py", line 187, in connect
  File "/root/pyez_release_272_py39/venv/lib/python3.9/site-packages/ncclient-0.6.15-py3.9.egg/ncclient/manager.py", line 139, in connect_ssh
  File "/root/pyez_release_272_py39/venv/lib/python3.9/site-packages/ncclient-0.6.15-py3.9.egg/ncclient/transport/ssh.py", line 349, in connect
ncclient.transport.errors.SSHUnknownHostError: Unknown host key [cc:46:c4:ca:08:88:95:88:96:6a:43:51:48:e1:89:d4] for [x.x.x.x]

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/root/pyez_release_272_py39/py-junos-eznc/get_facts.py", line 5, in <module>
    dev.open()
  File "/root/pyez_release_272_py39/venv/lib/python3.9/site-packages/junos_eznc-2.7.1+9.ga64698b2.dirty-py3.9.egg/jnpr/junos/device.py", line 1423, in open
    raise EzErrors.ConnectRefusedError(self)
jnpr.junos.exception.ConnectRefusedError: ConnectRefusedError(x.x.x.x)


2) hostkey_verify False

 cat get_facts.py
from jnpr.junos import Device
from pprint import pprint

dev = Device(host='x.x.x.x', user='xyz', password='xyz', port=22, hostkey_verify=False)
dev.open()
pprint (dev.facts)


{'2RE': False,
 'HOME': '/var/home/regress',
 'RE0': {'last_reboot_reason': 'Router rebooted after a normal shutdown.',
         'mastership_state': 'master',
         'model': 'VSRX RE',
         'status': 'Testing',
         'up_time': '1 day, 1 hour, 13 minutes, 23 seconds'},
 'RE1': None,
 'RE_hw_mi': False,
 'current_re': ['master',
                'fpc0',
                'node',
                'fwdd',
                'member',
                'pfem',
                're0',
                'fpc0.pic0'],
 'hostname': 'srxeventa',
 'hostname_info': {'re0': 'srxeventa'},
 'ifd_style': 'CLASSIC',
 'junos_info': {'re0': {'object': junos.version_info(major=(23, 4), type=I, minor=-20240419, build=0),
                        'text': '23.4I-20240419.0.0358'}},
 'master': 'RE0',
 'model': 'VSRX',
 'model_info': {'re0': 'VSRX'},
 'personality': None,
 're_info': {'default': {'0': {'last_reboot_reason': 'Router rebooted after a '
                                                     'normal shutdown.',
                               'mastership_state': 'master',
                               'model': 'VSRX RE',
                               'status': 'Testing'},
                         'default': {'last_reboot_reason': 'Router rebooted '
                                                           'after a normal '
                                                           'shutdown.',
                                     'mastership_state': 'master',
                                     'model': 'VSRX RE',
                                     'status': 'Testing'}}},
 're_master': {'default': '0'},
 'serialnumber': '436a6ca55d9a',
 'srx_cluster': False,
 'srx_cluster_id': None,
 'srx_cluster_redundancy_group': None,
 'switch_style': 'NONE',
 'vc_capable': False,
 'vc_fabric': None,
 'vc_master': None,
 'vc_mode': None,
 'version': '23.4I-20240419.0.0358',
 'version_RE0': '23.4I-20240419.0.0358',
 'version_RE1': None,
 'version_info': junos.version_info(major=(23, 4), type=I, minor=-20240419, build=0),
 'virtual': None}




3) hostkey_verify True with key added to known_hosts 

 ssh [email protected]
The authenticity of host 'x.x.x.x' can't be established.
ECDSA key fingerprint is SHA256:HWMJzuia9e+IkANQddnByVg3hg7cMnJgasaDPA82H10.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'x.x.x.x' (ECDSA) to the list of known hosts.
Password:
Last login: Mon Sep  2 12:26:04 2024 from x.x.x.x
--- JUNOS 23.4I-20240419.0.0358 Kernel 64-bit XEN JNPR-12.1-20240405.32ed862a0f7_
At least one package installed on this device has limited support.
Run 'file show /etc/notices/unsupported.txt' for details.
root@srxeventa:~ # exit
logout
Connection to x.x.x.x closed.

cat get_facts.py
from jnpr.junos import Device
from pprint import pprint

dev = Device(host='x.x.x.x', user='xyz', password='xyz', port=22, hostkey_verify=True)
dev.open()
pprint (dev.facts)


{'2RE': False,
 'HOME': '/var/home/regress',
 'RE0': {'last_reboot_reason': 'Router rebooted after a normal shutdown.',
         'mastership_state': 'master',
         'model': 'VSRX RE',
         'status': 'Testing',
         'up_time': '1 day, 1 hour, 14 minutes, 23 seconds'},
 'RE1': None,
 'RE_hw_mi': False,
 'current_re': ['master',
                'fpc0',
                'node',
                'fwdd',
                'member',
                'pfem',
                're0',
                'fpc0.pic0'],

 'hostname': 'srxeventa',
 'hostname_info': {'re0': 'srxeventa'},
 'ifd_style': 'CLASSIC',
 'junos_info': {'re0': {'object': junos.version_info(major=(23, 4), type=I, minor=-20240419, build=0),
                        'text': '23.4I-20240419.0.0358'}},
 'master': 'RE0',
 'model': 'VSRX',
 'model_info': {'re0': 'VSRX'},
 'personality': None,
 're_info': {'default': {'0': {'last_reboot_reason': 'Router rebooted after a '
                                                     'normal shutdown.',
                               'mastership_state': 'master',
                               'model': 'VSRX RE',
                               'status': 'Testing'},
                         'default': {'last_reboot_reason': 'Router rebooted '
                                                           'after a normal '
                                                           'shutdown.',
                                     'mastership_state': 'master',
                                     'model': 'VSRX RE',
                                     'status': 'Testing'}}},
 're_master': {'default': '0'},
 'serialnumber': '436a6ca55d9a',
 'srx_cluster': False,
 'srx_cluster_id': None,
 'srx_cluster_redundancy_group': None,
 'switch_style': 'NONE',
 'vc_capable': False,
 'vc_fabric': None,
 'vc_master': None,
 'vc_mode': None,
 'version': '23.4I-20240419.0.0358',
 'version_RE0': '23.4I-20240419.0.0358',
 'version_RE1': None,
 'version_info': junos.version_info(major=(23, 4), type=I, minor=-20240419, build=0),
 'virtual': None}

@chidanandpujar chidanandpujar mentioned this issue Sep 3, 2024
Merged
@dineshbaburam91
Copy link
Collaborator

The issue got resolved. Hence, closing the issue.

@github-staff github-staff deleted a comment from Lxx-c Oct 23, 2024
@github-staff github-staff deleted a comment from Lxx-c Oct 23, 2024
@ed-ud ed-ud mentioned this issue Nov 15, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@chidanandpujar chidanandpujar

Labels
Type: Bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@dineshbaburam91 @chidanandpujar @ed-ud and others