netmiko: Specific port NetmikoAuthenticationException

Problem: netmiko ssh (to vty session) password auth fails

My guess: retry auth? or paramiko none auth method needs to be populated / event needs to be handled

Native ssh client is fine: OpenSSH_for_Windows_8.1p1, LibreSSL 3.0.2

ssh admin@192.168.0.1 -p 22
Password:


PerleSCR>

For kicks I also verified:

  • SSH autodetect and native client to other ports (reverse tty) password auth succeeds.
  • Telnet cisco_ios_telnet password auth succeeds.

Server

  • OpenSSH 7.2 (on Perle IOLAN SCR1618)

Client:

  • Netmiko 3.4.0
  • Paramiko 2.7.2

SSH Bad Login

ConnectHandler(device_type='autodetect', ip=SCR_IP, port=22, username=SCR_USER, password=SCR_PASS, banner_timeout=30, global_delay_factor=0.1, timeout=120, auth_timeout=30, session_timeout=120, session_log='logs\\scr_debug.log')

server log

PerleSCR# Jan 02 01:55:20 EST %SSHD-6: Connection closed by 192.168.0.10 port 52976

session log is empty

debug log

DEBUG:paramiko.transport:starting thread (client mode): 0xf900e880
DEBUG:paramiko.transport:Local version/idstring: SSH-2.0-paramiko_2.7.2
DEBUG:paramiko.transport:Remote version/idstring: SSH-2.0-OpenSSH_7.2
INFO:paramiko.transport:Connected (version 2.0, client OpenSSH_7.2)
DEBUG:paramiko.transport:kex algos:['curve25519-sha256@libssh.org', 'ecdh-sha2-nistp256', 'ecdh-sha2-nistp384', 'ecdh-sha2-nistp521', 'diffie-hellman-group-exchange-sha256', 'diffie-hellman-group14-sha1'] server key:['ssh-rsa', 'rsa-sha2-512', 'rsa-sha2-256'] client encrypt:['chacha20-poly1305@openssh.com', 'aes128-ctr', 'aes192-ctr', 'aes256-ctr', 'aes128-gcm@openssh.com', 'aes256-gcm@openssh.com'] server encrypt:['chacha20-poly1305@openssh.com', 'aes128-ctr', 'aes192-ctr', 'aes256-ctr', 'aes128-gcm@openssh.com', 'aes256-gcm@openssh.com'] client mac:['hmac-sha1', 'hmac-sha2-256', 'hmac-sha2-512', 'umac-64@openssh.com', 'umac-128@openssh.com', 'hmac-sha1-etm@openssh.com', 'hmac-sha2-256-etm@openssh.com', 'hmac-sha2-512-etm@openssh.com', 'umac-64-etm@openssh.com', 'umac-128-etm@openssh.com'] server mac:['hmac-sha1', 'hmac-sha2-256', 'hmac-sha2-512', 'umac-64@openssh.com', 'umac-128@openssh.com', 'hmac-sha1-etm@openssh.com', 'hmac-sha2-256-etm@openssh.com', 'hmac-sha2-512-etm@openssh.com', 'umac-64-etm@openssh.com', 'umac-128-etm@openssh.com'] client compress:['none', 'zlib@openssh.com', 'zlib'] server compress:['none', 'zlib@openssh.com', 'zlib'] client lang:[''] server lang:[''] kex follows?False
DEBUG:paramiko.transport:Kex agreed: curve25519-sha256@libssh.org
DEBUG:paramiko.transport:HostKey agreed: ssh-rsa
DEBUG:paramiko.transport:Cipher agreed: aes128-ctr
DEBUG:paramiko.transport:MAC agreed: hmac-sha2-256
DEBUG:paramiko.transport:Compression agreed: none
DEBUG:paramiko.transport:kex engine KexCurve25519 specified hash_algo <built-in function openssl_sha256>
DEBUG:paramiko.transport:Switch to new keys ...
DEBUG:paramiko.transport:Adding ssh-rsa host key for 192.168.0.1: b'af867e81355f212088f5ac83182c99b8'
DEBUG:paramiko.transport:userauth is OK
INFO:paramiko.transport:Authentication (password) failed.
DEBUG:paramiko.transport:EOF in transport thread

Traceback

Traceback (most recent call last):
  File "C:\Users\chaddun\AppData\Roaming\Python\Python38\site-packages\netmiko\base_connection.py", line 935, in establish_connection
    self.remote_conn_pre.connect(**ssh_connect_params)
  File "C:\Users\chaddun\AppData\Roaming\Python\Python38\site-packages\paramiko\client.py", line 435, in connect
    self._auth(
  File "C:\Users\chaddun\AppData\Roaming\Python\Python38\site-packages\paramiko\client.py", line 765, in _auth
    raise saved_exception
  File "C:\Users\chaddun\AppData\Roaming\Python\Python38\site-packages\paramiko\client.py", line 751, in _auth
    self._transport.auth_password(username, password)
  File "C:\Users\chaddun\AppData\Roaming\Python\Python38\site-packages\paramiko\transport.py", line 1509, in auth_password
    return self.auth_handler.wait_for_response(my_event)
  File "C:\Users\chaddun\AppData\Roaming\Python\Python38\site-packages\paramiko\auth_handler.py", line 250, in wait_for_response
    raise e
paramiko.ssh_exception.AuthenticationException: Authentication failed.

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "wipeSwitch.py", line 148, in <module>
    main()
  File "wipeSwitch.py", line 62, in main
    srv = connectSCR(only=True)
  File "wipeSwitch.py", line 140, in connectSCR
    if only: return ConnectHandler(device_type='autodetect', ip=SCR_IP, port=22, username=SCR_USER, password=SCR_PASS, banner_timeout=30, global_delay_factor=0.1, timeout=120, auth_timeout=30, session_timeout=120, session_log_record_writes=True, session_log='logs\\scr_debug.log')
  File "C:\Users\chaddun\AppData\Roaming\Python\Python38\site-packages\netmiko\ssh_dispatcher.py", line 326, in ConnectHandler
    return ConnectionClass(*args, **kwargs)
  File "C:\Users\chaddun\AppData\Roaming\Python\Python38\site-packages\netmiko\base_connection.py", line 350, in __init__
    self._open()
  File "C:\Users\chaddun\AppData\Roaming\Python\Python38\site-packages\netmiko\base_connection.py", line 355, in _open
    self.establish_connection()
  File "C:\Users\chaddun\AppData\Roaming\Python\Python38\site-packages\netmiko\base_connection.py", line 972, in establish_connection
    raise NetmikoAuthenticationException(msg)
netmiko.ssh_exception.NetmikoAuthenticationException: Authentication to device failed.

Common causes of this problem are:
1. Invalid username and password
2. Incorrect SSH-key file
3. Connecting to the wrong device

Device settings: autodetect 192.168.0.1:22


Authentication failed.

SSH Good Login

ConnectHandler(device_type='autodetect', ip=SCR_IP, port=10001, username=SCR_USER, password=SCR_PASS, banner_timeout=30, global_delay_factor=0.1, timeout=120, auth_timeout=30, session_timeout=120, session_log_record_writes=True, session_log='logs\\scr_debug.log')

server log

PerleSCR# Jan 02 01:56:18 EST %IOL_SSHD-6: Connection from 192.168.0.10 port 53230 on 192.168.0.1 port 10001
 Jan 02 01:56:19 EST %IOL_SSHD-6: auth2_read_banner() \n
 Jan 02 01:56:19 EST %IOL_SSHD-6: motd = (nil) \n
 Jan 02 01:56:19 EST %IOL_SSHD-6: login = (nil) \n
 Jan 02 01:56:19 EST %IOL_SSHD-6: len = 0 banner len = 0\n
 Jan 02 01:56:19 EST %IOL_SSHD-6: pam_sm_authenticate() 26
 Jan 02 01:56:19 EST %IOL_SSHD-6: Setting PAM_AUTH_STATUS to fail 34
 Jan 02 01:56:19 EST %IOL_SSHD-6: pam_sm_authenticate() 53 name: admin password: $1$8/Fz$Va/t40Q/TH5rWNtlrf1YY0
 Jan 02 01:56:19 EST %IOL_SSHD-6: auth success
 Jan 02 01:56:19 EST %IOL_SSHD-6: Setting PAM_AUTH_STATUS to pass 137
 Jan 02 01:56:19 EST %IOL_SSHD-6: Accepted password for admin from 192.168.0.10 port 53230 ssh2
 Jan 02 01:56:19 EST %IOL_SSHD-6: Email: 6, 0: Accepted password for admin from 192.168.0.10 port 53230 ssh2
 Jan 02 01:56:19 EST %IOL_SSHD-6: authentication finished
 Jan 02 01:56:19 EST %IOL_SSHD-6: 2318 call do pan session
 Jan 02 01:56:19 EST %IOL_SSHD-6: 2342 call do_authenticated
 Jan 02 01:56:19 EST %IOL_SSHD-6: call do_exec 2258 NULL
 Jan 02 01:56:19 EST %IOL_SSHD-6: do_exec 818 (null)\n
 Jan 02 01:56:19 EST %IOL_SSHD-6: do_exec 828\n
 Jan 02 01:56:19 EST %IOL_SSHD-6: do_exec 846\n
 Jan 02 01:56:19 EST %IOL_SSHD-6: do_exec 848 /dev/pts/0\n
 Jan 02 01:56:19 EST %IOL_SSHD-6: do_exec 853\n
 Jan 02 01:56:19 EST %IOL_SSHD-6: Starting session: shell on pts/0 for admin from 192.168.0.10 port 53230 id 0
 Jan 02 01:56:19 EST %IOL_SSHD-6: do_exec 876 ttyfd = 14 (null)\n
 Jan 02 01:56:19 EST %IOL_RSESSMGR-6: acquire_rev_session 865
 Jan 02 01:56:19 EST %IOL_RSESSMGR-6: acquire_rev_session 870
 Jan 02 01:56:19 EST %IOL_RSESSMGR-6: acquire_rev_session 897
 Jan 02 01:56:19 EST %IOL_RSESSMGR-6: acquire_rev_session 901
 Jan 02 01:56:19 EST %IOL_RSESSMGR-6: do_output 625
 Jan 02 01:56:22 EST %IOL_SSHD-6: Connection closed by 192.168.0.10
 Jan 02 01:56:22 EST %IOL_SSHD-6: Close session: user admin from 192.168.0.10 port 53230 id 0
 Jan 02 01:56:22 EST %IOL_SSHD-6: Transferred: sent 3672, received 1936 bytes
 Jan 02 01:56:22 EST %IOL_SSHD-6: Closing connection to 192.168.0.10 port 53230

PerleSCR#

session_log





en

debug log

DEBUG:paramiko.transport:starting thread (client mode): 0x759be880
DEBUG:paramiko.transport:Local version/idstring: SSH-2.0-paramiko_2.7.2
DEBUG:paramiko.transport:Remote version/idstring: SSH-2.0-OpenSSH_7.2
INFO:paramiko.transport:Connected (version 2.0, client OpenSSH_7.2)
DEBUG:paramiko.transport:kex algos:['curve25519-sha256@libssh.org', 'ecdh-sha2-nistp256', 'ecdh-sha2-nistp384', 'ecdh-sha2-nistp521', 'diffie-hellman-group-exchange-sha256', 'diffie-hellman-group14-sha1'] server key:['ssh-rsa', 'rsa-sha2-512', 'rsa-sha2-256'] client encrypt:['chacha20-poly1305@openssh.com', 'aes128-ctr', 'aes192-ctr', 'aes256-ctr', 'aes128-gcm@openssh.com', 'aes256-gcm@openssh.com'] server encrypt:['chacha20-poly1305@openssh.com', 'aes128-ctr', 'aes192-ctr', 'aes256-ctr', 'aes128-gcm@openssh.com', 'aes256-gcm@openssh.com'] client mac:['hmac-sha1', 'hmac-sha2-256', 'hmac-sha2-512', 'umac-64@openssh.com', 'umac-128@openssh.com', 'hmac-sha1-etm@openssh.com', 'hmac-sha2-256-etm@openssh.com', 'hmac-sha2-512-etm@openssh.com', 'umac-64-etm@openssh.com', 'umac-128-etm@openssh.com'] server mac:['hmac-sha1', 'hmac-sha2-256', 'hmac-sha2-512', 'umac-64@openssh.com', 'umac-128@openssh.com', 'hmac-sha1-etm@openssh.com', 'hmac-sha2-256-etm@openssh.com', 'hmac-sha2-512-etm@openssh.com', 'umac-64-etm@openssh.com', 'umac-128-etm@openssh.com'] client compress:['none', 'zlib@openssh.com', 'zlib'] server compress:['none', 'zlib@openssh.com', 'zlib'] client lang:[''] server lang:[''] kex follows?False
DEBUG:paramiko.transport:Kex agreed: curve25519-sha256@libssh.org
DEBUG:paramiko.transport:HostKey agreed: ssh-rsa
DEBUG:paramiko.transport:Cipher agreed: aes128-ctr
DEBUG:paramiko.transport:MAC agreed: hmac-sha2-256
DEBUG:paramiko.transport:Compression agreed: none
DEBUG:paramiko.transport:kex engine KexCurve25519 specified hash_algo <built-in function openssl_sha256>
DEBUG:paramiko.transport:Switch to new keys ...
DEBUG:paramiko.transport:Adding ssh-rsa host key for [192.168.0.1]:10001: b'af867e81355f212088f5ac83182c99b8'
DEBUG:paramiko.transport:userauth is OK
INFO:paramiko.transport:Auth banner: b''
INFO:paramiko.transport:Authentication (password) successful!
DEBUG:paramiko.transport:Received global request "hostkeys-00@openssh.com"
DEBUG:paramiko.transport:[chan 0] Max packet in: 32768 bytes
DEBUG:paramiko.transport:Rejecting "hostkeys-00@openssh.com" global request from server.
DEBUG:paramiko.transport:[chan 0] Max packet out: 32768 bytes
DEBUG:paramiko.transport:Secsh channel 0 opened.
DEBUG:paramiko.transport:[chan 0] Sesch channel 0 request ok
DEBUG:paramiko.transport:[chan 0] Sesch channel 0 request ok
DEBUG:netmiko:write_channel: b'\n\n\n\nen\n\n\n\n\n'
DEBUG:paramiko.transport:EOF in transport thread

Native client version of SSH Good Login

ssh admin@192.168.0.1 -p 10001
Password:


ReverseDevice#

About this issue

  • Original URL
  • State: closed
  • Created 3 years ago
  • Comments: 18 (8 by maintainers)

Most upvoted comments

Did you get it working? I saw a message in email indicating you have it working, but now that is gone?

No, I still had it pointing to the other port when that happened. I removed the comment. Still the same for port 22.

+1
cmdstack on Jun 24, 2021
Read more comments on GitHub
← netmiko: Small device input buffers and send_config_set failures
netmiko: Timeouts are not directly configurable →