Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Can't connect to the switch with AsyncSSH with "auth_strict_key" = False option

See original GitHub issue

Describe the bug When you have in Scrapli connection options “auth_strict_key” = False for AsyncSSH transport, there is a known bug for AsyncSSH with “known_hosts”=None https://github.com/ronf/asyncssh/issues/323 When that happens AsyncSSH send all his “host_key_algs” to the host and that’s more than 20 of them and there are some hosts that just disconnects on such a many number of host keys algs received.

To Reproduce

When you have in connection options for AsyncSSH tranport “auth_strict_key” = False

conn_dict["auth_strict_key"] = False
conn = AsyncGenericDriver(**conn_dict)

Your switch can’t comprehend so much “host_key_algs” sent at him.
Switch closes connection on key exchange.

Expected behavior Scrapli connects through AsyncSSH.

How to fix So, as a workaround i added “server_host_key_algs=[‘ssh-rsa’]” to scrapli\transport\plugins\asyncssh\transport.py lines 113-127

        try:
            self.session = await asyncio.wait_for(
                connect(
                    client_keys=self.plugin_transport_args.auth_private_key,
                    password=self.plugin_transport_args.auth_password,
                    preferred_auth=(
                        "publickey",
                        "keyboard-interactive",
                        "password",
                    ),
                    server_host_key_algs=['ssh-rsa'],
                    **common_args,
                ),
                timeout=self._base_transport_args.timeout_socket,
            )

It works for me now, but i think for the general Scrapli use it must some more clever solution. Something like:

Check if “auth_strict_key” is False.
Add “server_host_key_algs=[‘ssh-rsa’]” to the list of AsyncSSH transport options.

OS (please complete the following information):

OS: Debian 10.7
scrapli version: 2021.07.30

Issue Analytics

State:
Created 2 years ago
Comments:5 (4 by maintainers)

Top GitHub Comments

1reaction

carlmontanaricommented, Sep 11, 2021

Since I got rid of the “known issues” section a while back since (thankfully) there were not many, and also because I kept forgetting about it and so it was never updated/contained outdated things… I just added this to the transport plugin docstrings. Hopefully that ++ this issue will make this searchable enough for folks in the future!

Thanks again for your work on this!

Carl

1reaction

carlmontanaricommented, Sep 11, 2021

looks like i’ve found a solution that will not require any code changes

I like the way you think! 😁

I will leave this open to make sure I remember to document this this weekend! Thanks again for all the help!

Carl

Top Results From Across the Web

Source code for asyncssh.connection

Changes apply only to SSH client/server connections accepted after the change is made. Previously accepted connections will continue to use the options set ......

Can not connect via AsyncSSH, error Host key is not trusted

Try adding the known_hosts=None parameter to the connect method. asyncssh.connect('172.18.17.9', username="user", password="admin", ...

asyncssh - PyPI

Features · Full support for SSHv2, SFTP, and SCP client and server functions · Multiple simultaneous sessions on a single SSH connection ·...

Python для сетевых инженеров - Самойленко Н. - djvu.online

tunnel mpls traffic-eng path-option 10 dynamic', . ... 10.1.1.2 Platform: cisco WS-C2960-8TC-L, Capabilities; Switch IGMP Interface: GigabitEthernetl/0/16, ...