Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Timed out connecting to host - Connection to device with authentication via Tacacs

See original GitHub issue

Describe the bug Two similar setup of switches:

Authentication local - scrapli works ✅
Authentication via tacacs creds - scrapli fails

To Reproduce Steps to reproduce the behavior: 1.

from scrapli import Scrapli
import logging
from datetime import datetime

logging.basicConfig(
    format = '%(threadName)s %(name)s %(levelname)s: %(message)s',
    level=logging.INFO)

r1 = {
   "host": "10.1.1.1",
   "auth_username": "admin",
   "auth_password": "123456",
   "auth_secondary": "123456",
   "auth_strict_key": False,
   "platform": "cisco_iosxe",
    "timeout_socket": 5,
    "timeout_transport": 10
}

#no enable password required to login via tacacs
r2 = {
   "host": "10.1.1.2",
   "auth_username": "user_at_tacacs",
   "auth_password": "123456",
   "auth_strict_key": False,
   "platform": "cisco_iosxe",
    "timeout_socket": 5,
    "timeout_transport": 10
}

def get_session():
    with Scrapli(**r2) as ssh:
        logging.info(datetime.now())
        print(ssh.get_prompt())

if __name__ == "__main__":
    get_session()

What you’re connecting to (vendor, platform, version) Cisco, Catalyst 9300, 17.3.3
Anything else relevant Replacing r1 and r2 in script manually - expecting r2 to execute succesfully as r1 does.

Expected behavior Replacing r1 and r2 in script manually - expecting r2 to execute succesfully as r1 does.

Stack Trace Copy of your stack trace here, please format it properly using triple back ticks (top left key on US keyboards!)

MainThread scrapli INFO: Driver '<class 'scrapli.driver.core.cisco_iosxe.sync_driver.IOSXEDriver'>' selected from scrapli core drivers
MainThread scrapli.driver INFO: opening connection to '10.1.1.2' on port '22'
ThreadPoolExecutor-0_0 scrapli.channel CRITICAL: Timed out connecting to host
Traceback (most recent call last):
  File "/Users/lucky/untitled/scrapli_test.py", line 40, in <module>
    get_session()
  File "/Users/lucky/untitled/scrapli_test.py", line 34, in get_session
    with Scrapli(**r2) as ssh:
  File "/Users/lucky/untitled/venv/lib/python3.8/site-packages/scrapli/driver/base/sync_driver.py", line 40, in __enter__
    self.open()
  File "/Users/lucky/untitled/venv/lib/python3.8/site-packages/scrapli/driver/base/sync_driver.py", line 86, in open
    self.channel.channel_authenticate_ssh(
  File "/Users/lucky/untitled/venv/lib/python3.8/site-packages/scrapli/decorators.py", line 276, in decorate
    return self._multiprocessing_timeout(
  File "/Users/lucky/untitled/venv/lib/python3.8/site-packages/scrapli/decorators.py", line 337, in _multiprocessing_timeout
    return future.result()
  File "/Library/Frameworks/Python.framework/Versions/3.8/lib/python3.8/concurrent/futures/_base.py", line 432, in result
    return self.__get_result()
  File "/Library/Frameworks/Python.framework/Versions/3.8/lib/python3.8/concurrent/futures/_base.py", line 388, in __get_result
    raise self._exception
  File "/Library/Frameworks/Python.framework/Versions/3.8/lib/python3.8/concurrent/futures/thread.py", line 57, in run
    result = self.fn(*self.args, **self.kwargs)
  File "/Users/lucky/untitled/venv/lib/python3.8/site-packages/scrapli/channel/sync_channel.py", line 291, in channel_authenticate_ssh
    self._ssh_message_handler(output=authenticate_buf)
  File "/Users/lucky/untitled/venv/lib/python3.8/site-packages/scrapli/channel/base_channel.py", line 280, in _ssh_message_handler
    raise ScrapliAuthenticationFailed(msg)
scrapli.exceptions.ScrapliAuthenticationFailed: Timed out connecting to host

Screenshots If applicable, add screenshots to help explain your problem, but do note that formatted text is much preferred over screenshots!

OS (please complete the following information):

OS: [e.g. Ubuntu, MacOS, etc. - Note scrapli is not thoroughly tested on Windows and some/many things will not be supported] macOS Catalina
scrapli version 2021.7.30

Additional context Add any other context about the problem here.

Issue Analytics

State:
Created 2 years ago
Comments:6 (4 by maintainers)

Top GitHub Comments

1reaction

timofmaxcommented, Aug 22, 2021

paramiko

Dear @carlmontanari thank you for advice with parameters ssh2 or paramiko works perfectly.

1reaction

carlmontanaricommented, Aug 22, 2021

Perfect, thank you @timofmax !

Looks like this is being caused by some lazy password pattern checking I built into the “in channel” ssh auth. Basically we check for “password” in the bytes we read from the server… if we see that we assume we are at a password prompt and send the password and a return (hence the REDACTED showing up more than it should be in there).

I was actually thinking I should fix this the other day since I did a slightly better job implementing it on the go side over in scrapligo. Let me try to get a branch pushed up that you can try out. Also if you are in a pinch – this should not be an issue with the other transports, so that could be a workaround in the meantime if ya need it!

Will crank out that branch and update shortly!

Carl

Edit for clarity – I meant to also say that the word “Password” showing up in the banner (about your password will expire in blah blah blah) is what we were seeing and that caused us to send the password again. Like I said… it was lazy of me 😃