Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Cisco ASA: Key-based auth causes login loop

See original GitHub issue

netmiko==2.3.0 paramiko==2.4.2 both installed via pip

I’m running into an issue where netmiko logs in successfully to the ASA with SSH keys, but doesn’t seem to realize that it’s logged in successfully, and issues a “login” command, which leads to an endless loop of login prompts.

INFO:paramiko.transport:Authentication (publickey) successful!
DEBUG:paramiko.transport:[chan 0] Max packet in: 32768 bytes
DEBUG:paramiko.transport:[chan 0] Max packet out: 4096 bytes
DEBUG:paramiko.transport:Secsh channel 0 opened.
DEBUG:paramiko.transport:[chan 0] Sesch channel 0 request ok
DEBUG:paramiko.transport:[chan 0] Sesch channel 0 request ok
DEBUG:netmiko:read_channel: User rack logged in to aanetmiko00
Logins over the last 2 days: 38.  Last login: 23:17:50 UTC Feb 12 2019 from 1.2.3.4
Failed logins since the last login: 0.  Last failed login: 22:20:08 UTC Feb 12 2019 from 1.2.3.4
Type help or '?' for a list of available commands.
aanetmiko00>
DEBUG:netmiko:read_channel:
DEBUG:netmiko:read_channel:
DEBUG:netmiko:read_channel:
DEBUG:netmiko:write_channel: b'\n'
DEBUG:netmiko:read_channel:
aanetmiko00>
DEBUG:netmiko:read_channel:
DEBUG:netmiko:write_channel: b'login\n'
DEBUG:netmiko:read_channel: login
Username:
DEBUG:netmiko:write_channel: b'rack\n'
DEBUG:netmiko:read_channel: rack
Password:
DEBUG:netmiko:write_channel: b'\n'
DEBUG:netmiko:read_channel:
%Login failed
Username:
DEBUG:netmiko:write_channel: b'rack\n'
DEBUG:netmiko:read_channel: rack
Password:
DEBUG:netmiko:write_channel: b'\n'
DEBUG:netmiko:read_channel:
%Login failed

Example code:


# ASA key-based auth, does not work
	my_asav = {
				"host": hostname,
				"username": username, 
				"device_type": "cisco_asa",
				"allow_agent": False,
				"use_keys": True,
				"key_file": "/home/rack/.ssh/id_rsa"
			  }


# ASA password auth, works

# 	my_asav = {
# 				"host": hostname,
# 				"username": username,
# 				"password": password,
# 				"device_type": "cisco_asa",
# 				"allow_agent": False,
# 				"use_keys": False
# 			  }


# Linux SSH-based auth, works 
# 	my_asav = {
# 				"host": hostname,
# 				"username": username, 
# 				"allow_agent": False,
# 				"use_keys": True,
# 				"key_file": "/home/rack/.ssh/id_rsa",
# 				"device_type": "linux"
# 			  }
#

Issue Analytics

State:
Created 5 years ago
Comments:7 (2 by maintainers)

Top GitHub Comments

1reaction

inflatadorcommented, Feb 19, 2019

@ktbyers I can confirm that setting “secret” to “\n” works around the issue. Thanks again for your prompt attention, it is very much appreciated.

0reactions

ktbyerscommented, Feb 16, 2019

@inflatador Yes, there is a good chance setting the secret argumet in Netmiko to \n will work…let us know if that works and fixes your issue.

# ASA key-based auth, does not work
	my_asav = {
				"host": hostname,
				"username": username, 
				"device_type": "cisco_asa",
				"allow_agent": False,
				"use_keys": True,
				"key_file": "/home/rack/.ssh/id_rsa",
                                "secret": "\n",
			  }