connections fail

[Nikos Skalis]

Dear PyEZ Support Team,

First of all, thank you very much for this awesome piece of work !

I am emailing you because while I was able to connect, get operational and configuration information, commit, rollback, etc. while getting familiarize with the library the past 2 weeks.
Since today,
I am getting the following Exception when I am trying to open the connection with the device (or any device):

$ python
Python 2.7.5 (default, Jun 17 2014, 18:11:42)
[GCC 4.8.2 20140120 (Red Hat 4.8.2-16)] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> from        jnpr.junos              import Device
>>> jdev        = Device( host="xxx.xxx.xxx.xxx", usr="xxx", passwd="xxxxxxx" )
>>> jdev.open( )
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/usr/lib/python2.7/site-packages/jnpr/junos/device.py", line 396, in open
    raise EzErrors.ConnectAuthError(self)
jnpr.junos.exception.ConnectAuthError: ConnectAuthError(172.30.150.169)

I can login to the device normally using telnet or ssh.

Could you please enlighten me what might went wrong ?
Many Thanks.

Kind Regards,
Nikos

[NitinKumar]

Device( host="xxx.xxx.xxx.xxx", usr="xxx", passwd="xxxxxxx" )

usr need to be user

Thanks

Nitin Kr

From: Nikos Skalis <nskalis....@gmail.com>
Date: Wednesday, October 22, 2014 6:25 PM
To: "junos-p...@googlegroups.com" <junos-p...@googlegroups.com>
Subject: connections fail

Dear PyEZ Support Team,

First of all, thank you very much for this awesome piece of work !

I am emailing you because while I was able to connect, get operational and configuration information, commit, rollback, etc. while getting familiarize with the library the past 2 weeks.
Since today,
I am getting the following Exception when I am trying to open the connection with the device (or any device):

$ python
Python2.7.5(default,Jun172014,18:11:42)

[GCC 4.8.220140120(RedHat4.8.2-16)] on linux2

Type"help","copyright","credits"or"license"for more information.
>>>from        jnpr.junos              importDevice

>>> jdev        =Device( host="xxx.xxx.xxx.xxx", usr="xxx", passwd="xxxxxxx")
>>> jdev.open()
Traceback(most recent call last):
  File"<stdin>", line 1,in<module>

  File"/usr/lib/python2.7/site-packages/jnpr/junos/device.py", line 396,in open
    raiseEzErrors.ConnectAuthError(self)
jnpr.junos.exception.ConnectAuthError:ConnectAuthError(172.30.150.169)

I can login to the device normally using telnet or ssh.

Could you please enlighten me what might went wrong ?
Many Thanks.

Kind Regards,
Nikos

--
You received this message because you are subscribed to the Google Groups "Junos Python EZ" group.
To unsubscribe from this group and stop receiving emails from it, send an email to junos-python-...@googlegroups.com.
Visit this group at http://groups.google.com/group/junos-python-ez.
To view this discussion on the web visit https://groups.google.com/d/msgid/junos-python-ez/4d39d6ec-a8c0-470d-96d5-a63dec9c1605%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Ansel Gaddy]

Any idea why I would be getting this error?

>>> from jnpr.junos import Device

>>> dv = Device(host='24.**.***.**',user='********',password='***********')

>>> dv.open()

Traceback (most recent call last):

  File "<stdin>", line 1, in <module>

  File "/usr/local/lib/python2.7/site-packages/jnpr/junos/device.py", line 344, in open

    raise cnx_err

jnpr.junos.exception.ConnectError: ConnectError(24.**.***.**)

Thanks!

[Ansel Gaddy]

Paramiko works for me using the same login credentials, if this helps at all.

>>> import paramiko

>>> ssh = paramiko.SSHClient()

>>> ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())

>>> ssh.connect('24.**.***.**',username='********',password='***********')

>>> stdin, stdout, stderr = ssh.exec_command('show int lo0.0 | match local')

>>> x = stdout.readlines()

>>> x

[u'        Local: 24.**.***.**'\n', u'        Local: 127.0.0.1\n', u'        Local: **.****.****.****\n', u'        Local: 2605:****::*:****\n', u'        Local: ***.***.**.etc\n']

[NitinKumar]

Hi Ansel,

Few things can you give a try:

Your pyez seems to be old. Update using command "pip install -U junos-eznc"

Can you check if ssh is configured on your device?

Put exception handling in your code to debug

try:

    dv.open()

except Exception as ex:

    print ex._orig.message

    

Thanks

Nitin Kr

[Ansel Gaddy]

I will update the pyez module, I have to request a systems engineer to do it for me :D

Yes ssh and netconf are enabled on the MX router.

ansel.gaddy@re0.********> show configuration system services

Oct 24 02:21:55

ssh {

    root-login deny;

    protocol-version v2;

    max-sessions-per-connection 32;

    connection-limit 10;

    rate-limit 5;

}

netconf {

    ssh;

}

The exception message seems to return nothing... hopefully updating pyez will help. I will reply here with my findings after updating PyEZ.

*****@*****:~/scripts$ more pyeztester.py

#!/usr/local/bin/python2.7

from jnpr.junos import Device

dv = Device(host='24.**.***.**',user='********',password='********')

try:

dv.open()

except Exception as ex:

print ex._orig.message

*****@*****:~/scripts$ python2.7 pyeztester.py

02:18:15

*****@*****:~/scripts$

Thanks for your time!

-Ansel Gaddy 

[Ansel Gaddy]

So we finally got this working. I'm not exactly sure what caused it but the fix was moving the files in my .ssh folder to a backup folder.

mv ~/.ssh/* ~/sshbk

Here was the error:

>>> from jnpr.junos import Device

>>> dv = Device(host='24.**.***.**',user='********',password='***********')

>>> dv.open()

Traceback (most recent call last):

  File "<stdin>", line 1, in <module>

  File "/usr/local/lib/python2.7/site-packages/jnpr/junos/device.py", line 344, in open

    raise cnx_err

jnpr.junos.exception.ConnectError: ConnectError(24.**.***.**)

[Rick Sherman]

Hi Ansel,

Can you please share a sanitized copy of your .ssh/config file?

I'd like to find the root cause of this issue.

Thanks,

-Rick 

[David Janssens]

Hi Rick,

I was also failing to connect to my router and following Ansel's advice, I was able to narrow this down to something wrong with my known_hosts file...

It appears there was a typo in that file and a newline went missing which meant that 2 entries were "merged". Once I fixed this, I was able to connect.

I don't know which part of the code does not like that but it would be nice to have a clearer error message since it seems that there is some attempt to check for known_hosts file integrity (the typo was between 2 unrelated hosts).

I am not sure if this is a paramiko issue: when I initially tried to connect via paramiko I got an error message complaining that my host is not in known_hosts file (even after fixing the typo and confirming that it is indeed there). The workaround for the native paramiko connection is to use 'set_missing_host_key_policy(paramiko.AutoAddPolicy())'...

I then realized I had to force paramiko to parse my known_hosts file with 'load_system_host_keys()' and here paramiko balked with a clear error message indicating an invalid entry in my known_hosts file (after I re-introduced the error).

Thus it seems to me that the problem starts with paramiko but the error message is not clearly relayed via PyEZ.

Thanks and regards,

/david

[Rick Sherman]

Hi David,

If you could please open an issue on our GitHub with the details of your problem and ssh conf file that will help us reproduce the problem and verify if it's present in PyEZ or ncclient.

https://github.com/Juniper/py-junos-eznc/issues/new

Thanks,

-Rick

[David Janssens]

Hi Rick,

I did some more digging and this seems to be due to an obfuscation of lower-level errors in the PyEZ code. Hopefully, I have described this clearly in issue #349:

 https://github.com/Juniper/py-junos-eznc/issues/349

Thanks,

/david

[Rick Sherman]

Hi David,

Thank you for all the amazing effort you put into finding the root cause of this issue and opening bugs with the dependent libraries!

I've merged in updates to the ConnectError exception to provide the underlying exception information when present.

https://github.com/Juniper/py-junos-eznc/pull/351

Here is some example information about the new presentation:

>>> dev.open()

Traceback (most recent call last):
  File "<stdin>", line 1, in <module>

  File "/var/tmp/conex/lib/python2.7/site-packages/jnpr/junos/device.py", line 451, in open
    raise cnx_err
jnpr.junos.exception.ConnectError: ConnectError(host: 1.1.1.1, msg: ('192.168.74.31 ecdsa-sha2-nistp256 badkeysl;kj23o09a;dihads;l', Error('Incorrect padding',)))

>>> try:
...     dev.open()
... except Exception as e:
...     print e
...
ConnectError(host: 1.1.1.1, msg: ('192.168.74.31 ecdsa-sha2-nistp256 badkeysl;kj23o09a;dihads;l', Error('Incorrect padding',)))
>>>
>>> e.msg
InvalidHostKey('192.168.74.31 ecdsa-sha2-nistp256 badkeysl;kj23o09a;dihads;l', Error('Incorrect padding',))
>>> e.port
830
>>> e.user
'rsherman'

>>> dev.open()

Traceback (most recent call last):
  File "<stdin>", line 1, in <module>

  File "/var/tmp/conex/lib/python2.7/site-packages/jnpr/junos/device.py", line 433, in open
    raise EzErrors.ConnectTimeoutError(self)
jnpr.junos.exception.ConnectTimeoutError: ConnectTimeoutError(1.1.1.1)

I've also verified the ncclient pull request that will fix the hoskey_verify bug.  I'll sync up with them to make sure it gets merged.

https://github.com/leopoul/ncclient/pull/50

Thank you again!

-Rick