Non Standard SSH Login

[Lupe Silva]

I am looking to use ansible with my Dell X1000 series switches.  There is no network modules for these switches which is fine for me.  I plan to use the raw module.

My issue is that when you connect to these switches via SSH, the switches always ask for the UserID and Password.   Even when you use "ssh userid@switch" it will ask you for your user id and password.

Is there a way to have ansible use an "expect" type of solution for the initial login via ssh?

It may be something like additional args in ansible_ssh_args but I cannot figure it out.

[Soniya panwar]

You can follow these step to make machine passwordless.

Step:1 First generate the public/private key pair on the Ansible control machine: 

$ ssh-keygen –t rsa

Step:2 Enable the RSA-SSH authentication feature on the Dell switch by executing the following command:

# ip ssh rsa-authentication enable

Step:3 Configure the username and password on the Dell switch. The RSA-authentication public key will be added to the admin.

# username admin password xxxx privilege 15

Step:4 Login to the Dell switch using SSH and username admin. Copy the public key of the Ansible control machine to the Dell switch: 

# copy scp: flash: 

Address or name of remote host []: 100.67.1.10 

Source file name []: .ssh/id_rsa.pub 

User name to login remote host: root 

Password to login remote host:

Destination file name [id_rsa.pub]: 

224 bytes successfully copied Leaf1A#

Step:5 Login into the Dell EMC Networking switch through SSH and configure the public key on the Dell EMC Networking switch by executing the following command:

# ip ssh rsa-authentication my-authorized-keys id_rsa.pub

RSA keys added to admin's list of authorized-keys. 

Delete the file id_rsa.pub : (yes/no) ? yes

Step:6 Verify the SSH connection by executing the following command:

$ ssh 100.67.170.31 -i .ssh/id_rsa -l admin

[Lupe Silva]

Thank you Soniya for the reply!!

Unfortunately, this Dell switch is not the EMC line, but a lower line of switches, the X1000 series, where the majority of the configuration is done via web browser.   It has limited CLI functionality (which I have not been happy with).   I cannot put in the rsa or dsa keys into the switch as I had hoped.  In my experience, I have seen a few other devices which always ask User ID and Password via ssh. It appears that they do not implement the full ssh features in their products.

Any other ideas on how to get ansible to do a "screen scrape/expect" on the login process?

Thanks in advance

[Kai Stian Olstad]

On 21. aug. 2017 18:37, Lupe Silva wrote:
> Any other ideas on how to get ansible to do a "screen scrape/expect" on the
> login process?

You will need to abandon the use of the raw module and use the expect
module for everything.

--
Kai Stian Olstad

[Soniya panwar]

>>Any other ideas on how to get ansible to do a "screen scrape/expect" on the login process?

Yes, you can use expect module. You could just run it on local host and use the ssh as the command.

Example:

- host: localhost

  connection: local

  tasks: 

    - expect:

         command: ssh <connection_details>

         responses:

            (?i)prompt: "response"

[Lupe Silva]

Thanks, Soniya and Kai!!!

I was not aware of the expect module.  It was what I was looking for.