Connection Error After Changing Junos User Permissions: jnpr.junos.exception.ConnectError: ConnectError(host: [SANITIZED], msg: Negotiation failed)
63 views
Skip to first unread message
bri...@seas.upenn.edu
Feb 28, 2017, 4:28:57 PM2/28/17
to Junos Python EZ
I'm getting the following connection error when I run my script:
Connecting to [SANITIZED]...
No handlers could be found for logger "ncclient.transport.ssh"
Traceback (most recent call last):
File "update-limbo-ip-prefix-list.py", line 75, in <module>
switch.open()
File "/usr/lib/python2.7/site-packages/jnpr/junos/device.py", line 906, in open
raise cnx
jnpr.junos.exception.ConnectError: ConnectError(host: [SANITIZED], msg: Negotiation failed)
The script uses a junos account called 'update-prefix-list' to log into the switch and update a prefix list called limbo-ip. This user is part of a class that only allows them to change that specific prefix list. Previously, I had the user in the root user class and the script ran with no errors and successfully updated the prefix list. Now that the user permissions have changed, i'm getting the error above. It appears as though the user is not able to establish an ssh connection after these changes. However, outside of the script I am able to ssh to the switch with 'ssh -i /path/to/ssh-key update-prefix-list@hostname'. Any help would be greatly appreciated.
Switch Info:
Junos: 14.1X53-D40.8
Relevant Junos Config Snippet:
system login {
class update-prefix-list {
permissions configure;
allow-commands load*;
allow-configuration "policy-options prefix-list limbo-ip";
}
user update-prefix-list {
uid 2003;
class update-prefix-list;
authentication {
ssh-rsa "[SANITIZED; SSH PUBLIC KEY]" ## SECRET-DATA
}
}
Code:
from jnpr.junos import Device
from jnpr.junos.utils.config import Config
from jinja2 import Template
from getpass import getpass
import yaml
import MySQLdb
import re
# open connection with mysql db
db = MySQLdb.connect(host='[SANITIZED]', db='[SANITIZED]', user='[SANITIZED]', passwd='[SANITIZED]')
# create cursor object that can execute mysql statements
cursor = db.cursor()
# set mysql statement to query
query = "SELECT ip FROM block_ips"
# execute the mysql query
cursor.execute(query)
# generate the yaml file and append the IPs
# should probably be doing this w/ the yaml library instead of file.write() but...
with open('prefix-lists/prefix-list.yml', 'w') as yaml_file: yaml_file.write('---\nprefixlist:\n name: limbo-ip\n prefixes:\n ')
for ip in cursor:
yaml_file.write('- ' + ip[0] + '\n ')
# close cursor
cursor.close()
# close db connection
db.close()
# read in yaml config and set it to prefix_list
with open('prefix-lists/prefix-list.yml') as yaml_file:
yaml_config = yaml.load_all(yaml_file.read())
# load jinja2 template
with open('prefix-lists/prefix-list-template.j2') as template: config_template = template.read()
# merge prefix list with config template
config = ''
for data in yaml_config:
config += Template(config_template).render(data) + "\n"
hostname = '[SANITIZED]'
key_file = '[SANITIZED]'
user = 'update-prefix-list'
# create a device object from login info above
switch = Device(host=hostname, user=user, ssh_private_key_file=key_file)
# open a connection to the device object
print("Connecting to " + hostname + "...")
switch.open()
print("Connection Successful")
# bind config to cfg
# lock the config so no one else can make changes
cfg = Config(switch)
cfg.lock()
# load config changes
cfg.load(config, format="text", merge=False)
# commit config changes
cfg.commit()
# unlock config
cfg.unlock()
# close connection to device
switch.close()
Reply all
Reply to author
Forward
0 new messages