vMX and NETCONF via SSH-tunnel

[jer...@apstra.com]

Hi All,

I am attempting to connect to a vMX from my MacOS that is ssh-tunneling through another system.  I am not able to do the following

from jnpr.junos import Device

dev = Device('vMX-1')
dev.open()

### results in the following Exception

Traceback (most recent call last):

  File "<stdin>", line 1, in <module>

  File "/Library/Python/2.7/site-packages/jnpr/junos/device.py", line 483, in open

    raise cnx_err

jnpr.junos.exception.ConnectError: ConnectError(host: None, msg: Capability exchange timed out)

When I try to connect manually from my MacOS, it works:

# ssh -s vMX-1 netconf

<!-- No zombies were killed during the creation of this user interface -->

<!-- user jeremy, class j-super-user -->

<hello xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">

  <capabilities>

    <capability>urn:ietf:params:netconf:base:1.0</capability>

    <capability>urn:ietf:params:netconf:capability:candidate:1.0</capability>

    <capability>urn:ietf:params:netconf:capability:confirmed-commit:1.0</capability>

    <capability>urn:ietf:params:netconf:capability:validate:1.0</capability>

    <capability>urn:ietf:params:netconf:capability:url:1.0?scheme=http,ftp,file</capability>

    <capability>urn:ietf:params:xml:ns:netconf:base:1.0</capability>

    <capability>urn:ietf:params:xml:ns:netconf:capability:candidate:1.0</capability>

    <capability>urn:ietf:params:xml:ns:netconf:capability:confirmed-commit:1.0</capability>

    <capability>urn:ietf:params:xml:ns:netconf:capability:validate:1.0</capability>

    <capability>urn:ietf:params:xml:ns:netconf:capability:url:1.0?protocol=http,ftp,file</capability>

    <capability>http://xml.juniper.net/netconf/junos/1.0</capability>

    <capability>http://xml.juniper.net/dmi/system/1.0</capability>

  </capabilities>

  <session-id>72784</session-id>

</hello>

]]>]]>

In terms of software and versions:

• junos-pyez - 1.3.1
• vMX - JUNOS 15.1F4.15

Any thoughts / suggestions as to why the connection is failing via ssh-tunneling approach?

Thank you!
-- Jeremy

[Nitin Kr (Automation)]

Hi Jeremy,

I was able to reproduce the issue. 

If your file ~/.ssh/config contains 

Host vMX-1

   User regress

   Hostname localhost

   Port 8001

Do change hostname to 127.0.0.1. With this changes I am able to execute my code.

Host VMX-1

   User regress

   Hostname 127.0.0.1

   Port 8001

The reason for localhost not able to work is because of https://github.com/ncclient/ncclient/blob/master/ncclient/manager.py#L148-L151

With localhost, code understand as if script is being run on junos locally. Hence breaks.

Also I have raised a bug with ncclient related to this issue

https://github.com/ncclient/ncclient/issues/122

Thanks

Nitin Kr

From: <junos-p...@googlegroups.com> on behalf of "jer...@apstra.com" <jer...@apstra.com>
Date: Tuesday, March 29, 2016 at 8:28 PM
To: Junos Python EZ <junos-p...@googlegroups.com>
Subject: vMX and NETCONF via SSH-tunnel

Hi All,

I am attempting to connect to a vMX from my MacOS that is ssh-tunneling through another system.  I am not able to do the following

from jnpr.junos importDevice

dev =Device('vMX-1')
dev.open()

### results in the following Exception

Traceback(most recent call last):

  File"<stdin>", line 1,in<module>

  File"/Library/Python/2.7/site-packages/jnpr/junos/device.py", line 483,in open

    raise cnx_err

jnpr.junos.exception.ConnectError:ConnectError(host:None, msg:Capability exchange timed out)

When I try to connect manually from my MacOS, it works:

# ssh -s vMX-1 netconf

<!--No zombies were killed during the creation of this user interface-->

<!-- user jeremy,class j-super-user -->

<hello xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">

  <capabilities>

    <capability>urn:ietf:params:netconf:base:1.0</capability>

    <capability>urn:ietf:params:netconf:capability:candidate:1.0</capability>

    <capability>urn:ietf:params:netconf:capability:confirmed-commit:1.0</capability>

    <capability>urn:ietf:params:netconf:capability:validate:1.0</capability>

    <capability>urn:ietf:params:netconf:capability:url:1.0?scheme=http,ftp,file</capability>

    <capability>urn:ietf:params:xml:ns:netconf:base:1.0</capability>

    <capability>urn:ietf:params:xml:ns:netconf:capability:candidate:1.0</capability>

    <capability>urn:ietf:params:xml:ns:netconf:capability:confirmed-commit:1.0</capability>

    <capability>urn:ietf:params:xml:ns:netconf:capability:validate:1.0</capability>

    <capability>urn:ietf:params:xml:ns:netconf:capability:url:1.0?protocol=http,ftp,file</capability>

    <capability>http://xml.juniper.net/netconf/junos/1.0</capability>

    <capability>http://xml.juniper.net/dmi/system/1.0</capability>

  </capabilities>

  <session-id>72784</session-id>

</hello>

]]>]]>

In terms of software and versions:

• junos-pyez - 1.3.1
• vMX - JUNOS 15.1F4.15

Any thoughts / suggestions as to why the connection is failing via ssh-tunneling approach?

Thank you!
-- Jeremy

--
You received this message because you are subscribed to the Google Groups "Junos Python EZ" group.
To unsubscribe from this group and stop receiving emails from it, send an email to junos-python-...@googlegroups.com.
Visit this group at https://groups.google.com/group/junos-python-ez.
To view this discussion on the web visit https://groups.google.com/d/msgid/junos-python-ez/d94f898a-f4b7-4bbe-ae2a-e2675e981a82%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Jeremy Schulman]

Hi Nitin,

Thank you for your prompt help with this!  Yes, your suggestion worked for me as well.

Cheers!

-- Jeremy