Ok Digging a little deeper with paramiko, and it seems to be an issue with
connecting to cisco switches running IOS 15.0
DEB [20180424-12:23:00.783] thr=1 paramiko.transport: starting thread
(client mode): 0xd6192f10L
DEB [20180424-12:23:00.784] thr=1 paramiko.transport: Local
version/idstring: SSH-2.0-paramiko_2.4.1
DEB [20180424-12:23:00.785] thr=1 paramiko.transport: Remote
version/idstring: SSH-2.0-Cisco-1.25
INF [20180424-12:23:00.785] thr=1 paramiko.transport: Connected (version
2.0, client Cisco-1.25)
DEB [20180424-12:23:00.787] thr=1 paramiko.transport: kex
algos:[u'diffie-hellman-group-exchange-sha1', u'd
iffie-hellman-group14-sha1', u'diffie-hellman-group1-sha1'] server
key:[u'ssh-rsa'] client encrypt:[u'aes128-
cbc', u'3des-cbc', u'aes192-cbc', u'aes256-cbc'] server
encrypt:[u'aes128-cbc', u'3des-cbc', u'aes192-cbc', u
'aes256-cbc'] client mac:[u'hmac-sha1', u'hmac-sha1-96', u'hmac-md5',
u'hmac-md5-96'] server mac:[u'hmac-sha1
', u'hmac-sha1-96', u'hmac-md5', u'hmac-md5-96'] client compress:[u'none']
server compress:[u'none'] client l
ang:[u''] server lang:[u''] kex follows?False
DEB [20180424-12:23:00.788] thr=1 paramiko.transport: Kex agreed:
diffie-hellman-group-exchange-sha1
DEB [20180424-12:23:00.788] thr=1 paramiko.transport: HostKey agreed:
ssh-rsa
DEB [20180424-12:23:00.788] thr=1 paramiko.transport: Cipher agreed:
aes128-cbc
DEB [20180424-12:23:00.788] thr=1 paramiko.transport: MAC agreed:
hmac-sha1
DEB [20180424-12:23:00.788] thr=1 paramiko.transport: Compression agreed:
none
DEB [20180424-12:23:00.992] thr=1 paramiko.transport: Got server p (2048
bits)
DEB [20180424-12:23:01.664] thr=1 paramiko.transport: kex engine KexGex
specified hash_algo <built-in funct
ion openssl_sha1>
DEB [20180424-12:23:01.665] thr=1 paramiko.transport: Switch to new keys
...
DEB [20180424-12:23:01.680] thr=2 paramiko.transport: Trying SSH agent
key 29fe8194987cdc75843df7b698ac0458
DEB [20180424-12:23:01.873] thr=1 paramiko.transport: userauth is OK
ERR [20180424-12:23:01.878] thr=1 paramiko.transport: Exception: Illegal
info request from server
ERR [20180424-12:23:01.879] thr=1 paramiko.transport: Traceback (most
recent call last):
ERR [20180424-12:23:01.879] thr=1 paramiko.transport: File
"/usr/local/lib/python2.7/dist-packages/parami
ko/transport.py", line 1949, in run
ERR [20180424-12:23:01.880] thr=1 paramiko.transport:
handler(self.auth_handler, m)
ERR [20180424-12:23:01.880] thr=1 paramiko.transport: File
"/usr/local/lib/python2.7/dist-packages/parami
ko/auth_handler.py", line 622, in _parse_userauth_info_request
ERR [20180424-12:23:01.880] thr=1 paramiko.transport: raise
SSHException('Illegal info request from ser
ver')
ERR [20180424-12:23:01.880] thr=1 paramiko.transport: SSHException:
Illegal info request from server
ERR [20180424-12:23:01.880] thr=1 paramiko.transport:
Tested against successfully against other cisco switches running IOS 15.2
and IOS-XE 3.6, 16.3
On Monday, April 23, 2018 at 2:09:58 PM UTC+10, [email protected] wrote:
>
> So, learning Ansible - and following the notes
> http://docs.ansible.com/ansible/latest/network/getting_started/first_playbook.html
>
>
> However, I don't want to use userid/passwd information but ssh_keyfiles
> instead. I can ssh to my switch using ssh_keyfiles, however, ansible
> idoesn't want to work with my ssh-agent environment?
>
> user@myhost:~$ ssh-agent bash
> user@myhost:~$ ssh-add -l
> The agent has no identities.
> user@myhost:~$ ssh-add
> Enter passphrase for /home/user/.ssh/id_rsa:
> Identity added: /home/user/.ssh/id_rsa (/home/user/.ssh/id_rsa)
> user@myhost:~$ ssh myswitch
>
> Welcome to myswitch
>
>
> myswitch>exit
> Connection to myswitch closed.
>
> user@myhost:~$ ansible -vvvv all -i myswitch, -c network_cli -m ios_facts
> -u user
> ansible 2.5.1
> config file = /etc/ansible/ansible.cfg
> configured module search path = [u'/home/user/.ansible/plugins/modules',
> u'/usr/share/ansible/plugins/modules']
> ansible python module location = /usr/lib/python2.7/dist-packages/ansible
> executable location = /usr/bin/ansible
> python version = 2.7.12 (default, Dec 4 2017, 14:50:18) [GCC 5.4.0
> 20160609]
> Using /etc/ansible/ansible.cfg as config file
> setting up inventory plugins
> Parsed myswitch, inventory source with host_list plugin
> Loading callback plugin minimal of type stdout, v2.0 from
> /usr/lib/python2.7/dist-packages/ansible/plugins/callback/minimal.pyc
> META: ran handlers
> <myswitch> attempting to start connection
> <myswitch> using connection plugin network_cli
> <myswitch> local domain socket does not exist, starting it
> <myswitch> control socket path is /home/user/.ansible/pc/195cfb7ae7
> <myswitch>
> The full traceback is:
> Traceback (most recent call last):
> File "/usr/bin/ansible-connection", line 70, in start
> self.connection._connect()
> File
> "/usr/lib/python2.7/dist-packages/ansible/plugins/connection/network_cli.py",
> line 290, in _connect
> ssh = self.paramiko_conn._connect()
> File
> "/usr/lib/python2.7/dist-packages/ansible/plugins/connection/paramiko_ssh.py",
>
> line 240, in _connect
> self.ssh = SSH_CONNECTION_CACHE[cache_key] = self._connect_uncached()
> File
> "/usr/lib/python2.7/dist-packages/ansible/plugins/connection/paramiko_ssh.py",
>
> line 346, in _connect_uncached
> raise AnsibleConnectionFailure(msg)
> AnsibleConnectionFailure: ssh user@myswitch:22 : Private key file is
> encrypted
> To connect as a different user, use -u <username>.
>
> myswitch | FAILED! => {
> "msg": "ssh user@myswitch:22 : Private key file is encrypted\nTo
> connect as a different user, use -u <username>."
> }
>
> What am I doing wrong?
>
>
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/8ddbea57-6b99-4e35-94c2-411017b0c939%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
