Christian MacNevin
2017-11-08 23:46:20 UTC
Afternoon all,
Iâve got a large number of Solaris hosts, and about a half to 2/3 of them are falsely erroring that they require interactive login, when the same
user credentials can ssh to them from the same host just fine.
I should note this is working fine for hundreds of routers and switches, and thousands of linux hosts. So thereâs something peculiar about Solaris 10.
Hereâs the important bits:
with settings(
always_use_pty = False,
skip_bad_hosts = True,
warn_only = True,
timeout = 10):
)
Itâs set to pipe commands via execute(run)
and shell is set to False.
Any thoughts/experience as to what might be happening here? It looks like it works, then it says it didnât, and prompts for password.
INFO:paramiko.transport:Connected (version 1.99, client OpenSSH_5.2)
DEBUG:paramiko.transport:kex algos:[u'diffie-hellman-group-exchange-sha256', u'diffie-hellman-group-exchange-sha1', u'diffie-hellman-group14-sha1', u'diffie-hellman-group1-sha1'] server key:[u'ssh-dss'] client encrypt:[u'aes128-ctr', u'aes192-ctr', u'aes256-ctr', u'arcfour256', u'arcfour128', u'aes128-cbc', u'3des-cbc', u'blowfish-cbc', u'cast128-cbc', u'aes192-cbc', u'aes256-cbc', u'arcfour', u'rijndael-***@lysator.liu.se'] server encrypt:[u'aes128-ctr', u'aes192-ctr', u'aes256-ctr', u'arcfour256', u'arcfour128', u'aes128-cbc', u'3des-cbc', u'blowfish-cbc', u'cast128-cbc', u'aes192-cbc', u'aes256-cbc', u'arcfour', u'rijndael-***@lysator.liu.se'] client mac:[u'hmac-md5', u'hmac-sha1', u'umac-***@openssh.com', u'hmac-ripemd160', u'hmac-***@openssh.com', u'hmac-sha1-96', u'hmac-md5-96'] server mac:[u'hmac-md5', u'hmac-sha1', u'umac-***@openssh.com', u'hmac-ripemd160', u'hmac-***@openssh.com', u'hmac-sha1-96', u'hmac-md5-96'] client compress:[u'none', u'***@openssh.com'] server compress:[u'none', u'***@openssh.com'] client lang:[u''] server lang:[u''] kex follows?False
DEBUG:paramiko.transport:Kex agreed: diffie-hellman-group-exchange-sha256
DEBUG:paramiko.transport:HostKey agreed: ssh-dss
DEBUG:paramiko.transport:Cipher agreed: aes128-ctr
DEBUG:paramiko.transport:MAC agreed: hmac-sha1
DEBUG:paramiko.transport:Compression agreed: none
DEBUG:paramiko.transport:Got server p (3191 bits)
DEBUG:paramiko.transport:kex engine KexGexSHA256 specified hash_algo <built-in function openssl_sha256>
DEBUG:paramiko.transport:Switch to new keys ...
DEBUG:paramiko.transport:Adding ssh-dss host key for HOSTNAME: <host_key>
DEBUG:paramiko.transport:Trying key <key> from /home/fabric/.ssh/id_fabric
DEBUG:paramiko.transport:userauth is OK
INFO:paramiko.transport:Authentication (publickey) failed.
[HOSTNAME] Login password for 'fabric': DEBUG:paramiko.transport:EOF in transport thread
Iâve got a large number of Solaris hosts, and about a half to 2/3 of them are falsely erroring that they require interactive login, when the same
user credentials can ssh to them from the same host just fine.
I should note this is working fine for hundreds of routers and switches, and thousands of linux hosts. So thereâs something peculiar about Solaris 10.
Hereâs the important bits:
with settings(
always_use_pty = False,
skip_bad_hosts = True,
warn_only = True,
timeout = 10):
)
Itâs set to pipe commands via execute(run)
and shell is set to False.
Any thoughts/experience as to what might be happening here? It looks like it works, then it says it didnât, and prompts for password.
INFO:paramiko.transport:Connected (version 1.99, client OpenSSH_5.2)
DEBUG:paramiko.transport:kex algos:[u'diffie-hellman-group-exchange-sha256', u'diffie-hellman-group-exchange-sha1', u'diffie-hellman-group14-sha1', u'diffie-hellman-group1-sha1'] server key:[u'ssh-dss'] client encrypt:[u'aes128-ctr', u'aes192-ctr', u'aes256-ctr', u'arcfour256', u'arcfour128', u'aes128-cbc', u'3des-cbc', u'blowfish-cbc', u'cast128-cbc', u'aes192-cbc', u'aes256-cbc', u'arcfour', u'rijndael-***@lysator.liu.se'] server encrypt:[u'aes128-ctr', u'aes192-ctr', u'aes256-ctr', u'arcfour256', u'arcfour128', u'aes128-cbc', u'3des-cbc', u'blowfish-cbc', u'cast128-cbc', u'aes192-cbc', u'aes256-cbc', u'arcfour', u'rijndael-***@lysator.liu.se'] client mac:[u'hmac-md5', u'hmac-sha1', u'umac-***@openssh.com', u'hmac-ripemd160', u'hmac-***@openssh.com', u'hmac-sha1-96', u'hmac-md5-96'] server mac:[u'hmac-md5', u'hmac-sha1', u'umac-***@openssh.com', u'hmac-ripemd160', u'hmac-***@openssh.com', u'hmac-sha1-96', u'hmac-md5-96'] client compress:[u'none', u'***@openssh.com'] server compress:[u'none', u'***@openssh.com'] client lang:[u''] server lang:[u''] kex follows?False
DEBUG:paramiko.transport:Kex agreed: diffie-hellman-group-exchange-sha256
DEBUG:paramiko.transport:HostKey agreed: ssh-dss
DEBUG:paramiko.transport:Cipher agreed: aes128-ctr
DEBUG:paramiko.transport:MAC agreed: hmac-sha1
DEBUG:paramiko.transport:Compression agreed: none
DEBUG:paramiko.transport:Got server p (3191 bits)
DEBUG:paramiko.transport:kex engine KexGexSHA256 specified hash_algo <built-in function openssl_sha256>
DEBUG:paramiko.transport:Switch to new keys ...
DEBUG:paramiko.transport:Adding ssh-dss host key for HOSTNAME: <host_key>
DEBUG:paramiko.transport:Trying key <key> from /home/fabric/.ssh/id_fabric
DEBUG:paramiko.transport:userauth is OK
INFO:paramiko.transport:Authentication (publickey) failed.
[HOSTNAME] Login password for 'fabric': DEBUG:paramiko.transport:EOF in transport thread