[SOLVED] netmiko key authentication failure

netmiko key authentication failure

Seeing some issue with netmiko KEY authentication with N7K.

Python 3.8.10, netmiko 4.1.2.

Firstly tried on N9K without any issue, command can be sent after get the connection.

Python 3.8.10 (default, Jun 22 2022, 20:18:18) 
[GCC 9.4.0] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> from netmiko import ConnectHandler
>>> n9k = {"device_type": "cisco_nxos", "host": "10.1.1.10", "username": "admin", "use_keys": True,"key_file":"~/.ssh/id_rsa", "passphrase": "Cisco123"}
>>> target_con = ConnectHandler(**n9k)

Hit the issue when trying the connection to a N7K switch.

>>> n7k = {"device_type": "cisco_nxos", "host": "10.1.1.20", "username": "admin", "use_keys": True,"key_file":"~/.ssh/id_rsa", "passphrase": "Cisco123"}
>>> target_con = ConnectHandler(**n7k)
Traceback (most recent call last):
  File "/home/admin/netmiko_test/lib/python3.8/site-packages/netmiko/base_connection.py", line 1046, in establish_connection
    self.remote_conn_pre.connect(**ssh_connect_params)
  File "/home/admin/netmiko_test/lib/python3.8/site-packages/paramiko/client.py", line 435, in connect
    self._auth(
  File "/home/admin/netmiko_test/lib/python3.8/site-packages/paramiko/client.py", line 771, in _auth
    raise saved_exception
  File "/home/admin/netmiko_test/lib/python3.8/site-packages/paramiko/client.py", line 747, in _auth
    self._transport.auth_publickey(username, key)
  File "/home/admin/netmiko_test/lib/python3.8/site-packages/paramiko/transport.py", line 1635, in auth_publickey
    return self.auth_handler.wait_for_response(my_event)
  File "/home/admin/netmiko_test/lib/python3.8/site-packages/paramiko/auth_handler.py", line 259, in wait_for_response
    raise e
paramiko.ssh_exception.AuthenticationException: Authentication failed.

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/home/admin/netmiko_test/lib/python3.8/site-packages/netmiko/ssh_dispatcher.py", line 365, in ConnectHandler
    return ConnectionClass(*args, **kwargs)
  File "/home/admin/netmiko_test/lib/python3.8/site-packages/netmiko/base_connection.py", line 439, in __init__
    self._open()
  File "/home/admin/netmiko_test/lib/python3.8/site-packages/netmiko/base_connection.py", line 444, in _open
    self.establish_connection()
  File "/home/admin/netmiko_test/lib/python3.8/site-packages/netmiko/base_connection.py", line 1083, in establish_connection
    raise NetmikoAuthenticationException(msg)
netmiko.exceptions.NetmikoAuthenticationException: Authentication to device failed.

Common causes of this problem are:
1. Invalid username and password
2. Incorrect SSH-key file
3. Connecting to the wrong device

Device settings: cisco_nxos 10.1.1.20:22


Authentication failed.
>>>

The username and ssh key have been validated. All work well if using username/password instead. Any advice would be appreciated. Thanks!

Solution

Found the issue when studying another similar paramiko problem. The N9K node I tested against with uses openssh 8.3, thus it is rsa-sha2-256. The N7K node uses openssh5.9 which is ssh-sha1. That makes a difference as netmiko seems don't like ssh-sha1 by default. Adding disabled_algorithms = {'pubkeys': ['rsa-sha2-256', 'rsa-sha2-512']} to ConnectHandler fixed the issue.