def loginSSHradiusWithFallback(self):
''' This function is to verify radius authentication when fallback is
enabled. Login with local password should work when raddius server is
un reachable'''
info('########## Test to verify SSH login with radius authenication'
' enabled and fallback Enabled ##########\n')
s1 = self.net.switches[0]
h1 = self.net.hosts[0]
h2 = self.net.hosts[1]
retFallback = self.FallbackEnable()
# self.checkAccessFiles()
host_2_IpAddress = self.getHostIP_2()
s1.cmdCLI("configure terminal")
s1.cmdCLI("no radius-server host " + host_2_IpAddress)
h1.cmd("service freeradius stop")
h2.cmd("service freeradius stop")
ssh_newkey = 'Are you sure you want to continue connecting'
switchIpAddress = self.getSwitchIP()
out = ""
out += s1.cmd("echo ")
sshkey = "ssh-keygen -R " + switchIpAddress
sshkeygen = pexpect.spawn(sshkey)
myssh = SSHCLIENT + " admin@" + switchIpAddress
p = pexpect.spawn(myssh)
i = p.expect([ssh_newkey, 'password:'******'yes')
i = p.expect([ssh_newkey, 'password:'******'Testing')
elif i == 2:
assert i != 2, "Failed with SSH command"
loginpass = p.expect(['password:'******'#'])
if loginpass == 0:
p.sendline('admin')
p.expect('#')
p.sendline('exit')
p.kill(0)
s1.cmdCLI("radius-server host " + host_2_IpAddress)
s1.cmdCLI("exit")
info(".### Passed authentication with local password when radius"
" server not reachable and fallback enabled ###\n")
return True
if loginpass == 1:
p.sendline('exit')
p.kill(0)
s1.cmdCLI("radius-server host " + host_2_IpAddress)
s1.cmdCLI("exit")
assert loginpass != 1, "Failed to validate radius authetication" \
" when server is not reachable"
def loginSSHradiusWithFallback(self):
''' This function is to verify radius authentication when fallback is
enabled. Login with local password should work when raddius server is
un reachable'''
info('########## Test to verify SSH login with radius authenication'
' enabled and fallback Enabled ##########\n')
s1 = self.net.switches[0]
h1 = self.net.hosts[0]
h2 = self.net.hosts[1]
retFallback = self.FallbackEnable()
# self.checkAccessFiles()
host_2_IpAddress = self.getHostIP_2()
s1.cmdCLI("configure terminal")
s1.cmdCLI("no radius-server host " + host_2_IpAddress)
h1.cmd("service freeradius stop")
h2.cmd("service freeradius stop")
ssh_newkey = 'Are you sure you want to continue connecting'
switchIpAddress = self.getSwitchIP()
out = ""
out += s1.cmd("echo ")
sshkey = "ssh-keygen -R " + switchIpAddress
sshkeygen = pexpect.spawn(sshkey)
myssh = SSHCLIENT + " netop@" + switchIpAddress
p = pexpect.spawn(myssh)
i = p.expect([ssh_newkey, 'password:'******'yes')
i = p.expect([ssh_newkey, 'password:'******'Testing')
elif i == 2:
assert i != 2, "Failed with SSH command"
loginpass = p.expect(['password:'******'#'])
if loginpass == 0:
p.sendline('netop')
p.expect('#')
p.sendline('exit')
p.kill(0)
s1.cmdCLI("radius-server host " + host_2_IpAddress)
s1.cmdCLI("exit")
info(".### Passed authentication with local password when radius"
" server not reachable and fallback enabled ###\n")
return True
if loginpass == 1:
p.sendline('exit')
p.kill(0)
s1.cmdCLI("radius-server host " + host_2_IpAddress)
s1.cmdCLI("exit")
assert loginpass != 1, "Failed to validate radius authetication" \
" when server is not reachable"
def loginSSHradiusWithSecondaryServer(self):
'''This function is to verify radius authentication with the secondary
radius server when unable to reach primary server - radius is true and
fallback is false'''
info('########## Test to verify SSH login with radius authenication'
' enabled and fallback disabled to a secondary radius server'
' ##########\n')
s1 = self.net.switches[0]
retFallback = self.noFallbackEnable()
sleep(5)
retAuth = self.radiusAuthEnable()
sleep(5)
# self.checkAccessFiles()
h1 = self.net.hosts[0]
h2 = self.net.hosts[1]
h1.cmd("service freeradius stop")
h2.cmd("service freeradius start")
ssh_newkey = 'Are you sure you want to continue connecting'
switchIpAddress = self.getSwitchIP()
out = ""
out += s1.cmd("echo ")
sshkey = "ssh-keygen -R " + switchIpAddress
sshkeygen = pexpect.spawn(sshkey)
myssh = SSHCLIENT + " netop@" + switchIpAddress
p = pexpect.spawn(myssh)
i = p.expect([ssh_newkey, 'password:'******'yes')
i = p.expect([ssh_newkey, 'password:'******'testing')
sleep(2)
elif i == 2:
assert i != 2, "Failed with SSH command"
loginpass = p.expect(['password:'******'#'])
if loginpass == 0:
p.sendline('dummypassword')
p.expect('password:'******'dummypasswordagain')
p.kill(0)
assert loginpass != 0, "Failed to login via secondary radius" \
" server authentication"
if loginpass == 1:
p.sendline('exit')
p.kill(0)
info(".### Passed secondary radius server authentication when"
" primary radius server is not reachable ###\n")
return True
def loginSSHradiusWithSecondaryServer(self):
'''This function is to verify radius authentication with the secondary
radius server when unable to reach primary server - radius is true and
fallback is false'''
info('########## Test to verify SSH login with radius authenication'
' enabled and fallback disabled to a secondary radius server'
' ##########\n')
s1 = self.net.switches[0]
retFallback = self.noFallbackEnable()
sleep(5)
retAuth = self.radiusAuthEnable()
sleep(5)
# self.checkAccessFiles()
h1 = self.net.hosts[0]
h2 = self.net.hosts[1]
h1.cmd("service freeradius stop")
h2.cmd("service freeradius start")
ssh_newkey = 'Are you sure you want to continue connecting'
switchIpAddress = self.getSwitchIP()
out = ""
out += s1.cmd("echo ")
sshkey = "ssh-keygen -R " + switchIpAddress
sshkeygen = pexpect.spawn(sshkey)
myssh = SSHCLIENT + " admin@" + switchIpAddress
p = pexpect.spawn(myssh)
i = p.expect([ssh_newkey, 'password:'******'yes')
i = p.expect([ssh_newkey, 'password:'******'testing')
sleep(2)
elif i == 2:
assert i != 2, "Failed with SSH command"
loginpass = p.expect(['password:'******'#'])
if loginpass == 0:
p.sendline('dummypassword')
p.expect('password:'******'dummypasswordagain')
p.kill(0)
assert loginpass != 0, "Failed to login via secondary radius" \
" server authentication"
if loginpass == 1:
p.sendline('exit')
p.kill(0)
info(".### Passed secondary radius server authentication when"
" primary radius server is not reachable ###\n")
return True
def loginSSHradius(self):
'''This function is to verify radius authentication is successful when
radius is true and fallback is false'''
info('########## Test to verify SSH login with radius authenication '
'enabled and fallback disabled ##########\n')
s1 = self.net.switches[0]
self.noFallbackEnable()
sleep(5)
self.radiusAuthEnable()
sleep(5)
ssh_newkey = 'Are you sure you want to continue connecting'
switchIpAddress = self.getSwitchIP()
info(".###switchIpAddress: " + switchIpAddress + " ###\n")
info(".### Running configuration ###\n")
run = s1.cmdCLI("show running-config")
print run
out = ""
out += s1.cmd("echo ")
sshkey = "ssh-keygen -R " + switchIpAddress
sshkeygen = pexpect.spawn(sshkey)
myssh = SSHCLIENT + " admin@" + switchIpAddress
p = pexpect.spawn(myssh)
i = p.expect([ssh_newkey, 'password:'******'yes')
i = p.expect([ssh_newkey, 'password:'******'testing')
elif i == 2:
assert i != 2, "Failed with SSH command"
loginpass = p.expect(['password:'******'#'])
if loginpass == 0:
p.sendline('dummypassword')
p.expect('password:'******'dummypasswordagain')
p.kill(0)
assert loginpass != 0, "Failed to login via radius authentication"
if loginpass == 1:
p.sendline('exit')
p.kill(0)
info(".### Passed SSH login with radius authentication ###\n")
return True
def loginSSHradius(self):
'''This function is to verify radius authentication is successful when
radius is true and fallback is false'''
info('########## Test to verify SSH login with radius authenication '
'enabled and fallback disabled ##########\n')
s1 = self.net.switches[0]
self.noFallbackEnable()
sleep(5)
self.radiusAuthEnable()
sleep(5)
ssh_newkey = 'Are you sure you want to continue connecting'
switchIpAddress = self.getSwitchIP()
info(".###switchIpAddress: " + switchIpAddress + " ###\n")
info(".### Running configuration ###\n")
run = s1.cmdCLI("show running-config")
print run
out = ""
out += s1.cmd("echo ")
sshkey= "ssh-keygen -R " + switchIpAddress
sshkeygen = pexpect.spawn(sshkey)
myssh = SSHCLIENT + " admin@" + switchIpAddress
p = pexpect.spawn(myssh)
i = p.expect([ssh_newkey, 'password:'******'yes')
i = p.expect([ssh_newkey, 'password:'******'testing')
elif i == 2:
assert i != 2, "Failed with SSH command"
loginpass = p.expect(['password:'******'#'])
if loginpass == 0:
p.sendline('dummypassword')
p.expect('password:'******'dummypasswordagain')
p.kill(0)
assert loginpass != 0, "Failed to login via radius authentication"
if loginpass == 1:
p.sendline('exit')
p.kill(0)
info(".### Passed SSH login with radius authentication ###\n")
return True
def loginSSHlocalWrongPassword(self):
''' This is a negative test case, enable only local authetication
and try logging with wrong password'''
info('########## Test to verify SSH login with local authenication'
' enabled and Wrong password ##########\n')
s1 = self.net.switches[0]
retFallback = self.noFallbackEnable()
sleep(5)
retLocalAuth = self.localAuthEnable()
sleep(5)
# self.checkAccessFiles()
ssh_newkey = 'Are you sure you want to continue connecting'
switchIpAddress = self.getSwitchIP()
out = ""
out += s1.cmd("echo ")
sshkey = "ssh-keygen -R " + switchIpAddress
sshkeygen = pexpect.spawn(sshkey)
myssh = SSHCLIENT + " netop@" + switchIpAddress
p = pexpect.spawn(myssh)
i = p.expect([ssh_newkey, 'password:'******'yes')
i = p.expect([ssh_newkey, 'password:'******'netop1')
elif i == 2:
assert i != 2, "Failed with SSH command"
loginpass = p.expect(['password:'******'#'])
if loginpass == 0:
p.sendline('netop2')
p.expect('password:'******'netop3')
p.expect('Permission denied')
p.kill(0)
info(".### Passed negative test - Authentication fail with wrong"
" local password when local authentication enabled ###\n")
return True
if loginpass == 1:
p.sendline('exit')
p.kill(0)
assert loginpass != 1, "Failed to validate local authentication"
def loginSSHlocalWrongPassword(self):
''' This is a negative test case, enable only local authetication
and try logging with wrong password'''
info('########## Test to verify SSH login with local authenication'
' enabled and Wrong password ##########\n')
s1 = self.net.switches[0]
retFallback = self.noFallbackEnable()
sleep(5)
retLocalAuth = self.localAuthEnable()
sleep(5)
# self.checkAccessFiles()
ssh_newkey = 'Are you sure you want to continue connecting'
switchIpAddress = self.getSwitchIP()
out = ""
out += s1.cmd("echo ")
sshkey = "ssh-keygen -R " + switchIpAddress
sshkeygen = pexpect.spawn(sshkey)
myssh = SSHCLIENT + " admin@" + switchIpAddress
p = pexpect.spawn(myssh)
i = p.expect([ssh_newkey, 'password:'******'yes')
i = p.expect([ssh_newkey, 'password:'******'admin1')
elif i == 2:
assert i != 2, "Failed with SSH command"
loginpass = p.expect(['password:'******'#'])
if loginpass == 0:
p.sendline('admin2')
p.expect('password:'******'admin3')
p.expect('Permission denied')
p.kill(0)
info(".### Passed negative test - Authentication fail with wrong"
" local password when local authentication enabled ###\n")
return True
if loginpass == 1:
p.sendline('exit')
p.kill(0)
assert loginpass != 1, "Failed to validate local authentication"
def loginSSHradiusWithLocalPassword(self):
''' This is a negative test case to verify login with radius
authentication by giving loca password'''
info('########## Test to verify SSH login with radius authenication '
'enabled and fallback disabled and using local password '
'##########\n')
s1 = self.net.switches[0]
# self.checkAccessFiles()
ssh_newkey = 'Are you sure you want to continue connecting'
switchIpAddress = self.getSwitchIP()
out = ""
out += s1.cmd("echo ")
sshkey = "ssh-keygen -R " + switchIpAddress
sshkeygen = pexpect.spawn(sshkey)
myssh = SSHCLIENT + " netop@" + switchIpAddress
p = pexpect.spawn(myssh)
i = p.expect([ssh_newkey, 'password:'******'yes')
i = p.expect([ssh_newkey, 'password:'******'netop')
elif i == 2:
assert i != 2, "Failed with SSH command"
loginpass = p.expect(['password:'******'#'])
if loginpass == 0:
p.sendline('netop')
p.expect('password:'******'netop')
p.expect('Permission denied')
p.kill(0)
info(".### Passed negative test - Authentication fail with local"
" password when radius server authentication enabled ###\n")
return True
if loginpass == 1:
p.sendline('exit')
p.kill(0)
assert loginpass != 1, "Failed to validate radius authetication" \
" with local password"
def loginSSHradiusWithLocalPassword(self):
''' This is a negative test case to verify login with radius
authentication by giving loca password'''
info('########## Test to verify SSH login with radius authenication '
'enabled and fallback disabled and using local password '
'##########\n')
s1 = self.net.switches[0]
# self.checkAccessFiles()
ssh_newkey = 'Are you sure you want to continue connecting'
switchIpAddress = self.getSwitchIP()
out = ""
out += s1.cmd("echo ")
sshkey = "ssh-keygen -R " + switchIpAddress
sshkeygen = pexpect.spawn(sshkey)
myssh = SSHCLIENT + " admin@" + switchIpAddress
p = pexpect.spawn(myssh)
i = p.expect([ssh_newkey, 'password:'******'yes')
i = p.expect([ssh_newkey, 'password:'******'admin')
elif i == 2:
assert i != 2, "Failed with SSH command"
loginpass = p.expect(['password:'******'#'])
if loginpass == 0:
p.sendline('admin')
p.expect('password:'******'admin')
p.expect('Permission denied')
p.kill(0)
info(".### Passed negative test - Authentication fail with local"
" password when radius server authentication enabled ###\n")
return True
if loginpass == 1:
p.sendline('exit')
p.kill(0)
assert loginpass != 1, "Failed to validate radius authetication" \
" with local password"
def loginSSHlocal(self):
'''This function is to verify local authentication is successful when
radius is false and fallback is true'''
info('########## Test to verify SSH login with local authenication '
'enabled ##########\n')
s1 = self.net.switches[0]
ssh_newkey = 'Are you sure you want to continue connecting'
switchIpAddress = self.getSwitchIP()
info(".### switchIpAddress: " + switchIpAddress + " ###\n")
info(".### Running configuration ###\n")
run = s1.cmdCLI("show running-config")
print run
out = ""
out += s1.cmd("echo ")
sshkey = "ssh-keygen -R " + switchIpAddress
sshkeygen = pexpect.spawn(sshkey)
myssh = SSHCLIENT + " admin@" + switchIpAddress
p = pexpect.spawn(myssh)
i = p.expect([ssh_newkey, 'password:'******'yes')
i = p.expect([ssh_newkey, 'password:'******'admin')
j = p.expect(['#', 'password:'******'exit')
p.kill(0)
info(".### Passed SSH login with local credenticals ###\n")
return True
if j == 1:
p.sendline('dummypassword')
p.expect('password:'******'dummypasswordagain')
p.kill(0)
assert j != 1, "Failed to authenticate with local password"
elif i == 2:
assert i != 2, "Failed with SSH command"
def loginSSHlocalAgain(self):
''' This is again a test case to verify, when local authetication is
enabled login should properly work with local password'''
info('########## Test to verify SSH login with local authenication'
' enabled again with correct password ##########\n')
s1 = self.net.switches[0]
# self.checkAccessFiles()
ssh_newkey = 'Are you sure you want to continue connecting'
switchIpAddress = self.getSwitchIP()
out = ""
out += s1.cmd("echo ")
sshkey = "ssh-keygen -R " + switchIpAddress
sshkeygen = pexpect.spawn(sshkey)
myssh = SSHCLIENT + " netop@" + switchIpAddress
p = pexpect.spawn(myssh)
i = p.expect([ssh_newkey, 'password:'******'yes')
i = p.expect([ssh_newkey, 'password:'******'netop')
elif i == 2:
assert i != 2, "Failed with SSH command"
loginpass = p.expect(['password:'******'#'])
if loginpass == 0:
p.sendline('netop2')
p.expect('password:'******'netop3')
p.expect('Permission denied')
p.kill(0)
assert loginpass != 0, "Failed to validate local authentication" \
" with correct password"
if loginpass == 1:
p.sendline('exit')
p.kill(0)
info(".### Passed authentication with local password when local"
" authentication enabled ###\n")
return True
def loginSSHlocal(self):
'''This function is to verify local authentication is successful when
radius is false and fallback is true'''
info('########## Test to verify SSH login with local authenication '
'enabled ##########\n')
s1 = self.net.switches[0]
ssh_newkey = 'Are you sure you want to continue connecting'
switchIpAddress = self.getSwitchIP()
info(".### switchIpAddress: " + switchIpAddress + " ###\n")
info(".### Running configuration ###\n")
run = s1.cmdCLI("show running-config")
print run
out = ""
out += s1.cmd("echo ")
sshkey= "ssh-keygen -R " + switchIpAddress
sshkeygen = pexpect.spawn(sshkey)
myssh = SSHCLIENT + " admin@" + switchIpAddress
p = pexpect.spawn(myssh)
i = p.expect([ssh_newkey, 'password:'******'yes')
i = p.expect([ssh_newkey, 'password:'******'admin')
j = p.expect(['#', 'password:'******'exit')
p.kill(0)
info(".### Passed SSH login with local credenticals ###\n")
return True
if j == 1:
p.sendline('dummypassword')
p.expect('password:'******'dummypasswordagain')
p.kill(0)
assert j != 1, "Failed to authenticate with local password"
elif i == 2:
assert i != 2, "Failed with SSH command"
def loginSSHlocalAgain(self):
''' This is again a test case to verify, when local authetication is
enabled login should properly work with local password'''
info('########## Test to verify SSH login with local authenication'
' enabled again with correct password ##########\n')
s1 = self.net.switches[0]
# self.checkAccessFiles()
ssh_newkey = 'Are you sure you want to continue connecting'
switchIpAddress = self.getSwitchIP()
out = ""
out += s1.cmd("echo ")
sshkey = "ssh-keygen -R " + switchIpAddress
sshkeygen = pexpect.spawn(sshkey)
myssh = SSHCLIENT + " admin@" + switchIpAddress
p = pexpect.spawn(myssh)
i = p.expect([ssh_newkey, 'password:'******'yes')
i = p.expect([ssh_newkey, 'password:'******'admin')
elif i == 2:
assert i != 2, "Failed with SSH command"
loginpass = p.expect(['password:'******'#'])
if loginpass == 0:
p.sendline('admin2')
p.expect('password:'******'admin3')
p.expect('Permission denied')
p.kill(0)
assert loginpass != 0, "Failed to validate local authentication" \
" with correct password"
if loginpass == 1:
p.sendline('exit')
p.kill(0)
info(".### Passed authentication with local password when local"
" authentication enabled ###\n")
return True