def addremovekey(self, command): """ Add or remove key based on command """ provider = self._module.params.get("provider") or {} node = provider.get('host') if node is None: return False user = provider.get('username') if user is None: return False password = provider.get('password') ssh_keyfile = provider.get('ssh_keyfile') ssh = paramiko.SSHClient() ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy()) if not ssh_keyfile: ssh.connect(node, username=user, password=password) else: ssh.connect(node, username=user, allow_agent=True) ssh_stdin, ssh_stdout, ssh_stderr = ssh.exec_command('%s \r' % (command)) readmsg = ssh_stdout.read( 100) # We need to read a bit to actually apply for some reason if ('already' in readmsg) or ('removed' in readmsg) or ('really' in readmsg): ssh_stdin.write('yes\r') ssh_stdout.read( 1) # We need to read a bit to actually apply for some reason ssh.close() return readmsg
def copy_key_to_node(self, base64keyfile): """ Copy key to IOS-XR node. We use SFTP because older IOS-XR versions don't handle SCP very well. """ provider = self._module.params.get("provider") or {} node = provider.get('host') if node is None: return False user = provider.get('username') if user is None: return False password = provider.get('password') ssh_keyfile = provider.get('ssh_keyfile') if self._module.params['aggregate']: name = 'aggregate' else: name = self._module.params['name'] src = base64keyfile dst = '/harddisk:/publickey_%s.b64' % (name) ssh = paramiko.SSHClient() ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy()) if not ssh_keyfile: ssh.connect(node, username=user, password=password) else: ssh.connect(node, username=user, allow_agent=True) sftp = ssh.open_sftp() sftp.put(src, dst) sftp.close() ssh.close()
def addremovekey(self, command): """ Add or remove key based on command """ if ( self._module.params["host"] is None or self._module.params["provider"]["host"] is None ): return False if ( self._module.params["username"] is None or self._module.params["provider"]["username"] is None ): return False user = ( self._module.params["username"] or self._module.params["provider"]["username"] ) node = ( self._module.params["host"] or self._module.params["provider"]["host"] ) password = ( self._module.params["password"] or self._module.params["provider"]["password"] ) ssh_keyfile = ( self._module.params["ssh_keyfile"] or self._module.params["provider"]["ssh_keyfile"] ) ssh = paramiko.SSHClient() ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy()) if not ssh_keyfile: ssh.connect(node, username=user, password=password) else: ssh.connect(node, username=user, allow_agent=True) ssh_stdin, ssh_stdout, ssh_stderr = ssh.exec_command( "%s \r" % (command) ) readmsg = ssh_stdout.read( 100 ) # We need to read a bit to actually apply for some reason if ( ("already" in readmsg) or ("removed" in readmsg) or ("really" in readmsg) ): ssh_stdin.write("yes\r") ssh_stdout.read( 1 ) # We need to read a bit to actually apply for some reason ssh.close() return readmsg
def copy_key_to_node(self, base64keyfile): """ Copy key to IOS-XR node. We use SFTP because older IOS-XR versions don't handle SCP very well. """ if ( self._module.params["host"] is None or self._module.params["provider"]["host"] is None ): return False if ( self._module.params["username"] is None or self._module.params["provider"]["username"] is None ): return False if self._module.params["aggregate"]: name = "aggregate" else: name = self._module.params["name"] src = base64keyfile dst = "/harddisk:/publickey_%s.b64" % (name) user = ( self._module.params["username"] or self._module.params["provider"]["username"] ) node = ( self._module.params["host"] or self._module.params["provider"]["host"] ) password = ( self._module.params["password"] or self._module.params["provider"]["password"] ) ssh_keyfile = ( self._module.params["ssh_keyfile"] or self._module.params["provider"]["ssh_keyfile"] ) ssh = paramiko.SSHClient() ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy()) if not ssh_keyfile: ssh.connect(node, username=user, password=password) else: ssh.connect(node, username=user, allow_agent=True) sftp = ssh.open_sftp() sftp.put(src, dst) sftp.close() ssh.close()
def generate_cert(module, ip_address, key_filename, password, cert_cn, cert_friendly_name, signed_by, rsa_nbits): stdout = "" client = paramiko.SSHClient() # add policy to accept all host keys, I haven't found # a way to retrieve the instance SSH key fingerprint from AWS client.set_missing_host_key_policy(paramiko.AutoAddPolicy()) if not key_filename: client.connect(ip_address, username="******", password=password) else: client.connect(ip_address, username="******", key_filename=key_filename) shell = client.invoke_shell() # wait for the shell to start buff = wait_with_timeout(module, shell, ">") stdout += buff # generate self-signed certificate if isinstance(cert_cn, list): cert_cn = cert_cn[0] cmd = 'request certificate generate signed-by {0} certificate-name {1} name {2} algorithm RSA rsa-nbits {3}\n'.format( signed_by, cert_friendly_name, cert_cn, rsa_nbits) shell.send(cmd) # wait for the shell to complete buff = wait_with_timeout(module, shell, ">") stdout += buff # exit shell.send('exit\n') if 'Success' not in buff: module.fail_json(msg="Error generating self signed certificate: " + stdout) client.close() return stdout
def transfer_file_to_device(module, dest): file_size = os.path.getsize(module.params['local_file']) if not enough_space(module): module.fail_json( msg='Could not transfer file. Not enough space on device.') hostname = module.params['host'] username = module.params['username'] password = module.params['password'] port = module.params['connect_ssh_port'] ssh = paramiko.SSHClient() ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy()) ssh.connect(hostname=hostname, username=username, password=password, port=port) full_remote_path = '{0}{1}'.format(module.params['file_system'], dest) scp = SCPClient(ssh.get_transport()) try: scp.put(module.params['local_file'], full_remote_path) except Exception: time.sleep(10) temp_size = verify_remote_file_exists( module, dest, file_system=module.params['file_system']) if int(temp_size) == int(file_size): pass else: module.fail_json(msg='Could not transfer file. There was an error ' 'during transfer. Please make sure remote ' 'permissions are set.', temp_size=temp_size, file_size=file_size) scp.close() ssh.close() return True
def _svc_connect(self): """ Initialize a SSH connection with properties which were set up in constructor. :return: True or False """ self.client.load_system_host_keys() self.client.set_missing_host_key_policy(paramiko.AutoAddPolicy()) try: self.client.connect(hostname=self.clustername, username=self.username, password=self.password, look_for_keys=self.look_for_keys, key_filename=self.key_filename) return True except paramiko.BadHostKeyException as e: self.log("BadHostKeyException %s", e) except paramiko.AuthenticationException as e: self.log("AuthenticationException %s", e) except paramiko.SSHException as e: self.log("SSHException %s", e) except Exception as e: self.log("SSH connection failed %s", e) return False
def set_panwfw_password(module, ip_address, key_filename, newpassword, username): stdout = "" ssh = paramiko.SSHClient() # add policy to accept all host keys, I haven't found # a way to retrieve the instance SSH key fingerprint from AWS ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy()) ssh.connect(ip_address, username=username, key_filename=key_filename) shell = ssh.invoke_shell() # wait for the shell to start buff = wait_with_timeout(module, shell, ">") stdout += buff # step into config mode shell.send('configure\n') # wait for the config prompt buff = wait_with_timeout(module, shell, "#") stdout += buff if module.check_mode: # exit and close connection shell.send('exit\n') ssh.close() return False, 'Connection test successful. Password left intact.' # set admin password shell.send('set mgt-config users ' + username + ' password\n') # wait for the password prompt buff = wait_with_timeout(module, shell, ":") stdout += buff # enter password for the first time shell.send(newpassword + '\n') # wait for the password prompt buff = wait_with_timeout(module, shell, ":") stdout += buff # enter password for the second time shell.send(newpassword + '\n') # wait for the config mode prompt buff = wait_with_timeout(module, shell, "#") stdout += buff # commit ! shell.send('commit\n') # wait for the prompt buff = wait_with_timeout(module, shell, "#", 120) stdout += buff if 'success' not in buff: module.fail_json(msg="Error setting " + username + " password: " + stdout) # exit shell.send('exit\n') ssh.close() return True, stdout