Authentication Issues with Netopeer2 - Unable to Connect via SSH with Admin User
Opened this issue · 34 comments
I am experiencing authentication issues while trying to connect to the Netopeer2 server. The connection fails even though I have configured the NETCONF server, SSH keys, and various settings as described in the documentation. I am unable to authenticate as the admin user or any other configured user.
Actual Behavior:
nc ERROR: Unable to authenticate to the remote server (all attempts via supported authentication methods failed).
cmd_connect: Connecting to the 192.168.5.15:830 as user "skt" failed.
>
System Information:
netconf-tools$ pkg-config --modversion libnetconf2
3.5.1
netconf-tools$ pkg-config --modversion libssh
0.11.0
netconf-tools$ pkg-config --modversion libyang
3.4.2
0375:~$ sudo netopeer2-server -d -v3
[sudo] password for skt:
[INF]: SR: Connection 8 created.
[INF]: SR: Triggering "ietf-netconf-server" "done" event on enabled data.
[INF]: LN: Listening on 0.0.0.0:830 for SSH connections.
[INF]: SR: Triggering "ietf-keystore" "done" event on enabled data.
[INF]: SR: Triggering "ietf-truststore" "done" event on enabled data.
[INF]: SR: Triggering "ietf-netconf-acm" "done" event on enabled data.
[INF]: SR: Triggering "ietf-netconf-acm" "done" event on enabled data.
[INF]: SR: Triggering "ietf-netconf-acm" "done" event on enabled data.
[INF]: SR: Triggering "ietf-netconf-acm" "done" event on enabled data.
^C[INF]: NP: Server terminated.
[INF]: SR: Connection 8 destroyed.
d-0375:~$ sudo sysrepocfg --export=ietf-netconf-server --datastore=running
d-0375:~$ sudo sysrepocfg --edit ietf-netconf-server
d-0375:~$ sudo sysrepocfg --edit ietf-netconf-server
d-0375:~$ sysrepocfg --import=/path/to/backup-config.xml --datastore=startup ietf-netconf-server
sysrepocfg error: Redundant parameters (ietf-netconf-server)
For more details you may try to increase the verbosity up to "-v3".
d-0375:~$ sudo journalctl -u netopeer2-server
Nov 27 15:27:22 ipt-d-0375 systemd[1]: Started netopeer2-server.service - Netop>
Nov 27 15:27:22 ipt-d-0375 systemd[1]: netopeer2-server.service: Main process e>
Nov 27 15:27:22 ipt-d-0375 systemd[1]: netopeer2-server.service: Failed with re>
Nov 27 15:27:22 ipt-d-0375 systemd[1]: netopeer2-server.service: Scheduled rest>
Nov 27 15:27:22 ipt-d-0375 systemd[1]: Started netopeer2-server.service - Netop>
Nov 27 15:27:22 ipt-d-0375 systemd[1]: netopeer2-server.service: Main process e>
Nov 27 15:27:22 ipt-d-0375 systemd[1]: netopeer2-server.service: Failed with re>
Nov 27 15:27:22 ipt-d-0375 systemd[1]: netopeer2-server.service: Scheduled rest>
Nov 27 15:27:23 ipt-d-0375 systemd[1]: Started netopeer2-server.service - Netop>
Nov 27 15:27:23 ipt-d-0375 systemd[1]: netopeer2-server.service: Main process e>
Nov 27 15:27:23 ipt-d-0375 systemd[1]: netopeer2-server.service: Failed with re>
d-0375:~$ sudo systemctl status netopeer2-server
○ netopeer2-server.service - Netopeer2 NETCONF Server
Loaded: loaded (/etc/systemd/system/netopeer2-server.service; disabled; pr>
Active: inactive (dead)
d-0375:~$ cat ietf-netconf-server.xml
<netconf-server xmlns="urn:ietf:params:xml:ns:yang:ietf-netconf-server">
<listen>
<endpoints>
<endpoint>
<name>default-ssh</name>
<ssh>
<tcp-server-parameters>
<local-address>0.0.0.0</local-address>
</tcp-server-parameters>
<ssh-server-parameters>
<server-identity>
<host-key>
<name>default-key</name>
<public-key>
<central-keystore-reference>genkey</central-keystore-reference>
</public-key>
</host-key>
</server-identity>
<client-authentication>
<users>
<user>
<name>admin</name>
<public-keys>
<use-system-keys xmlns="urn:cesnet:libnetconf2-netconf-server"/>
</public-keys>
</user>
</users>
</client-authentication>
</ssh-server-parameters>
</ssh>
</endpoint>
</endpoints>
</listen>
</netconf-server>
The easiest way to debug this in netopeer2-cli to use verb debug before connecting and run netopeer2-server with -d -c SSH. Then both should print enough information for you understand what is the issue.
Unfortunately there is no output from, verb debug and netopeer2-server -d -c SSH. And my netopeer2 server is inactive.
I have a question: do you have any Python library, so I can automate it rather than using CLI?
Unfortunately there is no output from, verb debug and netopeer2-server -d -c SSH. And my netopeer2 server is inactive.
I do not understand, just run it directly and it must output at least something. But you are supposed to try to connect and you should see SSH debug messages.
I have a question: do you have any Python library, so I can automate it rather than using CLI?
We do not provide any Python NETCONF client but you should be able to find some free ones, you can use any with netopeer2-server.
this is my output
skt@ipt-d-0375:~$ sudo systemctl status netopeer2-server
× netopeer2-server.service - Netopeer2 NETCONF Server
Loaded: loaded (/etc/systemd/system/netopeer2-server.service; disabled; preset: e>
Active: failed (Result: exit-code) since Wed 2024-11-27 16:07:15 CET; 1s ago
Duration: 10ms
Process: 2476177 ExecStart=/usr/local/bin/netopeer2-server -d -v3 (code=exited, st>
Main PID: 2476177 (code=exited, status=203/EXEC)
CPU: 7ms
Nov 27 16:07:15 ipt-d-0375 systemd[1]: netopeer2-server.service: Scheduled restart job>
Nov 27 16:07:15 ipt-d-0375 systemd[1]: netopeer2-server.service: Start request repeate>
Nov 27 16:07:15 ipt-d-0375 systemd[1]: netopeer2-server.service: Failed with result 'e>
Nov 27 16:07:15 ipt-d-0375 systemd[1]: Failed to start netopeer2-server.service - Neto>
skt@ipt-d-0375:~$ sudo journalctl -u netopeer2-server
Nov 27 15:27:22 ipt-d-0375 systemd[1]: Started netopeer2-server.service - Netopeer2 NE>
Nov 27 15:27:22 ipt-d-0375 systemd[1]: netopeer2-server.service: Main process exited, >
Nov 27 15:27:22 ipt-d-0375 systemd[1]: netopeer2-server.service: Failed with result 'e>
Nov 27 15:27:22 ipt-d-0375 systemd[1]: netopeer2-server.service: Scheduled restart job>
Nov 27 15:27:22 ipt-d-0375 systemd[1]: Started netopeer2-server.service - Netopeer2 NE>
Nov 27 15:27:22 ipt-d-0375 systemd[1]: netopeer2-server.service: Main process exited, >
Nov 27 15:27:22 ipt-d-0375 systemd[1]: netopeer2-server.service: Failed with result 'e>
skt@ipt-d-0375:~/netconf-tools/Netopeer2$ netopeer2-server -d
[ERR]: LN: Could not bind 0.0.0.0:830 (Permission denied).
[ERR]: LN: Configuring node "local-port" failed.
[ERR]: LN: Applying ietf-netconf-server configuration failed.
[ERR]: NP: Configuring NETCONF server failed.
[ERR]: NP: Server data subscribe failed.
skt@ipt-d-0375:~$ netopeer2-cli
load_config: No saved configuration.
> verb debug
> exit
skt@ipt-d-0375:~$ netpopeer2-cli -d -c SSH
netpopeer2-cli: command not found
skt@ipt-d-0375:~$ netpopeer2-sever -d -c SSH
netpopeer2-sever: command not found
So, as for netopeer2-server, you need to compile it with the default Debug build type for it to support -c SSH. Then you need to execute it directly
$ sudo netopeer2-server -d -c SSH
Regarding netopeer2-cli, I thought it would be obvious to use the command and then try to connect
$ netopeer2-cli
> verb debug
> connect ...
Hey, thank you for your quick response. I have added the output i got.
skt@ipt-d-0375:~$ sudo netopeer2-server -d -c SSH
[INF]: SR: Connection 16 created.
[ERR]: SR: RPC subscription for "/ietf-netconf:get-config" with priority 0 already exists.
[ERR]: NP: Subscribing for "/ietf-netconf:get-config" RPC failed (Invalid argument).
[ERR]: NP: Server RPC subscribe failed.
[INF]: NP: Server terminated.
[INF]: SR: Connection 16 destroyed.
[2024/11/28 15:53:02.441732, 3] ssh_connect: current state : 6
[2024/11/28 15:53:02.441892, 3] ssh_connect: current state : 6
[2024/11/28 15:53:02.442052, 3] ssh_connect: current state : 6
[2024/11/28 15:53:02.442212, 3] ssh_connect: current state : 6
[2024/11/28 15:53:02.442372, 3] ssh_connect: current state : 6
[2024/11/28 15:53:02.442531, 3] ssh_connect: current state : 6
[2024/11/28 15:53:02.442657, 3] ssh_connect: current state : 6
[2024/11/28 15:53:02.442829, 3] ssh_connect: current state : 6
[2024/11/28 15:53:02.442989, 3] ssh_connect: current state : 6
[2024/11/28 15:53:02.443149, 3] ssh_connect: current state : 6
[2024/11/28 15:53:02.443308, 3] ssh_connect: current state : 6
[2024/11/28 15:53:02.443468, 3] ssh_connect: current state : 6
[2024/11/28 15:53:02.443628, 3] ssh_connect: current state : 6
[2024/11/28 15:53:02.443787, 3] ssh_connect: current state : 6
[2024/11/28 15:53:02.443947, 3] ssh_connect: current state : 6
[2024/11/28 15:53:02.444106, 3] ssh_connect: current state : 6
[2024/11/28 15:53:02.444267, 3] ssh_connect: current state : 6
[2024/11/28 15:53:02.444443, 3] ssh_packet_socket_callback: packet: read type 31 [len=612,padding=11,comp=600,payload=600]
[2024/11/28 15:53:02.444451, 3] ssh_packet_process: Dispatching handler for packet type 31
[2024/11/28 15:53:02.444646, 3] ssh_socket_unbuffered_write: Enabling POLLOUT for socket
[2024/11/28 15:53:02.444663, 3] packet_send2: packet: wrote [type=21, len=12, padding_size=10, comp=1, payload=1]
[2024/11/28 15:53:02.444724, 3] crypt_set_algorithms2: Set output algorithm to aes256-gcm@openssh.com
[2024/11/28 15:53:02.444730, 3] crypt_set_algorithms2: Set HMAC output algorithm to aead-gcm
[2024/11/28 15:53:02.444733, 3] crypt_set_algorithms2: Set input algorithm to aes256-gcm@openssh.com
[2024/11/28 15:53:02.444737, 3] crypt_set_algorithms2: Set HMAC input algorithm to aead-gcm
[2024/11/28 15:53:02.444811, 3] ssh_init_rekey_state: Set rekey after 4294967296 blocks
[2024/11/28 15:53:02.444816, 3] ssh_init_rekey_state: Set rekey after 4294967296 blocks
[2024/11/28 15:53:02.444843, 3] ssh_packet_send_newkeys: SSH_MSG_NEWKEYS sent
[2024/11/28 15:53:02.444848, 3] ssh_packet_socket_callback: Processing 16 bytes left in socket buffer
[2024/11/28 15:53:02.444874, 3] ssh_packet_socket_callback: packet: read type 21 [len=12,padding=10,comp=1,payload=1]
[2024/11/28 15:53:02.444878, 3] ssh_packet_process: Dispatching handler for packet type 21
[2024/11/28 15:53:02.444882, 3] ssh_packet_newkeys: Received SSH_MSG_NEWKEYS
[2024/11/28 15:53:02.444971, 3] ssh_packet_newkeys: Signature verified and valid
[2024/11/28 15:53:02.444977, 3] ssh_client_connection_callback: session_state=6
[2024/11/28 15:53:02.444981, 3] ssh_connect: current state : 7
nc VERBOSE: Server hostkey check mode: ask.
[2024/11/28 15:53:02.445200, 3] packet_send2: packet: wrote [type=5, len=32, padding_size=14, comp=17, payload=17]
[2024/11/28 15:53:02.445207, 3] ssh_service_request: Sent SSH_MSG_SERVICE_REQUEST (service ssh-userauth)
[2024/11/28 15:53:02.445235, 3] ssh_socket_unbuffered_write: Enabling POLLOUT for socket
[2024/11/28 15:53:02.462993, 3] ssh_packet_socket_callback: packet: read type 7 [len=432,padding=8,comp=423,payload=423]
[2024/11/28 15:53:02.463004, 3] ssh_packet_process: Dispatching handler for packet type 7
[2024/11/28 15:53:02.463009, 3] ssh_packet_ext_info: Received SSH_MSG_EXT_INFO
[2024/11/28 15:53:02.463013, 3] ssh_packet_ext_info: Follows 1 extensions
[2024/11/28 15:53:02.463019, 3] ssh_packet_ext_info: Extension: server-sig-algs=<ssh-ed25519-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp256-cert-v01@openssh.com,rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ssh-dss-cert-v01@openssh.com,ssh-ed25519,ecdsa-sha2-nistp521,ecdsa-sha2-nistp384,ecdsa-sha2-nistp256,rsa-sha2-512,rsa-sha2-256,ssh-rsa,ssh-dss>
[2024/11/28 15:53:02.463031, 3] ssh_packet_socket_callback: Processing 52 bytes left in socket buffer
[2024/11/28 15:53:02.463038, 3] ssh_packet_socket_callback: packet: read type 6 [len=32,padding=14,comp=17,payload=17]
[2024/11/28 15:53:02.463044, 3] ssh_packet_process: Dispatching handler for packet type 6
[2024/11/28 15:53:02.463050, 3] ssh_packet_service_accept: Received SSH_MSG_SERVICE_ACCEPT
[2024/11/28 15:53:02.463080, 3] ssh_socket_unbuffered_write: Enabling POLLOUT for socket
[2024/11/28 15:53:02.463087, 3] packet_send2: packet: wrote [type=50, len=48, padding_size=11, comp=36, payload=36]
[2024/11/28 15:53:02.492939, 3] ssh_packet_socket_callback: packet: read type 51 [len=64,padding=18,comp=45,payload=45]
[2024/11/28 15:53:02.492966, 3] ssh_packet_process: Dispatching handler for packet type 51
[2024/11/28 15:53:02.492984, 3] ssh_packet_userauth_failure: Access denied for 'none'. Authentication that can continue: publickey,keyboard-interactive,password
nc VERBOSE: Publickey athentication.
nc VERBOSE: No key pair specified.
nc WARNING: Authentication denied.
nc VERBOSE: Password authentication (host "192.168.5.15", user "admin").
admin@192.168.5.15 password:
[2024/11/28 15:53:13.523854, 3] ssh_socket_unbuffered_write: Enabling POLLOUT for socket
[2024/11/28 15:53:13.523901, 3] packet_send2: packet: wrote [type=50, len=64, padding_size=11, comp=52, payload=52]
[2024/11/28 15:53:13.554566, 3] ssh_packet_socket_callback: packet: read type 51 [len=64,padding=18,comp=45,payload=45]
[2024/11/28 15:53:13.554599, 3] ssh_packet_process: Dispatching handler for packet type 51
[2024/11/28 15:53:13.554618, 3] ssh_packet_userauth_failure: Access denied for 'password'. Authentication that can continue: publickey,keyboard-interactive,password
nc WARNING: Authentication denied.
nc VERBOSE: Keyboard-interactive authentication.
[2024/11/28 15:53:13.554704, 3] ssh_userauth_kbdint_init: Sending keyboard-interactive init request
[2024/11/28 15:53:13.554827, 3] ssh_socket_unbuffered_write: Enabling POLLOUT for socket
[2024/11/28 15:53:13.554863, 3] packet_send2: packet: wrote [type=50, len=80, padding_size=19, comp=60, payload=60]
[2024/11/28 15:53:13.555791, 3] ssh_packet_socket_callback: packet: read type 60 [len=96,padding=14,comp=81,payload=81]
[2024/11/28 15:53:13.555815, 3] ssh_packet_process: Dispatching handler for packet type 60
[2024/11/28 15:53:13.555835, 3] ssh_packet_userauth_info_request: 1 keyboard-interactive prompts
Interactive SSH Authentication
Type your password:
Password:
[2024/11/28 15:53:17.665350, 3] ssh_userauth_kbdint_send: Sending keyboard-interactive response packet
[2024/11/28 15:53:17.665502, 3] ssh_socket_unbuffered_write: Enabling POLLOUT for socket
[2024/11/28 15:53:17.665542, 3] packet_send2: packet: wrote [type=61, len=32, padding_size=15, comp=16, payload=16]
[2024/11/28 15:53:17.666834, 3] ssh_packet_socket_callback: packet: read type 51 [len=64,padding=18,comp=45,payload=45]
[2024/11/28 15:53:17.666861, 3] ssh_packet_process: Dispatching handler for packet type 51
[2024/11/28 15:53:17.666880, 3] ssh_packet_userauth_failure: Access denied for 'keyboard interactive'. Authentication that can continue: publickey,keyboard-interactive,password
nc WARNING: Authentication denied.
nc ERROR: Unable to authenticate to the remote server (all attempts via supported authentication methods failed).
[2024/11/28 15:53:17.667031, 3] ssh_socket_unbuffered_write: Enabling POLLOUT for socket
[2024/11/28 15:53:17.667063, 3] packet_send2: packet: wrote [type=1, len=32, padding_size=11, comp=20, payload=20]
cmd_connect: Connecting to the 192.168.5.15:830 as user "admin" failed.
In the configuration you posted before your user admin can only use SSH public keys. But the CLI printed that you have not set any so this authentication fails because of the client and the others are refused by the server. You configure an SSH key in the CLI using the command auth keys add <public_key_path> <private_key_path> (look at auth --help to see command signature).
I do not know it is a silly question or not, but I have doudt that here my server is a switch and client netopeer2, how can i authenticate with a switch from client?
I install the netopeer2 via ssh to my client, it okay or i need to do it onsite? for me i do not see any problem to do the installment process via remotely or onsite, but I have read one issue, you may advise to do not do this via ssh, if i am not wrong.
Please try to be more clear, I do not understand what you are saying. What is that about a switch, you are not running netopeer2 on a Linux? And how can you install netopeer2 via SSH, you mean by SFTP?
Hi;
I cannot connect netopeer2-cli with my server (switch), I have did the authentication but still it do not connect.
Now I am tring to connect netopeer2-server with ncclient. but I have get error these error message, could you have a look?
d-0375:$ sudo systemctl start netopeer2-server$ sudo journalctl -xeu netopeer2-server.service
Job for netopeer2-server.service failed because the control process exited with error code.
See "systemctl status netopeer2-server.service" and "journalctl -xeu netopeer2-server.service" for details.
d-0375:
░░
░░ The unit netopeer2-server.service has entered the 'failed' state with result 'exi>
Dez 03 10:21:56 ipt-d-0375 systemd[1]: netopeer2-server.service: Scheduled restart j>
░░ Subject: Automatic restarting of a unit has been scheduled
░░ Defined-By: systemd
░░ Support: http://www.ubuntu.com/support
░░
░░ Automatic restarting of the unit netopeer2-server.service has been scheduled, as >
░░ the configured Restart= setting for the unit.
Dez 03 10:21:56 ipt-d-0375 systemd[1]: netopeer2-server.service: Start request repea>
Dez 03 10:21:56 ipt-d-0375 systemd[1]: netopeer2-server.service: Failed with result >
░░ Subject: Unit failed
░░ Defined-By: systemd
░░ Support: http://www.ubuntu.com/support
░░
░░ The unit netopeer2-server.service has entered the 'failed' state with result 'exi>
Dez 03 10:21:56 ipt-d-0375 systemd[1]: Failed to start netopeer2-server.service - Ne>
░░ Subject: A start job for unit netopeer2-server.service has failed
░░ Defined-By: systemd
░░ Support: http://www.ubuntu.com/support
░░
░░ A start job for unit netopeer2-server.service has finished with a failure.
░░
░░ The job identifier is 133864 and the job result is failed.
Dez 03 10:21:57 ipt-d-0375 systemd[1]: netopeer2-server.service: Start request repea>
Dez 03 10:21:57 ipt-d-0375 systemd[1]: netopeer2-server.service: Failed with result >
░░ Subject: Unit failed
░░ Defined-By: systemd
░░ Support: http://www.ubuntu.com/support
░░
░░ The unit netopeer2-server.service has entered the 'failed' state with result 'exi>
Dez 03 10:21:57 ipt-d-0375 systemd[1]: Failed to start netopeer2-server.service - Ne>
░░ Subject: A start job for unit netopeer2-server.service has failed
░░ Defined-By: systemd
░░ Support: http://www.ubuntu.com/support
░░
░░ A start job for unit netopeer2-server.service has finished with a failure.
░░
░░ The job identifier is 133970 and the job result is failed.
d-0375:~$ netopeer2-server -d -v2
[INF]: SR: Connection 35 created.
[ERR]: SR: RPC subscription for "/ietf-netconf:get-config" with priority 0 already exists.
[ERR]: NP: Subscribing for "/ietf-netconf:get-config" RPC failed (Invalid argument).
[ERR]: NP: Server RPC subscribe failed.
[INF]: NP: Server terminated.
[INF]: SR: Connection 35 destroyed.
d-0375:~$ sudo systemctl status netopeer2-server
× netopeer2-server.service - Netopeer2 NETCONF Server
Loaded: loaded (/etc/systemd/system/netopeer2-server.service; enabled; preset: >
Active: failed (Result: exit-code) since Tue 2024-12-03 10:21:56 CET; 1min 51s >
Duration: 9ms
Process: 2249904 ExecStart=/usr/local/bin/netopeer2-server -d -v3 (code=exited, >
Main PID: 2249904 (code=exited, status=203/EXEC)
CPU: 7ms
Dez 03 10:21:56 ipt-d-0375 systemd[1]: netopeer2-server.service: Scheduled restart j>
Dez 03 10:21:56 ipt-d-0375 systemd[1]: netopeer2-server.service: Start request repea>
Dez 03 10:21:56 ipt-d-0375 systemd[1]: netopeer2-server.service: Failed with result >
Dez 03 10:21:56 ipt-d-0375 systemd[1]: Failed to start netopeer2-server.service - Ne>
Dez 03 10:21:57 ipt-d-0375 systemd[1]: netopeer2-server.service: Start request repea>
Dez 03 10:21:57 ipt-d-0375 systemd[1]: netopeer2-server.service: Failed with result >
Dez 03 10:21:57 ipt-d-0375 systemd[1]: Failed to start netopeer2-server.service - Ne>
[ERR]: SR: RPC subscription for "/ietf-netconf:get-config" with priority 0 already exists.
This means the server is already running. There is no other relevant information and I suggest you use the systemd service only after you make sure the server can run successfully.
Okay, but i do not get any output when I run netopeer2-server this command. and when i checked the status of the server, it shows failed of activity. here i have added the logs
d-0375:$ netopeer2-server$ journalctl -u netopeer2-server
d-0375:
Hint: You are currently not seeing messages from other users and the system.
Users in groups 'adm', 'systemd-journal' can see all messages.
Pass -q to turn off this notice.
-- No entries --
d-0375:~$ sudo systemctl status netopeer2-server
[sudo] password for skt:
× netopeer2-server.service - Netopeer2 NETCONF Server
Loaded: loaded (/etc/systemd/system/netopeer2-server.service; enabled; preset: enabled)
Active: failed (Result: exit-code) since Tue 2024-12-03 10:21:56 CET; 4h 15min ago
Duration: 9ms
Process: 2249904 ExecStart=/usr/local/bin/netopeer2-server -d -v3 (code=exited, status=203/EXEC)
Main PID: 2249904 (code=exited, status=203/EXEC)
CPU: 7ms
Dez 03 10:21:56 ipt-d-0375 systemd[1]: netopeer2-server.service: Scheduled restart job, restart counter is at 5.
Dez 03 10:21:56 ipt-d-0375 systemd[1]: netopeer2-server.service: Start request repeated too quickly.
Dez 03 10:21:56 ipt-d-0375 systemd[1]: netopeer2-server.service: Failed with result 'exit-code'.
Dez 03 10:21:56 ipt-d-0375 systemd[1]: Failed to start netopeer2-server.service - Netopeer2 NETCONF Server.
Dez 03 10:21:57 ipt-d-0375 systemd[1]: netopeer2-server.service: Start request repeated too quickly.
Dez 03 10:21:57 ipt-d-0375 systemd[1]: netopeer2-server.service: Failed with result 'exit-code'.
Dez 03 10:21:57 ipt-d-0375 systemd[1]: Failed to start netopeer2-server.service - Netopeer2 NETCONF Server.
If you run the server as
# netopeer2-server -d -v2
you will see some messages, just do not have another instance of netopeer2-server running.
I hav received these message
d-0375:~$ sudo netopeer2-server -d -v2
[INF]: SR: Connection 42 created.
[WRN]: SR: Recovering RPC/action "/ietf-netconf:get-config" subscription of CID 41.
[WRN]: SR: Recovering RPC/action "/ietf-netconf:edit-config" subscription of CID 19.
[WRN]: SR: Recovering RPC/action "/ietf-netconf:copy-config" subscription of CID 19.
[WRN]: SR: Recovering RPC/action "/ietf-netconf:delete-config" subscription of CID 19.
[WRN]: SR: Recovering RPC/action "/ietf-netconf:lock" subscription of CID 19.
[WRN]: SR: Recovering RPC/action "/ietf-netconf:unlock" subscription of CID 19.
[WRN]: SR: Recovering RPC/action "/ietf-netconf:get" subscription of CID 19.
[WRN]: SR: Recovering RPC/action "/ietf-netconf:kill-session" subscription of CID 19.
[WRN]: SR: Recovering RPC/action "/ietf-netconf:commit" subscription of CID 19.
[WRN]: SR: Recovering RPC/action "/ietf-netconf:cancel-commit" subscription of CID 19.
[WRN]: SR: Recovering RPC/action "/ietf-netconf:discard-changes" subscription of CID 19.
[WRN]: SR: Recovering RPC/action "/ietf-netconf:validate" subscription of CID 19.
[WRN]: SR: Recovering RPC/action "/ietf-netconf-monitoring:get-schema" subscription of CID 19.
[WRN]: SR: Recovering RPC/action "/notifications:create-subscription" subscription of CID 19.
[WRN]: SR: Recovering RPC/action "/ietf-netconf-nmda:get-data" subscription of CID 19.
[WRN]: SR: Recovering RPC/action "/ietf-netconf-nmda:edit-data" subscription of CID 19.
[WRN]: SR: Recovering RPC/action "/ietf-subscribed-notifications:establish-subscription" subscription of CID 19.
[WRN]: SR: Recovering RPC/action "/ietf-subscribed-notifications:modify-subscription" subscription of CID 19.
[WRN]: SR: Recovering RPC/action "/ietf-subscribed-notifications:delete-subscription" subscription of CID 19.
[WRN]: SR: Recovering RPC/action "/ietf-subscribed-notifications:kill-subscription" subscription of CID 19.
[WRN]: SR: Recovering RPC/action "/ietf-yang-push:resync-subscription" subscription of CID 19.
[WRN]: SR: Recovering module "ietf-netconf-monitoring" operational get subscription of CID 19.
[WRN]: SR: Recovering module "nc-notifications" operational get subscription of CID 19.
[WRN]: SR: Recovering module "iana-ssh-public-key-algs" operational get subscription of CID 19.
[WRN]: SR: Recovering module "iana-ssh-key-exchange-algs" operational get subscription of CID 19.
[WRN]: SR: Recovering module "iana-ssh-encryption-algs" operational get subscription of CID 19.
[WRN]: SR: Recovering module "iana-ssh-mac-algs" operational get subscription of CID 19.
[WRN]: SR: Recovering module "ietf-subscribed-notifications" running change subscription of CID 19.
[WRN]: SR: Recovering module "ietf-subscribed-notifications" operational get subscription of CID 19.
[WRN]: SR: Recovering module "ietf-subscribed-notifications" operational get subscription of CID 19.
[INF]: SR: Triggering "ietf-netconf-server" "done" event on enabled data.
[INF]: LN: Listening on 0.0.0.0:830 for SSH connections.
[WRN]: SR: Recovering module "ietf-netconf-server" running change subscription of CID 19.
[INF]: SR: Triggering "ietf-keystore" "done" event on enabled data.
[WRN]: SR: Recovering module "ietf-keystore" running change subscription of CID 19.
[INF]: SR: Triggering "ietf-truststore" "done" event on enabled data.
[WRN]: SR: Recovering module "ietf-truststore" running change subscription of CID 19.
[INF]: SR: Triggering "ietf-netconf-acm" "done" event on enabled data.
[WRN]: SR: Recovering module "ietf-netconf-acm" running change subscription of CID 19.
[WRN]: SR: Recovering module "ietf-netconf-acm" running change subscription of CID 19.
[WRN]: SR: Recovering module "ietf-netconf-acm" running change subscription of CID 19.
[WRN]: SR: Recovering module "ietf-netconf-acm" running change subscription of CID 19.
[INF]: SR: Triggering "ietf-netconf-acm" "done" event on enabled data.
[INF]: SR: Triggering "ietf-netconf-acm" "done" event on enabled data.
[INF]: SR: Triggering "ietf-netconf-acm" "done" event on enabled data.
[WRN]: SR: Recovering module "sysrepo-monitoring" operational get subscription of CID 19.
client_loop: send disconnect: Connection reset
and i am struggling with netopper2-cli and now netopeer2-server. I am not clear with this authentication issues actually, though i have tried with your previous instruction "You configure an SSH key in the CLI using the command auth keys add <public_key_path> <private_key_path> (look at auth --help to see command signature)."
-d-0375:~$ python3 netconf_client.py
An error occurred: AuthenticationException('Authentication failed.')
i have tried with this and i got error message when i tried to conncet netopeer2-cli with server(switch).
now i am getting the error message now i am tring to automate the system via ncclient library as you told, this my output. do i need to change or edit any file?
for your information, in my ietf-netconf-server.xml file my username is according my pc name, wheere else my server name is different, is it a problem? or ? I have doubt and not clear how to proceed
*I mainly need to automate the pipeline via netconf and I wanted to see this manually as well thats why first time i wanted to try with netopeer2-cli
Run the server as netopeer2-server -d -c SSH and you should see the exact reason why the authentication fails. I cannot help you with the client since you are not using our CLI.
Hey I have added my ietf-netconf-server file again
d-0375:~$ sysrepocfg --export --module ietf-netconf-server
<netconf-server xmlns="urn:ietf:params:xml:ns:yang:ietf-netconf-server">
<listen>
<endpoints>
<endpoint>
<name>default-ssh</name>
<ssh>
<tcp-server-parameters>
<local-address>0.0.0.0</local-address>
</tcp-server-parameters>
<ssh-server-parameters>
<server-identity>
<host-key>
<name>default-key</name>
<public-key>
<central-keystore-reference>genkey</central-keystore-reference>
</public-key>
</host-key>
</server-identity>
<client-authentication>
<users>
<user>
<name>admin</name>
<public-keys>
<use-system-keys xmlns="urn:cesnet:libnetconf2-netconf-server"/>
</public-keys>
</user>
</users>
</client-authentication>
</ssh-server-parameters>
</ssh>
</endpoint>
</endpoints>
</listen>
</netconf-server>
after trying to connect with netopeer2-cli, I get the error message
c VERBOSE: Trying to authenticate using pair "/home/skt/.ssh/id_rsa" "/home/skt/.ssh/id_rsa.pub".
[2024/12/04 10:24:45.647786, 3] ssh_key_algorithm_allowed: Checking rsa-sha2-512 with list <ssh-ed25519-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp256-cert-v01@openssh.com,sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,ssh-ed25519,ecdsa-sha2-nistp521,ecdsa-sha2-nistp384,ecdsa-sha2-nistp256,sk-ssh-ed25519@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com,rsa-sha2-512,rsa-sha2-256>
[2024/12/04 10:24:45.647838, 3] ssh_key_algorithm_allowed: Checking rsa-sha2-512 with list <ssh-ed25519-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp256-cert-v01@openssh.com,sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,ssh-ed25519,ecdsa-sha2-nistp521,ecdsa-sha2-nistp384,ecdsa-sha2-nistp256,sk-ssh-ed25519@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com,rsa-sha2-512,rsa-sha2-256>
[2024/12/04 10:24:45.648008, 3] ssh_socket_unbuffered_write: Enabling POLLOUT for socket
[2024/12/04 10:24:45.648033, 3] packet_send2: packet: wrote [type=50, len=352, padding_size=10, comp=341, payload=341]
[2024/12/04 10:24:45.649997, 3] ssh_packet_socket_callback: packet: read type 51 [len=64,padding=18,comp=45,payload=45]
[2024/12/04 10:24:45.650021, 3] ssh_packet_process: Dispatching handler for packet type 51
[2024/12/04 10:24:45.650040, 3] ssh_packet_userauth_failure: Access denied for 'publickey'. Authentication that can continue: publickey,keyboard-interactive,password
nc WARNING: Authentication denied.
nc VERBOSE: Password authentication (host "192.168.5.15", user "admin").
admin@192.168.5.15 password:
[2024/12/04 10:24:54.416843, 3] ssh_socket_unbuffered_write: Enabling POLLOUT for socket
[2024/12/04 10:24:54.416877, 3] packet_send2: packet: wrote [type=50, len=64, padding_size=11, comp=52, payload=52]
[2024/12/04 10:24:54.444795, 3] ssh_packet_socket_callback: packet: read type 51 [len=64,padding=18,comp=45,payload=45]
[2024/12/04 10:24:54.444833, 3] ssh_packet_process: Dispatching handler for packet type 51
[2024/12/04 10:24:54.444856, 3] ssh_packet_userauth_failure: Access denied for 'password'. Authentication that can continue: publickey,keyboard-interactive,password
nc WARNING: Authentication denied.
nc VERBOSE: Keyboard-interactive authentication.
[2024/12/04 10:24:54.444924, 3] ssh_userauth_kbdint_init: Sending keyboard-interactive init request
[2024/12/04 10:24:54.445027, 3] ssh_socket_unbuffered_write: Enabling POLLOUT for socket
[2024/12/04 10:24:54.445048, 3] packet_send2: packet: wrote [type=50, len=80, padding_size=19, comp=60, payload=60]
[2024/12/04 10:24:54.445966, 3] ssh_packet_socket_callback: packet: read type 60 [len=96,padding=14,comp=81,payload=81]
[2024/12/04 10:24:54.445989, 3] ssh_packet_process: Dispatching handler for packet type 60
[2024/12/04 10:24:54.446009, 3] ssh_packet_userauth_info_request: 1 keyboard-interactive prompts
Interactive SSH Authentication
Type your password:
Password:
[2024/12/04 10:24:57.656761, 3] ssh_userauth_kbdint_send: Sending keyboard-interactive response packet
[2024/12/04 10:24:57.656894, 3] ssh_socket_unbuffered_write: Enabling POLLOUT for socket
[2024/12/04 10:24:57.656926, 3] packet_send2: packet: wrote [type=61, len=32, padding_size=15, comp=16, payload=16]
[2024/12/04 10:24:57.659113, 3] ssh_packet_socket_callback: packet: read type 51 [len=64,padding=18,comp=45,payload=45]
[2024/12/04 10:24:57.659143, 3] ssh_packet_process: Dispatching handler for packet type 51
[2024/12/04 10:24:57.659176, 3] ssh_packet_userauth_failure: Access denied for 'keyboard interactive'. Authentication that can continue: publickey,keyboard-interactive,password
nc WARNING: Authentication denied.
nc ERROR: Unable to authenticate to the remote server (all attempts via supported authentication methods failed).
[2024/12/04 10:24:57.659349, 3] ssh_socket_unbuffered_write: Enabling POLLOUT for socket
[2024/12/04 10:24:57.659377, 3] packet_send2: packet: wrote [type=1, len=32, padding_size=11, comp=20, payload=20]
cmd_connect: Connecting to the 192.168.5.15:830 as user "admin" failed.
> exit
here is my server output
skt@ipt-d-0375:~$ sudo netopeer2-server -d -c SSH
[INF]: SR: Connection 58 created.
[WRN]: SR: Recovering RPC/action "/ietf-netconf:get-config" subscription of CID 57.
[WRN]: SR: Recovering RPC/action "/ietf-netconf:edit-config" subscription of CID 55.
[WRN]: SR: Recovering RPC/action "/ietf-netconf:copy-config" subscription of CID 55.
[WRN]: SR: Recovering RPC/action "/ietf-netconf:delete-config" subscription of CID 55.
[WRN]: SR: Recovering RPC/action "/ietf-netconf:lock" subscription of CID 55.
[WRN]: SR: Recovering RPC/action "/ietf-netconf:unlock" subscription of CID 55.
[WRN]: SR: Recovering RPC/action "/ietf-netconf:get" subscription of CID 55.
[WRN]: SR: Recovering RPC/action "/ietf-netconf:kill-session" subscription of CID 55.
[WRN]: SR: Recovering RPC/action "/ietf-netconf:commit" subscription of CID 55.
[WRN]: SR: Recovering RPC/action "/ietf-netconf:cancel-commit" subscription of CID 55.
[WRN]: SR: Recovering RPC/action "/ietf-netconf:discard-changes" subscription of CID 55.
[WRN]: SR: Recovering RPC/action "/ietf-netconf:validate" subscription of CID 55.
[WRN]: SR: Recovering RPC/action "/ietf-netconf-monitoring:get-schema" subscription of CID 55.
[WRN]: SR: Recovering RPC/action "/notifications:create-subscription" subscription of CID 55.
[WRN]: SR: Recovering RPC/action "/ietf-netconf-nmda:get-data" subscription of CID 55.
[WRN]: SR: Recovering RPC/action "/ietf-netconf-nmda:edit-data" subscription of CID 55.
[WRN]: SR: Recovering RPC/action "/ietf-subscribed-notifications:establish-subscription" subscription of CID 55.
[WRN]: SR: Recovering RPC/action "/ietf-subscribed-notifications:modify-subscription" subscription of CID 55.
[WRN]: SR: Recovering RPC/action "/ietf-subscribed-notifications:delete-subscription" subscription of CID 55.
[WRN]: SR: Recovering RPC/action "/ietf-subscribed-notifications:kill-subscription" subscription of CID 55.
[WRN]: SR: Recovering RPC/action "/ietf-yang-push:resync-subscription" subscription of CID 55.
[WRN]: SR: Recovering module "ietf-netconf-monitoring" operational get subscription of CID 55.
[WRN]: SR: Recovering module "nc-notifications" operational get subscription of CID 55.
[WRN]: SR: Recovering module "iana-ssh-public-key-algs" operational get subscription of CID 55.
[WRN]: SR: Recovering module "iana-ssh-key-exchange-algs" operational get subscription of CID 55.
[WRN]: SR: Recovering module "iana-ssh-encryption-algs" operational get subscription of CID 55.
[WRN]: SR: Recovering module "iana-ssh-mac-algs" operational get subscription of CID 55.
[WRN]: SR: Recovering module "ietf-subscribed-notifications" running change subscription of CID 55.
[WRN]: SR: Recovering module "ietf-subscribed-notifications" operational get subscription of CID 55.
[WRN]: SR: Recovering module "ietf-subscribed-notifications" operational get subscription of CID 55.
[INF]: SR: Triggering "ietf-netconf-server" "done" event on enabled data.
[INF]: LN: Listening on 0.0.0.0:830 for SSH connections.
[WRN]: SR: Recovering module "ietf-netconf-server" running change subscription of CID 55.
[INF]: SR: Triggering "ietf-keystore" "done" event on enabled data.
[WRN]: SR: Recovering module "ietf-keystore" running change subscription of CID 55.
[INF]: SR: Triggering "ietf-truststore" "done" event on enabled data.
[WRN]: SR: Recovering module "ietf-truststore" running change subscription of CID 55.
[INF]: SR: Triggering "ietf-netconf-acm" "done" event on enabled data.
[WRN]: SR: Recovering module "ietf-netconf-acm" running change subscription of CID 55.
[WRN]: SR: Recovering module "ietf-netconf-acm" running change subscription of CID 55.
[WRN]: SR: Recovering module "ietf-netconf-acm" running change subscription of CID 55.
[WRN]: SR: Recovering module "ietf-netconf-acm" running change subscription of CID 55.
[INF]: SR: Triggering "ietf-netconf-acm" "done" event on enabled data.
[INF]: SR: Triggering "ietf-netconf-acm" "done" event on enabled data.
[INF]: SR: Triggering "ietf-netconf-acm" "done" event on enabled data.
[WRN]: SR: Recovering module "sysrepo-monitoring" operational get subscription of CID 55.
> auth keys
The keys used for SSH authentication:
#0: /home/skt/.ssh/id_rsa.pub (private /home/skt/.ssh/id_rsa)
can you help me out from here? Thank you
That is not the full output of netopeer2-server, it did not even print the INF message about a new connection. Fix that first although I am not sure how you managed to connect to another server since it should not be possible to have 2 instances running on a single machine.
Sorry, for more clarification, what do you mean by two instances 'how you managed to connect to another server since it should not be possible to have 2 instances running on a single machine.'
I have those output when i run sudo netopeer2-server -d -c SSH this command. How can I fix the issue?
but I get these output when I run sudo netopeer2-server -d -v2. both are same or different?
d-0375:~$ sudo netopeer2-server -d -v2
[sudo] password for skt:
[INF]: SR: Connection 60 created.
[INF]: SR: Triggering "ietf-netconf-server" "done" event on enabled data.
[INF]: LN: Listening on 0.0.0.0:830 for SSH connections.
[INF]: SR: Triggering "ietf-keystore" "done" event on enabled data.
[INF]: SR: Triggering "ietf-truststore" "done" event on enabled data.
[INF]: SR: Triggering "ietf-netconf-acm" "done" event on enabled data.
[INF]: SR: Triggering "ietf-netconf-acm" "done" event on enabled data.
[INF]: SR: Triggering "ietf-netconf-acm" "done" event on enabled data.
[INF]: SR: Triggering "ietf-netconf-acm" "done" event on enabled data.
When you connect with a client, it must print more messages. If the server did not, you have not connected to it.
Hey, I do not see any additional messages when I am connecting with the client in server end. What can i do? Here i have added how did I installed the netopeer2
installing Netopeer2 and Dependencies**
Install Required Dependencies
Ensure your system has the necessary build tools and libraries:
sudo apt update
sudo apt install -y build-essential cmake git libpcre3-dev libev-dev libssl-dev zlib1g-dev \
libprotobuf-c-dev protobuf-c-compiler swig python3-devClone the Repositories
Clone the source code for the required components:
# Clone Netopeer2 repository
git clone https://github.com/CESNET/Netopeer2.git
# Clone Sysrepo repository
git clone https://github.com/sysrepo/sysrepo.git
# Clone Libyang repository
git clone https://github.com/CESNET/libyang.git
# Clone Libnetconf2 repository
git clone https://github.com/CESNET/libnetconf2.git
# sudo apt-get install doxygen
1264 sudo apt-get install g++
git clone https://git.libssh.org/projects/libssh.git
Build and Install the Libraries
(a) Install `libyang`
```bash
cd libyang
mkdir build && cd build
cmake ..
make
sudo make install
sudo ldconfig(b) Install libnetconf2
cd ../../libnetconf2
mkdir build && cd build
cmake ..
make
sudo make install
sudo ldconfig(c) Install sysrepo
cd ../../sysrepo
mkdir build && cd build
cmake -DREPOSITORY_LOC=/etc/sysrepo ..
make
sudo make install
sudo ldconfigcd libssh
mkdir build
cd build
cmake ..
make
sudo make install
(d) Install netopeer2
cd ../../Netopeer2
mkdir build && cd build
cmake ..
make
sudo make install
sudo ldconfigInstallation seems fine so I really cannot help you, something is wrong on your end.
okay
Hey, I have one question, what do you mean by two instances in same device? do you mean, I can run in one device netopeer2-cli and another device netopeer2-server? or its okay to run in one?
Yes, it is fine to run both the client and the server on one machine, that is what I expected. Never mind what I said before, I referred to running 2 instances of netopeer2-server on a single machine.
Hi,
Somehow I could able to connct with the server but after run get i have received these error message, do you know, why?
a> get
ERROR
type: application
tag: operation-failed
severity: error
message: Callback event "rpc" with ID 11 processing timed out.
type: application
tag: operation-failed
severity: error
message: User callback failed.
get --filter-xpath "/ietf-interfaces:interfaces/*"
ERROR
type: application
tag: operation-failed
severity: error
message: Callback event "rpc" with ID 8 processing timed out.
type: application
tag: operation-failed
severity: error
message: User callback failed.
If you set some sysrepo oper data callbacks for the interfaces that take a long time to execute, it can cause these timeouts. What platform are you on? You seem to have lots of issues.
Yes you are right, I am using Ubuntu 24.04 LTS and server (Kontron KSwitch D10 MMT Series switch)
So you are trying to run netopeer2-server on that switch? What OS does it have?
I am not running the netopeer2-server directly on my switch. Instead, I am using it on my PC as the server, along with netopeer2-cli as the client, to establish a NETCONF connection with the switch. The goal is to use this setup to interact with the switch over the NETCONF protocol. Once the connection is established and tested via CLI, I plan to automate the system using the Python library ncclient for further configuration and management tasks.
I am not sure do I need netopeer2-server when I want to use the netopeer2-cli, or I need the server to see the log.
If you set some sysrepo oper data callbacks for the interfaces that take a long time to execute, it can cause these timeouts. What platform are you on? You seem to have lots of issues.
Hi; How can I solve the issue?
Can I use this command: get --filter-xpath "/ietf-interfaces:interfaces/*" timeout 15
Well, that would explain why you did not see any logs for netopeer2-server and I was right in saying that you are not even connecting to it, if the switch has a NETCONF capability on its own.
So, NETCONF operates on the client - server communication model meaning one peer acts as the client, which connects to another peer that acts as the server. In your case, the local machine with netopeer2-cli is the client and the switch is the server so no, you do not need to be running netopeer2-server at all.
Having cleared that up, I would just say that our main software is netopeer2-server and the CLI is meant mostly for testing and non-deployment use. As for your issue, to learn what options does a command have, run <command> --help.
Hi thank you, I have tried still no response,
do you have any idea?
get --filter-xpath "/ietf-interfaces:interfaces/*" -- help
cmd_get: Unparsed command arguments.
get [--help] [--filter-subtree[=] | --filter-xpath ] [--defaults report-all|report-all-tagged|trim|explicit] [--out ] [--rpc-timeout ]
get --filter-xpath "/ietf-interfaces:interfaces/*" --rpc-timeout 15
ERROR
type: application
tag: operation-failed
severity: error
message: Callback event "rpc" with ID 17 processing timed out.
type: application
tag: operation-failed
severity: error
message: User callback failed.
get --filter-xpath "/ietf-interfaces:interfaces/*" --rpc-timeout 60
ERROR
type: application
tag: operation-failed
severity: error
message: Callback event "rpc" with ID 18 processing timed out.
type: application
tag: operation-failed
severity: error
message: User callback failed.
get --filter-xpath "/ietf-interfaces:interfaces/*" --rpc-timeout 200
ERROR
type: application
tag: operation-failed
severity: error
message: Callback event "rpc" with ID 19 processing timed out.
type: application
tag: operation-failed
severity: error
message: User callback failed.
You need to look at some output of the device or contact their support, I cannot help you anymore.