PanOS prompt authentication error
simatt99 opened this issue · 0 comments
Describe the bug
Scrapli SSH times out during connection. For some of my devices I have banner acknowledgment turned on. The acknowledgement gets asked before the SSH password is inputted. I looked through documentation and don't think theres a good way to go about this, correct me if i'm wrong.
To Reproduce
Steps to reproduce the behavior:
- turn on admin banner acknowledgment](https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-admin/firewall-administration/use-the-web-interface/configure-banners-message-of-the-day-and-logos) for PanOS
- use scrapli community PanOS driver to connect to the device.
- profit
Expected behavior
I expected Scrapli to detect pre SSH prompts to connect to the device.
logs
24-Jul-30 15:31:31 - DEBUG - Scrapli factory initialized
24-Jul-30 15:31:31 - INFO - Driver '<class 'scrapli.driver.network.sync_driver.NetworkDriver'>' selected from scrapli community platforms, with the following platform arguments: '{'privilege_levels': {'exec': <scrapli.driver.network.base_driver.PrivilegeLevel object at 0x7fe4bf72bdc0>, 'configuration': <scrapli.driver.network.base_driver.PrivilegeLevel object at 0x7fe4bf72bca0>}, 'default_desired_privilege_level': 'exec', 'failed_when_contains': ['Unknown command:', 'Invalid syntax.', 'Server error', 'Validation Error:'], 'textfsm_platform': 'paloalto_panos', 'genie_platform': '', 'on_open': <function default_sync_on_open at 0x7fe4bfafc700>, 'on_close': <function default_sync_on_close at 0x7fe4bfafc790>}'
24-Jul-30 15:31:31 - DEBUG - load core transport requested
24-Jul-30 15:31:31 - DEBUG - core transport 'system' loaded successfully
24-Jul-30 15:31:31 - DEBUG - generating combined network comms prompt pattern
24-Jul-30 15:31:31 - DEBUG - setting 'comms_prompt_pattern' value to '(^[\w.-]+@[\w.()-]+>\s?$)|(^[\w.-]+@[\w.()-]+#\s?$)'
24-Jul-30 15:31:31 - INFO - opening connection to '<SYSTEM_IP>' on port '22'
24-Jul-30 15:31:31 - DEBUG - opening transport connection to '<SYSTEM_IP>' on port '22'
24-Jul-30 15:31:31 - DEBUG - created transport 'open_cmd': '['ssh', '<SYSTEM_IP>', '-p', '22', '-o', 'ConnectTimeout=15', '-o', 'ServerAliveInterval=30', '-l', 'admin', '-o', 'StrictHostKeyChecking=no', '-o', 'UserKnownHostsFile=/dev/null', '-F', '/dev/null']'
24-Jul-30 15:31:31 - DEBUG - transport connection to '<SYSTEM_IP>' on port '22' opened successfully
24-Jul-30 15:31:31 - DEBUG - attempting in channel ssh authentication
24-Jul-30 15:31:35 - DEBUG - read: b"Warning: Permanently added '<SYSTEM_IP>' (ECDSA) to the list of known hosts.\n"
24-Jul-30 15:31:35 - DEBUG - read: b'This computer system is private property and may only be accessed by authorized users.\n'
24-Jul-30 15:31:35 - DEBUG - read: b''
24-Jul-30 15:31:35 - DEBUG - read: b'(admin@<SYSTEM_IP>) Do you accept and acknowledge the statement above ? (yes/no) : '
24-Jul-30 15:32:01 - CRITICAL - operation timed out, closing connection
24-Jul-30 15:32:01 - DEBUG - closing transport connection to '<SYSTEM_IP>' on port '22'
24-Jul-30 15:32:01 - CRITICAL - encountered EOF reading from transport; typically means the device closed the connection
24-Jul-30 15:32:02 - DEBUG - transport connection to '<SYSTEM_IP>' on port '22' closed successfully
24-Jul-30 15:32:02 - CRITICAL - unknown exception occured
24-Jul-30 15:32:02 - CRITICAL - Type: <class 'scrapli.exceptions.ScrapliTimeout'>
24-Jul-30 15:32:02 - CRITICAL - Value: timed out during in channel ssh authentication
24-Jul-30 15:32:02 - CRITICAL - Traceback: <traceback object at 0x7fe4bf4cca80>
this is how normal SSH interactions look like:
user@computer ~ % ssh paloAlto
This computer system is private property and may only be accessed by authorized users.
(admin@PaloAltoIP) Do you accept and acknowledge the statement above ? (yes/no) :yes
(admin@PaloAltoIP) Password:
OS (please complete the following information):
- OS: CentOS 9/MacOS
- scrapli version: 2024.1.30
- scrapli_community version: 2024.7.30
Additional context
N/A