Reputation: 345
Basic SSH Connection using Paramiko fails
I'm learning the basics on paramiko and for that purpose I setup a basic lab where I connect an Ubuntu VM to a router emulated in EVE-ng.
The first step was to generate a key pair in the client via ssh-Keygen
Next I loaded the public key to the remote server (the Cisco router) using the following command:
ip ssh pubkey-chain
username administrator
key-hash ssh-rsa 97D0E9B5630D05D78EA9531053124BFF
Right after that I was able to login to the Cisco router from the Ubuntu VM:
$ ssh [email protected]
7206_1.rt#
Then, from the same client I started a Python shell session and tried to establish an SSH session using Paramiko:
import paramiko
ssh = paramiko.SSHClient()
ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())
ssh.connect('192.168.1.1', username='administrator', password='password', key_filename= '/home/administrator/.ssh/id_rsa.pub')
But this time I got the following exception:
Exception: Illegal info request from server
Traceback (most recent call last):
File "/usr/local/lib/python3.8/dist-packages/paramiko/transport.py", line 2109, in run
handler(self.auth_handler, m)
File "/usr/local/lib/python3.8/dist-packages/paramiko/auth_handler.py", line 661, in _parse_userauth_info_request
raise SSHException("Illegal info request from server")
paramiko.ssh_exception.SSHException: Illegal info request from server
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "/usr/local/lib/python3.8/dist-packages/paramiko/client.py", line 435, in connect
self._auth(
File "/usr/local/lib/python3.8/dist-packages/paramiko/client.py", line 764, in _auth
raise saved_exception
File "/usr/local/lib/python3.8/dist-packages/paramiko/client.py", line 751, in _auth
self._transport.auth_password(username, password)
File "/usr/local/lib/python3.8/dist-packages/paramiko/transport.py", line 1498, in auth_password
raise SSHException("No existing session")
paramiko.ssh_exception.SSHException: No existing session
The remote router SSH debug shows that authentication failed:
*Aug 16 01:18:07.295: SSH2 0: MAC compared for #5 :ok
*Aug 16 01:18:07.299: SSH2 0: input: padlength 16 bytes
*Aug 16 01:18:07.299: SSH2 0: Using method = publickey
*Aug 16 01:18:07.307: SSH2 0: send:packet of length 432 (length also includes padlen of 4)
*Aug 16 01:18:07.307: SSH2 0: computed MAC for sequence no.#5 type 60
*Aug 16 01:18:07.311: SSH2 0: Authenticating 'administrator' with method: publickey
*Aug 16 01:18:07.327: SSH2 0: SSH ERROR closing the connection
*Aug 16 01:18:07.331: SSH2 0: send:packet of length 80 (length also includes padlen of 15)
*Aug 16 01:18:07.331: SSH2 0: computed MAC for sequence no.#6 type 1
*Aug 16 01:18:07.335: SSH2 0: Pubkey Authentication failed for user administrator
*Aug 16 01:18:07.335: SSH0: password authentication failed for administrator
At this point I can't tell whether the issue is in the server or in the router as all works fine when connecting directly from server to router without Paramiko.
Thanks.
Upvotes: 1
Views: 5098
Answers (3)
Reputation: 11
In case it helps anyone else, I was receiving this same "Illegal info request from server" error because the password being used had a flag on it that it needed to be updated. I only saw this when logging in manually via WinSCP.
Upvotes: 1
Reputation: 345
Ok, looks like by default, Paramiko searches for discoverable private key files in ~/.ssh/ that's fine if trying to connect to another server, but since it's trying to reach a router, this feature needs to be disabled by setting look_for_keys to False. That fixed the issue (as long as this is not a production environment) which is my case.
Upvotes: 1
Reputation: 1329712
Authentication is done via public key at /home/administrator/.ssh/id_rsa.pub
Not quite: it is done using the private key of the local user you are using when typing:
ssh [email protected]
'administrator' is the name of the remote account used to open a session on the remote server 192.168.1.1
The authentication, on the remote side, will be done using ~administrator/.ssh/authorized_keys (again, on the remote machine), to check if the local ~/.ssh/id_rsa.pub public key was properly registered in the remote ~administrator/.ssh/authorized_keys.
Your local account might be also 'administrator', but that same local account might not be the same when executing the Python shell.
When you see
Authenticating 'administrator' with method: publickey
SSH is talking of the remote 'administrator' account on the remote server, irrespective of the local user account you are in.
Upvotes: 0
Related Questions
- Passwordless SSH connection with Paramiko fails where as with SSH works
- paramiko can't connect to ssh server
- SSH - Python with paramiko issue
- can't login with Paramiko ssh client
- Paramiko SSHClient.connect fails while SSH works
- Python - Paramiko - incompatible ssh server
- python, paramiko, ssh exception ssh session not active
- paramiko and python ssh
- Need help troubleshooting paramiko issue
- ssh client with paramiko (python)