Bad authentication about community.ciscosmb HOT 10 CLOSED

Hello,

you did not sent your inventory file, so I can not check it.

Try ansible-play example from README first, please.

Regards
Petr Klíma

from community.ciscosmb.

Hello Petr,

I had the same issue, and the reason was the not allowed option ip ssh password-auth on the device.

could you please advise me, on how to proceed with the login, when the direct login is not allowed and the cisco-smb always expects to fill username and password on the welcome screen? In case, when this password-auth option is allowed, the ansible module works properly.

Thanks for any advice.

from community.ciscosmb.

Hello again,

it was quiet easy.

Run playbook as usual and ask for ssh password, like that
ansible-playbook yourplaybookname --ask-pass

In the playbook do something similar

---
#Configure ciscosmb
- name: CiscoSMB IOS Command
  hosts: your_host_group
  become: true
  connection: local
  vars_prompt:
    - name: Cisco-User
      prompt: Type Cisco-User
      private: no
    - name: Cisco-Pass
      prompt: Type Cisco-Pass
      private: yes
	  
  tasks:
    - name: Name of this taks
      community.ciscosmb.command:
        commands:
            - list
            - of
            - commands
            - which
            - you
            - will
            - use

from community.ciscosmb.

Sorry for spam - it still not working, still the same ip ssh password-auth has to be enabled.

from community.ciscosmb.

I am having a similar issue on an SG350 switch but enabling password authentication does not fix it.

Every time it gets to "ESTABLISH SSH CONNECTION FOR USER: admin" it hangs at

SSH: EXEC sshpass -d10 ssh -vvv -C -o ControlMaster=auto -o ControlPersist=60s -o StrictHostKeyChecking=no -o 'User="admin"' -o ConnectTimeout=10 -o ControlPath=/tmp/bwrap_123_v1oz23s_/awx_123_f123kd1l/cp/23f12312ba XXX.XXX.XXX.XXX '/bin/sh -c '"'"'echo ~admin && sleep 0'"'"''

There is no further output even if I wait 12 hours. This is with Verbosity at 4.

I am running this through AWX so every time I try I have to restart the AWX container to kill the job.

I have tried with a user credential containing the password only, one with a key and one with escalation "enable" set, with every combination of options for a password, key and Automatic Login set.

I can ssh from a normal Linux box with those credentials without an issue (though without Automatic Login it does prompt a second time for both username and password).

My Playbook has been stripped down to almost nothing -

- name: Set the NTP Servers
  gather_facts: no
  hosts: all

  tasks:
        - name: show clock
          community.ciscosmb.command:
           commands: show clock
          register: output
        - name: show output
          debug: 
           var: output.stdout

from community.ciscosmb.

Strange ...
I am curently testing on SG350X-48-K9.

#show inventory 
NAME: "1"   DESCR: "SG350X-48 48-Port Gigabit Stackable Managed Switch"   
PID: SG350X-48-K9   VID: V02   SN: XXXXXXXXXXXXXXXXXX   
...

#show version
Active-image: flash://system/images/image_tesla_hybrid_2.4.5.71_release_cisco_signed.bin
  Version: 2.4.5.71
  MD5 Digest: 2dff89efdb2a0ec2f9a2c414ff7d401c
  Date: 04-Nov-2018
  Time: 19:46:16
... 

inventory.yml

all:
  vars:    
    ansible_connection: network_cli
    ### change what you need
    # ansible_ssh_private_key_file: /dir/private.key
    ansible_ssh_user: test
    ansible_ssh_pass: passwd
    ansible_become_method: enable
    ansible_become_password: passwd2
    #
    ### Enable become globaly, by host, by playbook or by task
    # ansible_become: yes 

  hosts:
    sw-1:
      ansible_host: xx.xx.xx.xx
      ansible_network_os: community.ciscosmb.ciscosmb

playbook.yml

- name: CiscoSMB - test commands
  gather_facts: no
  hosts: all
  # vars:
  #  ansible_become: yes

  tasks:
    - name: CiscoSMB - show clock
      community.ciscosmb.command:
        commands:
          - show version
          - show clock
      register: show_clock
    
    - name: show output
      ansible.builtin.debug: 
        var:  show_clock
    

    - name: CiscoSMB - set timezone
      community.ciscosmb.command:
        commands:
          - configure terminal
          - clock timezone CET +1
      vars:
        ansible_become: yes
      register: set_timezone

    - name: show output
      ansible.builtin.debug: 
        var: set_timezone

ansible-play -i inventory.yml playbook.yml

And this work without issues.

sniplet of cisco config regarding user settings

username test password encrypted xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx privilege 1
enable password level 15 encrypted xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

ip ssh server
ip ssh password-auth
ip ssh pubkey-auth auto-login
# !!! no key for user test

What is your model and FW version show inventory and show version ?

from community.ciscosmb.

I ran your playbook directly from the command line and it worked perfectly!

I then compared that to what I had and realised I was missing -

ansible_connection: network_cli
ansible_network_os: community.ciscosmb.ciscosmb

From my inventory.

I added this and suddenly everything is working!

ok: [XXX.XXX.XXX.XXX] => {
"output.stdout": [
"04:50:52 CET Oct 12 2021\nTime from SNTP is enabled\nOperational Time Source: None\nTime from Browser is disabled"
]
}

You can ignore the time, the switch has been reset to factory so that I could play with configuring it.

Anyway, thank you so much! I'm off to try some proper configuration stuff now.

from community.ciscosmb.

So embarrassing when I see those exact lines in the inventory in the readme!

from community.ciscosmb.

By the way, I can confirm it works without password authentication set, I have only ip ssh pubkey-auth auto-login set and it works on the sg350-10p (Version: 2.5.8.15).

from community.ciscosmb.

from community.ciscosmb.