I am looking to use ansible with my Dell X1000 series switches. There is no network modules for these switches which is fine for me. I plan to use the raw module.
My issue is that when you connect to these switches via SSH, the switches always ask for the UserID and Password. Even when you use “ssh userid@switch” it will ask you for your user id and password.
Is there a way to have ansible use an “expect” type of solution for the initial login via ssh?
It may be something like additional args in ansible_ssh_args but I cannot figure it out.
You can follow these step to make machine passwordless.
Step:1 First generate the public/private key pair on the Ansible control machine:
$ ssh-keygen –t rsa
Step:2 Enable the RSA-SSH authentication feature on the Dell switch by executing the following command:
ip ssh rsa-authentication enable
Step:3 Configure the username and password on the Dell switch. The RSA-authentication public key will be added to the admin.
username admin password xxxx privilege 15
Step:4 Login to the Dell switch using SSH and username admin. Copy the public key of the Ansible control machine to the Dell switch:
copy scp: flash:
Address or name of remote host : 100.67.1.10
Source file name : .ssh/id_rsa.pub
User name to login remote host: root
Password to login remote host:
Destination file name [id_rsa.pub]:
224 bytes successfully copied Leaf1A#
Step:5 Login into the Dell EMC Networking switch through SSH and configure the public key on the Dell EMC Networking switch by executing the following command:
ip ssh rsa-authentication my-authorized-keys id_rsa.pub
RSA keys added to admin’s list of authorized-keys.
Delete the file id_rsa.pub : (yes/no) ? yes
Step:6 Verify the SSH connection by executing the following command:
$ ssh 100.67.170.31 -i .ssh/id_rsa -l admin
Thank you Soniya for the reply!!
Unfortunately, this Dell switch is not the EMC line, but a lower line of switches, the X1000 series, where the majority of the configuration is done via web browser. It has limited CLI functionality (which I have not been happy with). I cannot put in the rsa or dsa keys into the switch as I had hoped. In my experience, I have seen a few other devices which always ask User ID and Password via ssh. It appears that they do not implement the full ssh features in their products.
Any other ideas on how to get ansible to do a “screen scrape/expect” on the login process?
Thanks in advance
You will need to abandon the use of the raw module and use the expect module for everything.
Any other ideas on how to get ansible to do a “screen scrape/expect” on the login process?
Yes, you can use expect module. You could just run it on local host and use the ssh as the command.
Example:
connection: local
tasks:
command: ssh <connection_details>
responses:
(?i)prompt: “response”
Thanks, Soniya and Kai!!!
I was not aware of the expect module. It was what I was looking for.