Module netmiko.cisco.cisco_asa_ssh
Subclass specific to Cisco ASA.
Source code
"""Subclass specific to Cisco ASA."""
import re
import time
from netmiko.cisco_base_connection import CiscoSSHConnection, CiscoFileTransfer
from netmiko.ssh_exception import NetmikoAuthenticationException
class CiscoAsaSSH(CiscoSSHConnection):
"""Subclass specific to Cisco ASA."""
def __init__(self, *args, **kwargs):
kwargs.setdefault("fast_cli", True)
kwargs.setdefault("_legacy_mode", False)
kwargs.setdefault("allow_auto_change", True)
return super().__init__(*args, **kwargs)
def session_preparation(self):
"""Prepare the session after the connection has been established."""
# Make sure the ASA is ready
command = "show curpriv\n"
self.write_channel(command)
self.read_until_pattern(pattern=re.escape(command.strip()))
# The 'enable' call requires the base_prompt to be set.
self.set_base_prompt()
if self.secret:
self.enable()
else:
self.asa_login()
self.disable_paging(command="terminal pager 0")
if self.allow_auto_change:
try:
self.send_config_set("terminal width 511")
except ValueError:
# Don't fail for the terminal width
pass
else:
# Disable cmd_verify if the terminal width can't be set
self.global_cmd_verify = False
self.set_base_prompt()
def check_config_mode(self, check_string=")#", pattern=r"[>\#]"):
return super().check_config_mode(check_string=check_string, pattern=pattern)
def enable(
self,
cmd="enable",
pattern="ssword",
enable_pattern=r"\#",
re_flags=re.IGNORECASE,
):
return super().enable(
cmd=cmd, pattern=pattern, enable_pattern=enable_pattern, re_flags=re_flags
)
def send_command_timing(self, *args, **kwargs):
"""
If the ASA is in multi-context mode, then the base_prompt needs to be
updated after each context change.
"""
output = super().send_command_timing(*args, **kwargs)
if len(args) >= 1:
command_string = args[0]
else:
command_string = kwargs["command_string"]
if "changeto" in command_string:
self.set_base_prompt()
return output
def send_command(self, *args, **kwargs):
"""
If the ASA is in multi-context mode, then the base_prompt needs to be
updated after each context change.
"""
if len(args) >= 1:
command_string = args[0]
else:
command_string = kwargs["command_string"]
# If changeto in command, look for '#' to determine command is done
if "changeto" in command_string:
if len(args) <= 1:
expect_string = kwargs.get("expect_string", "#")
kwargs["expect_string"] = expect_string
output = super().send_command(*args, **kwargs)
if "changeto" in command_string:
self.set_base_prompt()
return output
def send_command_expect(self, *args, **kwargs):
"""Backwards compaitibility."""
return self.send_command(*args, **kwargs)
def set_base_prompt(self, *args, **kwargs):
"""
Cisco ASA in multi-context mode needs to have the base prompt updated
(if you switch contexts i.e. 'changeto')
This switch of ASA contexts can occur in configuration mode. If this
happens the trailing '(config*' needs stripped off.
"""
cur_base_prompt = super().set_base_prompt(*args, **kwargs)
match = re.search(r"(.*)\(conf.*", cur_base_prompt)
if match:
# strip off (conf.* from base_prompt
self.base_prompt = match.group(1)
return self.base_prompt
def asa_login(self):
"""
Handle ASA reaching privilege level 15 using login
twb-dc-fw1> login
Username: admin
Raises NetmikoAuthenticationException, if we do not reach privilege
level 15 after 10 loops.
"""
delay_factor = self.select_delay_factor(0)
i = 1
max_attempts = 10
self.write_channel("login" + self.RETURN)
output = self.read_until_pattern(pattern=r"login")
while i <= max_attempts:
time.sleep(0.5 * delay_factor)
output = self.read_channel()
if "sername" in output:
self.write_channel(self.username + self.RETURN)
elif "ssword" in output:
self.write_channel(self.password + self.RETURN)
elif "#" in output:
return
else:
self.write_channel("login" + self.RETURN)
i += 1
msg = "Unable to enter enable mode!"
raise NetmikoAuthenticationException(msg)
def save_config(self, cmd="write mem", confirm=False, confirm_response=""):
"""Saves Config"""
return super().save_config(
cmd=cmd, confirm=confirm, confirm_response=confirm_response
)
def normalize_linefeeds(self, a_string):
"""Cisco ASA needed that extra \r\n\r"""
newline = re.compile("(\r\n\r|\r\r\r\n|\r\r\n|\r\n|\n\r)")
a_string = newline.sub(self.RESPONSE_RETURN, a_string)
if self.RESPONSE_RETURN == "\n":
# Delete any remaining \r
return re.sub("\r", "", a_string)
else:
return a_string
class CiscoAsaFileTransfer(CiscoFileTransfer):
"""Cisco ASA SCP File Transfer driver."""
passClasses
class CiscoAsaFileTransfer (ssh_conn, source_file, dest_file, file_system=None, direction='put', socket_timeout=10.0, progress=None, progress4=None, hash_supported=True)-
Cisco ASA SCP File Transfer driver.
Source code
class CiscoAsaFileTransfer(CiscoFileTransfer): """Cisco ASA SCP File Transfer driver.""" passAncestors
Inherited members
class CiscoAsaSSH (*args, **kwargs)-
Subclass specific to Cisco ASA.
Initialize attributes for establishing connection to target device. :param ip: IP address of target device. Not required if `host` is provided. :type ip: str :param host: Hostname of target device. Not required if `ip` is provided. :type host: str :param username: Username to authenticate against target device if required. :type username: str :param password: Password to authenticate against target device if required. :type password: str :param secret: The enable password if target device requires one. :type secret: str :param port: The destination port used to connect to the target device. :type port: int or None :param device_type: Class selection based on device type. :type device_type: str :param verbose: Enable additional messages to standard output. :type verbose: bool :param global_delay_factor: Multiplication factor affecting Netmiko delays (default: 1). :type global_delay_factor: int :param use_keys: Connect to target device using SSH keys. :type use_keys: bool :param key_file: Filename path of the SSH key file to use. :type key_file: str :param pkey: SSH key object to use. :type pkey: paramiko.PKey :param passphrase: Passphrase to use for encrypted key; password will be used for key decryption if not specified. :type passphrase: str :param allow_agent: Enable use of SSH key-agent. :type allow_agent: bool :param ssh_strict: Automatically reject unknown SSH host keys (default: False, which means unknown SSH host keys will be accepted). :type ssh_strict: bool :param system_host_keys: Load host keys from the users known_hosts file. :type system_host_keys: bool :param alt_host_keys: If `True` host keys will be loaded from the file specified in alt_key_file. :type alt_host_keys: bool :param alt_key_file: SSH host key file to use (if alt_host_keys=True). :type alt_key_file: str :param ssh_config_file: File name of OpenSSH configuration file. :type ssh_config_file: str :param timeout: Connection timeout. :type timeout: float :param session_timeout: Set a timeout for parallel requests. :type session_timeout: float :param auth_timeout: Set a timeout (in seconds) to wait for an authentication response. :type auth_timeout: float :param banner_timeout: Set a timeout to wait for the SSH banner (pass to Paramiko). :type banner_timeout: float :param keepalive: Send SSH keepalive packets at a specific interval, in seconds. Currently defaults to 0, for backwards compatibility (it will not attempt to keep the connection alive). :type keepalive: int :param default_enter: Character(s) to send to correspond to enter key (default:). :type default_enter: str
:param response_return: Character(s) to use in normalized return data to represent enter key (default:) :type response_return: str
:param fast_cli: Provide a way to optimize for performance. Converts select_delay_factor to select smallest of global and specific. Sets default global_delay_factor to .1 (default: False) :type fast_cli: boolean :param session_log: File path or BufferedIOBase subclass object to write the session log to. :type session_log: str :param session_log_record_writes: The session log generally only records channel reads due to eliminate command duplication due to command echo. You can enable this if you want to record both channel reads and channel writes in the log (default: False). :type session_log_record_writes: boolean :param session_log_file_mode: "write" or "append" for session_log file mode (default: "write") :type session_log_file_mode: str :param allow_auto_change: Allow automatic configuration changes for terminal settings. (default: False) :type allow_auto_change: bool :param encoding: Encoding to be used when writing bytes to the output channel. (default: ascii) :type encoding: str :param sock: An open socket or socket-like object (such as a `.Channel`) to use for communication to the target host (default: None). :type sock: socket :param global_cmd_verify: Control whether command echo verification is enabled or disabled (default: None). Global attribute takes precedence over function `cmd_verify` argument. Value of `None` indicates to use function `cmd_verify` argument. :type global_cmd_verify: bool|None :param auto_connect: Control whether Netmiko automatically establishes the connection as part of the object creation (default: True). :type auto_connect: boolSource code
class CiscoAsaSSH(CiscoSSHConnection): """Subclass specific to Cisco ASA.""" def __init__(self, *args, **kwargs): kwargs.setdefault("fast_cli", True) kwargs.setdefault("_legacy_mode", False) kwargs.setdefault("allow_auto_change", True) return super().__init__(*args, **kwargs) def session_preparation(self): """Prepare the session after the connection has been established.""" # Make sure the ASA is ready command = "show curpriv\n" self.write_channel(command) self.read_until_pattern(pattern=re.escape(command.strip())) # The 'enable' call requires the base_prompt to be set. self.set_base_prompt() if self.secret: self.enable() else: self.asa_login() self.disable_paging(command="terminal pager 0") if self.allow_auto_change: try: self.send_config_set("terminal width 511") except ValueError: # Don't fail for the terminal width pass else: # Disable cmd_verify if the terminal width can't be set self.global_cmd_verify = False self.set_base_prompt() def check_config_mode(self, check_string=")#", pattern=r"[>\#]"): return super().check_config_mode(check_string=check_string, pattern=pattern) def enable( self, cmd="enable", pattern="ssword", enable_pattern=r"\#", re_flags=re.IGNORECASE, ): return super().enable( cmd=cmd, pattern=pattern, enable_pattern=enable_pattern, re_flags=re_flags ) def send_command_timing(self, *args, **kwargs): """ If the ASA is in multi-context mode, then the base_prompt needs to be updated after each context change. """ output = super().send_command_timing(*args, **kwargs) if len(args) >= 1: command_string = args[0] else: command_string = kwargs["command_string"] if "changeto" in command_string: self.set_base_prompt() return output def send_command(self, *args, **kwargs): """ If the ASA is in multi-context mode, then the base_prompt needs to be updated after each context change. """ if len(args) >= 1: command_string = args[0] else: command_string = kwargs["command_string"] # If changeto in command, look for '#' to determine command is done if "changeto" in command_string: if len(args) <= 1: expect_string = kwargs.get("expect_string", "#") kwargs["expect_string"] = expect_string output = super().send_command(*args, **kwargs) if "changeto" in command_string: self.set_base_prompt() return output def send_command_expect(self, *args, **kwargs): """Backwards compaitibility.""" return self.send_command(*args, **kwargs) def set_base_prompt(self, *args, **kwargs): """ Cisco ASA in multi-context mode needs to have the base prompt updated (if you switch contexts i.e. 'changeto') This switch of ASA contexts can occur in configuration mode. If this happens the trailing '(config*' needs stripped off. """ cur_base_prompt = super().set_base_prompt(*args, **kwargs) match = re.search(r"(.*)\(conf.*", cur_base_prompt) if match: # strip off (conf.* from base_prompt self.base_prompt = match.group(1) return self.base_prompt def asa_login(self): """ Handle ASA reaching privilege level 15 using login twb-dc-fw1> login Username: admin Raises NetmikoAuthenticationException, if we do not reach privilege level 15 after 10 loops. """ delay_factor = self.select_delay_factor(0) i = 1 max_attempts = 10 self.write_channel("login" + self.RETURN) output = self.read_until_pattern(pattern=r"login") while i <= max_attempts: time.sleep(0.5 * delay_factor) output = self.read_channel() if "sername" in output: self.write_channel(self.username + self.RETURN) elif "ssword" in output: self.write_channel(self.password + self.RETURN) elif "#" in output: return else: self.write_channel("login" + self.RETURN) i += 1 msg = "Unable to enter enable mode!" raise NetmikoAuthenticationException(msg) def save_config(self, cmd="write mem", confirm=False, confirm_response=""): """Saves Config""" return super().save_config( cmd=cmd, confirm=confirm, confirm_response=confirm_response ) def normalize_linefeeds(self, a_string): """Cisco ASA needed that extra \r\n\r""" newline = re.compile("(\r\n\r|\r\r\r\n|\r\r\n|\r\n|\n\r)") a_string = newline.sub(self.RESPONSE_RETURN, a_string) if self.RESPONSE_RETURN == "\n": # Delete any remaining \r return re.sub("\r", "", a_string) else: return a_stringAncestors
Methods
def asa_login(self)-
Handle ASA reaching privilege level 15 using login
twb-dc-fw1> login Username: admin
Raises NetmikoAuthenticationException, if we do not reach privilege level 15 after 10 loops.
Source code
def asa_login(self): """ Handle ASA reaching privilege level 15 using login twb-dc-fw1> login Username: admin Raises NetmikoAuthenticationException, if we do not reach privilege level 15 after 10 loops. """ delay_factor = self.select_delay_factor(0) i = 1 max_attempts = 10 self.write_channel("login" + self.RETURN) output = self.read_until_pattern(pattern=r"login") while i <= max_attempts: time.sleep(0.5 * delay_factor) output = self.read_channel() if "sername" in output: self.write_channel(self.username + self.RETURN) elif "ssword" in output: self.write_channel(self.password + self.RETURN) elif "#" in output: return else: self.write_channel("login" + self.RETURN) i += 1 msg = "Unable to enter enable mode!" raise NetmikoAuthenticationException(msg) def normalize_linefeeds(self, a_string)-
Cisco ASA needed that extra
Source code
def normalize_linefeeds(self, a_string): """Cisco ASA needed that extra \r\n\r""" newline = re.compile("(\r\n\r|\r\r\r\n|\r\r\n|\r\n|\n\r)") a_string = newline.sub(self.RESPONSE_RETURN, a_string) if self.RESPONSE_RETURN == "\n": # Delete any remaining \r return re.sub("\r", "", a_string) else: return a_string def save_config(self, cmd='write mem', confirm=False, confirm_response='')-
Saves Config
Source code
def save_config(self, cmd="write mem", confirm=False, confirm_response=""): """Saves Config""" return super().save_config( cmd=cmd, confirm=confirm, confirm_response=confirm_response ) def send_command(self, *args, **kwargs)-
If the ASA is in multi-context mode, then the base_prompt needs to be updated after each context change.
Source code
def send_command(self, *args, **kwargs): """ If the ASA is in multi-context mode, then the base_prompt needs to be updated after each context change. """ if len(args) >= 1: command_string = args[0] else: command_string = kwargs["command_string"] # If changeto in command, look for '#' to determine command is done if "changeto" in command_string: if len(args) <= 1: expect_string = kwargs.get("expect_string", "#") kwargs["expect_string"] = expect_string output = super().send_command(*args, **kwargs) if "changeto" in command_string: self.set_base_prompt() return output def send_command_expect(self, *args, **kwargs)-
Backwards compaitibility.
Source code
def send_command_expect(self, *args, **kwargs): """Backwards compaitibility.""" return self.send_command(*args, **kwargs) def send_command_timing(self, *args, **kwargs)-
If the ASA is in multi-context mode, then the base_prompt needs to be updated after each context change.
Source code
def send_command_timing(self, *args, **kwargs): """ If the ASA is in multi-context mode, then the base_prompt needs to be updated after each context change. """ output = super().send_command_timing(*args, **kwargs) if len(args) >= 1: command_string = args[0] else: command_string = kwargs["command_string"] if "changeto" in command_string: self.set_base_prompt() return output def session_preparation(self)-
Prepare the session after the connection has been established.
Source code
def session_preparation(self): """Prepare the session after the connection has been established.""" # Make sure the ASA is ready command = "show curpriv\n" self.write_channel(command) self.read_until_pattern(pattern=re.escape(command.strip())) # The 'enable' call requires the base_prompt to be set. self.set_base_prompt() if self.secret: self.enable() else: self.asa_login() self.disable_paging(command="terminal pager 0") if self.allow_auto_change: try: self.send_config_set("terminal width 511") except ValueError: # Don't fail for the terminal width pass else: # Disable cmd_verify if the terminal width can't be set self.global_cmd_verify = False self.set_base_prompt() def set_base_prompt(self, *args, **kwargs)-
Cisco ASA in multi-context mode needs to have the base prompt updated (if you switch contexts i.e. 'changeto')
This switch of ASA contexts can occur in configuration mode. If this happens the trailing '(config*' needs stripped off.
Source code
def set_base_prompt(self, *args, **kwargs): """ Cisco ASA in multi-context mode needs to have the base prompt updated (if you switch contexts i.e. 'changeto') This switch of ASA contexts can occur in configuration mode. If this happens the trailing '(config*' needs stripped off. """ cur_base_prompt = super().set_base_prompt(*args, **kwargs) match = re.search(r"(.*)\(conf.*", cur_base_prompt) if match: # strip off (conf.* from base_prompt self.base_prompt = match.group(1) return self.base_prompt
Inherited members
CiscoSSHConnection:check_config_modecheck_enable_modecleanupclear_bufferclose_session_logcommitconfig_modedisable_pagingdisconnectenableestablish_connectionexit_config_modeexit_enable_modefind_promptis_alivenormalize_cmdopen_session_logparamiko_cleanupread_channelread_until_patternread_until_promptread_until_prompt_or_patternrun_ttpselect_delay_factorsend_config_from_filesend_config_setset_terminal_widthspecial_login_handlerstrip_ansi_escape_codesstrip_backspacesstrip_commandstrip_prompttelnet_loginwrite_channel