Module netmiko.cisco.cisco_asa_ssh
Subclass specific to Cisco ASA.
Expand source code
"""Subclass specific to Cisco ASA."""
from typing import Any, Union, List, Dict, Optional
import re
import time
from netmiko.cisco_base_connection import CiscoSSHConnection, CiscoFileTransfer
from netmiko.exceptions import NetmikoAuthenticationException
class CiscoAsaSSH(CiscoSSHConnection):
"""Subclass specific to Cisco ASA."""
def __init__(self, *args: Any, **kwargs: Any) -> None:
kwargs.setdefault("allow_auto_change", True)
return super().__init__(*args, **kwargs)
def session_preparation(self) -> None:
"""Prepare the session after the connection has been established."""
# Make sure the ASA is ready
command = "show curpriv\n"
self.write_channel(command)
self.read_until_pattern(pattern=re.escape(command.strip()))
# The 'enable' call requires the base_prompt to be set.
self.set_base_prompt()
if self.secret:
self.enable()
else:
self.asa_login()
self.disable_paging(command="terminal pager 0")
if self.allow_auto_change:
try:
self.send_config_set("terminal width 511")
except ValueError:
# Don't fail for the terminal width
pass
else:
# Disable cmd_verify if the terminal width can't be set
self.global_cmd_verify = False
self.set_base_prompt()
def check_config_mode(
self,
check_string: str = ")#",
pattern: str = r"[>\#]",
force_regex: bool = False,
) -> bool:
return super().check_config_mode(check_string=check_string, pattern=pattern)
def enable(
self,
cmd: str = "enable",
pattern: str = "ssword",
enable_pattern: Optional[str] = r"\#",
check_state: bool = True,
re_flags: int = re.IGNORECASE,
) -> str:
return super().enable(
cmd=cmd,
pattern=pattern,
enable_pattern=enable_pattern,
check_state=check_state,
re_flags=re_flags,
)
def send_command_timing(
self, *args: Any, **kwargs: Any
) -> Union[str, List[Any], Dict[str, Any]]:
"""
If the ASA is in multi-context mode, then the base_prompt needs to be
updated after each context change.
"""
output = super().send_command_timing(*args, **kwargs)
if len(args) >= 1:
command_string = args[0]
else:
command_string = kwargs["command_string"]
if "changeto" in command_string:
self.set_base_prompt()
return output
def send_command(
self, *args: Any, **kwargs: Any
) -> Union[str, List[Any], Dict[str, Any]]:
"""
If the ASA is in multi-context mode, then the base_prompt needs to be
updated after each context change.
"""
if len(args) >= 1:
command_string = args[0]
else:
command_string = kwargs["command_string"]
# If changeto in command, look for '#' to determine command is done
if "changeto" in command_string:
if len(args) <= 1:
expect_string = kwargs.get("expect_string", "#")
kwargs["expect_string"] = expect_string
output = super().send_command(*args, **kwargs)
if "changeto" in command_string:
self.set_base_prompt()
return output
def set_base_prompt(self, *args: Any, **kwargs: Any) -> str:
"""
Cisco ASA in multi-context mode needs to have the base prompt updated
(if you switch contexts i.e. 'changeto')
This switch of ASA contexts can occur in configuration mode. If this
happens the trailing '(config*' needs stripped off.
"""
cur_base_prompt = super().set_base_prompt(*args, **kwargs)
match = re.search(r"(.*)\(conf.*", cur_base_prompt)
if match:
# strip off (conf.* from base_prompt
self.base_prompt = match.group(1)
return self.base_prompt
else:
return cur_base_prompt
def asa_login(self) -> None:
"""
Handle ASA reaching privilege level 15 using login
twb-dc-fw1> login
Username: admin
Raises NetmikoAuthenticationException, if we do not reach privilege
level 15 after 10 loops.
"""
delay_factor = self.select_delay_factor(0)
i = 1
max_attempts = 10
self.write_channel("login" + self.RETURN)
output = self.read_until_pattern(pattern=r"login")
while i <= max_attempts:
time.sleep(0.5 * delay_factor)
output = self.read_channel()
if "sername" in output:
assert isinstance(self.username, str)
self.write_channel(self.username + self.RETURN)
elif "ssword" in output:
assert isinstance(self.password, str)
self.write_channel(self.password + self.RETURN)
elif "#" in output:
return
else:
self.write_channel("login" + self.RETURN)
i += 1
msg = "Unable to enter enable mode!"
raise NetmikoAuthenticationException(msg)
def save_config(
self, cmd: str = "write mem", confirm: bool = False, confirm_response: str = ""
) -> str:
"""Saves Config"""
return super().save_config(
cmd=cmd, confirm=confirm, confirm_response=confirm_response
)
def normalize_linefeeds(self, a_string: str) -> str:
"""Cisco ASA needed that extra \r\n\r"""
newline = re.compile("(\r\n\r|\r\r\r\n|\r\r\n|\r\n|\n\r)")
a_string = newline.sub(self.RESPONSE_RETURN, a_string)
if self.RESPONSE_RETURN == "\n":
# Delete any remaining \r
return re.sub("\r", "", a_string)
else:
return a_string
class CiscoAsaFileTransfer(CiscoFileTransfer):
"""Cisco ASA SCP File Transfer driver."""
passClasses
class CiscoAsaFileTransfer (ssh_conn: BaseConnection, source_file: str, dest_file: str, file_system: Optional[str] = None, direction: str = 'put', socket_timeout: float = 10.0, progress: Optional[Callable[..., Any]] = None, progress4: Optional[Callable[..., Any]] = None, hash_supported: bool = True)-
Cisco ASA SCP File Transfer driver.
Expand source code
class CiscoAsaFileTransfer(CiscoFileTransfer): """Cisco ASA SCP File Transfer driver.""" passAncestors
Inherited members
class CiscoAsaSSH (*args: Any, **kwargs: Any)-
Subclass specific to Cisco ASA.
Initialize attributes for establishing connection to target device. :param ip: IP address of target device. Not required if <code>host</code> is provided. :param host: Hostname of target device. Not required if <code>ip</code> is provided. :param username: Username to authenticate against target device if required. :param password: Password to authenticate against target device if required. :param secret: The enable password if target device requires one. :param port: The destination port used to connect to the target device. :param device_type: Class selection based on device type. :param verbose: Enable additional messages to standard output. :param global_delay_factor: Multiplication factor affecting Netmiko delays (default: 1). :param use_keys: Connect to target device using SSH keys. :param key_file: Filename path of the SSH key file to use. :param pkey: SSH key object to use. :param passphrase: Passphrase to use for encrypted key; password will be used for key decryption if not specified. :param disabled_algorithms: Dictionary of SSH algorithms to disable. Refer to the Paramiko documentation for a description of the expected format. :param disable_sha2_fix: Boolean that fixes Paramiko issue with missing server-sig-algs <https://github.com/paramiko/paramiko/issues/1961> (default: False) :param allow_agent: Enable use of SSH key-agent. :param ssh_strict: Automatically reject unknown SSH host keys (default: False, which means unknown SSH host keys will be accepted). :param system_host_keys: Load host keys from the users known_hosts file. :param alt_host_keys: If <code>True</code> host keys will be loaded from the file specified in alt_key_file. :param alt_key_file: SSH host key file to use (if alt_host_keys=True). :param ssh_config_file: File name of OpenSSH configuration file. :param conn_timeout: TCP connection timeout. :param session_timeout: Set a timeout for parallel requests. :param auth_timeout: Set a timeout (in seconds) to wait for an authentication response. :param banner_timeout: Set a timeout to wait for the SSH banner (pass to Paramiko). :param read_timeout_override: Set a timeout that will override the default read_timeout of both send_command and send_command_timing. This is useful for 3rd party libraries where directly accessing method arguments might be impractical. :param keepalive: Send SSH keepalive packets at a specific interval, in seconds. Currently defaults to 0, for backwards compatibility (it will not attempt to keep the connection alive). :param default_enter: Character(s) to send to correspond to enter key (default:).
:param response_return: Character(s) to use in normalized return data to represent enter key (default:)
:param serial_settings: Dictionary of settings for use with serial port (pySerial). :param fast_cli: Provide a way to optimize for performance. Converts select_delay_factor to select smallest of global and specific. Sets default global_delay_factor to .1 (default: True) :param session_log: File path, SessionLog object, or BufferedIOBase subclass object to write the session log to. :param session_log_record_writes: The session log generally only records channel reads due to eliminate command duplication due to command echo. You can enable this if you want to record both channel reads and channel writes in the log (default: False). :param session_log_file_mode: "write" or "append" for session_log file mode (default: "write") :param allow_auto_change: Allow automatic configuration changes for terminal settings. (default: False) :param encoding: Encoding to be used when writing bytes to the output channel. (default: "utf-8") :param sock: An open socket or socket-like object (such as a <code>.Channel</code>) to use for communication to the target host (default: None). :param sock_telnet: A dictionary of telnet socket parameters (SOCKS proxy). See telnet_proxy.py code for details. :param global_cmd_verify: Control whether command echo verification is enabled or disabled (default: None). Global attribute takes precedence over function <code>cmd\_verify</code> argument. Value of <code>None</code> indicates to use function <code>cmd\_verify</code> argument. :param auto_connect: Control whether Netmiko automatically establishes the connection as part of the object creation (default: True). :param delay_factor_compat: Set send_command and send_command_timing back to using Netmiko 3.x behavior for delay_factor/global_delay_factor/max_loops. This argument will be eliminated in Netmiko 5.x (default: False). :param disable_lf_normalization: Disable Netmiko's linefeed normalization behavior (default: False)Expand source code
class CiscoAsaSSH(CiscoSSHConnection): """Subclass specific to Cisco ASA.""" def __init__(self, *args: Any, **kwargs: Any) -> None: kwargs.setdefault("allow_auto_change", True) return super().__init__(*args, **kwargs) def session_preparation(self) -> None: """Prepare the session after the connection has been established.""" # Make sure the ASA is ready command = "show curpriv\n" self.write_channel(command) self.read_until_pattern(pattern=re.escape(command.strip())) # The 'enable' call requires the base_prompt to be set. self.set_base_prompt() if self.secret: self.enable() else: self.asa_login() self.disable_paging(command="terminal pager 0") if self.allow_auto_change: try: self.send_config_set("terminal width 511") except ValueError: # Don't fail for the terminal width pass else: # Disable cmd_verify if the terminal width can't be set self.global_cmd_verify = False self.set_base_prompt() def check_config_mode( self, check_string: str = ")#", pattern: str = r"[>\#]", force_regex: bool = False, ) -> bool: return super().check_config_mode(check_string=check_string, pattern=pattern) def enable( self, cmd: str = "enable", pattern: str = "ssword", enable_pattern: Optional[str] = r"\#", check_state: bool = True, re_flags: int = re.IGNORECASE, ) -> str: return super().enable( cmd=cmd, pattern=pattern, enable_pattern=enable_pattern, check_state=check_state, re_flags=re_flags, ) def send_command_timing( self, *args: Any, **kwargs: Any ) -> Union[str, List[Any], Dict[str, Any]]: """ If the ASA is in multi-context mode, then the base_prompt needs to be updated after each context change. """ output = super().send_command_timing(*args, **kwargs) if len(args) >= 1: command_string = args[0] else: command_string = kwargs["command_string"] if "changeto" in command_string: self.set_base_prompt() return output def send_command( self, *args: Any, **kwargs: Any ) -> Union[str, List[Any], Dict[str, Any]]: """ If the ASA is in multi-context mode, then the base_prompt needs to be updated after each context change. """ if len(args) >= 1: command_string = args[0] else: command_string = kwargs["command_string"] # If changeto in command, look for '#' to determine command is done if "changeto" in command_string: if len(args) <= 1: expect_string = kwargs.get("expect_string", "#") kwargs["expect_string"] = expect_string output = super().send_command(*args, **kwargs) if "changeto" in command_string: self.set_base_prompt() return output def set_base_prompt(self, *args: Any, **kwargs: Any) -> str: """ Cisco ASA in multi-context mode needs to have the base prompt updated (if you switch contexts i.e. 'changeto') This switch of ASA contexts can occur in configuration mode. If this happens the trailing '(config*' needs stripped off. """ cur_base_prompt = super().set_base_prompt(*args, **kwargs) match = re.search(r"(.*)\(conf.*", cur_base_prompt) if match: # strip off (conf.* from base_prompt self.base_prompt = match.group(1) return self.base_prompt else: return cur_base_prompt def asa_login(self) -> None: """ Handle ASA reaching privilege level 15 using login twb-dc-fw1> login Username: admin Raises NetmikoAuthenticationException, if we do not reach privilege level 15 after 10 loops. """ delay_factor = self.select_delay_factor(0) i = 1 max_attempts = 10 self.write_channel("login" + self.RETURN) output = self.read_until_pattern(pattern=r"login") while i <= max_attempts: time.sleep(0.5 * delay_factor) output = self.read_channel() if "sername" in output: assert isinstance(self.username, str) self.write_channel(self.username + self.RETURN) elif "ssword" in output: assert isinstance(self.password, str) self.write_channel(self.password + self.RETURN) elif "#" in output: return else: self.write_channel("login" + self.RETURN) i += 1 msg = "Unable to enter enable mode!" raise NetmikoAuthenticationException(msg) def save_config( self, cmd: str = "write mem", confirm: bool = False, confirm_response: str = "" ) -> str: """Saves Config""" return super().save_config( cmd=cmd, confirm=confirm, confirm_response=confirm_response ) def normalize_linefeeds(self, a_string: str) -> str: """Cisco ASA needed that extra \r\n\r""" newline = re.compile("(\r\n\r|\r\r\r\n|\r\r\n|\r\n|\n\r)") a_string = newline.sub(self.RESPONSE_RETURN, a_string) if self.RESPONSE_RETURN == "\n": # Delete any remaining \r return re.sub("\r", "", a_string) else: return a_stringAncestors
Methods
def asa_login(self) ‑> None-
Handle ASA reaching privilege level 15 using login
twb-dc-fw1> login Username: admin
Raises NetmikoAuthenticationException, if we do not reach privilege level 15 after 10 loops.
Expand source code
def asa_login(self) -> None: """ Handle ASA reaching privilege level 15 using login twb-dc-fw1> login Username: admin Raises NetmikoAuthenticationException, if we do not reach privilege level 15 after 10 loops. """ delay_factor = self.select_delay_factor(0) i = 1 max_attempts = 10 self.write_channel("login" + self.RETURN) output = self.read_until_pattern(pattern=r"login") while i <= max_attempts: time.sleep(0.5 * delay_factor) output = self.read_channel() if "sername" in output: assert isinstance(self.username, str) self.write_channel(self.username + self.RETURN) elif "ssword" in output: assert isinstance(self.password, str) self.write_channel(self.password + self.RETURN) elif "#" in output: return else: self.write_channel("login" + self.RETURN) i += 1 msg = "Unable to enter enable mode!" raise NetmikoAuthenticationException(msg) def normalize_linefeeds(self, a_string: str) ‑> str-
Cisco ASA needed that extra
Expand source code
def normalize_linefeeds(self, a_string: str) -> str: """Cisco ASA needed that extra \r\n\r""" newline = re.compile("(\r\n\r|\r\r\r\n|\r\r\n|\r\n|\n\r)") a_string = newline.sub(self.RESPONSE_RETURN, a_string) if self.RESPONSE_RETURN == "\n": # Delete any remaining \r return re.sub("\r", "", a_string) else: return a_string def save_config(self, cmd: str = 'write mem', confirm: bool = False, confirm_response: str = '') ‑> str-
Saves Config
Expand source code
def save_config( self, cmd: str = "write mem", confirm: bool = False, confirm_response: str = "" ) -> str: """Saves Config""" return super().save_config( cmd=cmd, confirm=confirm, confirm_response=confirm_response ) def send_command(self, *args: Any, **kwargs: Any) ‑> Union[str, List[Any], Dict[str, Any]]-
If the ASA is in multi-context mode, then the base_prompt needs to be updated after each context change.
Expand source code
def send_command( self, *args: Any, **kwargs: Any ) -> Union[str, List[Any], Dict[str, Any]]: """ If the ASA is in multi-context mode, then the base_prompt needs to be updated after each context change. """ if len(args) >= 1: command_string = args[0] else: command_string = kwargs["command_string"] # If changeto in command, look for '#' to determine command is done if "changeto" in command_string: if len(args) <= 1: expect_string = kwargs.get("expect_string", "#") kwargs["expect_string"] = expect_string output = super().send_command(*args, **kwargs) if "changeto" in command_string: self.set_base_prompt() return output def send_command_timing(self, *args: Any, **kwargs: Any) ‑> Union[str, List[Any], Dict[str, Any]]-
If the ASA is in multi-context mode, then the base_prompt needs to be updated after each context change.
Expand source code
def send_command_timing( self, *args: Any, **kwargs: Any ) -> Union[str, List[Any], Dict[str, Any]]: """ If the ASA is in multi-context mode, then the base_prompt needs to be updated after each context change. """ output = super().send_command_timing(*args, **kwargs) if len(args) >= 1: command_string = args[0] else: command_string = kwargs["command_string"] if "changeto" in command_string: self.set_base_prompt() return output def session_preparation(self) ‑> None-
Prepare the session after the connection has been established.
Expand source code
def session_preparation(self) -> None: """Prepare the session after the connection has been established.""" # Make sure the ASA is ready command = "show curpriv\n" self.write_channel(command) self.read_until_pattern(pattern=re.escape(command.strip())) # The 'enable' call requires the base_prompt to be set. self.set_base_prompt() if self.secret: self.enable() else: self.asa_login() self.disable_paging(command="terminal pager 0") if self.allow_auto_change: try: self.send_config_set("terminal width 511") except ValueError: # Don't fail for the terminal width pass else: # Disable cmd_verify if the terminal width can't be set self.global_cmd_verify = False self.set_base_prompt() def set_base_prompt(self, *args: Any, **kwargs: Any) ‑> str-
Cisco ASA in multi-context mode needs to have the base prompt updated (if you switch contexts i.e. 'changeto')
This switch of ASA contexts can occur in configuration mode. If this happens the trailing '(config*' needs stripped off.
Expand source code
def set_base_prompt(self, *args: Any, **kwargs: Any) -> str: """ Cisco ASA in multi-context mode needs to have the base prompt updated (if you switch contexts i.e. 'changeto') This switch of ASA contexts can occur in configuration mode. If this happens the trailing '(config*' needs stripped off. """ cur_base_prompt = super().set_base_prompt(*args, **kwargs) match = re.search(r"(.*)\(conf.*", cur_base_prompt) if match: # strip off (conf.* from base_prompt self.base_prompt = match.group(1) return self.base_prompt else: return cur_base_prompt
Inherited members
CiscoSSHConnection:check_config_modecheck_enable_modecleanupclear_buffercommitconfig_modedisable_pagingdisconnectenableestablish_connectionexit_config_modeexit_enable_modefind_promptis_alivenormalize_cmdparamiko_cleanupread_channelread_channel_timingread_until_patternread_until_promptread_until_prompt_or_patternrun_ttpselect_delay_factorsend_command_expectsend_config_from_filesend_config_setsend_multilineset_terminal_widthspecial_login_handlerstrip_ansi_escape_codesstrip_backspacesstrip_commandstrip_prompttelnet_loginwrite_channel