Module netmiko.fortinet

Expand source code
from netmiko.fortinet.fortinet_ssh import FortinetSSH

__all__ = ["FortinetSSH"]

Sub-modules

netmiko.fortinet.fortinet_ssh

Classes

class FortinetSSH (ip: str = '', host: str = '', username: str = '', password: Optional[str] = None, secret: str = '', port: Optional[int] = None, device_type: str = '', verbose: bool = False, global_delay_factor: float = 1.0, global_cmd_verify: Optional[bool] = None, use_keys: bool = False, key_file: Optional[str] = None, pkey: Optional[paramiko.pkey.PKey] = None, passphrase: Optional[str] = None, disabled_algorithms: Optional[Dict[str, Any]] = None, disable_sha2_fix: bool = False, allow_agent: bool = False, ssh_strict: bool = False, system_host_keys: bool = False, alt_host_keys: bool = False, alt_key_file: str = '', ssh_config_file: Optional[str] = None, conn_timeout: int = 10, auth_timeout: Optional[int] = None, banner_timeout: int = 15, blocking_timeout: int = 20, timeout: int = 100, session_timeout: int = 60, read_timeout_override: Optional[float] = None, keepalive: int = 0, default_enter: Optional[str] = None, response_return: Optional[str] = None, serial_settings: Optional[Dict[str, Any]] = None, fast_cli: bool = True, session_log: Optional[SessionLog] = None, session_log_record_writes: bool = False, session_log_file_mode: str = 'write', allow_auto_change: bool = False, encoding: str = 'utf-8', sock: Optional[socket.socket] = None, sock_telnet: Optional[Dict[str, Any]] = None, auto_connect: bool = True, delay_factor_compat: bool = False, disable_lf_normalization: bool = False)

Class for platforms that have no config mode.

check_config_mode returns True as the expectation is that configuration commands can be executed directly. So in your current state, you are in "config mode" i.e. you can make configuration changes.

If you truly cannot make any configuration changes to device then you should probably overwrite check_config_mode in the platform specific driver and return False.

    Initialize attributes for establishing connection to target device.

    :param ip: IP address of target device. Not required if <code>host</code> is
        provided.

    :param host: Hostname of target device. Not required if <code>ip</code> is
            provided.

    :param username: Username to authenticate against target device if
            required.

    :param password: Password to authenticate against target device if
            required.

    :param secret: The enable password if target device requires one.

    :param port: The destination port used to connect to the target
            device.

    :param device_type: Class selection based on device type.

    :param verbose: Enable additional messages to standard output.

    :param global_delay_factor: Multiplication factor affecting Netmiko delays (default: 1).

    :param use_keys: Connect to target device using SSH keys.

    :param key_file: Filename path of the SSH key file to use.

    :param pkey: SSH key object to use.

    :param passphrase: Passphrase to use for encrypted key; password will be used for key
            decryption if not specified.

    :param disabled_algorithms: Dictionary of SSH algorithms to disable. Refer to the Paramiko
            documentation for a description of the expected format.

    :param disable_sha2_fix: Boolean that fixes Paramiko issue with missing server-sig-algs
        <https://github.com/paramiko/paramiko/issues/1961> (default: False)

    :param allow_agent: Enable use of SSH key-agent.

    :param ssh_strict: Automatically reject unknown SSH host keys (default: False, which
            means unknown SSH host keys will be accepted).

    :param system_host_keys: Load host keys from the users known_hosts file.

    :param alt_host_keys: If <code>True</code> host keys will be loaded from the file specified in
            alt_key_file.

    :param alt_key_file: SSH host key file to use (if alt_host_keys=True).

    :param ssh_config_file: File name of OpenSSH configuration file.

    :param conn_timeout: TCP connection timeout.

    :param session_timeout: Set a timeout for parallel requests.

    :param auth_timeout: Set a timeout (in seconds) to wait for an authentication response.

    :param banner_timeout: Set a timeout to wait for the SSH banner (pass to Paramiko).

    :param read_timeout_override: Set a timeout that will override the default read_timeout
            of both send_command and send_command_timing. This is useful for 3rd party
            libraries where directly accessing method arguments might be impractical.

    :param keepalive: Send SSH keepalive packets at a specific interval, in seconds.
            Currently defaults to 0, for backwards compatibility (it will not attempt
            to keep the connection alive).

    :param default_enter: Character(s) to send to correspond to enter key (default:

).

    :param response_return: Character(s) to use in normalized return data to represent
            enter key (default:

)

    :param serial_settings: Dictionary of settings for use with serial port (pySerial).

    :param fast_cli: Provide a way to optimize for performance. Converts select_delay_factor
            to select smallest of global and specific. Sets default global_delay_factor to .1
            (default: True)

    :param session_log: File path, SessionLog object, or BufferedIOBase subclass object
            to write the session log to.

    :param session_log_record_writes: The session log generally only records channel reads due
            to eliminate command duplication due to command echo. You can enable this if you
            want to record both channel reads and channel writes in the log (default: False).

    :param session_log_file_mode: "write" or "append" for session_log file mode
            (default: "write")

    :param allow_auto_change: Allow automatic configuration changes for terminal settings.
            (default: False)

    :param encoding: Encoding to be used when writing bytes to the output channel.
            (default: "utf-8")

    :param sock: An open socket or socket-like object (such as a <code>.Channel</code>) to use for
            communication to the target host (default: None).

    :param sock_telnet: A dictionary of telnet socket parameters (SOCKS proxy). See
            telnet_proxy.py code for details.

    :param global_cmd_verify: Control whether command echo verification is enabled or disabled
            (default: None). Global attribute takes precedence over function <code>cmd\_verify</code>
            argument. Value of <code>None</code> indicates to use function <code>cmd\_verify</code> argument.

    :param auto_connect: Control whether Netmiko automatically establishes the connection as
            part of the object creation (default: True).

    :param delay_factor_compat: Set send_command and send_command_timing back to using Netmiko
            3.x behavior for delay_factor/global_delay_factor/max_loops. This argument will be
            eliminated in Netmiko 5.x (default: False).

    :param disable_lf_normalization: Disable Netmiko's linefeed normalization behavior
            (default: False)
Expand source code
class FortinetSSH(NoConfig, NoEnable, CiscoSSHConnection):
    prompt_pattern = r"[#$]"

    def _modify_connection_params(self) -> None:
        """Modify connection parameters prior to SSH connection."""
        paramiko_transport = getattr(paramiko, "Transport")
        paramiko_transport._preferred_kex = (
            "diffie-hellman-group14-sha1",
            "diffie-hellman-group-exchange-sha1",
            "diffie-hellman-group-exchange-sha256",
            "diffie-hellman-group1-sha1",
        )

    def _try_session_preparation(self, force_data: bool = False) -> None:
        super()._try_session_preparation(force_data=force_data)

    def session_preparation(self) -> None:
        """Prepare the session after the connection has been established."""

        data = self._test_channel_read(pattern=f"to accept|{self.prompt_pattern}")
        # If "set post-login-banner enable" is set it will require you to press 'a'
        # to accept the banner before you login. This will accept if it occurs
        if "to accept" in data:
            self.write_channel("a\r")
            self._test_channel_read(pattern=self.prompt_pattern)

        self.set_base_prompt()
        self._vdoms = self._vdoms_enabled()
        self._os_version = self._determine_os_version()
        # Retain how the 'output mode' was original configured.
        self._original_output_mode = self._get_output_mode()
        self._output_mode = self._original_output_mode
        self.disable_paging()

    def set_base_prompt(
        self,
        pri_prompt_terminator: str = r"#",
        alt_prompt_terminator: str = r"$",
        delay_factor: float = 1.0,
        pattern: Optional[str] = None,
    ) -> str:
        if not pattern:
            pattern = self.prompt_pattern
        return super().set_base_prompt(
            pri_prompt_terminator=pri_prompt_terminator,
            alt_prompt_terminator=alt_prompt_terminator,
            delay_factor=delay_factor,
            pattern=pattern,
        )

    def find_prompt(
        self, delay_factor: float = 1.0, pattern: Optional[str] = None
    ) -> str:
        if not pattern:
            pattern = self.prompt_pattern
        return super().find_prompt(
            delay_factor=delay_factor,
            pattern=pattern,
        )

    def _vdoms_enabled(self) -> bool:
        """Determine whether virtual domains are enabled or not."""
        check_command = "get system status | grep Virtual"
        output = self._send_command_str(
            check_command, expect_string=self.prompt_pattern
        )
        return bool(
            re.search(r"Virtual domain configuration: (multiple|enable)", output)
        )

    def _config_global(self) -> str:
        """Enter 'config global' mode, raise a ValueError exception on failure."""
        try:
            return self._send_command_str(
                "config global", expect_string=self.prompt_pattern
            )
        except Exception:
            msg = """
Netmiko may require 'config global' access to properly disable output paging.
Alternatively you can try configuring 'configure system console -> set output standard'.
"""
            raise ValueError(msg)

    def _exit_config_global(self) -> str:
        """Exit 'config global' mode."""
        try:
            return self._send_command_str("end", expect_string=self.prompt_pattern)
        except Exception:
            msg = "Unable to properly exit 'config global' mode."
            raise ValueError(msg)

    def disable_paging(
        self,
        command: str = "terminal length 0",
        delay_factor: Optional[float] = None,
        cmd_verify: bool = True,
        pattern: Optional[str] = None,
    ) -> str:
        """Disable paging is only available with specific roles so it may fail."""

        output = ""
        if self._output_mode == "standard":
            # Do nothing - already correct.
            return ""

        if self._vdoms:
            output += self._config_global()
        disable_paging_commands = [
            "config system console",
            "set output standard",
            "end",
        ]
        output += self.send_multiline(
            disable_paging_commands, expect_string=self.prompt_pattern
        )
        self._output_mode = "standard"

        if self._vdoms:
            output += self._exit_config_global()
        return output

    def _determine_os_version(self) -> str:
        check_command = "get system status | grep Version"
        output = self._send_command_str(
            check_command, expect_string=self.prompt_pattern
        )
        if re.search(r"^Version: .* (v[78]\.).*$", output, flags=re.M):
            return "v7_or_later"
        elif re.search(r"^Version: .* (v[654]\.).*$", output, flags=re.M):
            return "v6_or_earlier"
        else:
            raise ValueError("Unexpected FortiOS Version encountered.")

    def _get_output_mode_v6(self) -> str:
        """
        FortiOS V6 and earlier.
        Retrieve the current output mode.
        """
        if self._vdoms:
            self._config_global()

        output = self._send_command_str("show full-configuration system console")

        if self._vdoms:
            self._exit_config_global()

        pattern = r"^\s+set output (?P<mode>\S+)\s*$"
        result_mode_re = re.search(pattern, output, flags=re.M)
        if result_mode_re:
            result_mode = result_mode_re.group("mode").strip()
            if result_mode in ["more", "standard"]:
                return result_mode

        raise ValueError("Unable to determine the output mode on the Fortinet device.")

    def _get_output_mode_v7(self) -> str:
        """
        FortiOS V7 and later.
        Retrieve the current output mode.
        """
        if self._vdoms:
            self._config_global()

        output = self._send_command_str(
            "get system console", expect_string=self.prompt_pattern
        )

        if self._vdoms:
            self._exit_config_global()

        pattern = r"output\s+:\s+(?P<mode>\S+)\s*$"
        result_mode_re = re.search(pattern, output, flags=re.M)
        if result_mode_re:
            result_mode = result_mode_re.group("mode").strip()
            if result_mode in ["more", "standard"]:
                return result_mode

        raise ValueError("Unable to determine the output mode on the Fortinet device.")

    def _get_output_mode(self) -> str:
        """Save the state of the output mode so it can be reset at the end of the session."""

        # Fortios Version6 does not support 'get system console'
        if "v6" in self._os_version:
            return self._get_output_mode_v6()
        elif "v7" in self._os_version:
            return self._get_output_mode_v7()
        else:
            raise ValueError("Unexpected FortiOS Version encountered.")

    def cleanup(self, command: str = "exit") -> None:
        """Re-enable paging globally."""
        output = ""
        if self._original_output_mode == "more":
            if self._vdoms:
                output += self._config_global()
            commands = [
                "config system console",
                "set output more",
                "end",
            ]
            output += self.send_multiline(commands, expect_string=self.prompt_pattern)
            if self._vdoms:
                self._exit_config_global()
        return super().cleanup(command=command)

    def save_config(
        self, cmd: str = "", confirm: bool = False, confirm_response: str = ""
    ) -> str:
        """Not Implemented"""
        raise NotImplementedError

Ancestors

Class variables

var prompt_pattern

Methods

def cleanup(self, command: str = 'exit') ‑> None

Re-enable paging globally.

Expand source code
def cleanup(self, command: str = "exit") -> None:
    """Re-enable paging globally."""
    output = ""
    if self._original_output_mode == "more":
        if self._vdoms:
            output += self._config_global()
        commands = [
            "config system console",
            "set output more",
            "end",
        ]
        output += self.send_multiline(commands, expect_string=self.prompt_pattern)
        if self._vdoms:
            self._exit_config_global()
    return super().cleanup(command=command)
def disable_paging(self, command: str = 'terminal length 0', delay_factor: Optional[float] = None, cmd_verify: bool = True, pattern: Optional[str] = None) ‑> str

Disable paging is only available with specific roles so it may fail.

Expand source code
def disable_paging(
    self,
    command: str = "terminal length 0",
    delay_factor: Optional[float] = None,
    cmd_verify: bool = True,
    pattern: Optional[str] = None,
) -> str:
    """Disable paging is only available with specific roles so it may fail."""

    output = ""
    if self._output_mode == "standard":
        # Do nothing - already correct.
        return ""

    if self._vdoms:
        output += self._config_global()
    disable_paging_commands = [
        "config system console",
        "set output standard",
        "end",
    ]
    output += self.send_multiline(
        disable_paging_commands, expect_string=self.prompt_pattern
    )
    self._output_mode = "standard"

    if self._vdoms:
        output += self._exit_config_global()
    return output
def save_config(self, cmd: str = '', confirm: bool = False, confirm_response: str = '') ‑> str

Not Implemented

Expand source code
def save_config(
    self, cmd: str = "", confirm: bool = False, confirm_response: str = ""
) -> str:
    """Not Implemented"""
    raise NotImplementedError
def session_preparation(self) ‑> None

Prepare the session after the connection has been established.

Expand source code
def session_preparation(self) -> None:
    """Prepare the session after the connection has been established."""

    data = self._test_channel_read(pattern=f"to accept|{self.prompt_pattern}")
    # If "set post-login-banner enable" is set it will require you to press 'a'
    # to accept the banner before you login. This will accept if it occurs
    if "to accept" in data:
        self.write_channel("a\r")
        self._test_channel_read(pattern=self.prompt_pattern)

    self.set_base_prompt()
    self._vdoms = self._vdoms_enabled()
    self._os_version = self._determine_os_version()
    # Retain how the 'output mode' was original configured.
    self._original_output_mode = self._get_output_mode()
    self._output_mode = self._original_output_mode
    self.disable_paging()

Inherited members