Module netmiko.paloalto.paloalto_panos

Expand source code
from typing import Optional, List, Any, Tuple
import re
import warnings
from os import path
from paramiko import SSHClient, Transport

from netmiko.no_enable import NoEnable
from netmiko.base_connection import BaseConnection, DELAY_FACTOR_DEPR_SIMPLE_MSG


class SSHClient_interactive(SSHClient):
    """Set noauth when manually handling SSH authentication."""

    def pa_banner_handler(
        self, title: str, instructions: str, prompt_list: List[Tuple[str, bool]]
    ) -> List[str]:

        resp = []
        for prompt, echo in prompt_list:
            if "Do you accept" in prompt:
                resp.append("yes")
            elif "ssword" in prompt:
                assert isinstance(self.password, str)
                resp.append(self.password)
        return resp

    def _auth(self, username: str, password: str, *args: Any) -> None:
        """
        _auth: args as of aug-2021
        self,
        username,
        password,
        pkey,
        key_filenames,
        allow_agent,
        look_for_keys,
        gss_auth,
        gss_kex,
        gss_deleg_creds,
        gss_host,
        passphrase,
        """

        # Just gets the password up to the pa_banner_handler
        self.password = password
        transport = self.get_transport()
        assert isinstance(transport, Transport)
        transport.auth_interactive(username, handler=self.pa_banner_handler)
        return


class PaloAltoPanosBase(NoEnable, BaseConnection):
    """
    Implement methods for interacting with PaloAlto devices.

    Disables `enable()` and `check_enable_mode()`
    methods.  Overrides several methods for PaloAlto-specific compatibility.
    """

    def session_preparation(self) -> None:
        """
        Prepare the session after the connection has been established.

        Disable paging (the '--more--' prompts).
        Set the base prompt for interaction ('>').
        """
        self.ansi_escape_codes = True
        self._test_channel_read(pattern=r"[>#]")
        self.disable_paging(
            command="set cli scripting-mode on",
            cmd_verify=False,
            pattern=r"[>#].*mode on",
        )
        self.set_terminal_width(
            command="set cli terminal width 500", pattern=r"set cli terminal width 500"
        )
        self.disable_paging(command="set cli pager off")
        self.set_base_prompt()

        # PA devices can be really slow--try to make sure we are caught up
        self.write_channel("show admins\n")
        self._test_channel_read(pattern=r"Client")
        self._test_channel_read(pattern=r"[>#]")

    def find_prompt(
        self, delay_factor: float = 5.0, pattern: Optional[str] = None
    ) -> str:
        """PA devices can be very slow to respond (in certain situations)"""
        return super().find_prompt(delay_factor=delay_factor, pattern=pattern)

    def check_config_mode(
        self, check_string: str = "]", pattern: str = "", force_regex: bool = False
    ) -> bool:
        """Checks if the device is in configuration mode or not."""
        return super().check_config_mode(check_string=check_string, pattern=pattern)

    def config_mode(
        self, config_command: str = "configure", pattern: str = r"#", re_flags: int = 0
    ) -> str:
        """Enter configuration mode."""
        return super().config_mode(
            config_command=config_command, pattern=pattern, re_flags=re_flags
        )

    def exit_config_mode(self, exit_config: str = "exit", pattern: str = r">") -> str:
        """Exit configuration mode."""
        return super().exit_config_mode(exit_config=exit_config, pattern=pattern)

    def commit(
        self,
        comment: str = "",
        force: bool = False,
        partial: bool = False,
        device_and_network: bool = False,
        policy_and_objects: bool = False,
        vsys: str = "",
        no_vsys: bool = False,
        read_timeout: float = 120.0,
        delay_factor: Optional[float] = None,
    ) -> str:
        """
        Commit the candidate configuration.

        Commit the entered configuration. Raise an error and return the failure
        if the commit fails.

        Automatically enters configuration mode

        default:
            command_string = commit
        (device_and_network or policy_and_objects or vsys or
                no_vsys) and not partial:
            Exception

        delay_factor: Deprecated in Netmiko 4.x. Will be eliminated in Netmiko 5.

        """

        if delay_factor is not None:
            warnings.warn(DELAY_FACTOR_DEPR_SIMPLE_MSG, DeprecationWarning)

        if (
            device_and_network or policy_and_objects or vsys or no_vsys
        ) and not partial:
            raise ValueError(
                "'partial' must be True when using "
                "device_and_network or policy_and_objects "
                "or vsys or no_vsys."
            )

        # Select proper command string based on arguments provided
        command_string = "commit"
        commit_marker = "configuration committed successfully"
        if comment:
            command_string += f' description "{comment}"'
        if force:
            command_string += " force"
        if partial:
            command_string += " partial"
            if vsys:
                command_string += f" {vsys}"
            if device_and_network:
                command_string += " device-and-network"
            if policy_and_objects:
                command_string += " device-and-network"
            if no_vsys:
                command_string += " no-vsys"
            command_string += " excluded"

        # Enter config mode (if necessary)
        output = self.config_mode()
        output += self._send_command_str(
            command_string,
            strip_prompt=False,
            strip_command=False,
            expect_string="100%",
            read_timeout=read_timeout,
        )
        output += self.exit_config_mode()

        if commit_marker not in output.lower():
            raise ValueError(f"Commit failed with the following errors:\n\n{output}")
        return output

    def strip_command(self, command_string: str, output: str) -> str:
        """Strip command_string from output string."""
        output_list = output.split(command_string)
        return self.RESPONSE_RETURN.join(output_list)

    def strip_prompt(self, a_string: str) -> str:
        """Strip the trailing router prompt from the output."""
        response_list = a_string.split(self.RESPONSE_RETURN)
        new_response_list = []
        for line in response_list:
            if self.base_prompt not in line:
                new_response_list.append(line)

        output = self.RESPONSE_RETURN.join(new_response_list)
        return self.strip_context_items(output)

    def strip_context_items(self, a_string: str) -> str:
        """Strip PaloAlto-specific output.

        PaloAlto will also put a configuration context:
        [edit]

        This method removes those lines.
        """
        strings_to_strip = [r"\[edit.*\]"]

        response_list = a_string.split(self.RESPONSE_RETURN)
        last_line = response_list[-1]

        for pattern in strings_to_strip:
            if re.search(pattern, last_line):
                return self.RESPONSE_RETURN.join(response_list[:-1])

        return a_string

    def cleanup(self, command: str = "exit") -> None:
        """Gracefully exit the SSH session."""
        try:
            # The pattern="" forces use of send_command_timing
            if self.check_config_mode(pattern=""):
                self.exit_config_mode()
        except Exception:
            pass
        # Always try to send final 'exit' (command)
        self._session_log_fin = True
        self.write_channel(command + self.RETURN)


class PaloAltoPanosSSH(PaloAltoPanosBase):
    def _build_ssh_client(self) -> SSHClient:
        """Prepare for Paramiko SSH connection."""
        # Create instance of SSHClient object
        # If not using SSH keys, we use noauth

        if not self.use_keys:
            remote_conn_pre: SSHClient = SSHClient_interactive()
        else:
            remote_conn_pre = SSHClient()

        # Load host_keys for better SSH security
        if self.system_host_keys:
            remote_conn_pre.load_system_host_keys()
        if self.alt_host_keys and path.isfile(self.alt_key_file):
            remote_conn_pre.load_host_keys(self.alt_key_file)

        # Default is to automatically add untrusted hosts (make sure appropriate for your env)
        remote_conn_pre.set_missing_host_key_policy(self.key_policy)
        return remote_conn_pre


class PaloAltoPanosTelnet(PaloAltoPanosBase):
    pass

Classes

class PaloAltoPanosBase (ip: str = '', host: str = '', username: str = '', password: Optional[str] = None, secret: str = '', port: Optional[int] = None, device_type: str = '', verbose: bool = False, global_delay_factor: float = 1.0, global_cmd_verify: Optional[bool] = None, use_keys: bool = False, key_file: Optional[str] = None, pkey: Optional[paramiko.pkey.PKey] = None, passphrase: Optional[str] = None, disabled_algorithms: Optional[Dict[str, Any]] = None, disable_sha2_fix: bool = False, allow_agent: bool = False, ssh_strict: bool = False, system_host_keys: bool = False, alt_host_keys: bool = False, alt_key_file: str = '', ssh_config_file: Optional[str] = None, conn_timeout: int = 10, auth_timeout: Optional[int] = None, banner_timeout: int = 15, blocking_timeout: int = 20, timeout: int = 100, session_timeout: int = 60, read_timeout_override: Optional[float] = None, keepalive: int = 0, default_enter: Optional[str] = None, response_return: Optional[str] = None, serial_settings: Optional[Dict[str, Any]] = None, fast_cli: bool = True, session_log: Optional[SessionLog] = None, session_log_record_writes: bool = False, session_log_file_mode: str = 'write', allow_auto_change: bool = False, encoding: str = 'utf-8', sock: Optional[socket.socket] = None, sock_telnet: Optional[Dict[str, Any]] = None, auto_connect: bool = True, delay_factor_compat: bool = False, disable_lf_normalization: bool = False)

Implement methods for interacting with PaloAlto devices.

Disables enable() and check_enable_mode() methods. Overrides several methods for PaloAlto-specific compatibility.

    Initialize attributes for establishing connection to target device.

    :param ip: IP address of target device. Not required if <code>host</code> is
        provided.

    :param host: Hostname of target device. Not required if <code>ip</code> is
            provided.

    :param username: Username to authenticate against target device if
            required.

    :param password: Password to authenticate against target device if
            required.

    :param secret: The enable password if target device requires one.

    :param port: The destination port used to connect to the target
            device.

    :param device_type: Class selection based on device type.

    :param verbose: Enable additional messages to standard output.

    :param global_delay_factor: Multiplication factor affecting Netmiko delays (default: 1).

    :param use_keys: Connect to target device using SSH keys.

    :param key_file: Filename path of the SSH key file to use.

    :param pkey: SSH key object to use.

    :param passphrase: Passphrase to use for encrypted key; password will be used for key
            decryption if not specified.

    :param disabled_algorithms: Dictionary of SSH algorithms to disable. Refer to the Paramiko
            documentation for a description of the expected format.

    :param disable_sha2_fix: Boolean that fixes Paramiko issue with missing server-sig-algs
        <https://github.com/paramiko/paramiko/issues/1961> (default: False)

    :param allow_agent: Enable use of SSH key-agent.

    :param ssh_strict: Automatically reject unknown SSH host keys (default: False, which
            means unknown SSH host keys will be accepted).

    :param system_host_keys: Load host keys from the users known_hosts file.

    :param alt_host_keys: If <code>True</code> host keys will be loaded from the file specified in
            alt_key_file.

    :param alt_key_file: SSH host key file to use (if alt_host_keys=True).

    :param ssh_config_file: File name of OpenSSH configuration file.

    :param conn_timeout: TCP connection timeout.

    :param session_timeout: Set a timeout for parallel requests.

    :param auth_timeout: Set a timeout (in seconds) to wait for an authentication response.

    :param banner_timeout: Set a timeout to wait for the SSH banner (pass to Paramiko).

    :param read_timeout_override: Set a timeout that will override the default read_timeout
            of both send_command and send_command_timing. This is useful for 3rd party
            libraries where directly accessing method arguments might be impractical.

    :param keepalive: Send SSH keepalive packets at a specific interval, in seconds.
            Currently defaults to 0, for backwards compatibility (it will not attempt
            to keep the connection alive).

    :param default_enter: Character(s) to send to correspond to enter key (default:

).

    :param response_return: Character(s) to use in normalized return data to represent
            enter key (default:

)

    :param serial_settings: Dictionary of settings for use with serial port (pySerial).

    :param fast_cli: Provide a way to optimize for performance. Converts select_delay_factor
            to select smallest of global and specific. Sets default global_delay_factor to .1
            (default: True)

    :param session_log: File path, SessionLog object, or BufferedIOBase subclass object
            to write the session log to.

    :param session_log_record_writes: The session log generally only records channel reads due
            to eliminate command duplication due to command echo. You can enable this if you
            want to record both channel reads and channel writes in the log (default: False).

    :param session_log_file_mode: "write" or "append" for session_log file mode
            (default: "write")

    :param allow_auto_change: Allow automatic configuration changes for terminal settings.
            (default: False)

    :param encoding: Encoding to be used when writing bytes to the output channel.
            (default: "utf-8")

    :param sock: An open socket or socket-like object (such as a <code>.Channel</code>) to use for
            communication to the target host (default: None).

    :param sock_telnet: A dictionary of telnet socket parameters (SOCKS proxy). See
            telnet_proxy.py code for details.

    :param global_cmd_verify: Control whether command echo verification is enabled or disabled
            (default: None). Global attribute takes precedence over function <code>cmd\_verify</code>
            argument. Value of <code>None</code> indicates to use function <code>cmd\_verify</code> argument.

    :param auto_connect: Control whether Netmiko automatically establishes the connection as
            part of the object creation (default: True).

    :param delay_factor_compat: Set send_command and send_command_timing back to using Netmiko
            3.x behavior for delay_factor/global_delay_factor/max_loops. This argument will be
            eliminated in Netmiko 5.x (default: False).

    :param disable_lf_normalization: Disable Netmiko's linefeed normalization behavior
            (default: False)
Expand source code
class PaloAltoPanosBase(NoEnable, BaseConnection):
    """
    Implement methods for interacting with PaloAlto devices.

    Disables `enable()` and `check_enable_mode()`
    methods.  Overrides several methods for PaloAlto-specific compatibility.
    """

    def session_preparation(self) -> None:
        """
        Prepare the session after the connection has been established.

        Disable paging (the '--more--' prompts).
        Set the base prompt for interaction ('>').
        """
        self.ansi_escape_codes = True
        self._test_channel_read(pattern=r"[>#]")
        self.disable_paging(
            command="set cli scripting-mode on",
            cmd_verify=False,
            pattern=r"[>#].*mode on",
        )
        self.set_terminal_width(
            command="set cli terminal width 500", pattern=r"set cli terminal width 500"
        )
        self.disable_paging(command="set cli pager off")
        self.set_base_prompt()

        # PA devices can be really slow--try to make sure we are caught up
        self.write_channel("show admins\n")
        self._test_channel_read(pattern=r"Client")
        self._test_channel_read(pattern=r"[>#]")

    def find_prompt(
        self, delay_factor: float = 5.0, pattern: Optional[str] = None
    ) -> str:
        """PA devices can be very slow to respond (in certain situations)"""
        return super().find_prompt(delay_factor=delay_factor, pattern=pattern)

    def check_config_mode(
        self, check_string: str = "]", pattern: str = "", force_regex: bool = False
    ) -> bool:
        """Checks if the device is in configuration mode or not."""
        return super().check_config_mode(check_string=check_string, pattern=pattern)

    def config_mode(
        self, config_command: str = "configure", pattern: str = r"#", re_flags: int = 0
    ) -> str:
        """Enter configuration mode."""
        return super().config_mode(
            config_command=config_command, pattern=pattern, re_flags=re_flags
        )

    def exit_config_mode(self, exit_config: str = "exit", pattern: str = r">") -> str:
        """Exit configuration mode."""
        return super().exit_config_mode(exit_config=exit_config, pattern=pattern)

    def commit(
        self,
        comment: str = "",
        force: bool = False,
        partial: bool = False,
        device_and_network: bool = False,
        policy_and_objects: bool = False,
        vsys: str = "",
        no_vsys: bool = False,
        read_timeout: float = 120.0,
        delay_factor: Optional[float] = None,
    ) -> str:
        """
        Commit the candidate configuration.

        Commit the entered configuration. Raise an error and return the failure
        if the commit fails.

        Automatically enters configuration mode

        default:
            command_string = commit
        (device_and_network or policy_and_objects or vsys or
                no_vsys) and not partial:
            Exception

        delay_factor: Deprecated in Netmiko 4.x. Will be eliminated in Netmiko 5.

        """

        if delay_factor is not None:
            warnings.warn(DELAY_FACTOR_DEPR_SIMPLE_MSG, DeprecationWarning)

        if (
            device_and_network or policy_and_objects or vsys or no_vsys
        ) and not partial:
            raise ValueError(
                "'partial' must be True when using "
                "device_and_network or policy_and_objects "
                "or vsys or no_vsys."
            )

        # Select proper command string based on arguments provided
        command_string = "commit"
        commit_marker = "configuration committed successfully"
        if comment:
            command_string += f' description "{comment}"'
        if force:
            command_string += " force"
        if partial:
            command_string += " partial"
            if vsys:
                command_string += f" {vsys}"
            if device_and_network:
                command_string += " device-and-network"
            if policy_and_objects:
                command_string += " device-and-network"
            if no_vsys:
                command_string += " no-vsys"
            command_string += " excluded"

        # Enter config mode (if necessary)
        output = self.config_mode()
        output += self._send_command_str(
            command_string,
            strip_prompt=False,
            strip_command=False,
            expect_string="100%",
            read_timeout=read_timeout,
        )
        output += self.exit_config_mode()

        if commit_marker not in output.lower():
            raise ValueError(f"Commit failed with the following errors:\n\n{output}")
        return output

    def strip_command(self, command_string: str, output: str) -> str:
        """Strip command_string from output string."""
        output_list = output.split(command_string)
        return self.RESPONSE_RETURN.join(output_list)

    def strip_prompt(self, a_string: str) -> str:
        """Strip the trailing router prompt from the output."""
        response_list = a_string.split(self.RESPONSE_RETURN)
        new_response_list = []
        for line in response_list:
            if self.base_prompt not in line:
                new_response_list.append(line)

        output = self.RESPONSE_RETURN.join(new_response_list)
        return self.strip_context_items(output)

    def strip_context_items(self, a_string: str) -> str:
        """Strip PaloAlto-specific output.

        PaloAlto will also put a configuration context:
        [edit]

        This method removes those lines.
        """
        strings_to_strip = [r"\[edit.*\]"]

        response_list = a_string.split(self.RESPONSE_RETURN)
        last_line = response_list[-1]

        for pattern in strings_to_strip:
            if re.search(pattern, last_line):
                return self.RESPONSE_RETURN.join(response_list[:-1])

        return a_string

    def cleanup(self, command: str = "exit") -> None:
        """Gracefully exit the SSH session."""
        try:
            # The pattern="" forces use of send_command_timing
            if self.check_config_mode(pattern=""):
                self.exit_config_mode()
        except Exception:
            pass
        # Always try to send final 'exit' (command)
        self._session_log_fin = True
        self.write_channel(command + self.RETURN)

Ancestors

Subclasses

Methods

def check_config_mode(self, check_string: str = ']', pattern: str = '', force_regex: bool = False) ‑> bool

Checks if the device is in configuration mode or not.

Expand source code
def check_config_mode(
    self, check_string: str = "]", pattern: str = "", force_regex: bool = False
) -> bool:
    """Checks if the device is in configuration mode or not."""
    return super().check_config_mode(check_string=check_string, pattern=pattern)
def cleanup(self, command: str = 'exit') ‑> None

Gracefully exit the SSH session.

Expand source code
def cleanup(self, command: str = "exit") -> None:
    """Gracefully exit the SSH session."""
    try:
        # The pattern="" forces use of send_command_timing
        if self.check_config_mode(pattern=""):
            self.exit_config_mode()
    except Exception:
        pass
    # Always try to send final 'exit' (command)
    self._session_log_fin = True
    self.write_channel(command + self.RETURN)
def commit(self, comment: str = '', force: bool = False, partial: bool = False, device_and_network: bool = False, policy_and_objects: bool = False, vsys: str = '', no_vsys: bool = False, read_timeout: float = 120.0, delay_factor: Optional[float] = None) ‑> str

Commit the candidate configuration.

Commit the entered configuration. Raise an error and return the failure if the commit fails.

Automatically enters configuration mode

default: command_string = commit (device_and_network or policy_and_objects or vsys or no_vsys) and not partial: Exception

delay_factor: Deprecated in Netmiko 4.x. Will be eliminated in Netmiko 5.

Expand source code
def commit(
    self,
    comment: str = "",
    force: bool = False,
    partial: bool = False,
    device_and_network: bool = False,
    policy_and_objects: bool = False,
    vsys: str = "",
    no_vsys: bool = False,
    read_timeout: float = 120.0,
    delay_factor: Optional[float] = None,
) -> str:
    """
    Commit the candidate configuration.

    Commit the entered configuration. Raise an error and return the failure
    if the commit fails.

    Automatically enters configuration mode

    default:
        command_string = commit
    (device_and_network or policy_and_objects or vsys or
            no_vsys) and not partial:
        Exception

    delay_factor: Deprecated in Netmiko 4.x. Will be eliminated in Netmiko 5.

    """

    if delay_factor is not None:
        warnings.warn(DELAY_FACTOR_DEPR_SIMPLE_MSG, DeprecationWarning)

    if (
        device_and_network or policy_and_objects or vsys or no_vsys
    ) and not partial:
        raise ValueError(
            "'partial' must be True when using "
            "device_and_network or policy_and_objects "
            "or vsys or no_vsys."
        )

    # Select proper command string based on arguments provided
    command_string = "commit"
    commit_marker = "configuration committed successfully"
    if comment:
        command_string += f' description "{comment}"'
    if force:
        command_string += " force"
    if partial:
        command_string += " partial"
        if vsys:
            command_string += f" {vsys}"
        if device_and_network:
            command_string += " device-and-network"
        if policy_and_objects:
            command_string += " device-and-network"
        if no_vsys:
            command_string += " no-vsys"
        command_string += " excluded"

    # Enter config mode (if necessary)
    output = self.config_mode()
    output += self._send_command_str(
        command_string,
        strip_prompt=False,
        strip_command=False,
        expect_string="100%",
        read_timeout=read_timeout,
    )
    output += self.exit_config_mode()

    if commit_marker not in output.lower():
        raise ValueError(f"Commit failed with the following errors:\n\n{output}")
    return output
def config_mode(self, config_command: str = 'configure', pattern: str = '#', re_flags: int = 0) ‑> str

Enter configuration mode.

Expand source code
def config_mode(
    self, config_command: str = "configure", pattern: str = r"#", re_flags: int = 0
) -> str:
    """Enter configuration mode."""
    return super().config_mode(
        config_command=config_command, pattern=pattern, re_flags=re_flags
    )
def exit_config_mode(self, exit_config: str = 'exit', pattern: str = '>') ‑> str

Exit configuration mode.

Expand source code
def exit_config_mode(self, exit_config: str = "exit", pattern: str = r">") -> str:
    """Exit configuration mode."""
    return super().exit_config_mode(exit_config=exit_config, pattern=pattern)
def find_prompt(self, delay_factor: float = 5.0, pattern: Optional[str] = None) ‑> str

PA devices can be very slow to respond (in certain situations)

Expand source code
def find_prompt(
    self, delay_factor: float = 5.0, pattern: Optional[str] = None
) -> str:
    """PA devices can be very slow to respond (in certain situations)"""
    return super().find_prompt(delay_factor=delay_factor, pattern=pattern)
def session_preparation(self) ‑> None

Prepare the session after the connection has been established.

Disable paging (the '–more–' prompts). Set the base prompt for interaction ('>').

Expand source code
def session_preparation(self) -> None:
    """
    Prepare the session after the connection has been established.

    Disable paging (the '--more--' prompts).
    Set the base prompt for interaction ('>').
    """
    self.ansi_escape_codes = True
    self._test_channel_read(pattern=r"[>#]")
    self.disable_paging(
        command="set cli scripting-mode on",
        cmd_verify=False,
        pattern=r"[>#].*mode on",
    )
    self.set_terminal_width(
        command="set cli terminal width 500", pattern=r"set cli terminal width 500"
    )
    self.disable_paging(command="set cli pager off")
    self.set_base_prompt()

    # PA devices can be really slow--try to make sure we are caught up
    self.write_channel("show admins\n")
    self._test_channel_read(pattern=r"Client")
    self._test_channel_read(pattern=r"[>#]")
def strip_command(self, command_string: str, output: str) ‑> str

Strip command_string from output string.

Expand source code
def strip_command(self, command_string: str, output: str) -> str:
    """Strip command_string from output string."""
    output_list = output.split(command_string)
    return self.RESPONSE_RETURN.join(output_list)
def strip_context_items(self, a_string: str) ‑> str

Strip PaloAlto-specific output.

PaloAlto will also put a configuration context: [edit]

This method removes those lines.

Expand source code
def strip_context_items(self, a_string: str) -> str:
    """Strip PaloAlto-specific output.

    PaloAlto will also put a configuration context:
    [edit]

    This method removes those lines.
    """
    strings_to_strip = [r"\[edit.*\]"]

    response_list = a_string.split(self.RESPONSE_RETURN)
    last_line = response_list[-1]

    for pattern in strings_to_strip:
        if re.search(pattern, last_line):
            return self.RESPONSE_RETURN.join(response_list[:-1])

    return a_string
def strip_prompt(self, a_string: str) ‑> str

Strip the trailing router prompt from the output.

Expand source code
def strip_prompt(self, a_string: str) -> str:
    """Strip the trailing router prompt from the output."""
    response_list = a_string.split(self.RESPONSE_RETURN)
    new_response_list = []
    for line in response_list:
        if self.base_prompt not in line:
            new_response_list.append(line)

    output = self.RESPONSE_RETURN.join(new_response_list)
    return self.strip_context_items(output)

Inherited members

class PaloAltoPanosSSH (ip: str = '', host: str = '', username: str = '', password: Optional[str] = None, secret: str = '', port: Optional[int] = None, device_type: str = '', verbose: bool = False, global_delay_factor: float = 1.0, global_cmd_verify: Optional[bool] = None, use_keys: bool = False, key_file: Optional[str] = None, pkey: Optional[paramiko.pkey.PKey] = None, passphrase: Optional[str] = None, disabled_algorithms: Optional[Dict[str, Any]] = None, disable_sha2_fix: bool = False, allow_agent: bool = False, ssh_strict: bool = False, system_host_keys: bool = False, alt_host_keys: bool = False, alt_key_file: str = '', ssh_config_file: Optional[str] = None, conn_timeout: int = 10, auth_timeout: Optional[int] = None, banner_timeout: int = 15, blocking_timeout: int = 20, timeout: int = 100, session_timeout: int = 60, read_timeout_override: Optional[float] = None, keepalive: int = 0, default_enter: Optional[str] = None, response_return: Optional[str] = None, serial_settings: Optional[Dict[str, Any]] = None, fast_cli: bool = True, session_log: Optional[SessionLog] = None, session_log_record_writes: bool = False, session_log_file_mode: str = 'write', allow_auto_change: bool = False, encoding: str = 'utf-8', sock: Optional[socket.socket] = None, sock_telnet: Optional[Dict[str, Any]] = None, auto_connect: bool = True, delay_factor_compat: bool = False, disable_lf_normalization: bool = False)

Implement methods for interacting with PaloAlto devices.

Disables enable() and check_enable_mode() methods. Overrides several methods for PaloAlto-specific compatibility.

    Initialize attributes for establishing connection to target device.

    :param ip: IP address of target device. Not required if <code>host</code> is
        provided.

    :param host: Hostname of target device. Not required if <code>ip</code> is
            provided.

    :param username: Username to authenticate against target device if
            required.

    :param password: Password to authenticate against target device if
            required.

    :param secret: The enable password if target device requires one.

    :param port: The destination port used to connect to the target
            device.

    :param device_type: Class selection based on device type.

    :param verbose: Enable additional messages to standard output.

    :param global_delay_factor: Multiplication factor affecting Netmiko delays (default: 1).

    :param use_keys: Connect to target device using SSH keys.

    :param key_file: Filename path of the SSH key file to use.

    :param pkey: SSH key object to use.

    :param passphrase: Passphrase to use for encrypted key; password will be used for key
            decryption if not specified.

    :param disabled_algorithms: Dictionary of SSH algorithms to disable. Refer to the Paramiko
            documentation for a description of the expected format.

    :param disable_sha2_fix: Boolean that fixes Paramiko issue with missing server-sig-algs
        <https://github.com/paramiko/paramiko/issues/1961> (default: False)

    :param allow_agent: Enable use of SSH key-agent.

    :param ssh_strict: Automatically reject unknown SSH host keys (default: False, which
            means unknown SSH host keys will be accepted).

    :param system_host_keys: Load host keys from the users known_hosts file.

    :param alt_host_keys: If <code>True</code> host keys will be loaded from the file specified in
            alt_key_file.

    :param alt_key_file: SSH host key file to use (if alt_host_keys=True).

    :param ssh_config_file: File name of OpenSSH configuration file.

    :param conn_timeout: TCP connection timeout.

    :param session_timeout: Set a timeout for parallel requests.

    :param auth_timeout: Set a timeout (in seconds) to wait for an authentication response.

    :param banner_timeout: Set a timeout to wait for the SSH banner (pass to Paramiko).

    :param read_timeout_override: Set a timeout that will override the default read_timeout
            of both send_command and send_command_timing. This is useful for 3rd party
            libraries where directly accessing method arguments might be impractical.

    :param keepalive: Send SSH keepalive packets at a specific interval, in seconds.
            Currently defaults to 0, for backwards compatibility (it will not attempt
            to keep the connection alive).

    :param default_enter: Character(s) to send to correspond to enter key (default:

).

    :param response_return: Character(s) to use in normalized return data to represent
            enter key (default:

)

    :param serial_settings: Dictionary of settings for use with serial port (pySerial).

    :param fast_cli: Provide a way to optimize for performance. Converts select_delay_factor
            to select smallest of global and specific. Sets default global_delay_factor to .1
            (default: True)

    :param session_log: File path, SessionLog object, or BufferedIOBase subclass object
            to write the session log to.

    :param session_log_record_writes: The session log generally only records channel reads due
            to eliminate command duplication due to command echo. You can enable this if you
            want to record both channel reads and channel writes in the log (default: False).

    :param session_log_file_mode: "write" or "append" for session_log file mode
            (default: "write")

    :param allow_auto_change: Allow automatic configuration changes for terminal settings.
            (default: False)

    :param encoding: Encoding to be used when writing bytes to the output channel.
            (default: "utf-8")

    :param sock: An open socket or socket-like object (such as a <code>.Channel</code>) to use for
            communication to the target host (default: None).

    :param sock_telnet: A dictionary of telnet socket parameters (SOCKS proxy). See
            telnet_proxy.py code for details.

    :param global_cmd_verify: Control whether command echo verification is enabled or disabled
            (default: None). Global attribute takes precedence over function <code>cmd\_verify</code>
            argument. Value of <code>None</code> indicates to use function <code>cmd\_verify</code> argument.

    :param auto_connect: Control whether Netmiko automatically establishes the connection as
            part of the object creation (default: True).

    :param delay_factor_compat: Set send_command and send_command_timing back to using Netmiko
            3.x behavior for delay_factor/global_delay_factor/max_loops. This argument will be
            eliminated in Netmiko 5.x (default: False).

    :param disable_lf_normalization: Disable Netmiko's linefeed normalization behavior
            (default: False)
Expand source code
class PaloAltoPanosSSH(PaloAltoPanosBase):
    def _build_ssh_client(self) -> SSHClient:
        """Prepare for Paramiko SSH connection."""
        # Create instance of SSHClient object
        # If not using SSH keys, we use noauth

        if not self.use_keys:
            remote_conn_pre: SSHClient = SSHClient_interactive()
        else:
            remote_conn_pre = SSHClient()

        # Load host_keys for better SSH security
        if self.system_host_keys:
            remote_conn_pre.load_system_host_keys()
        if self.alt_host_keys and path.isfile(self.alt_key_file):
            remote_conn_pre.load_host_keys(self.alt_key_file)

        # Default is to automatically add untrusted hosts (make sure appropriate for your env)
        remote_conn_pre.set_missing_host_key_policy(self.key_policy)
        return remote_conn_pre

Ancestors

Inherited members

class PaloAltoPanosTelnet (ip: str = '', host: str = '', username: str = '', password: Optional[str] = None, secret: str = '', port: Optional[int] = None, device_type: str = '', verbose: bool = False, global_delay_factor: float = 1.0, global_cmd_verify: Optional[bool] = None, use_keys: bool = False, key_file: Optional[str] = None, pkey: Optional[paramiko.pkey.PKey] = None, passphrase: Optional[str] = None, disabled_algorithms: Optional[Dict[str, Any]] = None, disable_sha2_fix: bool = False, allow_agent: bool = False, ssh_strict: bool = False, system_host_keys: bool = False, alt_host_keys: bool = False, alt_key_file: str = '', ssh_config_file: Optional[str] = None, conn_timeout: int = 10, auth_timeout: Optional[int] = None, banner_timeout: int = 15, blocking_timeout: int = 20, timeout: int = 100, session_timeout: int = 60, read_timeout_override: Optional[float] = None, keepalive: int = 0, default_enter: Optional[str] = None, response_return: Optional[str] = None, serial_settings: Optional[Dict[str, Any]] = None, fast_cli: bool = True, session_log: Optional[SessionLog] = None, session_log_record_writes: bool = False, session_log_file_mode: str = 'write', allow_auto_change: bool = False, encoding: str = 'utf-8', sock: Optional[socket.socket] = None, sock_telnet: Optional[Dict[str, Any]] = None, auto_connect: bool = True, delay_factor_compat: bool = False, disable_lf_normalization: bool = False)

Implement methods for interacting with PaloAlto devices.

Disables enable() and check_enable_mode() methods. Overrides several methods for PaloAlto-specific compatibility.

    Initialize attributes for establishing connection to target device.

    :param ip: IP address of target device. Not required if <code>host</code> is
        provided.

    :param host: Hostname of target device. Not required if <code>ip</code> is
            provided.

    :param username: Username to authenticate against target device if
            required.

    :param password: Password to authenticate against target device if
            required.

    :param secret: The enable password if target device requires one.

    :param port: The destination port used to connect to the target
            device.

    :param device_type: Class selection based on device type.

    :param verbose: Enable additional messages to standard output.

    :param global_delay_factor: Multiplication factor affecting Netmiko delays (default: 1).

    :param use_keys: Connect to target device using SSH keys.

    :param key_file: Filename path of the SSH key file to use.

    :param pkey: SSH key object to use.

    :param passphrase: Passphrase to use for encrypted key; password will be used for key
            decryption if not specified.

    :param disabled_algorithms: Dictionary of SSH algorithms to disable. Refer to the Paramiko
            documentation for a description of the expected format.

    :param disable_sha2_fix: Boolean that fixes Paramiko issue with missing server-sig-algs
        <https://github.com/paramiko/paramiko/issues/1961> (default: False)

    :param allow_agent: Enable use of SSH key-agent.

    :param ssh_strict: Automatically reject unknown SSH host keys (default: False, which
            means unknown SSH host keys will be accepted).

    :param system_host_keys: Load host keys from the users known_hosts file.

    :param alt_host_keys: If <code>True</code> host keys will be loaded from the file specified in
            alt_key_file.

    :param alt_key_file: SSH host key file to use (if alt_host_keys=True).

    :param ssh_config_file: File name of OpenSSH configuration file.

    :param conn_timeout: TCP connection timeout.

    :param session_timeout: Set a timeout for parallel requests.

    :param auth_timeout: Set a timeout (in seconds) to wait for an authentication response.

    :param banner_timeout: Set a timeout to wait for the SSH banner (pass to Paramiko).

    :param read_timeout_override: Set a timeout that will override the default read_timeout
            of both send_command and send_command_timing. This is useful for 3rd party
            libraries where directly accessing method arguments might be impractical.

    :param keepalive: Send SSH keepalive packets at a specific interval, in seconds.
            Currently defaults to 0, for backwards compatibility (it will not attempt
            to keep the connection alive).

    :param default_enter: Character(s) to send to correspond to enter key (default:

).

    :param response_return: Character(s) to use in normalized return data to represent
            enter key (default:

)

    :param serial_settings: Dictionary of settings for use with serial port (pySerial).

    :param fast_cli: Provide a way to optimize for performance. Converts select_delay_factor
            to select smallest of global and specific. Sets default global_delay_factor to .1
            (default: True)

    :param session_log: File path, SessionLog object, or BufferedIOBase subclass object
            to write the session log to.

    :param session_log_record_writes: The session log generally only records channel reads due
            to eliminate command duplication due to command echo. You can enable this if you
            want to record both channel reads and channel writes in the log (default: False).

    :param session_log_file_mode: "write" or "append" for session_log file mode
            (default: "write")

    :param allow_auto_change: Allow automatic configuration changes for terminal settings.
            (default: False)

    :param encoding: Encoding to be used when writing bytes to the output channel.
            (default: "utf-8")

    :param sock: An open socket or socket-like object (such as a <code>.Channel</code>) to use for
            communication to the target host (default: None).

    :param sock_telnet: A dictionary of telnet socket parameters (SOCKS proxy). See
            telnet_proxy.py code for details.

    :param global_cmd_verify: Control whether command echo verification is enabled or disabled
            (default: None). Global attribute takes precedence over function <code>cmd\_verify</code>
            argument. Value of <code>None</code> indicates to use function <code>cmd\_verify</code> argument.

    :param auto_connect: Control whether Netmiko automatically establishes the connection as
            part of the object creation (default: True).

    :param delay_factor_compat: Set send_command and send_command_timing back to using Netmiko
            3.x behavior for delay_factor/global_delay_factor/max_loops. This argument will be
            eliminated in Netmiko 5.x (default: False).

    :param disable_lf_normalization: Disable Netmiko's linefeed normalization behavior
            (default: False)
Expand source code
class PaloAltoPanosTelnet(PaloAltoPanosBase):
    pass

Ancestors

Inherited members

class SSHClient_interactive

Set noauth when manually handling SSH authentication.

Create a new SSHClient.

Expand source code
class SSHClient_interactive(SSHClient):
    """Set noauth when manually handling SSH authentication."""

    def pa_banner_handler(
        self, title: str, instructions: str, prompt_list: List[Tuple[str, bool]]
    ) -> List[str]:

        resp = []
        for prompt, echo in prompt_list:
            if "Do you accept" in prompt:
                resp.append("yes")
            elif "ssword" in prompt:
                assert isinstance(self.password, str)
                resp.append(self.password)
        return resp

    def _auth(self, username: str, password: str, *args: Any) -> None:
        """
        _auth: args as of aug-2021
        self,
        username,
        password,
        pkey,
        key_filenames,
        allow_agent,
        look_for_keys,
        gss_auth,
        gss_kex,
        gss_deleg_creds,
        gss_host,
        passphrase,
        """

        # Just gets the password up to the pa_banner_handler
        self.password = password
        transport = self.get_transport()
        assert isinstance(transport, Transport)
        transport.auth_interactive(username, handler=self.pa_banner_handler)
        return

Ancestors

  • paramiko.client.SSHClient
  • paramiko.util.ClosingContextManager

Methods

def pa_banner_handler(self, title: str, instructions: str, prompt_list: List[Tuple[str, bool]]) ‑> List[str]
Expand source code
def pa_banner_handler(
    self, title: str, instructions: str, prompt_list: List[Tuple[str, bool]]
) -> List[str]:

    resp = []
    for prompt, echo in prompt_list:
        if "Do you accept" in prompt:
            resp.append("yes")
        elif "ssword" in prompt:
            assert isinstance(self.password, str)
            resp.append(self.password)
    return resp