Module netmiko.paloalto.paloalto_panos
Expand source code
from typing import Optional, List, Any, Tuple
import re
import warnings
from os import path
from paramiko import SSHClient, Transport
from netmiko.no_enable import NoEnable
from netmiko.base_connection import BaseConnection, DELAY_FACTOR_DEPR_SIMPLE_MSG
class SSHClient_interactive(SSHClient):
"""Set noauth when manually handling SSH authentication."""
def pa_banner_handler(
self, title: str, instructions: str, prompt_list: List[Tuple[str, bool]]
) -> List[str]:
resp = []
for prompt, echo in prompt_list:
if "Do you accept" in prompt:
resp.append("yes")
elif "ssword" in prompt:
assert isinstance(self.password, str)
resp.append(self.password)
return resp
def _auth(self, username: str, password: str, *args: Any) -> None:
"""
_auth: args as of aug-2021
self,
username,
password,
pkey,
key_filenames,
allow_agent,
look_for_keys,
gss_auth,
gss_kex,
gss_deleg_creds,
gss_host,
passphrase,
"""
# Just gets the password up to the pa_banner_handler
self.password = password
transport = self.get_transport()
assert isinstance(transport, Transport)
transport.auth_interactive(username, handler=self.pa_banner_handler)
return
class PaloAltoPanosBase(NoEnable, BaseConnection):
"""
Implement methods for interacting with PaloAlto devices.
Disables `enable()` and `check_enable_mode()`
methods. Overrides several methods for PaloAlto-specific compatibility.
"""
def session_preparation(self) -> None:
"""
Prepare the session after the connection has been established.
Disable paging (the '--more--' prompts).
Set the base prompt for interaction ('>').
"""
self.ansi_escape_codes = True
self._test_channel_read(pattern=r"[>#]")
self.disable_paging(
command="set cli scripting-mode on",
cmd_verify=False,
pattern=r"[>#].*mode on",
)
self.set_terminal_width(
command="set cli terminal width 500", pattern=r"set cli terminal width 500"
)
self.disable_paging(command="set cli pager off")
self.set_base_prompt()
# PA devices can be really slow--try to make sure we are caught up
self.write_channel("show admins\n")
self._test_channel_read(pattern=r"Client")
self._test_channel_read(pattern=r"[>#]")
def find_prompt(
self, delay_factor: float = 5.0, pattern: Optional[str] = None
) -> str:
"""PA devices can be very slow to respond (in certain situations)"""
return super().find_prompt(delay_factor=delay_factor, pattern=pattern)
def check_config_mode(
self, check_string: str = "]", pattern: str = "", force_regex: bool = False
) -> bool:
"""Checks if the device is in configuration mode or not."""
return super().check_config_mode(check_string=check_string, pattern=pattern)
def config_mode(
self, config_command: str = "configure", pattern: str = r"#", re_flags: int = 0
) -> str:
"""Enter configuration mode."""
return super().config_mode(
config_command=config_command, pattern=pattern, re_flags=re_flags
)
def exit_config_mode(self, exit_config: str = "exit", pattern: str = r">") -> str:
"""Exit configuration mode."""
return super().exit_config_mode(exit_config=exit_config, pattern=pattern)
def commit(
self,
comment: str = "",
force: bool = False,
partial: bool = False,
device_and_network: bool = False,
policy_and_objects: bool = False,
vsys: str = "",
no_vsys: bool = False,
read_timeout: float = 120.0,
delay_factor: Optional[float] = None,
) -> str:
"""
Commit the candidate configuration.
Commit the entered configuration. Raise an error and return the failure
if the commit fails.
Automatically enters configuration mode
default:
command_string = commit
(device_and_network or policy_and_objects or vsys or
no_vsys) and not partial:
Exception
delay_factor: Deprecated in Netmiko 4.x. Will be eliminated in Netmiko 5.
"""
if delay_factor is not None:
warnings.warn(DELAY_FACTOR_DEPR_SIMPLE_MSG, DeprecationWarning)
if (
device_and_network or policy_and_objects or vsys or no_vsys
) and not partial:
raise ValueError(
"'partial' must be True when using "
"device_and_network or policy_and_objects "
"or vsys or no_vsys."
)
# Select proper command string based on arguments provided
command_string = "commit"
commit_marker = "configuration committed successfully"
if comment:
command_string += f' description "{comment}"'
if force:
command_string += " force"
if partial:
command_string += " partial"
if vsys:
command_string += f" {vsys}"
if device_and_network:
command_string += " device-and-network"
if policy_and_objects:
command_string += " device-and-network"
if no_vsys:
command_string += " no-vsys"
command_string += " excluded"
# Enter config mode (if necessary)
output = self.config_mode()
output += self._send_command_str(
command_string,
strip_prompt=False,
strip_command=False,
expect_string="100%",
read_timeout=read_timeout,
)
output += self.exit_config_mode()
if commit_marker not in output.lower():
raise ValueError(f"Commit failed with the following errors:\n\n{output}")
return output
def strip_command(self, command_string: str, output: str) -> str:
"""Strip command_string from output string."""
output_list = output.split(command_string)
return self.RESPONSE_RETURN.join(output_list)
def strip_prompt(self, a_string: str) -> str:
"""Strip the trailing router prompt from the output."""
response_list = a_string.split(self.RESPONSE_RETURN)
new_response_list = []
for line in response_list:
if self.base_prompt not in line:
new_response_list.append(line)
output = self.RESPONSE_RETURN.join(new_response_list)
return self.strip_context_items(output)
def strip_context_items(self, a_string: str) -> str:
"""Strip PaloAlto-specific output.
PaloAlto will also put a configuration context:
[edit]
This method removes those lines.
"""
strings_to_strip = [r"\[edit.*\]"]
response_list = a_string.split(self.RESPONSE_RETURN)
last_line = response_list[-1]
for pattern in strings_to_strip:
if re.search(pattern, last_line):
return self.RESPONSE_RETURN.join(response_list[:-1])
return a_string
def cleanup(self, command: str = "exit") -> None:
"""Gracefully exit the SSH session."""
try:
# The pattern="" forces use of send_command_timing
if self.check_config_mode(pattern=""):
self.exit_config_mode()
except Exception:
pass
# Always try to send final 'exit' (command)
self._session_log_fin = True
self.write_channel(command + self.RETURN)
class PaloAltoPanosSSH(PaloAltoPanosBase):
def _build_ssh_client(self) -> SSHClient:
"""Prepare for Paramiko SSH connection."""
# Create instance of SSHClient object
# If not using SSH keys, we use noauth
if not self.use_keys:
remote_conn_pre: SSHClient = SSHClient_interactive()
else:
remote_conn_pre = SSHClient()
# Load host_keys for better SSH security
if self.system_host_keys:
remote_conn_pre.load_system_host_keys()
if self.alt_host_keys and path.isfile(self.alt_key_file):
remote_conn_pre.load_host_keys(self.alt_key_file)
# Default is to automatically add untrusted hosts (make sure appropriate for your env)
remote_conn_pre.set_missing_host_key_policy(self.key_policy)
return remote_conn_pre
class PaloAltoPanosTelnet(PaloAltoPanosBase):
pass
Classes
class PaloAltoPanosBase (ip: str = '', host: str = '', username: str = '', password: Optional[str] = None, secret: str = '', port: Optional[int] = None, device_type: str = '', verbose: bool = False, global_delay_factor: float = 1.0, global_cmd_verify: Optional[bool] = None, use_keys: bool = False, key_file: Optional[str] = None, pkey: Optional[paramiko.pkey.PKey] = None, passphrase: Optional[str] = None, disabled_algorithms: Optional[Dict[str, Any]] = None, disable_sha2_fix: bool = False, allow_agent: bool = False, ssh_strict: bool = False, system_host_keys: bool = False, alt_host_keys: bool = False, alt_key_file: str = '', ssh_config_file: Optional[str] = None, conn_timeout: int = 10, auth_timeout: Optional[int] = None, banner_timeout: int = 15, blocking_timeout: int = 20, timeout: int = 100, session_timeout: int = 60, read_timeout_override: Optional[float] = None, keepalive: int = 0, default_enter: Optional[str] = None, response_return: Optional[str] = None, serial_settings: Optional[Dict[str, Any]] = None, fast_cli: bool = True, session_log: Optional[SessionLog] = None, session_log_record_writes: bool = False, session_log_file_mode: str = 'write', allow_auto_change: bool = False, encoding: str = 'utf-8', sock: Optional[socket.socket] = None, sock_telnet: Optional[Dict[str, Any]] = None, auto_connect: bool = True, delay_factor_compat: bool = False, disable_lf_normalization: bool = False)
-
Implement methods for interacting with PaloAlto devices.
Disables
enable()
andcheck_enable_mode()
methods. Overrides several methods for PaloAlto-specific compatibility.Initialize attributes for establishing connection to target device. :param ip: IP address of target device. Not required if <code>host</code> is provided. :param host: Hostname of target device. Not required if <code>ip</code> is provided. :param username: Username to authenticate against target device if required. :param password: Password to authenticate against target device if required. :param secret: The enable password if target device requires one. :param port: The destination port used to connect to the target device. :param device_type: Class selection based on device type. :param verbose: Enable additional messages to standard output. :param global_delay_factor: Multiplication factor affecting Netmiko delays (default: 1). :param use_keys: Connect to target device using SSH keys. :param key_file: Filename path of the SSH key file to use. :param pkey: SSH key object to use. :param passphrase: Passphrase to use for encrypted key; password will be used for key decryption if not specified. :param disabled_algorithms: Dictionary of SSH algorithms to disable. Refer to the Paramiko documentation for a description of the expected format. :param disable_sha2_fix: Boolean that fixes Paramiko issue with missing server-sig-algs <https://github.com/paramiko/paramiko/issues/1961> (default: False) :param allow_agent: Enable use of SSH key-agent. :param ssh_strict: Automatically reject unknown SSH host keys (default: False, which means unknown SSH host keys will be accepted). :param system_host_keys: Load host keys from the users known_hosts file. :param alt_host_keys: If <code>True</code> host keys will be loaded from the file specified in alt_key_file. :param alt_key_file: SSH host key file to use (if alt_host_keys=True). :param ssh_config_file: File name of OpenSSH configuration file. :param conn_timeout: TCP connection timeout. :param session_timeout: Set a timeout for parallel requests. :param auth_timeout: Set a timeout (in seconds) to wait for an authentication response. :param banner_timeout: Set a timeout to wait for the SSH banner (pass to Paramiko). :param read_timeout_override: Set a timeout that will override the default read_timeout of both send_command and send_command_timing. This is useful for 3rd party libraries where directly accessing method arguments might be impractical. :param keepalive: Send SSH keepalive packets at a specific interval, in seconds. Currently defaults to 0, for backwards compatibility (it will not attempt to keep the connection alive). :param default_enter: Character(s) to send to correspond to enter key (default:
).
:param response_return: Character(s) to use in normalized return data to represent enter key (default:
)
:param serial_settings: Dictionary of settings for use with serial port (pySerial). :param fast_cli: Provide a way to optimize for performance. Converts select_delay_factor to select smallest of global and specific. Sets default global_delay_factor to .1 (default: True) :param session_log: File path, SessionLog object, or BufferedIOBase subclass object to write the session log to. :param session_log_record_writes: The session log generally only records channel reads due to eliminate command duplication due to command echo. You can enable this if you want to record both channel reads and channel writes in the log (default: False). :param session_log_file_mode: "write" or "append" for session_log file mode (default: "write") :param allow_auto_change: Allow automatic configuration changes for terminal settings. (default: False) :param encoding: Encoding to be used when writing bytes to the output channel. (default: "utf-8") :param sock: An open socket or socket-like object (such as a <code>.Channel</code>) to use for communication to the target host (default: None). :param sock_telnet: A dictionary of telnet socket parameters (SOCKS proxy). See telnet_proxy.py code for details. :param global_cmd_verify: Control whether command echo verification is enabled or disabled (default: None). Global attribute takes precedence over function <code>cmd\_verify</code> argument. Value of <code>None</code> indicates to use function <code>cmd\_verify</code> argument. :param auto_connect: Control whether Netmiko automatically establishes the connection as part of the object creation (default: True). :param delay_factor_compat: Set send_command and send_command_timing back to using Netmiko 3.x behavior for delay_factor/global_delay_factor/max_loops. This argument will be eliminated in Netmiko 5.x (default: False). :param disable_lf_normalization: Disable Netmiko's linefeed normalization behavior (default: False)
Expand source code
class PaloAltoPanosBase(NoEnable, BaseConnection): """ Implement methods for interacting with PaloAlto devices. Disables `enable()` and `check_enable_mode()` methods. Overrides several methods for PaloAlto-specific compatibility. """ def session_preparation(self) -> None: """ Prepare the session after the connection has been established. Disable paging (the '--more--' prompts). Set the base prompt for interaction ('>'). """ self.ansi_escape_codes = True self._test_channel_read(pattern=r"[>#]") self.disable_paging( command="set cli scripting-mode on", cmd_verify=False, pattern=r"[>#].*mode on", ) self.set_terminal_width( command="set cli terminal width 500", pattern=r"set cli terminal width 500" ) self.disable_paging(command="set cli pager off") self.set_base_prompt() # PA devices can be really slow--try to make sure we are caught up self.write_channel("show admins\n") self._test_channel_read(pattern=r"Client") self._test_channel_read(pattern=r"[>#]") def find_prompt( self, delay_factor: float = 5.0, pattern: Optional[str] = None ) -> str: """PA devices can be very slow to respond (in certain situations)""" return super().find_prompt(delay_factor=delay_factor, pattern=pattern) def check_config_mode( self, check_string: str = "]", pattern: str = "", force_regex: bool = False ) -> bool: """Checks if the device is in configuration mode or not.""" return super().check_config_mode(check_string=check_string, pattern=pattern) def config_mode( self, config_command: str = "configure", pattern: str = r"#", re_flags: int = 0 ) -> str: """Enter configuration mode.""" return super().config_mode( config_command=config_command, pattern=pattern, re_flags=re_flags ) def exit_config_mode(self, exit_config: str = "exit", pattern: str = r">") -> str: """Exit configuration mode.""" return super().exit_config_mode(exit_config=exit_config, pattern=pattern) def commit( self, comment: str = "", force: bool = False, partial: bool = False, device_and_network: bool = False, policy_and_objects: bool = False, vsys: str = "", no_vsys: bool = False, read_timeout: float = 120.0, delay_factor: Optional[float] = None, ) -> str: """ Commit the candidate configuration. Commit the entered configuration. Raise an error and return the failure if the commit fails. Automatically enters configuration mode default: command_string = commit (device_and_network or policy_and_objects or vsys or no_vsys) and not partial: Exception delay_factor: Deprecated in Netmiko 4.x. Will be eliminated in Netmiko 5. """ if delay_factor is not None: warnings.warn(DELAY_FACTOR_DEPR_SIMPLE_MSG, DeprecationWarning) if ( device_and_network or policy_and_objects or vsys or no_vsys ) and not partial: raise ValueError( "'partial' must be True when using " "device_and_network or policy_and_objects " "or vsys or no_vsys." ) # Select proper command string based on arguments provided command_string = "commit" commit_marker = "configuration committed successfully" if comment: command_string += f' description "{comment}"' if force: command_string += " force" if partial: command_string += " partial" if vsys: command_string += f" {vsys}" if device_and_network: command_string += " device-and-network" if policy_and_objects: command_string += " device-and-network" if no_vsys: command_string += " no-vsys" command_string += " excluded" # Enter config mode (if necessary) output = self.config_mode() output += self._send_command_str( command_string, strip_prompt=False, strip_command=False, expect_string="100%", read_timeout=read_timeout, ) output += self.exit_config_mode() if commit_marker not in output.lower(): raise ValueError(f"Commit failed with the following errors:\n\n{output}") return output def strip_command(self, command_string: str, output: str) -> str: """Strip command_string from output string.""" output_list = output.split(command_string) return self.RESPONSE_RETURN.join(output_list) def strip_prompt(self, a_string: str) -> str: """Strip the trailing router prompt from the output.""" response_list = a_string.split(self.RESPONSE_RETURN) new_response_list = [] for line in response_list: if self.base_prompt not in line: new_response_list.append(line) output = self.RESPONSE_RETURN.join(new_response_list) return self.strip_context_items(output) def strip_context_items(self, a_string: str) -> str: """Strip PaloAlto-specific output. PaloAlto will also put a configuration context: [edit] This method removes those lines. """ strings_to_strip = [r"\[edit.*\]"] response_list = a_string.split(self.RESPONSE_RETURN) last_line = response_list[-1] for pattern in strings_to_strip: if re.search(pattern, last_line): return self.RESPONSE_RETURN.join(response_list[:-1]) return a_string def cleanup(self, command: str = "exit") -> None: """Gracefully exit the SSH session.""" try: # The pattern="" forces use of send_command_timing if self.check_config_mode(pattern=""): self.exit_config_mode() except Exception: pass # Always try to send final 'exit' (command) self._session_log_fin = True self.write_channel(command + self.RETURN)
Ancestors
Subclasses
Methods
def check_config_mode(self, check_string: str = ']', pattern: str = '', force_regex: bool = False) ‑> bool
-
Checks if the device is in configuration mode or not.
Expand source code
def check_config_mode( self, check_string: str = "]", pattern: str = "", force_regex: bool = False ) -> bool: """Checks if the device is in configuration mode or not.""" return super().check_config_mode(check_string=check_string, pattern=pattern)
def cleanup(self, command: str = 'exit') ‑> None
-
Gracefully exit the SSH session.
Expand source code
def cleanup(self, command: str = "exit") -> None: """Gracefully exit the SSH session.""" try: # The pattern="" forces use of send_command_timing if self.check_config_mode(pattern=""): self.exit_config_mode() except Exception: pass # Always try to send final 'exit' (command) self._session_log_fin = True self.write_channel(command + self.RETURN)
def commit(self, comment: str = '', force: bool = False, partial: bool = False, device_and_network: bool = False, policy_and_objects: bool = False, vsys: str = '', no_vsys: bool = False, read_timeout: float = 120.0, delay_factor: Optional[float] = None) ‑> str
-
Commit the candidate configuration.
Commit the entered configuration. Raise an error and return the failure if the commit fails.
Automatically enters configuration mode
default: command_string = commit (device_and_network or policy_and_objects or vsys or no_vsys) and not partial: Exception
delay_factor: Deprecated in Netmiko 4.x. Will be eliminated in Netmiko 5.
Expand source code
def commit( self, comment: str = "", force: bool = False, partial: bool = False, device_and_network: bool = False, policy_and_objects: bool = False, vsys: str = "", no_vsys: bool = False, read_timeout: float = 120.0, delay_factor: Optional[float] = None, ) -> str: """ Commit the candidate configuration. Commit the entered configuration. Raise an error and return the failure if the commit fails. Automatically enters configuration mode default: command_string = commit (device_and_network or policy_and_objects or vsys or no_vsys) and not partial: Exception delay_factor: Deprecated in Netmiko 4.x. Will be eliminated in Netmiko 5. """ if delay_factor is not None: warnings.warn(DELAY_FACTOR_DEPR_SIMPLE_MSG, DeprecationWarning) if ( device_and_network or policy_and_objects or vsys or no_vsys ) and not partial: raise ValueError( "'partial' must be True when using " "device_and_network or policy_and_objects " "or vsys or no_vsys." ) # Select proper command string based on arguments provided command_string = "commit" commit_marker = "configuration committed successfully" if comment: command_string += f' description "{comment}"' if force: command_string += " force" if partial: command_string += " partial" if vsys: command_string += f" {vsys}" if device_and_network: command_string += " device-and-network" if policy_and_objects: command_string += " device-and-network" if no_vsys: command_string += " no-vsys" command_string += " excluded" # Enter config mode (if necessary) output = self.config_mode() output += self._send_command_str( command_string, strip_prompt=False, strip_command=False, expect_string="100%", read_timeout=read_timeout, ) output += self.exit_config_mode() if commit_marker not in output.lower(): raise ValueError(f"Commit failed with the following errors:\n\n{output}") return output
def config_mode(self, config_command: str = 'configure', pattern: str = '#', re_flags: int = 0) ‑> str
-
Enter configuration mode.
Expand source code
def config_mode( self, config_command: str = "configure", pattern: str = r"#", re_flags: int = 0 ) -> str: """Enter configuration mode.""" return super().config_mode( config_command=config_command, pattern=pattern, re_flags=re_flags )
def exit_config_mode(self, exit_config: str = 'exit', pattern: str = '>') ‑> str
-
Exit configuration mode.
Expand source code
def exit_config_mode(self, exit_config: str = "exit", pattern: str = r">") -> str: """Exit configuration mode.""" return super().exit_config_mode(exit_config=exit_config, pattern=pattern)
def find_prompt(self, delay_factor: float = 5.0, pattern: Optional[str] = None) ‑> str
-
PA devices can be very slow to respond (in certain situations)
Expand source code
def find_prompt( self, delay_factor: float = 5.0, pattern: Optional[str] = None ) -> str: """PA devices can be very slow to respond (in certain situations)""" return super().find_prompt(delay_factor=delay_factor, pattern=pattern)
def session_preparation(self) ‑> None
-
Prepare the session after the connection has been established.
Disable paging (the '–more–' prompts). Set the base prompt for interaction ('>').
Expand source code
def session_preparation(self) -> None: """ Prepare the session after the connection has been established. Disable paging (the '--more--' prompts). Set the base prompt for interaction ('>'). """ self.ansi_escape_codes = True self._test_channel_read(pattern=r"[>#]") self.disable_paging( command="set cli scripting-mode on", cmd_verify=False, pattern=r"[>#].*mode on", ) self.set_terminal_width( command="set cli terminal width 500", pattern=r"set cli terminal width 500" ) self.disable_paging(command="set cli pager off") self.set_base_prompt() # PA devices can be really slow--try to make sure we are caught up self.write_channel("show admins\n") self._test_channel_read(pattern=r"Client") self._test_channel_read(pattern=r"[>#]")
def strip_command(self, command_string: str, output: str) ‑> str
-
Strip command_string from output string.
Expand source code
def strip_command(self, command_string: str, output: str) -> str: """Strip command_string from output string.""" output_list = output.split(command_string) return self.RESPONSE_RETURN.join(output_list)
def strip_context_items(self, a_string: str) ‑> str
-
Strip PaloAlto-specific output.
PaloAlto will also put a configuration context: [edit]
This method removes those lines.
Expand source code
def strip_context_items(self, a_string: str) -> str: """Strip PaloAlto-specific output. PaloAlto will also put a configuration context: [edit] This method removes those lines. """ strings_to_strip = [r"\[edit.*\]"] response_list = a_string.split(self.RESPONSE_RETURN) last_line = response_list[-1] for pattern in strings_to_strip: if re.search(pattern, last_line): return self.RESPONSE_RETURN.join(response_list[:-1]) return a_string
def strip_prompt(self, a_string: str) ‑> str
-
Strip the trailing router prompt from the output.
Expand source code
def strip_prompt(self, a_string: str) -> str: """Strip the trailing router prompt from the output.""" response_list = a_string.split(self.RESPONSE_RETURN) new_response_list = [] for line in response_list: if self.base_prompt not in line: new_response_list.append(line) output = self.RESPONSE_RETURN.join(new_response_list) return self.strip_context_items(output)
Inherited members
BaseConnection
:check_enable_mode
clear_buffer
disable_paging
disconnect
enable
establish_connection
exit_enable_mode
is_alive
normalize_cmd
normalize_linefeeds
paramiko_cleanup
read_channel
read_channel_timing
read_until_pattern
read_until_prompt
read_until_prompt_or_pattern
run_ttp
save_config
select_delay_factor
send_command
send_command_expect
send_command_timing
send_config_from_file
send_config_set
send_multiline
set_base_prompt
set_terminal_width
special_login_handler
strip_ansi_escape_codes
strip_backspaces
telnet_login
write_channel
class PaloAltoPanosSSH (ip: str = '', host: str = '', username: str = '', password: Optional[str] = None, secret: str = '', port: Optional[int] = None, device_type: str = '', verbose: bool = False, global_delay_factor: float = 1.0, global_cmd_verify: Optional[bool] = None, use_keys: bool = False, key_file: Optional[str] = None, pkey: Optional[paramiko.pkey.PKey] = None, passphrase: Optional[str] = None, disabled_algorithms: Optional[Dict[str, Any]] = None, disable_sha2_fix: bool = False, allow_agent: bool = False, ssh_strict: bool = False, system_host_keys: bool = False, alt_host_keys: bool = False, alt_key_file: str = '', ssh_config_file: Optional[str] = None, conn_timeout: int = 10, auth_timeout: Optional[int] = None, banner_timeout: int = 15, blocking_timeout: int = 20, timeout: int = 100, session_timeout: int = 60, read_timeout_override: Optional[float] = None, keepalive: int = 0, default_enter: Optional[str] = None, response_return: Optional[str] = None, serial_settings: Optional[Dict[str, Any]] = None, fast_cli: bool = True, session_log: Optional[SessionLog] = None, session_log_record_writes: bool = False, session_log_file_mode: str = 'write', allow_auto_change: bool = False, encoding: str = 'utf-8', sock: Optional[socket.socket] = None, sock_telnet: Optional[Dict[str, Any]] = None, auto_connect: bool = True, delay_factor_compat: bool = False, disable_lf_normalization: bool = False)
-
Implement methods for interacting with PaloAlto devices.
Disables
enable()
andcheck_enable_mode()
methods. Overrides several methods for PaloAlto-specific compatibility.Initialize attributes for establishing connection to target device. :param ip: IP address of target device. Not required if <code>host</code> is provided. :param host: Hostname of target device. Not required if <code>ip</code> is provided. :param username: Username to authenticate against target device if required. :param password: Password to authenticate against target device if required. :param secret: The enable password if target device requires one. :param port: The destination port used to connect to the target device. :param device_type: Class selection based on device type. :param verbose: Enable additional messages to standard output. :param global_delay_factor: Multiplication factor affecting Netmiko delays (default: 1). :param use_keys: Connect to target device using SSH keys. :param key_file: Filename path of the SSH key file to use. :param pkey: SSH key object to use. :param passphrase: Passphrase to use for encrypted key; password will be used for key decryption if not specified. :param disabled_algorithms: Dictionary of SSH algorithms to disable. Refer to the Paramiko documentation for a description of the expected format. :param disable_sha2_fix: Boolean that fixes Paramiko issue with missing server-sig-algs <https://github.com/paramiko/paramiko/issues/1961> (default: False) :param allow_agent: Enable use of SSH key-agent. :param ssh_strict: Automatically reject unknown SSH host keys (default: False, which means unknown SSH host keys will be accepted). :param system_host_keys: Load host keys from the users known_hosts file. :param alt_host_keys: If <code>True</code> host keys will be loaded from the file specified in alt_key_file. :param alt_key_file: SSH host key file to use (if alt_host_keys=True). :param ssh_config_file: File name of OpenSSH configuration file. :param conn_timeout: TCP connection timeout. :param session_timeout: Set a timeout for parallel requests. :param auth_timeout: Set a timeout (in seconds) to wait for an authentication response. :param banner_timeout: Set a timeout to wait for the SSH banner (pass to Paramiko). :param read_timeout_override: Set a timeout that will override the default read_timeout of both send_command and send_command_timing. This is useful for 3rd party libraries where directly accessing method arguments might be impractical. :param keepalive: Send SSH keepalive packets at a specific interval, in seconds. Currently defaults to 0, for backwards compatibility (it will not attempt to keep the connection alive). :param default_enter: Character(s) to send to correspond to enter key (default:
).
:param response_return: Character(s) to use in normalized return data to represent enter key (default:
)
:param serial_settings: Dictionary of settings for use with serial port (pySerial). :param fast_cli: Provide a way to optimize for performance. Converts select_delay_factor to select smallest of global and specific. Sets default global_delay_factor to .1 (default: True) :param session_log: File path, SessionLog object, or BufferedIOBase subclass object to write the session log to. :param session_log_record_writes: The session log generally only records channel reads due to eliminate command duplication due to command echo. You can enable this if you want to record both channel reads and channel writes in the log (default: False). :param session_log_file_mode: "write" or "append" for session_log file mode (default: "write") :param allow_auto_change: Allow automatic configuration changes for terminal settings. (default: False) :param encoding: Encoding to be used when writing bytes to the output channel. (default: "utf-8") :param sock: An open socket or socket-like object (such as a <code>.Channel</code>) to use for communication to the target host (default: None). :param sock_telnet: A dictionary of telnet socket parameters (SOCKS proxy). See telnet_proxy.py code for details. :param global_cmd_verify: Control whether command echo verification is enabled or disabled (default: None). Global attribute takes precedence over function <code>cmd\_verify</code> argument. Value of <code>None</code> indicates to use function <code>cmd\_verify</code> argument. :param auto_connect: Control whether Netmiko automatically establishes the connection as part of the object creation (default: True). :param delay_factor_compat: Set send_command and send_command_timing back to using Netmiko 3.x behavior for delay_factor/global_delay_factor/max_loops. This argument will be eliminated in Netmiko 5.x (default: False). :param disable_lf_normalization: Disable Netmiko's linefeed normalization behavior (default: False)
Expand source code
class PaloAltoPanosSSH(PaloAltoPanosBase): def _build_ssh_client(self) -> SSHClient: """Prepare for Paramiko SSH connection.""" # Create instance of SSHClient object # If not using SSH keys, we use noauth if not self.use_keys: remote_conn_pre: SSHClient = SSHClient_interactive() else: remote_conn_pre = SSHClient() # Load host_keys for better SSH security if self.system_host_keys: remote_conn_pre.load_system_host_keys() if self.alt_host_keys and path.isfile(self.alt_key_file): remote_conn_pre.load_host_keys(self.alt_key_file) # Default is to automatically add untrusted hosts (make sure appropriate for your env) remote_conn_pre.set_missing_host_key_policy(self.key_policy) return remote_conn_pre
Ancestors
Inherited members
PaloAltoPanosBase
:check_config_mode
check_enable_mode
cleanup
clear_buffer
commit
config_mode
disable_paging
disconnect
enable
establish_connection
exit_config_mode
exit_enable_mode
find_prompt
is_alive
normalize_cmd
normalize_linefeeds
paramiko_cleanup
read_channel
read_channel_timing
read_until_pattern
read_until_prompt
read_until_prompt_or_pattern
run_ttp
save_config
select_delay_factor
send_command
send_command_expect
send_command_timing
send_config_from_file
send_config_set
send_multiline
session_preparation
set_base_prompt
set_terminal_width
special_login_handler
strip_ansi_escape_codes
strip_backspaces
strip_command
strip_context_items
strip_prompt
telnet_login
write_channel
class PaloAltoPanosTelnet (ip: str = '', host: str = '', username: str = '', password: Optional[str] = None, secret: str = '', port: Optional[int] = None, device_type: str = '', verbose: bool = False, global_delay_factor: float = 1.0, global_cmd_verify: Optional[bool] = None, use_keys: bool = False, key_file: Optional[str] = None, pkey: Optional[paramiko.pkey.PKey] = None, passphrase: Optional[str] = None, disabled_algorithms: Optional[Dict[str, Any]] = None, disable_sha2_fix: bool = False, allow_agent: bool = False, ssh_strict: bool = False, system_host_keys: bool = False, alt_host_keys: bool = False, alt_key_file: str = '', ssh_config_file: Optional[str] = None, conn_timeout: int = 10, auth_timeout: Optional[int] = None, banner_timeout: int = 15, blocking_timeout: int = 20, timeout: int = 100, session_timeout: int = 60, read_timeout_override: Optional[float] = None, keepalive: int = 0, default_enter: Optional[str] = None, response_return: Optional[str] = None, serial_settings: Optional[Dict[str, Any]] = None, fast_cli: bool = True, session_log: Optional[SessionLog] = None, session_log_record_writes: bool = False, session_log_file_mode: str = 'write', allow_auto_change: bool = False, encoding: str = 'utf-8', sock: Optional[socket.socket] = None, sock_telnet: Optional[Dict[str, Any]] = None, auto_connect: bool = True, delay_factor_compat: bool = False, disable_lf_normalization: bool = False)
-
Implement methods for interacting with PaloAlto devices.
Disables
enable()
andcheck_enable_mode()
methods. Overrides several methods for PaloAlto-specific compatibility.Initialize attributes for establishing connection to target device. :param ip: IP address of target device. Not required if <code>host</code> is provided. :param host: Hostname of target device. Not required if <code>ip</code> is provided. :param username: Username to authenticate against target device if required. :param password: Password to authenticate against target device if required. :param secret: The enable password if target device requires one. :param port: The destination port used to connect to the target device. :param device_type: Class selection based on device type. :param verbose: Enable additional messages to standard output. :param global_delay_factor: Multiplication factor affecting Netmiko delays (default: 1). :param use_keys: Connect to target device using SSH keys. :param key_file: Filename path of the SSH key file to use. :param pkey: SSH key object to use. :param passphrase: Passphrase to use for encrypted key; password will be used for key decryption if not specified. :param disabled_algorithms: Dictionary of SSH algorithms to disable. Refer to the Paramiko documentation for a description of the expected format. :param disable_sha2_fix: Boolean that fixes Paramiko issue with missing server-sig-algs <https://github.com/paramiko/paramiko/issues/1961> (default: False) :param allow_agent: Enable use of SSH key-agent. :param ssh_strict: Automatically reject unknown SSH host keys (default: False, which means unknown SSH host keys will be accepted). :param system_host_keys: Load host keys from the users known_hosts file. :param alt_host_keys: If <code>True</code> host keys will be loaded from the file specified in alt_key_file. :param alt_key_file: SSH host key file to use (if alt_host_keys=True). :param ssh_config_file: File name of OpenSSH configuration file. :param conn_timeout: TCP connection timeout. :param session_timeout: Set a timeout for parallel requests. :param auth_timeout: Set a timeout (in seconds) to wait for an authentication response. :param banner_timeout: Set a timeout to wait for the SSH banner (pass to Paramiko). :param read_timeout_override: Set a timeout that will override the default read_timeout of both send_command and send_command_timing. This is useful for 3rd party libraries where directly accessing method arguments might be impractical. :param keepalive: Send SSH keepalive packets at a specific interval, in seconds. Currently defaults to 0, for backwards compatibility (it will not attempt to keep the connection alive). :param default_enter: Character(s) to send to correspond to enter key (default:
).
:param response_return: Character(s) to use in normalized return data to represent enter key (default:
)
:param serial_settings: Dictionary of settings for use with serial port (pySerial). :param fast_cli: Provide a way to optimize for performance. Converts select_delay_factor to select smallest of global and specific. Sets default global_delay_factor to .1 (default: True) :param session_log: File path, SessionLog object, or BufferedIOBase subclass object to write the session log to. :param session_log_record_writes: The session log generally only records channel reads due to eliminate command duplication due to command echo. You can enable this if you want to record both channel reads and channel writes in the log (default: False). :param session_log_file_mode: "write" or "append" for session_log file mode (default: "write") :param allow_auto_change: Allow automatic configuration changes for terminal settings. (default: False) :param encoding: Encoding to be used when writing bytes to the output channel. (default: "utf-8") :param sock: An open socket or socket-like object (such as a <code>.Channel</code>) to use for communication to the target host (default: None). :param sock_telnet: A dictionary of telnet socket parameters (SOCKS proxy). See telnet_proxy.py code for details. :param global_cmd_verify: Control whether command echo verification is enabled or disabled (default: None). Global attribute takes precedence over function <code>cmd\_verify</code> argument. Value of <code>None</code> indicates to use function <code>cmd\_verify</code> argument. :param auto_connect: Control whether Netmiko automatically establishes the connection as part of the object creation (default: True). :param delay_factor_compat: Set send_command and send_command_timing back to using Netmiko 3.x behavior for delay_factor/global_delay_factor/max_loops. This argument will be eliminated in Netmiko 5.x (default: False). :param disable_lf_normalization: Disable Netmiko's linefeed normalization behavior (default: False)
Expand source code
class PaloAltoPanosTelnet(PaloAltoPanosBase): pass
Ancestors
Inherited members
PaloAltoPanosBase
:check_config_mode
check_enable_mode
cleanup
clear_buffer
commit
config_mode
disable_paging
disconnect
enable
establish_connection
exit_config_mode
exit_enable_mode
find_prompt
is_alive
normalize_cmd
normalize_linefeeds
paramiko_cleanup
read_channel
read_channel_timing
read_until_pattern
read_until_prompt
read_until_prompt_or_pattern
run_ttp
save_config
select_delay_factor
send_command
send_command_expect
send_command_timing
send_config_from_file
send_config_set
send_multiline
session_preparation
set_base_prompt
set_terminal_width
special_login_handler
strip_ansi_escape_codes
strip_backspaces
strip_command
strip_context_items
strip_prompt
telnet_login
write_channel
class SSHClient_interactive
-
Set noauth when manually handling SSH authentication.
Create a new SSHClient.
Expand source code
class SSHClient_interactive(SSHClient): """Set noauth when manually handling SSH authentication.""" def pa_banner_handler( self, title: str, instructions: str, prompt_list: List[Tuple[str, bool]] ) -> List[str]: resp = [] for prompt, echo in prompt_list: if "Do you accept" in prompt: resp.append("yes") elif "ssword" in prompt: assert isinstance(self.password, str) resp.append(self.password) return resp def _auth(self, username: str, password: str, *args: Any) -> None: """ _auth: args as of aug-2021 self, username, password, pkey, key_filenames, allow_agent, look_for_keys, gss_auth, gss_kex, gss_deleg_creds, gss_host, passphrase, """ # Just gets the password up to the pa_banner_handler self.password = password transport = self.get_transport() assert isinstance(transport, Transport) transport.auth_interactive(username, handler=self.pa_banner_handler) return
Ancestors
- paramiko.client.SSHClient
- paramiko.util.ClosingContextManager
Methods
-
Expand source code
def pa_banner_handler( self, title: str, instructions: str, prompt_list: List[Tuple[str, bool]] ) -> List[str]: resp = [] for prompt, echo in prompt_list: if "Do you accept" in prompt: resp.append("yes") elif "ssword" in prompt: assert isinstance(self.password, str) resp.append(self.password) return resp