Add TCP pre-flight check before SSH to prevent RADIUS lockout
Unreachable hosts are detected via a 3s socket connect on SSH_PORT before any credentials are sent. Truly offline switches now fail fast without touching RADIUS/AD at all. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
@@ -3,6 +3,7 @@ import re
|
|||||||
import logging
|
import logging
|
||||||
import threading
|
import threading
|
||||||
import time
|
import time
|
||||||
|
import socket
|
||||||
from concurrent.futures import ThreadPoolExecutor, as_completed
|
from concurrent.futures import ThreadPoolExecutor, as_completed
|
||||||
from functools import partial
|
from functools import partial
|
||||||
from netmiko import ConnectHandler, NetmikoTimeoutException, NetmikoAuthenticationException
|
from netmiko import ConnectHandler, NetmikoTimeoutException, NetmikoAuthenticationException
|
||||||
@@ -31,6 +32,13 @@ def connect_and_query(ip, login_delay=3):
|
|||||||
}
|
}
|
||||||
|
|
||||||
try:
|
try:
|
||||||
|
# TCP pre-flight — bail before sending any credentials if port 22 is unreachable
|
||||||
|
with socket.socket(socket.AF_INET, socket.SOCK_STREAM) as s:
|
||||||
|
s.settimeout(3)
|
||||||
|
if s.connect_ex((ip, SSH_PORT)) != 0:
|
||||||
|
logger.warning(f"{ip}: port {SSH_PORT} unreachable, skipping")
|
||||||
|
return {"success": False, "ip": ip, "error": "Host unreachable"}
|
||||||
|
|
||||||
logger.info(f"Connecting to {ip}...")
|
logger.info(f"Connecting to {ip}...")
|
||||||
|
|
||||||
# Allow legacy ssh-rsa keys used by FS switches
|
# Allow legacy ssh-rsa keys used by FS switches
|
||||||
|
|||||||
Reference in New Issue
Block a user