Add TCP pre-flight check before SSH to prevent RADIUS lockout
Unreachable hosts are detected via a 3s socket connect on SSH_PORT before any credentials are sent. Truly offline switches now fail fast without touching RADIUS/AD at all. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
@@ -3,6 +3,7 @@ import re
|
||||
import logging
|
||||
import threading
|
||||
import time
|
||||
import socket
|
||||
from concurrent.futures import ThreadPoolExecutor, as_completed
|
||||
from functools import partial
|
||||
from netmiko import ConnectHandler, NetmikoTimeoutException, NetmikoAuthenticationException
|
||||
@@ -31,6 +32,13 @@ def connect_and_query(ip, login_delay=3):
|
||||
}
|
||||
|
||||
try:
|
||||
# TCP pre-flight — bail before sending any credentials if port 22 is unreachable
|
||||
with socket.socket(socket.AF_INET, socket.SOCK_STREAM) as s:
|
||||
s.settimeout(3)
|
||||
if s.connect_ex((ip, SSH_PORT)) != 0:
|
||||
logger.warning(f"{ip}: port {SSH_PORT} unreachable, skipping")
|
||||
return {"success": False, "ip": ip, "error": "Host unreachable"}
|
||||
|
||||
logger.info(f"Connecting to {ip}...")
|
||||
|
||||
# Allow legacy ssh-rsa keys used by FS switches
|
||||
|
||||
Reference in New Issue
Block a user