diff --git a/ssh_client.py b/ssh_client.py index f299f95..e832570 100644 --- a/ssh_client.py +++ b/ssh_client.py @@ -14,6 +14,14 @@ from parser import (parse_lldp_neighbors, parse_mgmt_ip_from_interfaces, logger = logging.getLogger(__name__) +# Disable paramiko's keyboard-interactive fallback so each switch gets exactly +# one auth attempt against RADIUS/AD instead of two. +import paramiko.transport as _pt +_orig_auth_password = _pt.Transport.auth_password +def _auth_password_no_fallback(self, username, password, event=None, fallback=False): + return _orig_auth_password(self, username, password, event=event, fallback=fallback) +_pt.Transport.auth_password = _auth_password_no_fallback + # Serialise SSH logins — only one handshake/auth at a time to avoid RADIUS lockout _login_lock = threading.Semaphore(1) @@ -42,7 +50,6 @@ def connect_and_query(ip, login_delay=3): logger.info(f"Connecting to {ip}...") # Allow legacy ssh-rsa keys used by FS switches - import paramiko.transport as _pt _orig_preferred_keys = _pt.Transport._preferred_keys _pt.Transport._preferred_keys = ( "ssh-rsa", "rsa-sha2-256", "rsa-sha2-512",