Disable paramiko keyboard-interactive auth fallback
Patches Transport.auth_password at module load to default fallback=False, ensuring each switch produces exactly one RADIUS/AD auth attempt instead of two. Also moves the paramiko.transport import to module level. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
+8
-1
@@ -14,6 +14,14 @@ from parser import (parse_lldp_neighbors, parse_mgmt_ip_from_interfaces,
|
||||
|
||||
logger = logging.getLogger(__name__)
|
||||
|
||||
# Disable paramiko's keyboard-interactive fallback so each switch gets exactly
|
||||
# one auth attempt against RADIUS/AD instead of two.
|
||||
import paramiko.transport as _pt
|
||||
_orig_auth_password = _pt.Transport.auth_password
|
||||
def _auth_password_no_fallback(self, username, password, event=None, fallback=False):
|
||||
return _orig_auth_password(self, username, password, event=event, fallback=fallback)
|
||||
_pt.Transport.auth_password = _auth_password_no_fallback
|
||||
|
||||
# Serialise SSH logins — only one handshake/auth at a time to avoid RADIUS lockout
|
||||
_login_lock = threading.Semaphore(1)
|
||||
|
||||
@@ -42,7 +50,6 @@ def connect_and_query(ip, login_delay=3):
|
||||
logger.info(f"Connecting to {ip}...")
|
||||
|
||||
# Allow legacy ssh-rsa keys used by FS switches
|
||||
import paramiko.transport as _pt
|
||||
_orig_preferred_keys = _pt.Transport._preferred_keys
|
||||
_pt.Transport._preferred_keys = (
|
||||
"ssh-rsa", "rsa-sha2-256", "rsa-sha2-512",
|
||||
|
||||
Reference in New Issue
Block a user