Disable paramiko keyboard-interactive auth fallback
Patches Transport.auth_password at module load to default fallback=False, ensuring each switch produces exactly one RADIUS/AD auth attempt instead of two. Also moves the paramiko.transport import to module level. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
+8
-1
@@ -14,6 +14,14 @@ from parser import (parse_lldp_neighbors, parse_mgmt_ip_from_interfaces,
|
|||||||
|
|
||||||
logger = logging.getLogger(__name__)
|
logger = logging.getLogger(__name__)
|
||||||
|
|
||||||
|
# Disable paramiko's keyboard-interactive fallback so each switch gets exactly
|
||||||
|
# one auth attempt against RADIUS/AD instead of two.
|
||||||
|
import paramiko.transport as _pt
|
||||||
|
_orig_auth_password = _pt.Transport.auth_password
|
||||||
|
def _auth_password_no_fallback(self, username, password, event=None, fallback=False):
|
||||||
|
return _orig_auth_password(self, username, password, event=event, fallback=fallback)
|
||||||
|
_pt.Transport.auth_password = _auth_password_no_fallback
|
||||||
|
|
||||||
# Serialise SSH logins — only one handshake/auth at a time to avoid RADIUS lockout
|
# Serialise SSH logins — only one handshake/auth at a time to avoid RADIUS lockout
|
||||||
_login_lock = threading.Semaphore(1)
|
_login_lock = threading.Semaphore(1)
|
||||||
|
|
||||||
@@ -42,7 +50,6 @@ def connect_and_query(ip, login_delay=3):
|
|||||||
logger.info(f"Connecting to {ip}...")
|
logger.info(f"Connecting to {ip}...")
|
||||||
|
|
||||||
# Allow legacy ssh-rsa keys used by FS switches
|
# Allow legacy ssh-rsa keys used by FS switches
|
||||||
import paramiko.transport as _pt
|
|
||||||
_orig_preferred_keys = _pt.Transport._preferred_keys
|
_orig_preferred_keys = _pt.Transport._preferred_keys
|
||||||
_pt.Transport._preferred_keys = (
|
_pt.Transport._preferred_keys = (
|
||||||
"ssh-rsa", "rsa-sha2-256", "rsa-sha2-512",
|
"ssh-rsa", "rsa-sha2-256", "rsa-sha2-512",
|
||||||
|
|||||||
Reference in New Issue
Block a user