-
Notifications
You must be signed in to change notification settings - Fork 1.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
unable to send commands to sophos ssh through netmiko due to readtimeout error. #3362
Comments
Netmiko automatically sends "4" to the above menu: https://github.com/ktbyers/netmiko/blob/develop/netmiko/sophos/sophos_sfos_ssh.py#L30 So that menu is no longer present (when you try to send a "5" or a "3". |
Is there any way to get to the advanced shell, or is it not allowed? |
@capmerah Does the CLI allow you to re-launch the menu or to switch contexts (i.e. can you go from the "console" selection to the "Device Management" selection in the Sophos CLI)? |
@ktbyers The CLI only allows exit to the main menu from the "Device Console" mode by typing "exit". It cannot go from the "console" selection to the "Device Management" selection. |
Hi @ktbyers, I tried to test with current code (self.write_channel("4" + self.RETURN)) that you've highlighted in your first reply,
since it sends "4" automatically, I tried to input "show vpn connection status" which should output the logs in the cli, with expect_string=r">". but it still gives the same error. |
@capmerah Which problem do you want to work on the original problem or the second problem? If the second problem, please include your full exception stack trace for that case. |
Hi @ktbyers , sorry about the confusion. We can try to solve the first problem first. If we can't, we can then move on to the second problem and I'll post full exception stack. |
@capmerah Sounds good.
So can you just use Netmiko to send When you select |
Hi @ktbyers , thanks for your understanding.
But I received the same exceptions about read timeout error due to wrong patterns, even though I changed the expect_string to ">" for main menu and ":" for the rest.
For outputs, here is the output after initial SSH login:
After selecting '5. Device Management', it will immediately prompt to the following menu
Then, selecting '3. Advanced Shell' will immediately go to the following output:
This is for SFOS 20.0.0 latest version from Sophos. |
I would have expected it to be more like this. In other words, you type And then after you hit output = net_connect.send_command("exit", expect_string=r"Select Menu")
output += net_connect.send_command("5", expect_string=r"Select Menu")
output += net_connect.send_command("3", expect_string=r"#") |
Hi @ktbyers , here is the code I modified in accordance to your recommendations:
The results gives the same exception throughout:
|
@capmerah You need to post the full exception stack trace so I can see where the error is happening. You also might need to include the Netmiko session_log so we can see more details on what is happening. Thanks, Kirk |
Hi @ktbyers , Full exception is here:
The following comes from a session logs:
Thanks and regards, |
It looks like you are rejecting option 4?
Does your device/configuration not allow you to select |
Hi @ktbyers , The device/configuration does not reject option 4. |
This:
is ANSI escape codes which are output from the device (and which netmiko will strip off). So you tested the same device (shown here) and sent the number 4 and it worked? I just checked the Netmiko code and it just sends a |
Hi @ktbyers , I manually connect to Sophos through SSH and send '4' and it works I tried testing netmiko to see if its send 4 and ? with only net_connect:
It still show the same exception and same session log outputs. |
@ktbyers The "Invalid Menu Selection" needed to be entered again in order to revert to the main menu and allowing us to select [0-7]. The "Invalid Menu Selection4" and "Invalid Menu Selectionexit" will take no effect and will automatically revert to the main menu. |
I didn't understand your last comment? Netmiko fails on the connection (from your stack trace) and session log as it tries to send So the question I still have is why does sending the |
Hi @ktbyers ,
In normal operations when you see |
Okay, I will see if I can put in a fix... |
Ok, thanks. |
@capmerah Note, there is an environment variable that you can set:
In your case, you could probably set this |
Hi @ktbyers , thanks for the help.
Running with the main code and test multiple commands and expect_strings
All of the test yields same exception results:
And all test yields the same session log output:
One thing I noticed that has changed is |
Can you test this? # I changed the pattern here
self._test_channel_read(pattern=r"Select Menu Number")
"""
Sophos Firmware Version SFOS 18.0.0 GA-Build339
Main Menu
1. Network Configuration
2. System Configuration
3. Route Configuration
4. Device Console
5. Device Management
6. VPN Management
7. Shutdown/Reboot Device
0. Exit
Select Menu Number [0-7]:
"""
# Added time.sleep
import time
time.sleep(2)
self.write_channel(SOPHOS_MENU_DEFAULT + self.RETURN)
self._test_channel_read(pattern=r"[#>]") |
Hi @ktbyers , """SophosXG (SFOS) Firewall support"""
from typing import Any
import time
import os
from netmiko.no_enable import NoEnable
from netmiko.no_config import NoConfig
from netmiko.cisco_base_connection import CiscoSSHConnection
SOPHOS_MENU_DEFAULT = os.getenv("5\r3", "4") #"NETMIKO_SOPHOS_MENU"
class SophosSfosSSH(NoEnable, NoConfig, CiscoSSHConnection):
def session_preparation(self) -> None:
"""Prepare the session after the connection has been established."""
# I changed the pattern here
self._test_channel_read(pattern=r"Select Menu Number")
"""
Sophos Firmware Version SFOS 18.0.0 GA-Build339
Main Menu
1. Network Configuration
2. System Configuration
3. Route Configuration
4. Device Console
5. Device Management
6. VPN Management
7. Shutdown/Reboot Device
0. Exit
Select Menu Number [0-7]:
"""
# Added time.sleep
import time
time.sleep(2)
self.write_channel(SOPHOS_MENU_DEFAULT + self.RETURN)
self._test_channel_read(pattern=r"[#>]")
self.set_base_prompt()
# Clear the read buffer
time.sleep(0.3 * self.global_delay_factor)
self.clear_buffer()
def save_config(self, *args: Any, **kwargs: Any) -> str:
"""Not Implemented"""
raise NotImplementedError ran with my main code: import getpass
from netmiko import ConnectHandler
from getpass import getpass
password = getpass()
ipaddrs = ["10.2.2.254"]
devices = [
{
"device_type": "sophos_sfos_ssh",
"host": ip,
"username": "admin",
"password": password,
"session_log": 'netmiko_session.log'
}
for ip in ipaddrs
]
for device in devices:
print(f'Connecting to the device: {device["host"]}')
with ConnectHandler(**device) as net_connect:
#output = net_connect.send_command("tail -f /log/sslvpn.log")
#output = net_connect.send_command("5\r3")
#output = net_connect.send_command("l", expect_string=r"#")
#output = net_connect.send_command("ls")
#output = net_connect.send_command("ls", expect_string=r"#")
output = net_connect.send_command("")
print(output) Same exceptions as before:
No changes from session logs:
|
Hi, Anything for me to test? |
@capmerah Did you ever get this working? In your above test-code this is wrong:
It should be: SOPHOS_MENU_DEFAULT = "5\r3" |
Hi @ktbyers , Similar results as of
|
@capmerah Can you post your code and your session_log? Thanks, Kirk |
Hi @ktbyers ,
Below is the session_log after the errors from executing above:
Thanks and regards, |
Any idea, why it responds with |
Hi @ktbyers , It seems that I think the |
Let's step back for a second. You should be using the Netmiko You should also be setting the following environment variable (here is how I would do this on Linux, macOS should be similar, you would need to look it up, if you are on Windows):
Note, it is not clear to me whether you have to hit the (i.e. the \r) after the 5 (or just hitting the 5 and then the 3 are sufficient). In other words, you would need to test this on the Sophos device. Because of the above it is possible, that you might set this environment variable to:
Your test code should just be: from netmiko import ConnectHandler
# Just manually verify the directory exists and create it (if necessary)
ip = "10.2.2.254"
s_log = rf"C:\User\username\OneDrive - company\username\Backup config\Sophos Firewall\Netmiko\netmiko_session_{ip}.log"
device = {
"device_type": "sophos_sfos_ssh",
"host": "10.2.2.254",
"username": "admin",
"password": "password",
"session_log": s_log,
}
print(f'Connecting to the device: {device["host"]}')
with ConnectHandler(**device) as net_connect:
# You should send a real Sophos command here
output = net_connect.send_command("\n", expect_string=r"#>")
print(output) If you do the above, what do you see in the |
Hi @ktbyers , Apologies for late reply due to other projects. I have downloaded the I have using setx for path in windows I saved a session_log for each path. The results are the same for both paths according to the
|
Has this issue been abandoned? |
Reference #3489 |
Description of Issue/Question
I received the read timeout error when I run the netmiko to connect to sophos firewall ssh.
The initial output for sophos after login is like this:
I tried ":" as expected string but still the same issue.
I tried "Select Menu Number [0-7]:" as expected string but still the same issue.
Note: Please check https://guides.github.com/features/mastering-markdown/
to see how to properly format your request.
Setup
Netmiko version
Netmiko device_type (if relevant to the issue)
(Paste
device_type
between quotes below)Steps to Reproduce the Issue
run and debug python code from visual studio code
Error Traceback
(Paste the complete traceback of the exception between quotes below)
Relevant Python code
(Please try to essentialize your Python code to the minimum code needed to reproduce the issue)
(Paste the code between the quotes below)
The text was updated successfully, but these errors were encountered: