Python 带有 Palo Alto 防火墙的 Paramiko - 没有得到任何信息
Python Paramiko with Palo Alto firewall - not getting any info
我在帕洛阿尔托版本 9.1.10 上使用 python3 和 Paramiko 2.10.3
我创建了这个 python 脚本:
def connect_SSH():
ssh_client = paramiko.SSHClient()
ip='10.x.x.x'
port=22
username='someuser'
password='somepassword'
ssh_client.set_missing_host_key_policy(paramiko.AutoAddPolicy())
ssh_client.connect(ip,port,username,password , look_for_keys=False, allow_agent=False)
remote_conn = ssh_client.invoke_shell()
output = remote_conn.recv(1000)
print(output)
remote_conn.send("\n")
remote_conn.send("show system info\n")
time.sleep(5)
output = remote_conn.recv(50000)
print(output)
connect_SSH()
现在我没有从 palo alto 得到任何数据,这是我收到的:
b'Last login: Wed Apr 6 16:43:18 2022 from 10.x.x.x\r\r\n'
b'\r\nshow system info\r\n'
它只是在重复我在没有数据的情况下执行的命令。我已经尝试了更多方法 运行 即使
stdout = remote_conn.send("show system info\n")
我得到:
b'Last login: Wed Apr 6 16:53:23 2022 from 10.x.x.x\r\r\n'
17
b'show system info\r\n\r\nshow system info\r\n'
我错过了什么?
谢谢。
编辑:
使用这个会产生错误:
stdin, stdout, stderr = ssh_client.exec_command('show system info')
time.sleep(5)
print("OUT", stdout.readlines())
b'Last login: Wed Apr 6 17:05:26 2022 from 10.x.x.x\r\r\n'
OUT []
Traceback (most recent call last):
File "parmiko.py", line 76, in <module>
connect_SSH()
File "parmiko.py", line 52, in connect_SSH
remote_conn.send("\n")
File "/usr/local/lib/python3.6/dist-packages/paramiko/channel.py", line 801, in send
return self._send(s, m)
File "/usr/local/lib/python3.6/dist-packages/paramiko/channel.py", line 1198, in _send
raise socket.error("Socket is closed")
OSError: Socket is closed
最终找到了正确的剧本:使用 panos_type_cmd 模块
- name: DHCP
hosts: localhost
connection: local
vars:
- ansible_python_interpreter: /usr/bin/env python3
roles:
- role: PaloAltoNetworks.paloaltonetworks
gather_facts: False
tasks:
- name: Grab the credentials
include_vars: 'firewall-secrets.yml'
- name: Create DHCP relay on interface
panos_type_cmd:
ip_address: '{{ ip_address }}'
username: '{{ username }}'
password: '{{ password }}'
cmd: "set"
xpath: "/config/devices/entry[@name='localhost.localdomain']/network/dhcp/interface/entry[@name='{{ interface }}']/relay"
element: "<ip><server><member>10.x.x.x1</member></server><enabled>yes</enabled></ip><ip><server><member>10.x.x.x2</member></server><enabled>yes</enabled></ip>"
register: response
- debug:
msg: "{{ response.stdout }}"
msg: "{{ response.stdout_xml }}"
- name: Commit changes
panos_commit:
ip_address: '{{ ip_address }}'
username: '{{ username }}'
password: '{{ password }}'
我在帕洛阿尔托版本 9.1.10 上使用 python3 和 Paramiko 2.10.3
我创建了这个 python 脚本:
def connect_SSH():
ssh_client = paramiko.SSHClient()
ip='10.x.x.x'
port=22
username='someuser'
password='somepassword'
ssh_client.set_missing_host_key_policy(paramiko.AutoAddPolicy())
ssh_client.connect(ip,port,username,password , look_for_keys=False, allow_agent=False)
remote_conn = ssh_client.invoke_shell()
output = remote_conn.recv(1000)
print(output)
remote_conn.send("\n")
remote_conn.send("show system info\n")
time.sleep(5)
output = remote_conn.recv(50000)
print(output)
connect_SSH()
现在我没有从 palo alto 得到任何数据,这是我收到的:
b'Last login: Wed Apr 6 16:43:18 2022 from 10.x.x.x\r\r\n'
b'\r\nshow system info\r\n'
它只是在重复我在没有数据的情况下执行的命令。我已经尝试了更多方法 运行 即使
stdout = remote_conn.send("show system info\n")
我得到:
b'Last login: Wed Apr 6 16:53:23 2022 from 10.x.x.x\r\r\n'
17
b'show system info\r\n\r\nshow system info\r\n'
我错过了什么? 谢谢。
编辑: 使用这个会产生错误:
stdin, stdout, stderr = ssh_client.exec_command('show system info')
time.sleep(5)
print("OUT", stdout.readlines())
b'Last login: Wed Apr 6 17:05:26 2022 from 10.x.x.x\r\r\n'
OUT []
Traceback (most recent call last):
File "parmiko.py", line 76, in <module>
connect_SSH()
File "parmiko.py", line 52, in connect_SSH
remote_conn.send("\n")
File "/usr/local/lib/python3.6/dist-packages/paramiko/channel.py", line 801, in send
return self._send(s, m)
File "/usr/local/lib/python3.6/dist-packages/paramiko/channel.py", line 1198, in _send
raise socket.error("Socket is closed")
OSError: Socket is closed
最终找到了正确的剧本:使用 panos_type_cmd 模块
- name: DHCP
hosts: localhost
connection: local
vars:
- ansible_python_interpreter: /usr/bin/env python3
roles:
- role: PaloAltoNetworks.paloaltonetworks
gather_facts: False
tasks:
- name: Grab the credentials
include_vars: 'firewall-secrets.yml'
- name: Create DHCP relay on interface
panos_type_cmd:
ip_address: '{{ ip_address }}'
username: '{{ username }}'
password: '{{ password }}'
cmd: "set"
xpath: "/config/devices/entry[@name='localhost.localdomain']/network/dhcp/interface/entry[@name='{{ interface }}']/relay"
element: "<ip><server><member>10.x.x.x1</member></server><enabled>yes</enabled></ip><ip><server><member>10.x.x.x2</member></server><enabled>yes</enabled></ip>"
register: response
- debug:
msg: "{{ response.stdout }}"
msg: "{{ response.stdout_xml }}"
- name: Commit changes
panos_commit:
ip_address: '{{ ip_address }}'
username: '{{ username }}'
password: '{{ password }}'