Authentication Failed

Question

Authentication Failed

jlgore opened this issue 2 years ago · comments

Hello and thank you for this project. I am attempting to scan a RouterOS device running version 7.1.3 and I am getting an authentication failure from paramiko. The RouterOS logs say expected msg: 50 got: 5. After some good old fashioned BING searches I saw similar issues opened with an Ansible module (see here: ansible/ansible#55042). I tried a few suggestions mentioned in that thread but did not find luck. Regular ssh user@address -p 2223 works as expected.

python3 main.py -i 172.16.254.1 -p 2223 -u jared+cet1024w -ps PASSWORD
Mikrotik ip address: 172.16.254.1

Traceback (most recent call last):
  File "/Users/jared/routeros-scanner/main.py", line 62, in <module>
    main(args)
  File "/Users/jared/routeros-scanner/main.py", line 28, in main
    ssh_client.connect(hostname=args.ip, port=args.port, username=args.userName, password=args.password)
  File "/usr/local/lib/python3.9/site-packages/paramiko/client.py", line 435, in connect
    self._auth(
  File "/usr/local/lib/python3.9/site-packages/paramiko/client.py", line 766, in _auth
    raise saved_exception
  File "/usr/local/lib/python3.9/site-packages/paramiko/client.py", line 753, in _auth
    self._transport.auth_password(username, password)
  File "/usr/local/lib/python3.9/site-packages/paramiko/transport.py", line 1563, in auth_password
    return self.auth_handler.wait_for_response(my_event)
  File "/usr/local/lib/python3.9/site-packages/paramiko/auth_handler.py", line 244, in wait_for_response
    raise e
paramiko.ssh_exception.AuthenticationException: Authentication failed.`

ben · Answer 1 · Sat Mar 19 2022 03:54:13 GMT+0800 (China Standard Time)

You need to set the paramiko parameter "look_for_keys" to false.

Change line 29 in main.py to this:
ssh_client.connect(hostname=args.ip, port=args.port, username=args.userName, password=args.password, look_for_keys=False)

alexhollerith · Answer 2 · Sat Mar 19 2022 15:00:59 GMT+0800 (China Standard Time)

Had the same problem, setting the paramiko parameter "allow_agent" to "False" seems to work around the problem.

I changed line 28 in main.py to this:

ssh_client.connect(hostname=args.ip, port=args.port, username=args.userName, password=args.password,
 look_for_keys=False, allow_agent=False)

Tarlan Isaev · Answer 3 · Sat Mar 19 2022 23:49:20 GMT+0800 (China Standard Time)

Hm, doesn't help, unfortunately :(

Žiga Povhe · Answer 4 · Mon Mar 21 2022 14:15:29 GMT+0800 (China Standard Time)

You need to set the paramiko parameter "look_for_keys" to false.

Change line 29 in main.py to this: ssh_client.connect(hostname=args.ip, port=args.port, username=args.userName, password=args.password, look_for_keys=False)

Thanks! Worked flawlessly. @organicnz Did you maybe enabled ssh key authentication? Try creating new read-only user for this script and try again ;)

Tarlan Isaev · Answer 5 · Mon Mar 21 2022 16:06:49 GMT+0800 (China Standard Time)

Thanks! Worked flawlessly. @organicnz Did you maybe enabled ssh key authentication? Try creating new read-only user for this script and try again ;)

Thanks for the reply, mate :)
I've just created a new read-only user, but it hasn't helped so far :)

Žiga Povhe · Answer 6 · Mon Mar 21 2022 18:50:41 GMT+0800 (China Standard Time)

@organicnz Looks like you forgot to add allow_agent=False parameter in your ssh_client.connect function

ssh_client.connect(hostname=args.ip, port=args.port, username=args.userName, password=args.password, look_for_keys=False, allow_agent=False)

Tarlan Isaev · Answer 7 · Mon Mar 21 2022 22:00:21 GMT+0800 (China Standard Time)

@organicnz Looks like you forgot to add allow_agent=False parameter in your ssh_client.connect function

ssh_client.connect(hostname=args.ip, port=args.port, username=args.userName, password=args.password, look_for_keys=False, allow_agent=False)

I've tried both ways :)

whytf · Answer 8 · Tue Mar 22 2022 05:16:44 GMT+0800 (China Standard Time)

You need to set the paramiko parameter "look_for_keys" to false.

Change line 29 in main.py to this: ssh_client.connect(hostname=args.ip, port=args.port, username=args.userName, password=args.password, look_for_keys=False)

@organicnz Looks like you forgot to add allow_agent=False parameter in your ssh_client.connect function

ssh_client.connect(hostname=args.ip, port=args.port, username=args.userName, password=args.password, look_for_keys=False, allow_agent=False)

Traceback (most recent call last): File "/root/routeros-scanner/main.py", line 62, in <module> main(args) File "/root/routeros-scanner/main.py", line 31, in main res = command.run_ssh(ssh_client) File "/root/routeros-scanner/commands/dns.py", line 16, in run_ssh sus_dns, recommendation = self.check_results_ssh(res, enabled) File "/root/routeros-scanner/commands/dns.py", line 27, in check_results_ssh if int(item['ttl'].partition('s')[0]) > 200000: ValueError: invalid literal for int() with base 10: '1d'

Martin Dendis · Answer 9 · Tue Mar 22 2022 09:11:17 GMT+0800 (China Standard Time)

Having the same issue on Kubuntu 20.4 (had to install missing module paramiko using python -m pip install paramiko)

$ python3 main.py -i <router-ip> -p <port> -u <user> -ps <passwd>
Mikrotik ip address: <router-ip>

Traceback (most recent call last):
  File "main.py", line 62, in <module>
    main(args)
  File "main.py", line 28, in main
    ssh_client.connect(hostname=args.ip, port=args.port, username=args.userName, password=args.password, look_for_keys=False, allow_agent=False)
  File "/home/martin/.local/lib/python3.8/site-packages/paramiko/client.py", line 435, in connect
    self._auth(
  File "/home/martin/.local/lib/python3.8/site-packages/paramiko/client.py", line 766, in _auth
    raise saved_exception
  File "/home/martin/.local/lib/python3.8/site-packages/paramiko/client.py", line 753, in _auth
    self._transport.auth_password(username, password)
  File "/home/martin/.local/lib/python3.8/site-packages/paramiko/transport.py", line 1563, in auth_password
    return self.auth_handler.wait_for_response(my_event)
  File "/home/martin/.local/lib/python3.8/site-packages/paramiko/auth_handler.py", line 258, in wait_for_response
    raise e
paramiko.ssh_exception.AuthenticationException: Authentication failed.

Tried all possible combinations with/without look_for_keys and allow_agent as suggested above.
Tried to create new read/full access user without/with SSH key, nothing seems to work.

Prisoner2-6-7 · Answer 10 · Wed Mar 23 2022 07:29:50 GMT+0800 (China Standard Time)

You need to set the paramiko parameter "look_for_keys" to false.
Change line 29 in main.py to this: ssh_client.connect(hostname=args.ip, port=args.port, username=args.userName, password=args.password, look_for_keys=False)

@organicnz Looks like you forgot to add allow_agent=False parameter in your ssh_client.connect function
ssh_client.connect(hostname=args.ip, port=args.port, username=args.userName, password=args.password, look_for_keys=False, allow_agent=False)

Traceback (most recent call last): File "/root/routeros-scanner/main.py", line 62, in <module> main(args) File "/root/routeros-scanner/main.py", line 31, in main res = command.run_ssh(ssh_client) File "/root/routeros-scanner/commands/dns.py", line 16, in run_ssh sus_dns, recommendation = self.check_results_ssh(res, enabled) File "/root/routeros-scanner/commands/dns.py", line 27, in check_results_ssh if int(item['ttl'].partition('s')[0]) > 200000: ValueError: invalid literal for int() with base 10: '1d'

I also have the same problem if you check the log file of mikrotik its clearly being authenticate but there's something wrong if the routeros-scanner/commands/dns.py

noafru · Answer 11 · Mon Mar 28 2022 22:56:39 GMT+0800 (China Standard Time)

Hi, we uploaded several in-house fixes for those issues. You can see the updates here: #24