Problem with old switch

[RenatoPereira91]

NetBox version
What version of NetBox are you currently running?
3.6.2

Describe the bug
After run the script I get this message:

Traceback (most recent call last):
File "/opt/netbox/venv/lib/python3.10/site-packages/netbox_config_diff/compliance/models.py", line 65, in get_actual_config
async with AsyncScrapli(**self.to_scrapli()) as conn:
File "/opt/netbox/venv/lib/python3.10/site-packages/scrapli/driver/base/async_driver.py", line 42, in aenter
await self.open()
File "/opt/netbox/venv/lib/python3.10/site-packages/scrapli/driver/base/async_driver.py", line 84, in open
await self.transport.open()
File "/opt/netbox/venv/lib/python3.10/site-packages/scrapli/transport/plugins/asyncssh/transport.py", line 194, in open
self.session = await asyncio.wait_for(
File "/usr/lib/python3.10/asyncio/tasks.py", line 445, in wait_for
return fut.result()
File "/usr/lib/python3.10/asyncio/tasks.py", line 650, in _wrap_awaitable
return (yield from awaitable.await())
File "/opt/netbox/venv/lib/python3.10/site-packages/asyncssh/connection.py", line 8093, in connect
return await asyncio.wait_for(
File "/usr/lib/python3.10/asyncio/tasks.py", line 408, in wait_for
return await fut
File "/opt/netbox/venv/lib/python3.10/site-packages/asyncssh/connection.py", line 440, in _connect
await options.waiter
File "/opt/netbox/venv/lib/python3.10/site-packages/asyncssh/connection.py", line 1275, in data_received
while self._inpbuf and self._recv_handler():
File "/opt/netbox/venv/lib/python3.10/site-packages/asyncssh/connection.py", line 1522, in _recv_packet
processed = handler.process_packet(pkttype, seq, packet)
File "/opt/netbox/venv/lib/python3.10/site-packages/asyncssh/packet.py", line 237, in process_packet
self._packet_handlers[pkttype](self, pkttype, pktid, packet)
File "/opt/netbox/venv/lib/python3.10/site-packages/asyncssh/connection.py", line 2168, in _process_kexinit
self._enc_alg_cs = self._choose_alg('encryption', self._enc_algs,
File "/opt/netbox/venv/lib/python3.10/site-packages/asyncssh/connection.py", line 1349, in _choose_alg
raise KeyExchangeFailed(
asyncssh.misc.KeyExchangeFailed: No matching encryption algorithm found, sent chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr and received aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc

My switch is old, I can't changer the algorithm, I tried use telnet but I cant found the correct drive.

[miaow2]

Hi @RenatoPereira91, thanks for opening the issue
what are the switch models and os version?

[RenatoPereira91]

Hi @miaow2,

The models is WS-C2960-8TC-L. It's with the IOS 15.

[miaow2]

Unfortunately, I do not have such a device, if I post here a simple script that tries to open a connection with old algorithms, can you run it and post if it is successful or not?

[RenatoPereira91]

@miaow2 yes sure.

I created the a simple script using the scraps library, and I get the connection with the parameters:

connection = {
"host": device,
"auth_username": "cisco",
"auth_password": "cisco",
"auth_strict_key": False,
"transport": "paramiko",
}

I tried found this in your script, but without success kkkk (I dont have most knowledge about dev kk )

If you think better, I can send one email to you.

[miaow2]

there is a dictionary for scrapli connection
https://github.com/miaow2/netbox-config-diff/blob/develop/netbox_config_diff/compliance/models.py#L32

but paramiko does not support async and can not be used in the plugin

[RenatoPereira91]

I understood, send me the script that you would like test.

[miaow2]

the script is below, it only gets "show version" from the device, define host, auth_username and auth_password in the variable DEVICE
before running install scrapli pip install scrapli[asyncssh]
and please test script on devices with newer os versions

import asyncio

from scrapli import AsyncScrapli

DEVICE = {
    "host": "",
    "auth_username": "",
    "auth_password": "",
    "platform": "cisco_iosxe",
    "auth_strict_key": False,
    "transport": "asyncssh",
    "transport_options": {
        "asyncssh": {
            "kex_algs": [
                "curve25519-sha256",
                "curve25519-sha256@libssh.org",
                "curve448-sha512",
                "ecdh-sha2-nistp521",
                "ecdh-sha2-nistp384",
                "ecdh-sha2-nistp256",
                "ecdh-sha2-1.3.132.0.10",
                "diffie-hellman-group-exchange-sha256",
                "diffie-hellman-group14-sha256",
                "diffie-hellman-group15-sha512",
                "diffie-hellman-group16-sha512",
                "diffie-hellman-group17-sha512",
                "diffie-hellman-group18-sha512",
                "diffie-hellman-group14-sha256@ssh.com",
                "diffie-hellman-group14-sha1",
                "rsa2048-sha256",
                "diffie-hellman-group1-sha1",
                "diffie-hellman-group-exchange-sha1",
                "diffie-hellman-group-exchange-sha256",
            ],
            "encryption_algs": [
                "aes256-cbc",
                "aes192-cbc",
                "aes128-cbc",
                "3des-cbc",
                "aes256-ctr",
                "aes192-ctr",
                "aes128-ctr",
                "aes128-gcm@openssh.com",
                "chacha20-poly1305@openssh.com",
            ],
        },
    },
}


async def main():
    async with AsyncScrapli(**DEVICE) as conn:
        result = await conn.send_command("show version")
        print(result.result)


if __name__ == "__main__":
    asyncio.run(main())

[RenatoPereira91]

@miaow2 this code worked

[miaow2]

ok, then I will create a new release with this fix

[RenatoPereira91]

@miaow2 Thank you,

I have more one question, I fixed this code in my lab. I tried test if SNMP is correct, but if I use the "show running-config" it show me failed, with correctly SNMP config, If I use "show running-config | include snmp" work fine.

I tried used the Regex(I used "^((?!snmp).)*$") , but doesn't work because the signal "+" is showed:

[miaow2]

you tried regex with "show running-config" output?

[RenatoPereira91]

Yes, below I send the screenshot:

[miaow2]

I will check at my local setup why this is happening

[RenatoPereira91]

Ok, if you need any help let me know.