Off late I have been required to access the network devices through a JumpHost. One of the easiest methods to do this was using python’s netmiko module. My setup looks like this
Windows Machine ——- SSH tunnel ——- Linux JumpHost ——-SSH to ——- Network Devices
Here are the basic steps that I followed to get this working.
- Create public private key pair on windows machine. There are 2 ways to go about this. I did it using putty but either of the two methods are perfectly fine.
- OpenSSH Client on windows
- Using Putty
PUTTY METHOD
- Launch PuTTYgen and click on generate. Move your mouse in the white space to create randomness
- You could know save the public and private key seperately.
- However, while working with netmiko, you need to export the key as OpenSSH Key.
OpenSSH Method
- Install OpenSSH Client on windows
- Launch powershell/cmd prompt and type “ssh-keygen”
- You could choose a custom location but if not, the default is already chosen for you.
- You can now chose a passphrase if you want and 2 new keys with id_rsa and id_rsa.pub shall be created under
C:\Users\<username>\.ssh directory
. As the name suggests, .pub is the public key and the other one is the private key.
The next step is to copy the public key you just generated to the authorized_hosts directory of the jump server. You can find the authorized_hosts file at this location “~/.ssh/authorized_key
s“
Now is the time to start playing with netmiko to access your network devices
jumpserver = {
"device_type": "terminal_server",
"ip": "<jumphost_ip>",
"username": "<username>",
"global_delay_factor": 5,
"use_keys": True,
"key_file": "<path to openssh key file>",
}
logging.info("Trying to connect Term Server [%s] with user [%s]" % (jumpserver['ip'], jumpserver['username']))
net_connect = ConnectHandler(**jumpserver)
net_connect.write_channel(f"ssh router_username@router_ip\r\n")
time.sleep(5) # enough time for allow login to jumpserver.. It's super slow in my case.
output = net_connect.read_channel()
if 'password' in output.lower(): # 'password' is the prompt i get. check what it is in your case.
net_connect.write_channel(f"router_pass\r\n")
net_connect.secret = router_secret
time.sleep(1) # just enough for login banner to appear
net_connect.enable(cmd='enable') # optional if your device needs enable
redispatch(net_connect, device_type='cisco_ios') # or a suitable device_type to suit your needs.
# find device prompt
# from here on its usual netmiko IOS interaction that you would use.
dev_prompt = net_connect.find_prompt()
You could find a lot more information about netmiko and ideas on what you can do past the above step here