3

Hi I am currently learning PyEZ to configure JunOS devices from Python. But I am stuck at a certain problem. I want to be able to create new users through Python but I can't figure out how to enter passwords with python. I have tried many different things but can't seem to make it work. Any advice would be appriciated

from jnpr.junos import Device
from jnpr.junos.utils.config import Config  

dev = Device(host='192.168.56.2', user='root', password='Juniper1')
dev.open()
cu=Config(dev)

new_User='set system login user Read class read-only authentication plain-text-password'
pass_New='Read1234'
pass_Repeat='Read1234'

cu.load(new_User, format='set')
cu.load(pass_New,format='set')
cu.load(pass_Repeat,format='set')

And Here is the Error 

Traceback (most recent call last):
  File "/home/oscar/PycharmProjects/Junos/HelloWorld.py", line 18, in <module>
    cu.load(pass_New,format='set')
  File "/usr/local/lib/python2.7/dist-packages/jnpr/junos/utils/config.py", line 377, in load
    return try_load(rpc_contents, rpc_xattrs)
  File "/usr/local/lib/python2.7/dist-packages/jnpr/junos/utils/config.py", line 343, in try_load
    raise ConfigLoadError(cmd=err.cmd, rsp=err.rsp, errs=err.errs)
jnpr.junos.exception.ConfigLoadError: ConfigLoadError(severity: error, bad_element: Read1234, message: unknown command)
Ghost
  • 3,966
  • 1
  • 25
  • 36
Oscar Deniz Jensen
  • 71
  • 6

2 Answers2

7

When you're using PyEZ to apply configuration, the module is expecting atomic configuration blobs; it is not just a replacement for the interactive CLI shell.

The error you are seeing is because you're sending pass_New 'Read1234' when Junos is expecting a specific set command.

To achieve your goal, you'll have to provide the hashed version of the password in your code, and send that as part of the new_User command.

To do this you'll need a hashing module - I use passlib, because crypt() function in OSX spits out hashes that are not compatible with Junos even though they are both BSD variants - go figure.

#!/usr/bin/python
from passlib.hash import md5_crypt
from jnpr.junos import Device
from jnpr.junos.utils.config import Config

username = 'Read'
plaintext = 'toomanysecrets'

dev = Device(host='192.168.56.2', user='root',passwd='Juniper1')
dev.open()
cu=Config(dev)
hashedpassword = md5_crypt.encrypt(plaintext)
set_command = 'set system login user '+username+' class read-only authentication encrypted-password '+hashedpassword
cu.load(set_command, format='set')
dev.commit()
dev.close()
Benjamin Dale
  • 295
  • 3
  • 10
  • Thank you very much, this is exactly what I needed. One small thing is that encrypt() is now deprecated (as of PassLib 1.7), so better to use hash(). I understand it was probably not yet available when you wrote this answer. Also, as I needed sha512 hash, so: >>> from passlib.hash import sha512_crypt >>> sha512_crypt.hash('somepass') – Attila123 Feb 19 '21 at 10:53
  • You’re welcome - I actually come back to this post every now and then when I’ve forgotten how I’ve done it in the past, so thanks for providing the 2021 update : ) – Benjamin Dale Feb 20 '21 at 22:41
1

Also to add why we can't do

new_User='set system login user Read class read-only authentication plain-text-password'
pass_New='Read1234'
pass_Repeat='Read1234'

cu.load(new_User, format='set')
cu.load(pass_New,format='set')
cu.load(pass_Repeat,format='set')

I can notice you are trying to type/retupe password using load which is not how load function works. PyEZ in background work on netconf, it's not a screen scrapping. Hence we should not try simulating that. When we call load it tries to load the config via load-configuration rpc.

Nitin Kr
  • 521
  • 2
  • 12