pyATS + unicon = great way of jumping through SSH proxies and bastions

Hello

For the last year i’ve been trying to find a way to implement yaml-based configs on my routers located behind a non-typical jumphost. On this jumphost i need to type „connect <hostname>” to get to my routers. Ansible cannot do this by default because it uses paramiko or native SSH to connect to devices.
Today i’ve found the Unicon library used in pyAts. The code turned out to be super easy:

from unicon import Connection

proxy_conn = Connection(hostname='mybastion', start=['ssh myusername@1.1.1.1 -p 722'], os='linux', credentials={'default': {'username': 'admin', 'password': 'mystupidpassword'}})

c = Connection(hostname='Router1', start=['connect Router1'], os='ios', proxy_connections=[proxy_conn])
c.connect()

As easy as pie. This works on my ubuntu 16.04 with python 3.8. Unfortunately, this works neither in Windows python nor on Ubuntu WSL. (I’m pretty sure it will work in WSL 2 when my windows is updated to windows 10 2004 version, we’ll see).
The next step will be to do the same in yaml, then prepare a playbook in yaml (or whatever pyats calls the task lists).

The example on unicon website looks like this so i suspect something similar:

devices:
  jumphost:
    os: linux
    type: linux
    connections:
      cli:
        protocol: ssh
        ip: 1.1.1.1
        port: 722
  Router:
    os: ios
    type: router
    connections:
      defaults:
        class: unicon.Unicon
      cli:
        command: connect Router1
        proxy: jumphost

Skomentuj

Wprowadź swoje dane lub kliknij jedną z tych ikon, aby się zalogować:

Logo WordPress.com

Komentujesz korzystając z konta WordPress.com. Wyloguj /  Zmień )

Zdjęcie na Google

Komentujesz korzystając z konta Google. Wyloguj /  Zmień )

Zdjęcie z Twittera

Komentujesz korzystając z konta Twitter. Wyloguj /  Zmień )

Zdjęcie na Facebooku

Komentujesz korzystając z konta Facebook. Wyloguj /  Zmień )

Połączenie z %s