Ssh login user with no password

Hello,

I’m writing testing scripts to be run against units that come with no password set for the root user.

It’s not possible to set passwords.

Searching, I’ve found some conflicting posts that seem to say that this should be supported.

However, whenever I try, it fails. I’ve validated that if I do set a password on a unit and amend the code to use the password, it works as expected, but this is not possible at scale.

Here’s the relevant code:

Open Connection    ${host}
Login              ${username}

List of installed packages

alabaster 0.7.12
apsw 3.35.4.post1
astroid 2.9.3
attrs 21.4.0
Babel 2.9.1
bcrypt 3.2.0
beautifulsoup4 4.10.0
certifi 10001
cffi 1.15.0
chardet 4.0.0
charset-normalizer 2.0.9
chrome-gnome-shell 0.0.0
configobj 5.0.6
cryptography 36.0.0
css-parser 1.0.7
cssselect 1.1.0
cupshelpers 1.0
Cython 0.29.26
distro 1.6.0
dnspython 2.1.0
docutils 0.17.1
feedparser 6.0.8
gaupol 1.9
gdbus_codegen 2.70.2
gemato 16.2
gentoolkit 0.5.1.post1
html2text 2020.1.16
html5-parser 0.4.10
html5lib 1.1
idna 3.3
ifaddr 0.1.7
imagesize 1.3.0
importlib-metadata 4.10.1
installer 0.4.0
isodate 0.6.1
isort 5.10.1
java-config 2.3.1
javatoolkit 0.5.0
jeepney 0.7.1
Jinja2 3.0.3
layman 2.4.3
lazy-object-proxy 1.7.1
lxml 4.7.1
M2Crypto 0.38.0
Mako 1.1.6
Markdown 3.3.6
MarkupSafe 2.0.1
mccabe 0.6.1
mechanize 0.4.7
meld 3.20.4
meson 0.60.3
msgpack 1.0.3
netifaces 0.11.0
numpy 1.22.2
olefile 0.46
packaging 21.3
paramiko 2.9.2
pfl 3.1
Pillow 9.0.0
pip 21.3.1
platformdirs 2.4.1
ply 3.11
portage 3.0.30
psutil 5.7.3
pycairo 1.20.1
pychm 0.8.6
pycparser 2.21
pycryptodome 3.12.0
pycups 2.0.1
pygame 2.1.0
Pygments 2.11.2
PyGObject 3.42.0
pylint 2.12.2
PyNaCl 1.4.0
pyparsing 3.0.6
PyQt-builder 1.12.2
PyQt5 5.15.6
PyQt5-sip 12.9.0
PyQtWebEngine 5.15.5
PySocks 1.7.1
pysol-cards 0.14.2
PySolFC 2.14.1
python-dateutil 2.8.2
pytz 2021.3
pyxdg 0.27
random2 1.0.1
rdflib 6.1.1
regex 2021.11.10
requests 2.27.1
robotframework 4.1.3
robotframework-lint 1.1
robotframework-sshlibrary 3.8.0
SCons 4.3.0
scp 0.14.1
setuptools 60.5.0
setuptools-scm 6.3.2
sgmllib3k 1.0.0
sip 6.5.0
six 1.16.0
snowballstemmer 2.2.0
soupsieve 2.3.1
Sphinx 4.3.2
sphinxcontrib-applehelp 1.0.2
sphinxcontrib-devhelp 1.0.2
sphinxcontrib-htmlhelp 2.0.0
sphinxcontrib-jsmath 1.0.1
sphinxcontrib-qthelp 1.0.3
sphinxcontrib-serializinghtml 1.1.5
ssl-fetch 0.4
toml 0.10.2
tomli 2.0.0
typing_extensions 4.0.1
ufw 0.36
urllib3 1.26.7
webencodings 0.5.1
wheel 0.37.1
wrapt 1.13.3
zeroconf 0.38.1
zipp 3.7.0
zope.interface 5.4.0

Here’s the ssh library log output:

DEB [20220214-13:49:12.229] thr=1 paramiko.transport: starting thread (client mode): 0x50d789d0
DEB [20220214-13:49:12.230] thr=1 paramiko.transport: Local version/idstring: SSH-2.0-paramiko_2.9.2
DEB [20220214-13:49:12.252] thr=1 paramiko.transport: Remote version/idstring: SSH-2.0-OpenSSH_8.0
INF [20220214-13:49:12.252] thr=1 paramiko.transport: Connected (version 2.0, client OpenSSH_8.0)
DEB [20220214-13:49:12.254] thr=1 paramiko.transport: === Key exchange possibilities ===
DEB [20220214-13:49:12.254] thr=1 paramiko.transport: kex algos: curve25519-sha256, curve25519-sha256 AT libssh org, ecdh-sha2-nistp256, ecdh-sha2-nistp384, ecdh-sha2-nistp521, diffie-hellman-group-exchange-sha256, diffie-hellman-group16-sha512, diffie-hellman-group18-sha512, diffie-hellman-group14-sha256, diffie-hellman-group14-sha1
DEB [20220214-13:49:12.255] thr=1 paramiko.transport: server key: rsa-sha2-512, rsa-sha2-256, ssh-rsa, ecdsa-sha2-nistp256, ssh-ed25519
DEB [20220214-13:49:12.255] thr=1 paramiko.transport: client encrypt: chacha20-poly1305 AT openssh com, aes128-ctr, aes192-ctr, aes256-ctr, aes128-gcm AT openssh com, aes256-gcm AT openssh com
DEB [20220214-13:49:12.255] thr=1 paramiko.transport: server encrypt: chacha20-poly1305 AT openssh com, aes128-ctr, aes192-ctr, aes256-ctr, aes128-gcm AT openssh com, aes256-gcm AT openssh com
DEB [20220214-13:49:12.255] thr=1 paramiko.transport: client mac: umac-64-etm AT openssh com, umac-128-etm AT openssh com, hmac-sha2-256-etm AT openssh com, hmac-sha2-512-etm AT openssh com, hmac-sha1-etm AT openssh com, umac-64 AT openssh com, umac-128 AT openssh com, hmac-sha2-256, hmac-sha2-512, hmac-sha1
DEB [20220214-13:49:12.255] thr=1 paramiko.transport: server mac: umac-64-etm AT openssh com, umac-128-etm AT openssh com, hmac-sha2-256-etm AT openssh com, hmac-sha2-512-etm AT openssh com, hmac-sha1-etm AT openssh com, umac-64 AT openssh com, umac-128 AT openssh com, hmac-sha2-256, hmac-sha2-512, hmac-sha1
DEB [20220214-13:49:12.256] thr=1 paramiko.transport: client compress: none, zlib AT openssh com
DEB [20220214-13:49:12.256] thr=1 paramiko.transport: server compress: none, zlib AT openssh com
DEB [20220214-13:49:12.256] thr=1 paramiko.transport: client lang:
DEB [20220214-13:49:12.256] thr=1 paramiko.transport: server lang:
DEB [20220214-13:49:12.256] thr=1 paramiko.transport: kex follows: False
DEB [20220214-13:49:12.256] thr=1 paramiko.transport: === Key exchange agreements ===
DEB [20220214-13:49:12.257] thr=1 paramiko.transport: Kex: curve25519-sha256 AT libssh org
DEB [20220214-13:49:12.257] thr=1 paramiko.transport: HostKey: ssh-ed25519
DEB [20220214-13:49:12.257] thr=1 paramiko.transport: Cipher: aes128-ctr
DEB [20220214-13:49:12.257] thr=1 paramiko.transport: MAC: hmac-sha2-256
DEB [20220214-13:49:12.258] thr=1 paramiko.transport: Compression: none
DEB [20220214-13:49:12.258] thr=1 paramiko.transport: === End of kex handshake ===
DEB [20220214-13:49:12.347] thr=1 paramiko.transport: kex engine KexCurve25519 specified hash_algo
DEB [20220214-13:49:12.348] thr=1 paramiko.transport: Switch to new keys …
DEB [20220214-13:49:12.350] thr=2 paramiko.transport: Adding ssh-ed25519 host key for oldboard: b’141eeb6239a166031a1e620024769c02’
DEB [20220214-13:49:12.351] thr=1 paramiko.transport: Got EXT_INFO: {‘server-sig-algs’: b’ssh-ed25519,ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521’}
DEB [20220214-13:49:12.353] thr=1 paramiko.transport: userauth is OK
INF [20220214-13:49:12.362] thr=1 paramiko.transport: Authentication (password) failed.
DEB [20220214-13:49:12.364] thr=1 paramiko.transport: userauth is OK
INF [20220214-13:49:12.373] thr=1 paramiko.transport: Authentication (none) successful!
DEB [20220214-13:49:12.376] thr=1 paramiko.transport: Received global request “hostkeys-00 AT openssh com”
DEB [20220214-13:49:12.377] thr=1 paramiko.transport: Rejecting “hostkeys-00 AT openssh com” global request from server.
WAR [20220214-13:49:12.417] thr=1 paramiko.transport: Oops, unhandled type 3 (‘unimplemented’)
DEB [20220214-13:49:42.491] thr=1 paramiko.transport: EOF in transport thread

Well, I think you need to get the rootuser ssh-key and use Login With Public Key

Hi Hélio!

That’s not a possibility; the units can’t have keys placed on them or copied from them, the only logon-type supported is with no password.

This works, I can (example)
ssh root@10.10.10.1

And it logs in with no password required

OK.

So, you need to hack the SSHLibrary, by making a copy of the code for Login, and make it not send the password, and experiment if it works. (But that Paramiko message is worrying :frowning: ).

Have you tried the ${EMPTY} variable from Built-in variables?

Open Connection    ${host}
Login              ${username}    ${EMPTY}

I don’t know if it’ll work, but worth a try.

Dave.

Another thing I would try is simply the Open Connection keyword without the Login keyword, like this:

Open Connection    ${username}@${host}

With the empty password, I get

FAIL Authentication failed for user ‘root’

Using the combined Open Connection ${username}@${host} seems to work, but if I issue a command it fails:

KEYWORD SSHLibrary . Open Connection ${username}@${host}

Documentation: Opens a new SSH connection to the given host and port .
Start / End / Elapsed: 20220215 13:34:43.632 / 20220215 13:34:43.634 / 00:00:00.002

00:00:00.009 KEYWORD ${firmware_version} = SSHLibrary . Execute Command cat /etc/os-release

Documentation: Executes command on the remote machine and returns its outputs.
Start / End / Elapsed: 20220215 13:34:43.634 / 20220215 13:34:43.643 / 00:00:00.009

13:34:43.635 INFO Executing command ‘cat /etc/os-release’.

13:34:43.643 FAIL Connection not open

Guilherme, Dave,

Thank you both for your help.

I was able to solve the problem by doing the following:

pip uninstall paramiko
pip install paramiko-ng --user

With the alternative ssh library in place, logging in to a user that doesn’t have a password set is successful. Subsequent operations such as Put File and Execute Command are also able to use the connection.

Thanks again

2 Likes