Ssh login user with no password

Libraries SSHLibrary
1

Hello,

I’m writing testing scripts to be run against units that come with no password set for the root user.

It’s not possible to set passwords.

Searching, I’ve found some conflicting posts that seem to say that this should be supported.

However, whenever I try, it fails. I’ve validated that if I do set a password on a unit and amend the code to use the password, it works as expected, but this is not possible at scale.

Here’s the relevant code:

Open Connection    ${host}
Login              ${username}

List of installed packages

alabaster 0.7.12
apsw 3.35.4.post1
astroid 2.9.3
attrs 21.4.0
Babel 2.9.1
bcrypt 3.2.0
beautifulsoup4 4.10.0
certifi 10001
cffi 1.15.0
chardet 4.0.0
charset-normalizer 2.0.9
chrome-gnome-shell 0.0.0
configobj 5.0.6
cryptography 36.0.0
css-parser 1.0.7
cssselect 1.1.0
cupshelpers 1.0
Cython 0.29.26
distro 1.6.0
dnspython 2.1.0
docutils 0.17.1
feedparser 6.0.8
gaupol 1.9
gdbus_codegen 2.70.2
gemato 16.2
gentoolkit 0.5.1.post1
html2text 2020.1.16
html5-parser 0.4.10
html5lib 1.1
idna 3.3
ifaddr 0.1.7
imagesize 1.3.0
importlib-metadata 4.10.1
installer 0.4.0
isodate 0.6.1
isort 5.10.1
java-config 2.3.1
javatoolkit 0.5.0
jeepney 0.7.1
Jinja2 3.0.3
layman 2.4.3
lazy-object-proxy 1.7.1
lxml 4.7.1
M2Crypto 0.38.0
Mako 1.1.6
Markdown 3.3.6
MarkupSafe 2.0.1
mccabe 0.6.1
mechanize 0.4.7
meld 3.20.4
meson 0.60.3
msgpack 1.0.3
netifaces 0.11.0
numpy 1.22.2
olefile 0.46
packaging 21.3
paramiko 2.9.2
pfl 3.1
Pillow 9.0.0
pip 21.3.1
platformdirs 2.4.1
ply 3.11
portage 3.0.30
psutil 5.7.3
pycairo 1.20.1
pychm 0.8.6
pycparser 2.21
pycryptodome 3.12.0
pycups 2.0.1
pygame 2.1.0
Pygments 2.11.2
PyGObject 3.42.0
pylint 2.12.2
PyNaCl 1.4.0
pyparsing 3.0.6
PyQt-builder 1.12.2
PyQt5 5.15.6
PyQt5-sip 12.9.0
PyQtWebEngine 5.15.5
PySocks 1.7.1
pysol-cards 0.14.2
PySolFC 2.14.1
python-dateutil 2.8.2
pytz 2021.3
pyxdg 0.27
random2 1.0.1
rdflib 6.1.1
regex 2021.11.10
requests 2.27.1
robotframework 4.1.3
robotframework-lint 1.1
robotframework-sshlibrary 3.8.0
SCons 4.3.0
scp 0.14.1
setuptools 60.5.0
setuptools-scm 6.3.2
sgmllib3k 1.0.0
sip 6.5.0
six 1.16.0
snowballstemmer 2.2.0
soupsieve 2.3.1
Sphinx 4.3.2
sphinxcontrib-applehelp 1.0.2
sphinxcontrib-devhelp 1.0.2
sphinxcontrib-htmlhelp 2.0.0
sphinxcontrib-jsmath 1.0.1
sphinxcontrib-qthelp 1.0.3
sphinxcontrib-serializinghtml 1.1.5
ssl-fetch 0.4
toml 0.10.2
tomli 2.0.0
typing_extensions 4.0.1
ufw 0.36
urllib3 1.26.7
webencodings 0.5.1
wheel 0.37.1
wrapt 1.13.3
zeroconf 0.38.1
zipp 3.7.0
zope.interface 5.4.0

Here’s the ssh library log output:

DEB [20220214-13:49:12.229] thr=1 paramiko.transport: starting thread (client mode): 0x50d789d0
DEB [20220214-13:49:12.230] thr=1 paramiko.transport: Local version/idstring: SSH-2.0-paramiko_2.9.2
DEB [20220214-13:49:12.252] thr=1 paramiko.transport: Remote version/idstring: SSH-2.0-OpenSSH_8.0
INF [20220214-13:49:12.252] thr=1 paramiko.transport: Connected (version 2.0, client OpenSSH_8.0)
DEB [20220214-13:49:12.254] thr=1 paramiko.transport: === Key exchange possibilities ===
DEB [20220214-13:49:12.254] thr=1 paramiko.transport: kex algos: curve25519-sha256, curve25519-sha256 AT libssh org, ecdh-sha2-nistp256, ecdh-sha2-nistp384, ecdh-sha2-nistp521, diffie-hellman-group-exchange-sha256, diffie-hellman-group16-sha512, diffie-hellman-group18-sha512, diffie-hellman-group14-sha256, diffie-hellman-group14-sha1
DEB [20220214-13:49:12.255] thr=1 paramiko.transport: server key: rsa-sha2-512, rsa-sha2-256, ssh-rsa, ecdsa-sha2-nistp256, ssh-ed25519
DEB [20220214-13:49:12.255] thr=1 paramiko.transport: client encrypt: chacha20-poly1305 AT openssh com, aes128-ctr, aes192-ctr, aes256-ctr, aes128-gcm AT openssh com, aes256-gcm AT openssh com
DEB [20220214-13:49:12.255] thr=1 paramiko.transport: server encrypt: chacha20-poly1305 AT openssh com, aes128-ctr, aes192-ctr, aes256-ctr, aes128-gcm AT openssh com, aes256-gcm AT openssh com
DEB [20220214-13:49:12.255] thr=1 paramiko.transport: client mac: umac-64-etm AT openssh com, umac-128-etm AT openssh com, hmac-sha2-256-etm AT openssh com, hmac-sha2-512-etm AT openssh com, hmac-sha1-etm AT openssh com, umac-64 AT openssh com, umac-128 AT openssh com, hmac-sha2-256, hmac-sha2-512, hmac-sha1
DEB [20220214-13:49:12.255] thr=1 paramiko.transport: server mac: umac-64-etm AT openssh com, umac-128-etm AT openssh com, hmac-sha2-256-etm AT openssh com, hmac-sha2-512-etm AT openssh com, hmac-sha1-etm AT openssh com, umac-64 AT openssh com, umac-128 AT openssh com, hmac-sha2-256, hmac-sha2-512, hmac-sha1
DEB [20220214-13:49:12.256] thr=1 paramiko.transport: client compress: none, zlib AT openssh com
DEB [20220214-13:49:12.256] thr=1 paramiko.transport: server compress: none, zlib AT openssh com
DEB [20220214-13:49:12.256] thr=1 paramiko.transport: client lang:
DEB [20220214-13:49:12.256] thr=1 paramiko.transport: server lang:
DEB [20220214-13:49:12.256] thr=1 paramiko.transport: kex follows: False
DEB [20220214-13:49:12.256] thr=1 paramiko.transport: === Key exchange agreements ===
DEB [20220214-13:49:12.257] thr=1 paramiko.transport: Kex: curve25519-sha256 AT libssh org
DEB [20220214-13:49:12.257] thr=1 paramiko.transport: HostKey: ssh-ed25519
DEB [20220214-13:49:12.257] thr=1 paramiko.transport: Cipher: aes128-ctr
DEB [20220214-13:49:12.257] thr=1 paramiko.transport: MAC: hmac-sha2-256
DEB [20220214-13:49:12.258] thr=1 paramiko.transport: Compression: none
DEB [20220214-13:49:12.258] thr=1 paramiko.transport: === End of kex handshake ===
DEB [20220214-13:49:12.347] thr=1 paramiko.transport: kex engine KexCurve25519 specified hash_algo
DEB [20220214-13:49:12.348] thr=1 paramiko.transport: Switch to new keys …
DEB [20220214-13:49:12.350] thr=2 paramiko.transport: Adding ssh-ed25519 host key for oldboard: b’141eeb6239a166031a1e620024769c02’
DEB [20220214-13:49:12.351] thr=1 paramiko.transport: Got EXT_INFO: {‘server-sig-algs’: b’ssh-ed25519,ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521’}
DEB [20220214-13:49:12.353] thr=1 paramiko.transport: userauth is OK
INF [20220214-13:49:12.362] thr=1 paramiko.transport: Authentication (password) failed.
DEB [20220214-13:49:12.364] thr=1 paramiko.transport: userauth is OK
INF [20220214-13:49:12.373] thr=1 paramiko.transport: Authentication (none) successful!
DEB [20220214-13:49:12.376] thr=1 paramiko.transport: Received global request “hostkeys-00 AT openssh com”
DEB [20220214-13:49:12.377] thr=1 paramiko.transport: Rejecting “hostkeys-00 AT openssh com” global request from server.
WAR [20220214-13:49:12.417] thr=1 paramiko.transport: Oops, unhandled type 3 (‘unimplemented’)
DEB [20220214-13:49:42.491] thr=1 paramiko.transport: EOF in transport thread

2

Well, I think you need to get the rootuser ssh-key and use Login With Public Key

3

Hi Hélio!

That’s not a possibility; the units can’t have keys placed on them or copied from them, the only logon-type supported is with no password.

This works, I can (example)
ssh root@10.10.10.1

And it logs in with no password required

4

OK.

So, you need to hack the SSHLibrary, by making a copy of the code for Login, and make it not send the password, and experiment if it works. (But that Paramiko message is worrying :frowning: ).

5

Have you tried the ${EMPTY} variable from Built-in variables?

Open Connection    ${host}
Login              ${username}    ${EMPTY}

I don’t know if it’ll work, but worth a try.

Dave.

6

Another thing I would try is simply the Open Connection keyword without the Login keyword, like this:

Open Connection    ${username}@${host}
7

With the empty password, I get

FAIL Authentication failed for user ‘root’

8

Using the combined Open Connection ${username}@${host} seems to work, but if I issue a command it fails:

KEYWORD SSHLibrary . Open Connection ${username}@${host}

Documentation: Opens a new SSH connection to the given host and port .
Start / End / Elapsed: 20220215 13:34:43.632 / 20220215 13:34:43.634 / 00:00:00.002

00:00:00.009 KEYWORD ${firmware_version} = SSHLibrary . Execute Command cat /etc/os-release

Documentation: Executes command on the remote machine and returns its outputs.
Start / End / Elapsed: 20220215 13:34:43.634 / 20220215 13:34:43.643 / 00:00:00.009

13:34:43.635 INFO Executing command ‘cat /etc/os-release’.

13:34:43.643 FAIL Connection not open

9

Guilherme, Dave,

Thank you both for your help.

I was able to solve the problem by doing the following:

pip uninstall paramiko
pip install paramiko-ng --user

With the alternative ssh library in place, logging in to a user that doesn’t have a password set is successful. Subsequent operations such as Put File and Execute Command are also able to use the connection.

Thanks again

2 Likes
10

Is this still supposed to work?

I have made a few attempts to remove paramiko and install paramiko-ng but I have not seen any change in behaviour.

I use requirements.txt to get sshlibrary installed, and then I add paramiko-ng. These are the package versions at play:

...
Collecting paramiko-ng
Downloading paramiko_ng-2.8.10-py2.py3-none-any.whl (197 kB)
Collecting requests
Downloading requests-2.28.1-py3-none-any.whl (62 kB)
Collecting paramiko>=1.15.3
Downloading paramiko-2.11.0-py2.py3-none-any.whl (212 kB)
...

This is installed into a venv during container build. Then later, before running Robot Framework, I uninstall paramiko from the venv.

11

Had the same problem but it was not caused by any of this.

  1. in etc/ssh/sshd_config
    #PermitEmptyPasswords no to PermitEmptyPasswords yes
    2)in filename.robot

    Open Connection ${HOST}
    Login ${USER} ${PASSWORD} Execute Command yes delay=1

Execute Command yes does the work and here is why.
When you try to establish connection manually you will get this message:

The authenticity of host ‘’ can’t be established.
ECDSA key fingerprint is SHA256:TER0dEslggzS/BROmiE/s70WqcYy6bk52fs+MLTIptM.
Are you sure you want to continue connecting (yes/no)? yes

You need to confirm it with the yes.
Hope this will help

1 Like