ConfD User Community

SSL banner_timeouts

Exception: Error reading SSH protocol banner
Traceback (most recent call last):
File “/usr/lib/python3/dist-packages/paramiko/transport.py”, line 1920, in _check_banner
buf = self.packetizer.readline(timeout)
File “/usr/lib/python3/dist-packages/paramiko/packet.py”, line 327, in readline
buf += self._read_timeout(timeout)
File “/usr/lib/python3/dist-packages/paramiko/packet.py”, line 483, in _read_timeout
raise EOFError()
EOFError

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
File “/usr/lib/python3/dist-packages/paramiko/transport.py”, line 1761, in run
self._check_banner()
File “/usr/lib/python3/dist-packages/paramiko/transport.py”, line 1924, in _check_banner
raise SSHException(‘Error reading SSH protocol banner’ + str(e))
paramiko.ssh_exception.SSHException: Error reading SSH protocol banner

Traceback (most recent call last):
File “/usr/lib/python3/dist-packages/paramiko/transport.py”, line 1920, in _check_banner
buf = self.packetizer.readline(timeout)
File “/usr/lib/python3/dist-packages/paramiko/packet.py”, line 327, in readline
buf += self._read_timeout(timeout)
File “/usr/lib/python3/dist-packages/paramiko/packet.py”, line 483, in _read_timeout
raise EOFError()
EOFError

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
File “./bin/netconf-console.py”, line 1390, in
main(parser, o)
File “./bin/netconf-console.py”, line 1091, in main
c.connect()
File “./bin/netconf-console.py”, line 238, in connect
self._start_ssh(sock)
File “./bin/netconf-console.py”, line 283, in _start_ssh
password=self.password)
File “/usr/lib/python3/dist-packages/paramiko/transport.py”, line 1074, in connect
self.start_client()
File “/usr/lib/python3/dist-packages/paramiko/transport.py”, line 494, in start_client
raise e
File “/usr/lib/python3/dist-packages/paramiko/transport.py”, line 1761, in run
self._check_banner()
File “/usr/lib/python3/dist-packages/paramiko/transport.py”, line 1924, in _check_banner
raise SSHException(‘Error reading SSH protocol banner’ + str(e))
paramiko.ssh_exception.SSHException: Error reading SSH protocol banner

See https://github.com/paramiko/paramiko/issues/1181#issuecomment-558349200

Set timeout to 200, but still getting the same error. The session is being closed by ConfD, is there some setting in ConfD that govern netconf idle session timer setting?

First check the ConfD autit log. I suspect that ConfD is not the one closing the connection.

If you are using ConfD’s internal SSH server, the idleConnectionTimeout is by default set to 10 minutes and the clientAliveInterval to infinity.

Check your confd.conf for audit log and SSH settings.

There should be 2 request back to back, it appear ConfD is never seeing the 2nd request. We are using ConfD internal SSH server, below is the netconf.log: and audit.log I
3-May-2021::18:15:22.069 du-0 confd[12]: audit user: admin/0 local authentication succeeded via netconf from 10.128.0.1:36715 with ssh, member of groups: admin
3-May-2021::18:15:22.069 du-0 confd[12]: audit user: admin/0 logged in via netconf from 10.128.0.1:36715 with ssh using local authentication
3-May-2021::18:15:22.226 du-0 confd[12]: audit user: admin/56 assigned to groups: admin
3-May-2021::18:15:22.227 du-0 confd[12]: audit user: admin/56 created new session via netconf from 10.128.0.1:36715 with ssh
3-May-2021::18:15:22.465 du-0 confd[12]: audit user: admin/56 terminated session (reason: normal)
3-May-2021::18:15:22.643 du-0 confd[12]: audit user: admin/0 logged out user

3-May-2021::18:15:22.227 du-0 confd[12]: netconf id=56 new ssh session for user “admin” from 10.128.0.1
3-May-2021::18:15:22.384 du-0 confd[12]: netconf id=56 got rpc: {urn:ietf:params:xml:ns:netconf:base:1.0}get attrs: message-id=“1”
3-May-2021::18:15:22.384 du-0 confd[12]: netconf id=56 get attrs: message-id=“1”
3-May-2021::18:15:22.385 du-0 confd[12]: netconf id=56 sending rpc-reply, attrs: message-id=“1”
3-May-2021::18:15:22.465 du-0 confd[12]: netconf id=56 close-session attrs: message-id=“0”
3-May-2021::18:15:22.465 du-0 confd[12]: netconf id=56 sending rpc-reply, attrs: message-id=“0”

Issue is resolved. Thank for your help!