this is my first post here!!
I´m trying to verify if an IOS config has all its VTYs with SSH only.
I'm using Python with ciscoconfparse2 library, and I created this function (at this stage I'm not using all the parameters):
Just for context, the parameters have the following info:
in_test = (a list with several lines: line vty 0 4, line vty 5 15 and line vty 16 31
in_rexp = line vty 0 4 or line vty 5 15 or line vty 16 31
in_defa = transport input ssh
def func_parent(in_parse, in_test, in_rexp, in_defa, in_neg) -\> bool:
'''
Checks if the VTYs have SSH only.
'''
object_name = [
obj for obj in in_parse.find_parent_objects(in_rexp, in_defa)]
print(object_name)
if not object_name:
print(
Fore.RED + f'{in_test} has not SSH only ----------> 9')
return False
else:
print(
Fore.GREEN + f'{in_test} has SSH only ----------> 10')
return True
So, if the list is empty, it means no ssh...
Now, for the following config...
line vty 0 4
exec-timeout 0 0
logging synchronous
length 0
transport input ssh
line vty 5 15
exec-timeout 0 0
logging synchronous
length 0
transport input ssh
line vty 16 31
length 0
transport input ssh
!
I'm receiving this...
\[\<IOSCfgLine # 1972 'line vty 0 4'\>\]
line vty 0 4 has SSH only ----------\> 10 \>\>\> OK
\[\<IOSCfgLine # 1977 'line vty 5 15'\>\]
line vty 5 15 has SSH only ----------\> 10 \>\>\> OK
\[\]
line vty 16 31 has not SSH only ----------\> 9 \>\>\> WRONG
which is wrong for the VTY 16 31.....
And for this config..
line vty 0 4
exec-timeout 0 0
logging synchronous
transport input ssh telnet
length 0
line vty 5 15
exec-timeout 0 0
transport input telnet
length 0
line vty 16 31
exec-timeout 10 0
transport input ssh telnet
length 0
!
... this results...
\[\<IOSCfgLine # 14395 'line vty 0 4'\>\]
line vty 0 4 has SSH only ----------\> 10 \>\>\> WRONG
\[\]
line vty 5 15 has not SSH only ----------\> 9 \>\>\> OK
\[\]
line vty 16 31 has not SSH only ----------\> 9 \>\>\> OK
I'm guessing that the match condition is not working with the combo ssh and telnet.
I tryed with find_parent_objects and also with find_child_objects with the same result.
Maybe this is not the best way to check the SSH only in the config, appreciate your help!
TIA
I think I found the issue. The running config has an space at the beginning of the child lines, so the regexp I have to use, should take this into account. Since I was following the examples in the ciscoparseconf2 documentation, they do not include the spaces at the begining in the queryes for the functions find_parent_objects and find_child_objetcts. As soon as I reformulated the regexp like this ^\s+transport\s+input\s+ssh$, it started to return what I was expecting.