Unable to use SSH keys with IOS


Firstly, my apologies, I have trawled the internet and attempted to debug this myself but I appear to lack the necessary skills to resolve this, therefore I’m hoping someone else might be able to help shed some light on the matter.

I have encountered a problem specifically when I attempt to run napalm scripts (via nornir) against a cisco IOS device. I’m attempting to use my SSH keys for authentication, with the relevant connection_options specified in my groups file that instructs netmiko to do so:

    username: lawrence
    platform: ios
                use_keys: True
        - global

Normally I work with junos devices, and I would use napalm to successfully stage my commits on the device using my SSH keys for authentication. What I cant understand is why I am receiving this error when I attempt to use this method with an IOS device:

lawrence@cacti:~/git/Junos/automation/python/nornir/cisco$ python3 dry_run_napalm.py 
**** Playbook to configure the network *****************************************
* ciscoiosv1 ** changed : False ************************************************
vvvv DryRunConfig ** changed : False vvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvv ERROR
Subtask: <function napalm_configure at 0x7f883511c048> (failed)

---- Generate configuration ** changed : False --------------------------------- INFO
hostname ciscoiosv1
ip domain-name cisco.gns3
---- Loading configuration on the device ** changed : False -------------------- ERROR
Traceback (most recent call last):
  File "/usr/local/lib/python3.6/dist-packages/nornir/core/task.py", line 85, in start
    r = self.task(self, **self.params)
  File "/usr/local/lib/python3.6/dist-packages/nornir/plugins/tasks/networking/napalm_configure.py", line 27, in napalm_configure
    device = task.host.get_connection("napalm", task.nornir.config)
  File "/usr/local/lib/python3.6/dist-packages/nornir/core/inventory.py", line 302, in get_connection
  File "/usr/local/lib/python3.6/dist-packages/nornir/core/inventory.py", line 352, in open_connection
  File "/usr/local/lib/python3.6/dist-packages/nornir/plugins/connections/napalm.py", line 51, in open
  File "/usr/local/lib/python3.6/dist-packages/napalm/ios/ios.py", line 169, in open
    device_type, netmiko_optional_args=self.netmiko_optional_args
  File "/usr/local/lib/python3.6/dist-packages/napalm/base/base.py", line 96, in _netmiko_open
  File "/usr/local/lib/python3.6/dist-packages/netmiko/ssh_dispatcher.py", line 259, in ConnectHandler
    return ConnectionClass(*args, **kwargs)
  File "/usr/local/lib/python3.6/dist-packages/netmiko/base_connection.py", line 327, in __init__
  File "/usr/local/lib/python3.6/dist-packages/netmiko/base_connection.py", line 332, in _open
  File "/usr/local/lib/python3.6/dist-packages/netmiko/base_connection.py", line 901, in establish_connection
  File "/usr/local/lib/python3.6/dist-packages/paramiko/client.py", line 446, in connect
  File "/usr/local/lib/python3.6/dist-packages/paramiko/client.py", line 765, in _auth
    raise SSHException("No authentication methods available")
paramiko.ssh_exception.SSHException: No authentication methods available

^^^^ END DryRunConfig ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

To clarify, I have my SSH keys installed on the cisco device and I am able to successfully SSH to it without any issues.

What is particularly confusing is that the connection options use_keys: True appear to work just fine when the I’m using only using netmiko to to pass a show command.

So netmiko can initiate a session with my IOS device successfully using my SSH keys as specified in my groups.yaml file.

It would appear that it has something to do with the connection_options in that the napalm script will in fact work fine so long as I change the connection options to include a password:

    username: lawrence
    password: cisco
    platform: ios
        - global

So it would seem that my connection_options are being ignored. Ideally I would preferably be able to use my SSH keys rather than supply a password for obvious reasons, however I cannot get this to work and only with a cisco device.

If anyone is interested, this is the napalm script I’m running:

from nornir import InitNornir
from nornir.plugins.tasks import networking, text
from nornir.plugins.functions.text import print_title, print_result
from nornir.core.filter import F

nr = InitNornir(config_file="config.yaml",

dev = nr.filter(F(groups__contains="gns3_usekeys"))

def DryRunConfig(task):
    r = task.run(task=text.template_file,
                 name="Generate configuration",
    task.host["config"] = r.result
             name='Loading configuration on the device',

print_title('Playbook to configure the network')

result = dev.run(task=DryRunConfig)

Thank you, and I appreciate responses!