Error connecting to remote host with message "Failed to authenticate: Authentication failed." and code line "raise ConnectionError(to_text(msg, errors='surrogate_then_replace'), code=code)"

[gcilleruelobeltran]

SUMMARY

I am trying to launch a command into a remote ios device using ios_command module (the same problem with ios_facts). With the proper configuration vars is trigering the error indicated in the tittle. See below the piece of code to reproduce it and also the explanation of what I think the problem is.

ISSUE TYPE

• Bug Report

COMPONENT NAME

ios_command and ios_facts modules

ANSIBLE VERSION

ansible [core 2.15.2]
  config file = /home/rundeck/.ansible.cfg
  configured module search path = ['/home/rundeck/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/local/lib/python3.11/site-packages/ansible
  ansible collection location = /home/rundeck/.ansible/collections:/usr/share/ansible/collections
  executable location = /usr/local/bin/ansible
  python version = 3.11.2 (main, Feb  9 2023, 05:12:33) [GCC 10.2.1 20210110] (/usr/local/bin/python)
  jinja version = 3.1.2
  libyaml = True

COLLECTION VERSION

Collection Version
---------- -------
cisco.ios  5.0.0 

CONFIGURATION

Couldn't provide it

OS / ENVIRONMENT

REMOTE HOST CISCO VERSION:
Cisco IOS XE Software, Version 16.09.04

STEPS TO REPRODUCE

It's simple I just try to execute command 'show run' in the remote cisco host. Here the simple peace of code.

- name: Ansible test
  hosts: "{{ ansible_hosts }}"
  gather_facts: True
  vars:
    ansible_become_method: enable
    ansible_become: True
    ansible_command_timeout: 60
    ansible_connection: ansible.netcommon.network_cli
    ansible_network_os: cisco.ios.ios
    ansible_become_password: "{{ passoword }}"
  tasks:
    - name: SSH - Run backup command
      cisco.ios.ios_command:
        commands:
          - show run
      register: config

    - debug:
        var: config

EXPECTED RESULTS

I expect ansible to use libssh python package to connect to the remote host and not get any error in the log in process.

ACTUAL RESULTS

It gets an authenticating error when loging in. See the whole error below:

The full traceback is:
  File "/tmp/ansible_cisco.ios.ios_command_payload_zndeibam/ansible_cisco.ios.ios_command_payload.zip/ansible_collections/cisco/ios/plugins/module_utils/network/ios/ios.py", line 60, in get_capabilities
    capabilities = Connection(module._socket_path).get_capabilities()
                   ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/tmp/ansible_cisco.ios.ios_command_payload_zndeibam/ansible_cisco.ios.ios_command_payload.zip/ansible/module_utils/connection.py", line 200, in __rpc__
    raise ConnectionError(to_text(msg, errors='surrogate_then_replace'), code=code)
fatal: [remote cisco host]: FAILED! => {
    "changed": false,
    "invocation": {
        "module_args": {
            "commands": [
                "show run"
            ],
            "interval": 1,
            "match": "all",
            "retries": 9,
            "wait_for": null
        }
    },
    "msg": "Failed to authenticate: Authentication failed."
}

SOLUTION THAT I FOUND AND EXPLANATION

I established the ansible_network_cli_ssh_type to "libssh" so I just needed to add it in the vars section. This var made it work but why? It is curious that in the documentation that describes this variable says that "auto" is the default behavior and "auto will use ansible-pylibssh if that package is installed, otherwise will fallback to paramiko.". So It is supposed to use libssh package as default behavior so It shouldn't fail and It wouldn't be necessary to established like that this var.
I tryed to deeg more and I did another test establishing the var like 'ansible_network_cli_ssh_type: "paramiko"' and failed in the exactly the some way as above. With this information I have two option happening here:

• The module is using first paramiko package as default behavior (not like the documentation says)
• The module does not detect that the package ansible-pylibssh is installed and jump straight to paramiko package. The second

The second option is more likely for me, What do you think???

[KB-perByte]

Hey @gcilleruelobeltran can you help me with the netcommon version you have installed?
Regards

[gcilleruelobeltran]

Hi @KB-perByte of course! Here it is:
Collection Version

---

ansible.netcommon 2.6.1

[KB-perByte]

@gcilleruelobeltran Please consider updating netcommon to the latest, You should see the expected behavior.
Let me know if it works for you.

[gcilleruelobeltran]

Hi, I can confirm that upgrading netcommon to latest version is working propertly. This leads me to another issue.
Normally I install ansible collections using a requirement file and I leave each collection with the default version like this:

collections:
  - name: amazon.aws
  - name: ansible.netcommon
  - name: ansible.posix
  - name: ansible.utils
  ...

If it isn't setup any version ansible installs the latest, however it happens ONLY with the netcommon collection that ansible installs the version I provided (2.6.1) which is not the latest. That is why I didn't have installed the latest (5.2.0) and I didn't realize. Would you have any clue what is happening here??

Thank you in advance!!