fix: use paramiko instead of libssh for Cisco SSH connections

IPvSean · IPvSean · commit f9b588defb36 · 2026-04-13T14:46:42.000-04:00
The network EE's version of ansible-pylibssh/netcommon doesn't honor
ansible_libssh_publickey_algorithms, so ssh-rsa is still rejected.
Switch Cisco routers to paramiko which handles ssh-rsa natively.

Made-with: Cursor
diff --git a/roles/manage_ec2_instances/tasks/inventory/addhost_network.yml b/roles/manage_ec2_instances/tasks/inventory/addhost_network.yml
@@ -40,8 +40,7 @@
     username: "{{ item.tags.Student }}"
     ansible_user: "{{ item.tags.username }}"
     ansible_port: "{{ ssh_port }}"
-    # https://github.com/ansible-collections/ansible.netcommon/pull/597
-    ansible_libssh_publickey_algorithms: "ssh-rsa"
+    ansible_network_cli_ssh_type: "paramiko"
     ansible_ssh_private_key_file: "{{ playbook_dir }}/{{ ec2_name_prefix|lower }}/{{ ec2_name_prefix|lower }}-private.pem"
     private_ip: "{{ item.private_ip_address }}"
     ansible_network_os: "{{ item.tags.ansible_network_os }}"
diff --git a/roles/manage_ec2_instances/templates/instructor_inventory/instructor_inventory_network.j2 b/roles/manage_ec2_instances/templates/instructor_inventory/instructor_inventory_network.j2
@@ -25,7 +25,7 @@ ansible_ssh_private_key_file="{{ playbook_dir }}/{{ ec2_name_prefix }}/{{ ec2_na
 {% endfor %}
 {% for host in rtr1_node_facts.instances %}
 {% if 'student' ~ number == host.tags.Student %}
-{{ host.tags.Student }}-{{ host.tags.short_name }} ansible_host={{ host.public_ip_address }} ansible_user={{ host.tags.username }} ansible_network_os={{ host.tags.ansible_network_os }} ansible_connection=network_cli ansible_libssh_publickey_algorithms=ssh-rsa
+{{ host.tags.Student }}-{{ host.tags.short_name }} ansible_host={{ host.public_ip_address }} ansible_user={{ host.tags.username }} ansible_network_os={{ host.tags.ansible_network_os }} ansible_connection=network_cli ansible_network_cli_ssh_type=paramiko
 {% endif %}
 {% endfor %}
 {% for host in rtr2_node_facts.instances %}
diff --git a/roles/manage_ec2_instances/templates/student_inventory/instances_network.j2 b/roles/manage_ec2_instances/templates/student_inventory/instances_network.j2
@@ -52,7 +52,7 @@ arista
 [cisco:vars]
 ansible_network_os=ios
 ansible_connection=network_cli
-ansible_libssh_publickey_algorithms=ssh-rsa
+ansible_network_cli_ssh_type=paramiko
 {% endif %}
 
 {% if network_type == "multivendor" or network_type == "juniper" %}
