transport – Transport / Session layer

Base types

class ncclient.transport.Session(capabilities)

Base class for use by transport protocol implementations.


Register a listener that will be notified of incoming messages and errors.


Unregister some listener; ignore if the listener was never registered.


If a listener of the specified type is registered, returns the instance.

Client’s Capabilities
Server’s Capabilities
Connection status of the session.
A string representing the session-id. If the session has not been initialized it will be None
class ncclient.transport.SessionListener

Base class for Session listeners, which are notified when a new NETCONF message is received or an error occurs.


Avoid time-intensive tasks in a callback’s context.

callback(root, raw)

Called when a new XML document is received. The root argument allows the callback to determine whether it wants to further process the document.

  • root (tuple) – tuple of (tag, attributes) where tag is the qualified name of the root element and attributes is a dictionary of its attributes (also qualified names)
  • raw (string) – XML document

Called when an error occurs.

SSH session implementation

static ssh.default_unknown_host_cb(host, fingerprint)

An unknown host callback returns True if it finds the key acceptable, and False if not.

This default callback always returns False, which would lead to connect() raising a SSHUnknownHost exception.

Supply another valid callback if you need to verify the host key programatically.

  • host (string) – the hostname that needs to be verified
  • fingerprint (string) – a hex string representing the host key fingerprint, colon-delimited e.g. 4b:69:6c:72:6f:79:20:77:61:73:20:68:65:72:65:21
class ncclient.transport.SSHSession(capabilities)

Bases: ncclient.transport.session.Session

Implements a RFC 4742 NETCONF session over SSH.

connect(host[, port=830, timeout=None, username=None, password=None, key_filename=None, allow_agent=True, look_for_keys=True])

Connect via SSH and initialize the NETCONF session. First attempts the publickey authentication method and then password authentication.

To disable attemting publickey authentication altogether, call with allow_agent and look_for_keys as False.

  • host (string) – the hostname or IP address to connect to
  • port (int) – by default 830, but some devices use the default SSH port of 22 so this may need to be specified
  • timeout (int) – an optional timeout for socket connect
  • unknown_host_cb (see signature) – called when the server host key is not recognized
  • username (string) – the username to use for SSH authentication
  • password (string) – the password used if using password authentication, or the passphrase to use for unlocking keys that require it
  • key_filename (string) – a filename where a the private key to be used can be found
  • allow_agent (bool) – enables querying SSH agent (if found) for keys
  • look_for_keys (bool) – enables looking in the usual locations for ssh keys (e.g. ~/.ssh/id_*)

Load host keys from a known_hosts-style file. Can be called multiple times.

If filename is not specified, looks in the default locations i.e. ~/.ssh/known_hosts and ~/ssh/known_hosts for Windows.

Underlying paramiko.Transport object. This makes it possible to call methods like set_keepalive on it.


exception ncclient.transport.TransportError
Bases: ncclient.NCClientError
exception ncclient.transport.SessionCloseError(in_buf, out_buf=None)
Bases: ncclient.transport.errors.TransportError
exception ncclient.transport.SSHError
Bases: ncclient.transport.errors.TransportError
exception ncclient.transport.AuthenticationError
Bases: ncclient.transport.errors.TransportError
exception ncclient.transport.SSHUnknownHostError(host, fingerprint)
Bases: ncclient.transport.errors.SSHError

Table Of Contents

Previous topic

xml_ – XML handling

Next topic

operations – Everything RPC

This Page