python paramiko help

TSP · 2009-03-12 01:28:48

I am trying to do a simple script to execute a remote command using python with paramiko module. the problem is that paramiko try to use a public/private key, but i want to use user and password to authenticate to a remote server.

This is the (incomplete) script

#!/usr/bin/env python2.6

import paramiko
import getpass
import optparse
from termcolor import colored
import sys

def connect (host = "localhost", port = 22, user = None, password = None, cmd = None ):
    paramiko.util.log_to_file('ssh_exec_cmd.log')
    s = paramiko.SSHClient()
    try:
        s.load_system_host_keys()
    except paramiko.IOError, e:
        print "cannot load host keys file: ", e
    try:
        s.connect(hostname = host, port = port, username = user, password = password, timeout = 10)
    except paramiko.BadHostKeyException, e:
        print colored ("Error", "red")
        print "Host key could not be verified: ", e
        sys.exit(1)
    except paramiko.AuthenticationException, e:
        print colored ("Error", "red")
        print "Error unable to authenticate: ", e
        sys.exit(1)
    except paramiko.SSHException, e:
        print colored ("Error", "red")
        print e
        sys.exit(1)

    if cmd == None:
        print colored("Error: ", "red")
        print "Empty command"

    try:
        stdin, stdout, stderr = s.exec_command(cmd)
    except SSHException, e:
        print colored ("Error: ", "red")
        print "Error: ", e
        sys.exit(1)

    print stdout

if __name__ == "__main__":
    username = raw_input("Username: ")
    if username == None:
        username = getpass.getuser()
    password = getpass.getpass("Password [%s]: " % username)
    port = int(raw_input("Port: "))
    host = raw_input("Hostname: ")
    cmd = raw_input("Command: ")
    connect(host, port, username, password, cmd)

    print "Nice!"
    sys.exit(0)

Log

DEB [20090313-23:20:53.223] thr=1   paramiko.transport: starting thread (client mode): 0x12ac450L
INF [20090313-23:20:53.231] thr=1   paramiko.transport: Connected (version 2.0, client OpenSSH_5.1)
DEB [20090313-23:20:53.232] thr=1   paramiko.transport: kex algos:['diffie-hellman-group-exchange-sha256', 'diffie-hellman-group-exchange-sha1', 'diffie-hellman-group14-sha1', 'diffie-hellman-group1-sha1'] server key:['ssh-rsa', 'ssh-dss'] client encrypt:['aes128-cbc', '3des-cbc', 'blowfish-cbc', 'cast128-cbc', 'arcfour128', 'arcfour256', 'arcfour', 'aes192-cbc', 'aes256-cbc', 'rijndael-cbc@lysator.liu.se', 'aes128-ctr', 'aes192-ctr', 'aes256-ctr'] server encrypt:['aes128-cbc', '3des-cbc', 'blowfish-cbc', 'cast128-cbc', 'arcfour128', 'arcfour256', 'arcfour', 'aes192-cbc', 'aes256-cbc', 'rijndael-cbc@lysator.liu.se', 'aes128-ctr', 'aes192-ctr', 'aes256-ctr'] client mac:['hmac-md5', 'hmac-sha1', 'umac-64@openssh.com', 'hmac-ripemd160', 'hmac-ripemd160@openssh.com', 'hmac-sha1-96', 'hmac-md5-96'] server mac:['hmac-md5', 'hmac-sha1', 'umac-64@openssh.com', 'hmac-ripemd160', 'hmac-ripemd160@openssh.com', 'hmac-sha1-96', 'hmac-md5-96'] client compress:['none', 'zlib@openssh.com'] server compress:['none', 'zlib@openssh.com'] client lang:[''] server lang:[''] kex follows?False
DEB [20090313-23:20:53.233] thr=1   paramiko.transport: Ciphers agreed: local=aes128-cbc, remote=aes128-cbc
DEB [20090313-23:20:53.233] thr=1   paramiko.transport: using kex diffie-hellman-group1-sha1; server key type ssh-rsa; cipher: local aes128-cbc, remote aes128-cbc; mac: local hmac-sha1, remote hmac-sha1; compression: local none, remote none
DEB [20090313-23:20:53.365] thr=1   paramiko.transport: Switch to new keys ...
DEB [20090313-23:20:53.366] thr=2   paramiko.transport: Rejecting ssh-rsa host key for fedora: e55fe7877045026da523a04b61bbf011
DEB [20090313-23:20:53.467] thr=1   paramiko.transport: EOF in transport thread

Any help is much appreciated, thanks!

cactus · 2009-03-12 07:41:11

If the server's hostname is not found in either set of host keys, the missing host key policy is used (see set_missing_host_key_policy). The default policy is to reject the key and raise an SSHException.

My guess is the remote host fingerprint doesn't exist yet in the known_hosts file.
http://www.lag.net/paramiko/docs/parami … class.html

see example: http://jessenoller.com/2009/02/05/ssh-p … different/
look at "Host Keys" section.

TSP · 2009-03-12 12:30:24

Thanks for your help! The problem is the host fingerprint. In my known_host i find something like

hostname, ip ssh-rsa ....

while in ubuntu, for example you can see the

host fingerprint ssh.rsa ....

and the scripts works. I don't know how to fix this, to make the script works in any linux os.

cactus · 2009-03-12 20:44:33

if you are seeing hostname, ip, that means you need to turn on hashing in your ssh config..
umm...

 
HashKnownHosts yes

you can dump that sitewide into ssh_config, or just into your personal .ssh/config in a Host * stanza.

example from my own .ssh/config:

# .ssh/config
Host *
    Protocol 2
    ControlPath ~/.ssh/master-%r@%h:%p
    ControlMaster auto
    ServerAliveCountMax 3
    ServerAliveInterval 300
    #SetupTimeOut 300
    Compression yes
    HashKnownHosts yes

Then to hash the existing known_hosts file you can: `ssh-keygen -H`
Then remove the backup it made.

That should get you the fingerprint hashed style known_hosts.

I do find it odd that such a thing would be your problem though..but maybe it is.

Last edited by cactus (2009-03-12 20:46:25)

TSP · 2009-03-13 15:56:26

Hey, many thanks. You are right, that's is not the problem...but your info help me debugging the problem...

Arch Linux

#1 2009-03-12 01:28:48

python paramiko help

#2 2009-03-12 07:41:11

Re: python paramiko help

#3 2009-03-12 12:30:24

Re: python paramiko help

#4 2009-03-12 20:44:33

Re: python paramiko help

#5 2009-03-13 15:56:26

Re: python paramiko help

Board footer