Can I get Paramiko code for the following ssh command?
ssh Administrator#xx.xx.xx.xx -vv -o PreferredAuthentications=password -o PubkeyAuthentication=no
Need to know how to handle fields PreferredAuthentications and PubkeyAuthentication in Paramiko.
There's no direct equivalent, as Paramiko has different logic than ssh when selecting the authentication methods. And you actually didn't tell us why are you using those directives.
If your point was to avoid using autodiscovered key files, use allow_agent=False and look_for_keys=False.
See Force password authentication (ignore keys in .ssh folder) in Paramiko in Python
Related
I've got some code which needs to grab code from github periodically (on a Windows machine).
When I do pulls manually, I use GitBash, and I've got ssh keys running for the repos I check so everything is fine. However when I try to run the same actions in a python subprocess I don't have the ssh services which GitBash provides and I'm unable to authenticate to the repo.
How should I proceed from here. I can think of a couple of different options:
I could revert to using https:// fetches. This is problematic because the repos I'm fetching use 2-factor authentication and are going to be running unattended. Is there a way to access an https repo that has 2fa from a command line?
I've tried calling sh.exe with arguments that will fire off ssh-agent and then issuing my commands so that everything is running more or less the way it does in gitBash, but that doesn't seem to work:
"C:\Program Files (x86)\Git\bin\sh.exe" -c "C:/Program\ Files\ \(x86\)/Git/bin/ssh-agent.exe; C:/Program\ Files\ \(x86\)/Git/bin/ssh.exe -t git#github.com"
produces
SSH_AUTH_SOCK=/tmp/ssh-SiVYsy3660/agent.3660; export SSH_AUTH_SOCK;
SSH_AGENT_PID=8292; export SSH_AGENT_PID;
echo Agent pid 8292;
Could not create directory '/.ssh'.
The authenticity of host 'github.com (192.30.252.129)' can't be established.
RSA key fingerprint is XXXXXXXXXXX
Are you sure you want to continue connecting (yes/no)? yes
Failed to add the host to the list of known hosts (/.ssh/known_hosts).
Permission denied (publickey).
Could I use an ssh module in python like paramiko to establish a connection? It looks to me like that's only for ssh'ing into a remote terminal. Is there a way to make it provide an ssh connection that git.exe can use?
So, I'd be grateful if anybody has done this before or has a better alternative
The git bash set the HOME environment variable, which allows git to find the ssh keys (in %HOME%/.ssh)
You need to make sure the python process has or define HOME to the same PATH.
As explained in "Python os.environ[“HOME”] works on idle but not in a script", you need to set HOME to %USERPROFILE% (or, in python, to os.path.expanduser("~") ).
I want to test various package installation on multiple hosts. Different hosts have different password/ssh-key.
I dont want to hard code host name and their ssh-key in my fab file. How can i pass multiple host and their ssh-key through terminal command line.
Code in my fab file looks like -
from fabric.api import settings, run, env
def test_installation(cmd):
run("dpkg -s %s" %cmd)
And i am calling it like -
fab test_installation:tomcat7 --hosts "user1#host1:port","vuser2#host2:port" -i "ssh-file-path for host1","ssh-file-path for host2"
Please suggest me the proper way. any help is most welcomed.
You don't provide ssh keys of hosts, but only your ssh key, that is used to register you in authorized_keys on host. And you provide only path to it (usually it is ~/.ssh/id_rsa).
Moreover, you can configure fabric to use your ssh config, so you don't need to hardcode any path at all. It can use the same keys, as it would use if you typed ssh my_host in shell.
How to do that you can find in fabric tutorial:
http://docs.fabfile.org/en/1.8/usage/execution.html#leveraging-native-ssh-config-files
http://docs.fabfile.org/en/1.8/usage/env.html#full-list-of-env-vars
You can also set your ~/.ssh/config to use different key for different host.
If you are not familiar with ssh and configuring it, please see:
http://linux.die.net/man/5/ssh_config
I have try to implement it using paramiko. But I find paramiko can only launch a tunnel redirecting localhost:lport to remoteip:rport just like 'ssh -L'.
So I want to know how can I implement it using paramiko or use other library.
Thanks for your help.
Unlike the -L or -R options which forward specific ports, ssh -D establishes a SOCKS proxy for application-level port forwarding.
Assuming that's what you want, then according to this answer, there are several Python modules which implements SOCKS clients/proxies, e.g. PySocks and SocksiPy. Unfortunately, I have never explored any of these options and cannot vouch for any of them.
I would like to execute a command on a remote machine using telnet as,
telnet x.x.x.x command or similar
I want to include this as part of a script in Python ( subprocess ) and hence need it in one line. Or, are there any other ways to do the same?
Any help is appreciated.
Thanks.
Rather than relying on subprocess, you could try Python's built-in telnetlib instead.
A complete example that does almost exactly what you want is available as an example in the documentation: http://docs.python.org/library/telnetlib.html#telnet-example
I would personally also see if SSH is available on the target system. Not only will you be using a secure connection, but you can also set up SSH keys and use SSH's built-in support for executing a single command (e.g. ssh user#example.com ls -l).
#!/bin/sh
empty -f -i in -o out telnet foo.bar.com
empty -w -i out -o in "ogin:" "luser\n"
empty -w -i out -o in "assword:" "TopSecret\n"
empty -s -o in "who am i\n"
empty -s -o in "exit\n"
http://empty.sourceforge.net/
Maybe this solution will be useful, but as stated in there, it won't work in case you need user/password authentication.
In order to skip manual user/password authentication, setting up ssh keys is the way to go. There is a short explanation about this here: SSH to a server without password for Admin Ease
How is it possible to do secure copy using python (windows native install - ActivePython). Unfortunately pexpect module is for unix only and we don't want cygwin locally. I wrote a script that based on pscp.exe win tool - but always stops at first execution becuse of fingerprint host id. and haven't found option to switch this off.
the remote hosts are running ssh-server on cygwin (win 2003 servers).
Thanks
paramiko is pretty slick. See this question for some more details.
I strongly recommend that you use keys rather than passwords. If you use ssh keys properly, you do not need to use expect, as the scp command won't ask for any user input. If you have command line ssh installed, you can make a key like this:
ssh-keygen -t dsa
Then simply follow the instructions provided, and save the key to the default location. If you put a passphrase on it, you'll need to use some sort of ssh agent, either the command line ssh-agent or pagent on windows. You can also create an ssh key with the putty suite's puttygen.
To set up the key for authentication, simply put a copy of id_dsa.pub on the host you want to scp to in the file ~/.ssh/authorized_keys.
http://pypi.python.org/pypi/ssh4py
SCP example: http://blog.keyphrene.com/keyphrene/index.php/2008/09/18/13-scp
Twisted Conch supports ssh and sftp.
How do you expect to provide the authentication data? The easiest way is to create a key, and make sure it is in the server's list of accepted hosts. That way scp will authenticate using the private/public key pair automatically, and "just work".
This is a handy tutorial on how to go about creating and uploading the key. Of course this assumes you have the necessary admin access to the server.