In WinSCP is an option to edit the SFTP server command/path (in the protocol options):
Is there also such an option in pysftp/Paramiko or in an another SFTP package for Python?
Thanks!
What that option in WinSCP does is that it runs SFTP over the "exec" channel, instead of the "sftp subsystem" channel. An (untested) equivalent in Python Paramiko:
ssh = paramiko.SSHClient()
# authenticate here
chan = ssh.get_transport().open_session()
chan.exec_command("/path/to/sftp-server")
sftp = paramiko.SFTPClient(chan)
Related
With other partners we have had no trouble getting a password to connect with. This is the code we use presently to connect via proxy partner's SFTP server using a password:
import paramiko
proxy_command = '/usr/bin/ssh ' + proxy_address + ' -p 22 /usr/bin/nc ' + host_address + ' ' + str(host_port)
proxy = paramiko.ProxyCommand(proxy_command)
transport = paramiko.transport.Transport(proxy)
transport.connect(username=username, password=password)
sftp = paramiko.sftp_client.SFTPClient.from_transport(transport)
Our newest partner will not share a password with us--the connection should rely solely on keys. How can we modify the above to implement the keys on the proxy and not be reliant on using a password to connect to the host?
If you are asking for to authenticate using a key with the Paramiko low-level Transport class, just use the pkey parameter of the Transport.connect method:
pkey = paramiko.RSAKey.from_private_key_file(filename)
transport.connect(username=username, pkey=pkey)
Though in general, you should use the high-level SSHClient class instead:
ssh = paramiko.SSHClient()
pkey = paramiko.RSAKey.from_private_key_file('id_rsa')
ssh.connect(hostname=host_address, sock=sock, username=username, pkey=key)
sftp = ssh.open_sftp()
Though it turned out, you want to authenticate using a key stored on the proxy/jump server. You cannot use a key stored on the proxy server from a Paramiko code running on a local server. You would have to connect from the proxy server. Or download the key to the local machine. Or just read the key on run time from the server to local memory (what is a form of a download). See also Executing command from remote server into another remote server using Paramiko.
For my SSH connections, I use this ~/.ssh/config:
Host gwhost
Hostname gw.hostname.com
User user
IdentityFile /home/user/.ssh/priv_key
ControlMaster auto
ControlPath ~/.ssh/%h-%p-%r.sock
ControlPersist 120
Host *.my-example.com
User user
IdentityFile /home/user/.ssh/priv_key
StrictHostKeyChecking no
ProxyCommand ssh -q 'gwhost' -W %h:22
From the terminal I can connect to the host like this:
ssh one.my-example.com
I want to execute some commands on a remote host using Paramiko.
I tried to do it like this:
host = 'one.my-example.com'
ssh = paramiko.SSHClient()
ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())
user_config_file = os.path.expanduser("~/.ssh/config")
config = SSHConfig.from_path(user_config_file)
ssh.connect(hostname=host)
stdin, stdout, stderr = ssh.exec_command('ls')
lines = stdout.readlines()
print(lines)
After starting I got this error
in <lambda>
retry_on_signal(lambda: sock.connect(addr))
TimeoutError: [Errno 110] Connection timed out
So how can I use ~/.ssh/config or maybe I shouldn't ~/.ssh/config?
Paramiko has only very limited support for OpenSSH ssh_config configuration file.
If definitely won't use ssh_config automatically, as OpenSSH ssh does.
You would have to instantiate SSHConfig class using SSHConfig.from_path. And then use SSHConfig.lookup to lookup configuration for your hostname. And then use the returned dictionary to feed the arguments of SSHClient.connect.
Obligatory warning: Do not use AutoAddPolicy – You are losing a protection against MITM attacks by doing so. For a correct solution, see Paramiko "Unknown Server".
I need to connect to a remote server without the use of a password but using a public keyfile using the Python module Paramiko.
How can I do this?
Use key_filename argument of SSHClient.connect:
import paramiko
ssh = paramiko.SSHClient()
ssh.connect("example.com", username="user", key_filename="mykeyfile")
Though you need private key file for that. You cannot authenticate with public key file.
You will also need to verify the host key:
Paramiko "Unknown Server"
I am developing a custom SSH server and I am looking to change Paramiko (http://www.paramiko.org/) SSH Banner/version.
Here is the nmap output:
PORT STATE SERVICE VERSION
22/tcp open ssh Paramiko Python sshd 2.1.1 (protocol 2.0)
I would like to change it to :
PORT STATE SERVICE VERSION
22/tcp open ssh My sshd 1.0 (protocol 2.0)
Here is the code I am using to create my SSH server : https://github.com/paramiko/paramiko/blob/master/demos/demo_simple.py
Any ideas?
Thanks
The banner used by the client/server comes from the local_version attribute of the Transport class, so if you change it before you call start_server() or start_client() on the transport then it should work, e.g:
transport.local_version = 'SSH-2.0-My sshd 1.0'
transport.start_server(...)
Note that what nmap reports depends on which probe in nmap-service-probes is triggered, so your output in nmap might be different from what you expect. The line that matches for paramiko would be:
match ssh m|^SSH-([\d.]+)-paramiko_([\w._-]+)\r?\n| p/Paramiko Python sshd/ v/$2/ i/protocol $1/
I'm using the code below to ssh into the ftp servers:
ssh = paramiko.SSHClient()
ssh.connect(server, username=username, password=password)
ssh_stdin, ssh_stdout, ssh_stderr = ssh.exec_command("locate my_file.txt")
print ssh_stdout
However, I'm using multiple servers so I replace the server argument a lot. On the main ftp server I'm trying to connect to, I get this error:
socket.error: [Errno 60] Operation timed out
Whenever I try to use other servers though, I usually get this error:
paramiko.ssh_exception.S SHException:
Server 'ftp.server.org' not found in known_hosts
Does anyone know of any possible solutions to solve either one or both of these problems?
To fix your 2nd error, you can tell Paramiko to auto-add new servers:
ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())
Take a look at the docs.
For your second problem, you need to add the following line after ssh = paramiko.SSHClient():
ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())
This will allow paramiko to auto-accept unknown keys (and should allow you to SSH into those other servers)