代码之家  ›  专栏  ›  技术社区  ›  Stefan Papp

与paramiko的无密码ssh连接在ssh工作的地方失败

paramiko ssh python
  •  2
  • Stefan Papp  · 技术社区  · 6 年前

    我打算在客户机和服务器之间使用ssh密钥创建一个使用无密码连接。

    使用paramiko,我最终 身份验证异常 .通过popen使用标准ssh,我可以毫无问题地连接

    对于paramiko,我使用以下代码: 

    client = paramiko.SSHClient()
client.set_missing_host_key_policy(paramiko.AutoAddPolicy())
client.load_system_host_keys()
client.connect(ssh_server, username=ssh_user)

    对于相同的情况,我可以使用ssh: 

    cmd = 'ssh -o GSSAPIAuthentication=no -o ForwardX11=no {}@{} echo 0 > /dev/null'.format(ssh_user, ssh_server)
process = subprocess.Popen(md, shell=True, stdout=subprocess.PIPE, stderr=subprocess.STDOUT)
process.communicate()

    我正在使用python 3.4.6和paramiko 2.4.1。

    更多细节:

    • 我可以在另一个客户机上与paramiko建立连接
    • 在这个特定的客户机上,ssh模拟的用户与启动调用的用户不同。

    paramiko调试输出 

    2018-07-11 20:55:54,025 20730 DEBUG: putting paramiko output to console
2018-07-11 20:55:54,112 20730 DEBUG: starting thread (client mode): 0x4ca07320
2018-07-11 20:55:54,112 20730 DEBUG: Local version/idstring: SSH-2.0-paramiko_2.4.1
2018-07-11 20:55:54,112 20730 DEBUG: Remote version/idstring: SSH-2.0-OpenSSH_7.2
2018-07-11 20:55:54,112 20730 INFO: Connected (version 2.0, client OpenSSH_7.2)
2018-07-11 20:55:54,115 20730 DEBUG: kex algos:['curve25519-sha256@libssh.org', 'ecdh-sha2-nistp256', 'ecdh-sha2-nistp384', 'ecdh-sha2-nistp521', 'diffie-hellman-group-exchange-sha256', 'diffie-hellman-group14-sha1'] server key:['ssh-rsa', 'rsa-sha2-512', 'rsa-sha2-256', 'ssh-dss', 'ecdsa-sha2-nistp256', 'ssh-ed25519'] client encrypt:['chacha20-poly1305@openssh.com', 'aes128-ctr', 'aes192-ctr', 'aes256-ctr', 'aes128-gcm@openssh.com', 'aes256-gcm@openssh.com'] server encrypt:['chacha20-poly1305@openssh.com', 'aes128-ctr', 'aes192-ctr', 'aes256-ctr', 'aes128-gcm@openssh.com', 'aes256-gcm@openssh.com'] client mac:['umac-64-etm@openssh.com', 'umac-128-etm@openssh.com', 'hmac-sha2-256-etm@openssh.com', 'hmac-sha2-512-etm@openssh.com', 'hmac-sha1-etm@openssh.com', 'umac-64@openssh.com', 'umac-128@openssh.com', 'hmac-sha2-256', 'hmac-sha2-512', 'hmac-sha1'] server mac:['umac-64-etm@openssh.com', 'umac-128-etm@openssh.com', 'hmac-sha2-256-etm@openssh.com', 'hmac-sha2-512-etm@openssh.com', 'hmac-sha1-etm@openssh.com', 'umac-64@openssh.com', 'umac-128@openssh.com', 'hmac-sha2-256', 'hmac-sha2-512', 'hmac-sha1'] client compress:['none', 'zlib@openssh.com'] server compress:['none', 'zlib@openssh.com'] client lang:[''] server lang:[''] kex follows?False
2018-07-11 20:55:54,115 20730 DEBUG: Kex agreed: ecdh-sha2-nistp256
2018-07-11 20:55:54,115 20730 DEBUG: HostKey agreed: ecdsa-sha2-nistp256
2018-07-11 20:55:54,115 20730 DEBUG: Cipher agreed: aes128-ctr
2018-07-11 20:55:54,115 20730 DEBUG: MAC agreed: hmac-sha2-256
2018-07-11 20:55:54,116 20730 DEBUG: Compression agreed: none
2018-07-11 20:55:54,123 20730 DEBUG: kex engine KexNistp256 specified hash_algo <built-in function openssl_sha256>
2018-07-11 20:55:54,124 20730 DEBUG: Switch to new keys ...
Exception: No authentication methods available

    ssh-debug:(在ssh-u服务器上使用ssh-v ssh-u用户) 

    OpenSSH_6.6.1, OpenSSL 1.0.1f 6 Jan 2014
debug1: Reading configuration data /home/pid1083/.ssh/config
debug1: /home/pid1083/.ssh/config line 17: Applying options for *
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Connecting to <ssh_server> port 22.
debug1: Connection established.
debug1: identity file /home/<logged_in_username>/.ssh/id_rsa_c2c type 1
debug1: identity file /home/<logged_in_username>/.ssh/id_rsa_c2c-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.10
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.2
debug1: match: OpenSSH_7.2 pat OpenSSH* compat 0x04000000
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-sha1-etm@openssh.com none
debug1: kex: client->server aes128-ctr hmac-sha1-etm@openssh.com none
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ECDSA 21:1b:bb:32:4c:69:f3:eb:91:79:e7:ca:d4:30:ff:70
debug1: Host '<ssh_server>' is known and matches the ECDSA host key.
debug1: Found key in /home/<logged_in_username>/.ssh/known_hosts:519
debug1: ssh_ecdsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,keyboard-interactive
debug1: Next authentication method: gssapi-keyex
debug1: No valid Key exchange context
debug1: Next authentication method: gssapi-with-mic
debug1: Unspecified GSS failure.  Minor code may provide more information
No Kerberos credentials available

debug1: Unspecified GSS failure.  Minor code may provide more information
No Kerberos credentials available

debug1: Unspecified GSS failure.  Minor code may provide more information


debug1: Unspecified GSS failure.  Minor code may provide more information
No Kerberos credentials available

debug1: Next authentication method: publickey
debug1: Offering RSA public key: /home/<logged_in_user>/.ssh/id_rsa_c2c
debug1: Server accepts key: pkalg ssh-rsa blen 279
debug1: key_parse_private2: missing begin marker
debug1: read PEM private key done: type RSA
debug1: Authentication succeeded (publickey).
Authenticated to <IP_of_server>:22).
debug1: channel 0: new [client-session]
debug1: Requesting no-more-sessions@openssh.com
debug1: Entering interactive session.
debug1: client_input_global_request: rtype hostkeys-00@openssh.com want_reply 0
debug1: Requesting X11 forwarding with authentication spoofing.
debug1: Sending environment.
debug1: Sending env LC_PAPER = en_US.utf8
debug1: Sending env LC_ADDRESS = en_US.utf8
debug1: Sending env LC_MONETARY = en_US.utf8
debug1: Sending env LC_NUMERIC = en_US.utf8
debug1: Sending env LC_ALL = en_US.utf8
debug1: Sending env LC_TELEPHONE = en_US.utf8
debug1: Sending env LC_MESSAGES = en_US.utf8
debug1: Sending env LC_IDENTIFICATION = en_US.utf8
debug1: Sending env LC_COLLATE = en_US.utf8
debug1: Sending env LANG = en_US.utf8
debug1: Sending env LC_MEASUREMENT = en_US.utf8
debug1: Sending env LC_CTYPE = en_US.utf8
debug1: Sending env LC_TIME = en_DK.utf8
debug1: Sending env LC_NAME = en_US.utf8
    1 回复  |  直到 6 年前
        1
  •  3
  •   Martin Prikryl    6 年前

    你的 ssh 连接有效,因为它使用来自 ~/.ssh/id_rsa_c2c (配置见 ssh_config )中。这个 .ssh 文件夹和 ssh_配置 文件用作openssh工具集的配置( 宋承宪 在这种情况下)。您不能期望其他ssh客户机/库将使用openssh配置文件。一般来说,他们不会。

    如果要对paramiko使用公钥身份验证,请使用 key_filename 论证 SSHClient.connect .
    另见 How to ssh connect through python Paramiko with ppk public key 是的。

    尽管paramiko尤其会使用密钥文件,如果它有一个公共名称,比如 id_rsa 我是说, id_dsa 等,见 Force password authentication (ignore keys in .ssh folder) in Paramiko in Python 完全相反的问题。

    强制性警告:请勿使用 AutoAddPolicy ,除非你不关心安全。这样你就失去了对mitm攻击的保护。
    有关正确的解决方案,请参见 Paramiko "Unknown Server" 是的。

    推荐文章
    July  ·  如何定义数字间隔,然后四舍五入
    1 年前
    Community wiki  ·  对象名称前的单下划线和双下划线的含义是什么?
    1 年前
    Brian Johnson  ·  为什么在Python中列出字典列表会引发TypeError?[已关闭]
    1 年前
    user026  ·  如何根据特定窗口的平均值(行数)创建新列?
    1 年前
    Ashok Shrestha  ·  需要追踪特定的颜色线并获取坐标
    1 年前
    Nicote Ool  ·  在FastApi和Vue3中获得422
    1 年前
    NeoExceptCodeBad  ·  如果我有很多垂直线,我如何找到它们的边缘?
    1 年前
    Abdulaziz  ·  如何对集合内的列表进行排序[重复]
    1 年前
    user2743931  ·  带有src目录的Python setup.py
    1 年前
    asmgx  ·  为什么合并数据帧不能按照python中的预期方式工作
    1 年前
    关于   移动版
    代码之家 - 一站式码农服务社区
    沪ICP备11025650号