Paramiko:将 host_key 永久添加到 known_hosts
Paramiko: Add host_key to known_hosts permanently
此代码帮助我建立 ssh 连接。我知道 set_missing_host_key_policy 在 known_hosts 中找不到密钥时会有所帮助。但它的行为并不像实际的 ssh,因为在我第一次 运行 这段代码之后,我假设 host_key 会被添加到 known_hosts 并且我不再需要 set_missing_host_key_policy() 函数。但是,我错了(paramiko.ssh_exception.SSHException)。如何使用 paramiko 将 host_key 永久添加到 known_hosts? (由于后端代码的某部分写在'C'中,需要在known_hosts中找到host_key)
还是我误会了什么?我需要一些指导...
import paramiko
client = paramiko.SSHClient()
client.load_system_host_keys()
client.set_missing_host_key_policy(paramiko.AutoAddPolicy())
client.connect(hostname=str(host),username =str(user),password=str(pswd))
从包文档中比较
client.load_system_host_keys(filename=None)
Load host keys from a system (read-only) file. Host keys read with
this method will not be saved back by `save_host_keys`.
和
client.load_host_keys(filename)
Load host keys from a local host-key file. Host keys read with this
method will be checked after keys loaded via `load_system_host_keys`,
but will be saved back by `save_host_keys` (so they can be modified).
The missing host key policy `.AutoAddPolicy` adds keys to this set and
saves them, when connecting to a previously-unknown server.
所以要让 Paramiko 存储任何新的主机密钥,您需要使用 load_host_keys,而不是 load_system_host_keys。例如
client.load_host_keys(os.path.expanduser('~/.ssh/known_hosts'))
但是 避免使用 AutoAddPolicy 通常是个好主意,因为它会让您容易受到 man-in-the-middle 攻击。我最终做的是在与脚本相同的文件夹中生成本地 known_hosts:
ssh -o GlobalKnownHostsFile=/dev/null -o UserKnownHostsFile=./known_hosts user@host
然后改为加载此文件:
client.load_host_keys(os.path.join(os.path.dirname(__file__), 'known_hosts'))
通过这种方式,我可以将 known_hosts 与我的脚本一起分发到不同的机器上 运行,而无需触及这些机器上的实际 known_hosts。
##使用paramiko远程ssh添加用户
import paramiko
import os
ssh= paramiko.SSHClient()
ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())
ssh.connect('192.168.10.49', port=22,username='root', password='abc@123')
def addnewuser():
uname=input("Type your new Create userName")
upass=input("Enter Password")
os.system("useradd -m -p "+upass+" "+uname)
addnewuser()
如果你想在运行时添加一个特定的键(没有任何文件):
from paramiko import RSAKey
from paramiko.py3compat import decodebytes
client = SSHClient()
# known host key
know_host_key = "<KEY>"
keyObj = RSAKey(data=decodebytes(know_host_key.encode()))
# add to host keys
client.get_host_keys().add(hostname=HOST, keytype="ssh-rsa", key=keyObj)
# login to ssh hostname
client.connect(hostname=HOST, port=PORT, username=USER)...
来源:https://github.com/paramiko/paramiko/blob/2.6.0/tests/test_hostkeys.py#L75-L84
此代码帮助我建立 ssh 连接。我知道 set_missing_host_key_policy 在 known_hosts 中找不到密钥时会有所帮助。但它的行为并不像实际的 ssh,因为在我第一次 运行 这段代码之后,我假设 host_key 会被添加到 known_hosts 并且我不再需要 set_missing_host_key_policy() 函数。但是,我错了(paramiko.ssh_exception.SSHException)。如何使用 paramiko 将 host_key 永久添加到 known_hosts? (由于后端代码的某部分写在'C'中,需要在known_hosts中找到host_key)
还是我误会了什么?我需要一些指导...
import paramiko
client = paramiko.SSHClient()
client.load_system_host_keys()
client.set_missing_host_key_policy(paramiko.AutoAddPolicy())
client.connect(hostname=str(host),username =str(user),password=str(pswd))
从包文档中比较
client.load_system_host_keys(filename=None)
Load host keys from a system (read-only) file. Host keys read with
this method will not be saved back by `save_host_keys`.
和
client.load_host_keys(filename)
Load host keys from a local host-key file. Host keys read with this
method will be checked after keys loaded via `load_system_host_keys`,
but will be saved back by `save_host_keys` (so they can be modified).
The missing host key policy `.AutoAddPolicy` adds keys to this set and
saves them, when connecting to a previously-unknown server.
所以要让 Paramiko 存储任何新的主机密钥,您需要使用 load_host_keys,而不是 load_system_host_keys。例如
client.load_host_keys(os.path.expanduser('~/.ssh/known_hosts'))
但是 避免使用 AutoAddPolicy 通常是个好主意,因为它会让您容易受到 man-in-the-middle 攻击。我最终做的是在与脚本相同的文件夹中生成本地 known_hosts:
ssh -o GlobalKnownHostsFile=/dev/null -o UserKnownHostsFile=./known_hosts user@host
然后改为加载此文件:
client.load_host_keys(os.path.join(os.path.dirname(__file__), 'known_hosts'))
通过这种方式,我可以将 known_hosts 与我的脚本一起分发到不同的机器上 运行,而无需触及这些机器上的实际 known_hosts。
import paramiko
import os
ssh= paramiko.SSHClient()
ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())
ssh.connect('192.168.10.49', port=22,username='root', password='abc@123')
def addnewuser():
uname=input("Type your new Create userName")
upass=input("Enter Password")
os.system("useradd -m -p "+upass+" "+uname)
addnewuser()
如果你想在运行时添加一个特定的键(没有任何文件):
from paramiko import RSAKey
from paramiko.py3compat import decodebytes
client = SSHClient()
# known host key
know_host_key = "<KEY>"
keyObj = RSAKey(data=decodebytes(know_host_key.encode()))
# add to host keys
client.get_host_keys().add(hostname=HOST, keytype="ssh-rsa", key=keyObj)
# login to ssh hostname
client.connect(hostname=HOST, port=PORT, username=USER)...
来源:https://github.com/paramiko/paramiko/blob/2.6.0/tests/test_hostkeys.py#L75-L84