使用 Python Paramiko 连接到 SSH 服务器,除了密码提示外还需要使用 Enter 键提交键盘交互式横幅
Connect with Python Paramiko to SSH server that in addition to password prompt requires submitting an keyboard interactive banner with Enter key
使用 PuTTY 命令行,我连接到 PAM 环境下的 unix 主机。
连接字符串是
domain/user-name@pam-functional-account@unix-host@pam-load-balancer-address:4422
在 PuTTY 命令行中我使用了下面的
putty.exe -ssh domain/user-name@pam-functional-account@unix-host@pam-load-balancer-address 4422 -pw xxx
这将打开到主机和登录的 PuTTY SSH 会话。在 PuTTY 控制台中,用户名显示为
domain/user-name@pam-functional-account@unix-host
我想通过 SSH 库 Paramiko 执行相同的操作。我将 pam-load-balancer-address 作为我的主机,将 4422 作为端口,将 domain/user-name@pam-functional-account@unix-host 作为我的用户名。在 Paramiko 中它给出错误信息
AuthenticationException: Authentication failed.
在 PuTTY ssh 中成功,在 Paramiko 或 robotframework-sshlibrary 中我无法登录主机。请教如何登录用户名多@的主机。谢谢
PuTTY 会话
PuTTY 事件日志:
Paramiko 日志:
DEB [20210330-17:27:49.113] thr=1 paramiko.transport: starting thread (client mode): 0x3d82d30
DEB [20210330-17:27:49.113] thr=1 paramiko.transport: Local version/idstring: SSH-2.0-paramiko_2.7.2
DEB [20210330-17:27:49.113] thr=1 paramiko.transport: Remote version/idstring: SSH-2.0-PBPS-SM-1.0.0
INF [20210330-17:27:49.113] thr=1 paramiko.transport: Connected (version 2.0, client PBPS-SM-1.0.0)
DEB [20210330-17:27:49.217] thr=1 paramiko.transport: kex algos:['curve25519-sha256', 'ecdh-sha2-nistp256', 'ecdh-sha2-nistp384', 'ecdh-sha2-nistp521', 'diffie-hellman-group-exchange-sha256', 'diffie-hellman-group14-sha1'] server key:['ecdsa-sha2-nistp256', 'ecdsa-sha2-nistp384', 'ecdsa-sha2-nistp521', 'ssh-ed25519', 'rsa-sha2-512', 'rsa-sha2-256', 'ssh-rsa'] client encrypt:['aes256-ctr', 'aes192-ctr', 'aes128-ctr'] server encrypt:['aes256-ctr', 'aes192-ctr', 'aes128-ctr'] client mac:['hmac-sha2-256', 'hmac-sha2-512', 'hmac-sha1'] server mac:['hmac-sha2-256', 'hmac-sha2-512', 'hmac-sha1'] client compress:['none'] server compress:['none'] client lang:[''] server lang:[''] kex follows?False
DEB [20210330-17:27:49.218] thr=1 paramiko.transport: Kex agreed: ecdh-sha2-nistp256
DEB [20210330-17:27:49.218] thr=1 paramiko.transport: HostKey agreed: ssh-ed25519
DEB [20210330-17:27:49.218] thr=1 paramiko.transport: Cipher agreed: aes128-ctr
DEB [20210330-17:27:49.218] thr=1 paramiko.transport: MAC agreed: hmac-sha2-256
DEB [20210330-17:27:49.218] thr=1 paramiko.transport: Compression agreed: none
DEB [20210330-17:27:49.225] thr=1 paramiko.transport: kex engine KexNistp256 specified hash_algo <built-in function openssl_sha256>
DEB [20210330-17:27:49.225] thr=1 paramiko.transport: Switch to new keys ...
DEB [20210330-17:27:49.226] thr=2 paramiko.transport: Adding ssh-ed25519 host key for [xxx-pam2.xxx.co.uk]:4422: b'3f537ba214609f1911ba04226de23df7'
DEB [20210330-17:27:49.246] thr=1 paramiko.transport: userauth is OK
INF [20210330-17:27:49.246] thr=1 paramiko.transport: Authentication (password) failed.
DEB [20210330-17:27:49.253] thr=1 paramiko.transport: EOF in transport thread
没有 -pw 的 PuTTY 事件日志:
2021-03-30 17:39:43 Looking up host "xxx-pam1.xxx.co.uk" for SSH connection
2021-03-30 17:39:43 Connecting to 10.34.37.244 port 4422
2021-03-30 17:39:43 We claim version: SSH-2.0-PuTTY_Release_0.74
2021-03-30 17:39:43 Remote version: SSH-2.0-PBPS-SM-1.0.0
2021-03-30 17:39:43 Using SSH protocol version 2
2021-03-30 17:39:43 No GSSAPI security context available
2021-03-30 17:39:43 Doing ECDH key exchange with curve nistp256 and hash SHA-256 (unaccelerated)
2021-03-30 17:39:43 Server also has ecdsa-sha2-nistp256/ecdsa-sha2-nistp384/ecdsa-sha2-nistp521/ssh-rsa host keys, but we don't know any of them
2021-03-30 17:39:43 Host key fingerprint is:
2021-03-30 17:39:43 ssh-ed25519 255 32:2f:d2:0b:ba:f4:50:7f:01:42:59:bd:47:17:d3:91
2021-03-30 17:39:43 Initialised AES-256 SDCTR (AES-NI accelerated) outbound encryption
2021-03-30 17:39:43 Initialised HMAC-SHA-256 (unaccelerated) outbound MAC algorithm
2021-03-30 17:39:43 Initialised AES-256 SDCTR (AES-NI accelerated) inbound encryption
2021-03-30 17:39:43 Initialised HMAC-SHA-256 (unaccelerated) inbound MAC algorithm
2021-03-30 17:39:43 Attempting keyboard-interactive authentication
2021-03-30 17:40:01 Access granted
2021-03-30 17:40:01 Opening main session channel
2021-03-30 17:40:02 Opened main channel
2021-03-30 17:40:02 Allocated pty
2021-03-30 17:40:02 Started a shell/command
源代码
import paramiko
import logging
import Interactive
def connect_pam_host():
logging.basicConfig();
# logging.getLogger('Paramiko').setLevel(logging.INFO);
paramiko.util.log_to_file('paramiko.log', logging.WARNING);
ssh = paramiko.SSHClient();
ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy());
ssh.connect(hostname='xxx-pam2.xxx.co.uk', port=4422, username='netdom\tpukrisi@XXuladm@utvweccn03',
password='mypwd@03');
print('Success');
# This is a sample Python script.
# Press Shift+F10 to execute it or replace it with your code.
# Press Double Shift to search everywhere for classes, files, tool windows, actions, and settings.
def print_hi(name):
# Use a breakpoint in the code line below to debug your script.
print(f'Hi, {name}') # Press Ctrl+F8 to toggle the breakpoint.
# Press the green button in the gutter to run the script.
if __name__ == '__main__':
print_hi('PyCharm')
connect_pam_host()
您的服务器似乎发出了两次键盘交互式身份验证质询
- 首先,提示输入密码
- 其次,没有提示的横幅。
所以你必须像这样做一些事情:
def handler(title, instructions, fields):
if len(fields) == 1:
return [password]
else:
return []
transport = paramiko.Transport('example.com')
transport.connect(username='myuser')
transport.auth_password(username, password)
transport.auth_interactive(username, handler)
一些参考资料:
- SSH with 2FA in Python Using Paramiko
- Multi-factor authentication (password and key) with Paramiko
此外,正如您所发现的,您需要转义用户名中的 \。
使用 PuTTY 命令行,我连接到 PAM 环境下的 unix 主机。
连接字符串是
domain/user-name@pam-functional-account@unix-host@pam-load-balancer-address:4422
在 PuTTY 命令行中我使用了下面的
putty.exe -ssh domain/user-name@pam-functional-account@unix-host@pam-load-balancer-address 4422 -pw xxx
这将打开到主机和登录的 PuTTY SSH 会话。在 PuTTY 控制台中,用户名显示为
domain/user-name@pam-functional-account@unix-host
我想通过 SSH 库 Paramiko 执行相同的操作。我将 pam-load-balancer-address 作为我的主机,将 4422 作为端口,将 domain/user-name@pam-functional-account@unix-host 作为我的用户名。在 Paramiko 中它给出错误信息
AuthenticationException: Authentication failed.
在 PuTTY ssh 中成功,在 Paramiko 或 robotframework-sshlibrary 中我无法登录主机。请教如何登录用户名多@的主机。谢谢
PuTTY 会话
PuTTY 事件日志:
Paramiko 日志:
DEB [20210330-17:27:49.113] thr=1 paramiko.transport: starting thread (client mode): 0x3d82d30
DEB [20210330-17:27:49.113] thr=1 paramiko.transport: Local version/idstring: SSH-2.0-paramiko_2.7.2
DEB [20210330-17:27:49.113] thr=1 paramiko.transport: Remote version/idstring: SSH-2.0-PBPS-SM-1.0.0
INF [20210330-17:27:49.113] thr=1 paramiko.transport: Connected (version 2.0, client PBPS-SM-1.0.0)
DEB [20210330-17:27:49.217] thr=1 paramiko.transport: kex algos:['curve25519-sha256', 'ecdh-sha2-nistp256', 'ecdh-sha2-nistp384', 'ecdh-sha2-nistp521', 'diffie-hellman-group-exchange-sha256', 'diffie-hellman-group14-sha1'] server key:['ecdsa-sha2-nistp256', 'ecdsa-sha2-nistp384', 'ecdsa-sha2-nistp521', 'ssh-ed25519', 'rsa-sha2-512', 'rsa-sha2-256', 'ssh-rsa'] client encrypt:['aes256-ctr', 'aes192-ctr', 'aes128-ctr'] server encrypt:['aes256-ctr', 'aes192-ctr', 'aes128-ctr'] client mac:['hmac-sha2-256', 'hmac-sha2-512', 'hmac-sha1'] server mac:['hmac-sha2-256', 'hmac-sha2-512', 'hmac-sha1'] client compress:['none'] server compress:['none'] client lang:[''] server lang:[''] kex follows?False
DEB [20210330-17:27:49.218] thr=1 paramiko.transport: Kex agreed: ecdh-sha2-nistp256
DEB [20210330-17:27:49.218] thr=1 paramiko.transport: HostKey agreed: ssh-ed25519
DEB [20210330-17:27:49.218] thr=1 paramiko.transport: Cipher agreed: aes128-ctr
DEB [20210330-17:27:49.218] thr=1 paramiko.transport: MAC agreed: hmac-sha2-256
DEB [20210330-17:27:49.218] thr=1 paramiko.transport: Compression agreed: none
DEB [20210330-17:27:49.225] thr=1 paramiko.transport: kex engine KexNistp256 specified hash_algo <built-in function openssl_sha256>
DEB [20210330-17:27:49.225] thr=1 paramiko.transport: Switch to new keys ...
DEB [20210330-17:27:49.226] thr=2 paramiko.transport: Adding ssh-ed25519 host key for [xxx-pam2.xxx.co.uk]:4422: b'3f537ba214609f1911ba04226de23df7'
DEB [20210330-17:27:49.246] thr=1 paramiko.transport: userauth is OK
INF [20210330-17:27:49.246] thr=1 paramiko.transport: Authentication (password) failed.
DEB [20210330-17:27:49.253] thr=1 paramiko.transport: EOF in transport thread
没有 -pw 的 PuTTY 事件日志:
2021-03-30 17:39:43 Looking up host "xxx-pam1.xxx.co.uk" for SSH connection
2021-03-30 17:39:43 Connecting to 10.34.37.244 port 4422
2021-03-30 17:39:43 We claim version: SSH-2.0-PuTTY_Release_0.74
2021-03-30 17:39:43 Remote version: SSH-2.0-PBPS-SM-1.0.0
2021-03-30 17:39:43 Using SSH protocol version 2
2021-03-30 17:39:43 No GSSAPI security context available
2021-03-30 17:39:43 Doing ECDH key exchange with curve nistp256 and hash SHA-256 (unaccelerated)
2021-03-30 17:39:43 Server also has ecdsa-sha2-nistp256/ecdsa-sha2-nistp384/ecdsa-sha2-nistp521/ssh-rsa host keys, but we don't know any of them
2021-03-30 17:39:43 Host key fingerprint is:
2021-03-30 17:39:43 ssh-ed25519 255 32:2f:d2:0b:ba:f4:50:7f:01:42:59:bd:47:17:d3:91
2021-03-30 17:39:43 Initialised AES-256 SDCTR (AES-NI accelerated) outbound encryption
2021-03-30 17:39:43 Initialised HMAC-SHA-256 (unaccelerated) outbound MAC algorithm
2021-03-30 17:39:43 Initialised AES-256 SDCTR (AES-NI accelerated) inbound encryption
2021-03-30 17:39:43 Initialised HMAC-SHA-256 (unaccelerated) inbound MAC algorithm
2021-03-30 17:39:43 Attempting keyboard-interactive authentication
2021-03-30 17:40:01 Access granted
2021-03-30 17:40:01 Opening main session channel
2021-03-30 17:40:02 Opened main channel
2021-03-30 17:40:02 Allocated pty
2021-03-30 17:40:02 Started a shell/command
源代码
import paramiko
import logging
import Interactive
def connect_pam_host():
logging.basicConfig();
# logging.getLogger('Paramiko').setLevel(logging.INFO);
paramiko.util.log_to_file('paramiko.log', logging.WARNING);
ssh = paramiko.SSHClient();
ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy());
ssh.connect(hostname='xxx-pam2.xxx.co.uk', port=4422, username='netdom\tpukrisi@XXuladm@utvweccn03',
password='mypwd@03');
print('Success');
# This is a sample Python script.
# Press Shift+F10 to execute it or replace it with your code.
# Press Double Shift to search everywhere for classes, files, tool windows, actions, and settings.
def print_hi(name):
# Use a breakpoint in the code line below to debug your script.
print(f'Hi, {name}') # Press Ctrl+F8 to toggle the breakpoint.
# Press the green button in the gutter to run the script.
if __name__ == '__main__':
print_hi('PyCharm')
connect_pam_host()
您的服务器似乎发出了两次键盘交互式身份验证质询
- 首先,提示输入密码
- 其次,没有提示的横幅。
所以你必须像这样做一些事情:
def handler(title, instructions, fields):
if len(fields) == 1:
return [password]
else:
return []
transport = paramiko.Transport('example.com')
transport.connect(username='myuser')
transport.auth_password(username, password)
transport.auth_interactive(username, handler)
一些参考资料:
- SSH with 2FA in Python Using Paramiko
- Multi-factor authentication (password and key) with Paramiko
此外,正如您所发现的,您需要转义用户名中的 \。