没有密码的服务器的 Paramiko 身份验证失败
Paramiko authentication to server with no password fails
我正在连接到运行 dropbear 且根密码为空的主机。我可以通过 ssh
连接到它(我在这里替换了实际的 IPv6 地址和主机名):
$ ssh root@[2001:db8:1234::567]
root@my_host:~# ps aux | grep dropbear
root 2481 0.0 0.1 2408 504 ? Ss 06:15 0:00 /usr/sbin/dropbear -r /etc/dropbear/dropbear_rsa_host_key -B -p 22 -P /var/run/dropbear.pid
root 4492 1.2 0.2 2876 992 ? Ss 08:35 0:00 /usr/sbin/dropbear -r /etc/dropbear/dropbear_rsa_host_key -B -p 22 -P /var/run/dropbear.pid
root 4637 0.0 0.1 2344 556 pts/0 S+ 08:35 0:00 grep dropbear
root@my_host:~# exit
Connection to 2001:db8:1234::567 closed.
当我尝试使用 Paramiko 执行此操作时,它会抛出 AuthenticationException
。这是我的最小示例脚本:
#!/usr/bin/env python
import paramiko
client = paramiko.SSHClient()
client.set_missing_host_key_policy(paramiko.AutoAddPolicy())
client.connect(
"[2001:db8:1234::567]",
port=22,
username="root",
password="",
)
输出:
Traceback (most recent call last):
File "C:\Users\username\src\minimal\minimal.py", line 8, in <module>
client.connect(
File "C:\Users\username\envs\envname\lib\site-packages\paramiko\client.py", line 435, in connect
self._auth(
File "C:\Users\username\envs\envname\lib\site-packages\paramiko\client.py", line 766, in _auth
raise saved_exception
File "C:\Users\username\envs\envname\lib\site-packages\paramiko\client.py", line 753, in _auth
self._transport.auth_password(username, password)
File "C:\Users\username\envs\envname\lib\site-packages\paramiko\transport.py", line 1563, in auth_password
return self.auth_handler.wait_for_response(my_event)
File "C:\Users\username\envs\envname\lib\site-packages\paramiko\auth_handler.py", line 258, in wait_for_response
raise e
paramiko.ssh_exception.AuthenticationException: Authentication failed.
知道为什么使用 Paramiko 的身份验证失败了吗?
详细 ssh
输出:
$ ssh -vvv root@2001:db8:1234::567
OpenSSH_for_Windows_8.1p1, LibreSSL 3.0.2
debug1: Reading configuration data C:\Users\username/.ssh/config
debug3: Failed to open file:C:/ProgramData/ssh/ssh_config error:2
debug2: resolve_canonicalize: hostname 2001:db8:1234::567 is address
debug2: ssh_connect_direct
debug1: Connecting to 2001:db8:1234::567 [2001:db8:1234::567] port 22.
debug1: Connection established.
debug3: Failed to open file:C:/Users/username/.ssh/id_rsa error:2
debug3: Failed to open file:C:/Users/username/.ssh/id_rsa.pub error:2
debug1: identity file C:\Users\username/.ssh/id_rsa type -1
debug3: Failed to open file:C:/Users/username/.ssh/id_rsa-cert error:2
debug3: Failed to open file:C:/Users/username/.ssh/id_rsa-cert.pub error:2
debug1: identity file C:\Users\username/.ssh/id_rsa-cert type -1
debug3: Failed to open file:C:/Users/username/.ssh/id_dsa error:2
debug3: Failed to open file:C:/Users/username/.ssh/id_dsa.pub error:2
debug1: identity file C:\Users\username/.ssh/id_dsa type -1
debug3: Failed to open file:C:/Users/username/.ssh/id_dsa-cert error:2
debug3: Failed to open file:C:/Users/username/.ssh/id_dsa-cert.pub error:2
debug1: identity file C:\Users\username/.ssh/id_dsa-cert type -1
debug3: Failed to open file:C:/Users/username/.ssh/id_ecdsa error:2
debug3: Failed to open file:C:/Users/username/.ssh/id_ecdsa.pub error:2
debug1: identity file C:\Users\username/.ssh/id_ecdsa type -1
debug3: Failed to open file:C:/Users/username/.ssh/id_ecdsa-cert error:2
debug3: Failed to open file:C:/Users/username/.ssh/id_ecdsa-cert.pub error:2
debug1: identity file C:\Users\username/.ssh/id_ecdsa-cert type -1
debug3: Failed to open file:C:/Users/username/.ssh/id_ed25519 error:2
debug3: Failed to open file:C:/Users/username/.ssh/id_ed25519.pub error:2
debug1: identity file C:\Users\username/.ssh/id_ed25519 type -1
debug3: Failed to open file:C:/Users/username/.ssh/id_ed25519-cert error:2
debug3: Failed to open file:C:/Users/username/.ssh/id_ed25519-cert.pub error:2
debug1: identity file C:\Users\username/.ssh/id_ed25519-cert type -1
debug3: Failed to open file:C:/Users/username/.ssh/id_xmss error:2
debug3: Failed to open file:C:/Users/username/.ssh/id_xmss.pub error:2
debug1: identity file C:\Users\username/.ssh/id_xmss type -1
debug3: Failed to open file:C:/Users/username/.ssh/id_xmss-cert error:2
debug3: Failed to open file:C:/Users/username/.ssh/id_xmss-cert.pub error:2
debug1: identity file C:\Users\username/.ssh/id_xmss-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_for_Windows_8.1
debug1: Remote protocol version 2.0, remote software version dropbear_2017.75
debug1: no match: dropbear_2017.75
debug2: fd 3 setting O_NONBLOCK
debug1: Authenticating to 2001:db8:1234::567 as 'root'
debug3: hostkeys_foreach: reading file "C:\Users\username/.ssh/known_hosts"
debug3: Failed to open file:C:/Users/username/.ssh/known_hosts2 error:2
debug3: Failed to open file:C:/ProgramData/ssh/ssh_known_hosts error:2
debug3: Failed to open file:C:/ProgramData/ssh/ssh_known_hosts2 error:2
debug3: send packet: type 20
debug1: SSH2_MSG_KEXINIT sent
debug3: receive packet: type 20
debug1: SSH2_MSG_KEXINIT received
debug2: local client KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c
debug2: host key algorithms: ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519-cert-v01@openssh.com,rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa
debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none,zlib@openssh.com,zlib
debug2: compression stoc: none,zlib@openssh.com,zlib
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug2: peer server KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256@libssh.org,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,kexguess2@matt.ucc.asn.au
debug2: host key algorithms: ssh-rsa
debug2: ciphers ctos: aes128-ctr,aes256-ctr,aes128-cbc,aes256-cbc,twofish256-cbc,twofish-cbc,twofish128-cbc,3des-ctr,3des-cbc
debug2: ciphers stoc: aes128-ctr,aes256-ctr,aes128-cbc,aes256-cbc,twofish256-cbc,twofish-cbc,twofish128-cbc,3des-ctr,3des-cbc
debug2: MACs ctos: hmac-sha1-96,hmac-sha1,hmac-sha2-256,hmac-sha2-512,hmac-md5
debug2: MACs stoc: hmac-sha1-96,hmac-sha1,hmac-sha2-256,hmac-sha2-512,hmac-md5
debug2: compression ctos: zlib@openssh.com,none
debug2: compression stoc: zlib@openssh.com,none
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug1: kex: algorithm: curve25519-sha256@libssh.org
debug1: kex: host key algorithm: ssh-rsa
debug1: kex: server->client cipher: aes128-ctr MAC: hmac-sha2-256 compression: none
debug1: kex: client->server cipher: aes128-ctr MAC: hmac-sha2-256 compression: none
debug3: send packet: type 30
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug3: receive packet: type 31
debug1: Server host key: ssh-rsa SHA256:2oIgeSG/smq4GNl7z1jLMBEaMw4peSXOWGZlW9aZUaY
debug3: hostkeys_foreach: reading file "C:\Users\username/.ssh/known_hosts"
debug3: Failed to open file:C:/Users/username/.ssh/known_hosts2 error:2
debug3: Failed to open file:C:/ProgramData/ssh/ssh_known_hosts error:2
debug3: Failed to open file:C:/ProgramData/ssh/ssh_known_hosts2 error:2
debug3: failed to open file:C:/dev/tty error:3
debug1: read_passphrase: can't open /dev/tty: No such file or directory
The authenticity of host '2001:db8:1234::567 (2001:db8:1234::567)' can't be established.
RSA key fingerprint is SHA256:2oIgeSG/smq4GNl7z1jLMBEaMw4peSXOWGZlW9aZUaY.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '2001:db8:1234::567' (RSA) to the list of known hosts.
debug3: send packet: type 21
debug2: set_newkeys: mode 1
debug1: rekey out after 4294967296 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug3: receive packet: type 21
debug1: SSH2_MSG_NEWKEYS received
debug2: set_newkeys: mode 0
debug1: rekey in after 4294967296 blocks
debug3: unable to connect to pipe \\.\pipe\openssh-ssh-agent, error: 2
debug1: pubkey_prepare: ssh_get_authentication_socket: No such file or directory
debug1: Will attempt key: C:\Users\username/.ssh/id_rsa
debug1: Will attempt key: C:\Users\username/.ssh/id_dsa
debug1: Will attempt key: C:\Users\username/.ssh/id_ecdsa
debug1: Will attempt key: C:\Users\username/.ssh/id_ed25519
debug1: Will attempt key: C:\Users\username/.ssh/id_xmss
debug2: pubkey_prepare: done
debug3: send packet: type 5
debug3: receive packet: type 6
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug3: send packet: type 50
debug3: receive packet: type 52
debug1: Authentication succeeded (none).
Authenticated to 2001:db8:1234::567 ([2001:db8:1234::567]:22).
debug1: channel 0: new [client-session]
debug3: ssh_session2_open: channel_new: 0
debug2: channel 0: send open
debug3: send packet: type 90
debug1: Entering interactive session.
debug1: pledge: network
debug1: ENABLE_VIRTUAL_TERMINAL_INPUT is supported. Reading the VTSequence from console
debug3: This windows OS supports conpty
debug1: ENABLE_VIRTUAL_TERMINAL_PROCESSING is supported. Console supports the ansi parsing
debug3: Successfully set console output code page from:65001 to 65001
debug3: Successfully set console input code page from:850 to 65001
debug3: receive packet: type 91
debug2: channel_input_open_confirmation: channel 0: callback start
debug2: fd 3 setting TCP_NODELAY
debug2: client_session2_setup: id 0
debug2: channel 0: request pty-req confirm 1
debug3: send packet: type 98
debug2: channel 0: request shell confirm 1
debug3: send packet: type 98
debug2: channel_input_open_confirmation: channel 0: callback done
debug2: channel 0: open confirm rwindow 24576 rmax 32759
debug3: receive packet: type 99
debug2: channel_input_status_confirm: type 99 id 0
debug2: PTY allocation request accepted on channel 0
debug3: receive packet: type 99
debug2: channel_input_status_confirm: type 99 id 0
debug2: shell request accepted on channel 0
root@my_host:~# debug2: client_check_window_change: changed
debug2: channel 0: request window-change confirm 0
debug3: send packet: type 98
root@my_host:~# debug2: client_check_window_change: changed
debug2: channel 0: request window-change confirm 0
debug3: send packet: type 98
root@my_host:~# debug2: client_check_window_change: changed
debug2: channel 0: request window-change confirm 0
debug3: send packet: type 98
root@my_host:~# debug2: client_check_window_change: changed
debug2: channel 0: request window-change confirm 0
debug3: send packet: type 98
root@my_host:~# debug2: client_check_window_change: changed
debug2: channel 0: request window-change confirm 0
debug3: send packet: type 98
root@my_host:~# debug2: client_check_window_change: changed
debug2: channel 0: request window-change confirm 0
debug3: send packet: type 98
root@my_host:~# debug2: client_check_window_change: changed
debug2: channel 0: request window-change confirm 0
debug3: send packet: type 98
root@my_host:~# debug2: client_check_window_change: changed
debug2: channel 0: request window-change confirm 0
debug3: send packet: type 98
root@my_host:~# debug2: client_check_window_change: changed
debug2: channel 0: request window-change confirm 0
debug3: send packet: type 98
root@my_host:~# debug2: client_check_window_change: changed
debug2: channel 0: request window-change confirm 0
debug3: send packet: type 98
debug2: client_check_window_change: changed
debug2: channel 0: request window-change confirm 0
debug3: send packet: type 98
root@my_host:~# debug2: client_check_window_change: changed
debug2: channel 0: request window-change confirm 0
debug3: send packet: type 98
root@my_host:~# debug2: client_check_window_change: changed
debug2: channel 0: request window-change confirm 0
debug3: send packet: type 98
root@my_host:~# debug2: client_check_window_change: changed
debug2: channel 0: request window-change confirm 0
debug3: send packet: type 98
root@my_host:~# debug2: client_check_window_change: changed
debug2: channel 0: request window-change confirm 0
debug3: send packet: type 98
root@my_host:~# debug2: client_check_window_change: changed
debug2: channel 0: request window-change confirm 0
debug3: send packet: type 98
root@my_host:~# debug2: client_check_window_change: changed
debug2: channel 0: request window-change confirm 0
debug3: send packet: type 98
root@my_host:~# debug2: client_check_window_change: changed
debug2: channel 0: request window-change confirm 0
debug3: send packet: type 98
root@my_host:~# debug2: client_check_window_change: changed
debug2: channel 0: request window-change confirm 0
debug3: send packet: type 98
root@my_host:~# debug2: client_check_window_change: changed
debug2: channel 0: request window-change confirm 0
debug3: send packet: type 98
root@my_host:~# debug2: client_check_window_change: changed
debug2: channel 0: request window-change confirm 0
debug3: send packet: type 98
root@my_host:~# debug2: client_check_window_change: changed
debug2: channel 0: request window-change confirm 0
debug3: send packet: type 98
root@my_host:~# debug2: client_check_window_change: changed
debug2: channel 0: request window-change confirm 0
debug3: send packet: type 98
root@my_host:~# debug2: client_check_window_change: changed
debug2: channel 0: request window-change confirm 0
debug3: send packet: type 98
root@my_host:~# debug2: client_check_window_change: changed
debug2: channel 0: request window-change confirm 0
debug3: send packet: type 98
root@my_host:~#
Paramiko (2.9.2) 日志
DEBUG:paramiko.transport:starting thread (client mode): 0xbfd81bb0
DEBUG:paramiko.transport:Local version/idstring: SSH-2.0-paramiko_2.9.2
DEBUG:paramiko.transport:Remote version/idstring: SSH-2.0-dropbear_2017.75
INFO:paramiko.transport:Connected (version 2.0, client dropbear_2017.75)
DEBUG:paramiko.transport:=== Key exchange possibilities ===
DEBUG:paramiko.transport:kex algos: curve25519-sha256@libssh.org, ecdh-sha2-nistp521, ecdh-sha2-nistp384, ecdh-sha2-nistp256, diffie-hellman-group14-sha1, diffie-hellman-group1-sha1, kexguess2@matt.ucc.asn.au
DEBUG:paramiko.transport:server key: ssh-rsa
DEBUG:paramiko.transport:client encrypt: aes128-ctr, aes256-ctr, aes128-cbc, aes256-cbc, twofish256-cbc, twofish-cbc, twofish128-cbc, 3des-ctr, 3des-cbc
DEBUG:paramiko.transport:server encrypt: aes128-ctr, aes256-ctr, aes128-cbc, aes256-cbc, twofish256-cbc, twofish-cbc, twofish128-cbc, 3des-ctr, 3des-cbc
DEBUG:paramiko.transport:client mac: hmac-sha1-96, hmac-sha1, hmac-sha2-256, hmac-sha2-512, hmac-md5
DEBUG:paramiko.transport:server mac: hmac-sha1-96, hmac-sha1, hmac-sha2-256, hmac-sha2-512, hmac-md5
DEBUG:paramiko.transport:client compress: zlib@openssh.com, none
DEBUG:paramiko.transport:server compress: zlib@openssh.com, none
DEBUG:paramiko.transport:client lang: <none>
DEBUG:paramiko.transport:server lang: <none>
DEBUG:paramiko.transport:kex follows: False
DEBUG:paramiko.transport:=== Key exchange agreements ===
DEBUG:paramiko.transport:Kex: curve25519-sha256@libssh.org
DEBUG:paramiko.transport:HostKey: ssh-rsa
DEBUG:paramiko.transport:Cipher: aes128-ctr
DEBUG:paramiko.transport:MAC: hmac-sha2-256
DEBUG:paramiko.transport:Compression: none
DEBUG:paramiko.transport:=== End of kex handshake ===
DEBUG:paramiko.transport:kex engine KexCurve25519 specified hash_algo <built-in function openssl_sha256>
DEBUG:paramiko.transport:Switch to new keys ...
DEBUG:paramiko.transport:Adding ssh-rsa host key for [2001:db8:1234::567]: b'0366f1abed7f1a4625c3abd6185944bf'
DEBUG:paramiko.transport:userauth is OK
INFO:paramiko.transport:Authentication (password) failed.
Traceback (most recent call last):
File "C:\Users\username\src\minimal\minimal.py", line 12, in <module>
client.connect(
File "C:\Users\username\envs\envname\lib\site-packages\paramiko\client.py", line 435, in connect
self._auth(
File "C:\Users\username\envs\envname\lib\site-packages\paramiko\client.py", line 766, in _auth
raise saved_exception
File "C:\Users\username\envs\envname\lib\site-packages\paramiko\client.py", line 753, in _auth
self._transport.auth_password(username, password)
File "C:\Users\username\envs\envname\lib\site-packages\paramiko\transport.py", line 1563, in auth_password
return self.auth_handler.wait_for_response(my_event)
File "C:\Users\username\envs\envname\lib\site-packages\paramiko\auth_handler.py", line 258, in wait_for_response
raise e
paramiko.ssh_exception.AuthenticationException: Authentication failed.
DEBUG:paramiko.transport:EOF in transport thread
您似乎没有使用空白密码进行身份验证。您实际上根本没有向服务器进行身份验证(从技术上讲,ssh
使用“none”身份验证方法)。
Paramiko SSHClient
不会自动尝试该方法。
您必须使用 low-level Transport
class 及其 Transport.auth_none
而不是 high-level SSHClient
来明确编码:
transport = paramiko.Transport('example.com')
transport.connect()
transport.auth_none(username)
以上代码隐含地绕过了主机密钥验证(您的原始代码通过使用 AutoAddPolicy
明确地做了什么)。那是一个安全漏洞。使用 Transport.connect
的 hostkey
参数来更正。
already states the cause. The dropbear server does not use any authentication at all. In order to implement the workaround with Transport.connect
and still have a paramiko.SSHClient
to interact with, we can do the following (thanks to ttimasdf)
#!/usr/bin/env python
import paramiko
host = "[2001:db8:1234::567]"
port=22
username="root"
password=None
client = paramiko.SSHClient()
client.set_missing_host_key_policy(paramiko.AutoAddPolicy())
# Workaround for no authentication:
# https://github.com/paramiko/paramiko/issues/890#issuecomment-906893725
try:
client.connect(host, port=port, username=username, password=password)
except paramiko.SSHException as e:
if not password:
client.get_transport().auth_none(username)
else:
raise e
# Now we can interact with the client as usual
stdin, stdout, stderr = client.exec_command("ls /")
lines = stdout.readlines()
print(lines)
我正在连接到运行 dropbear 且根密码为空的主机。我可以通过 ssh
连接到它(我在这里替换了实际的 IPv6 地址和主机名):
$ ssh root@[2001:db8:1234::567]
root@my_host:~# ps aux | grep dropbear
root 2481 0.0 0.1 2408 504 ? Ss 06:15 0:00 /usr/sbin/dropbear -r /etc/dropbear/dropbear_rsa_host_key -B -p 22 -P /var/run/dropbear.pid
root 4492 1.2 0.2 2876 992 ? Ss 08:35 0:00 /usr/sbin/dropbear -r /etc/dropbear/dropbear_rsa_host_key -B -p 22 -P /var/run/dropbear.pid
root 4637 0.0 0.1 2344 556 pts/0 S+ 08:35 0:00 grep dropbear
root@my_host:~# exit
Connection to 2001:db8:1234::567 closed.
当我尝试使用 Paramiko 执行此操作时,它会抛出 AuthenticationException
。这是我的最小示例脚本:
#!/usr/bin/env python
import paramiko
client = paramiko.SSHClient()
client.set_missing_host_key_policy(paramiko.AutoAddPolicy())
client.connect(
"[2001:db8:1234::567]",
port=22,
username="root",
password="",
)
输出:
Traceback (most recent call last):
File "C:\Users\username\src\minimal\minimal.py", line 8, in <module>
client.connect(
File "C:\Users\username\envs\envname\lib\site-packages\paramiko\client.py", line 435, in connect
self._auth(
File "C:\Users\username\envs\envname\lib\site-packages\paramiko\client.py", line 766, in _auth
raise saved_exception
File "C:\Users\username\envs\envname\lib\site-packages\paramiko\client.py", line 753, in _auth
self._transport.auth_password(username, password)
File "C:\Users\username\envs\envname\lib\site-packages\paramiko\transport.py", line 1563, in auth_password
return self.auth_handler.wait_for_response(my_event)
File "C:\Users\username\envs\envname\lib\site-packages\paramiko\auth_handler.py", line 258, in wait_for_response
raise e
paramiko.ssh_exception.AuthenticationException: Authentication failed.
知道为什么使用 Paramiko 的身份验证失败了吗?
详细 ssh
输出:
$ ssh -vvv root@2001:db8:1234::567
OpenSSH_for_Windows_8.1p1, LibreSSL 3.0.2
debug1: Reading configuration data C:\Users\username/.ssh/config
debug3: Failed to open file:C:/ProgramData/ssh/ssh_config error:2
debug2: resolve_canonicalize: hostname 2001:db8:1234::567 is address
debug2: ssh_connect_direct
debug1: Connecting to 2001:db8:1234::567 [2001:db8:1234::567] port 22.
debug1: Connection established.
debug3: Failed to open file:C:/Users/username/.ssh/id_rsa error:2
debug3: Failed to open file:C:/Users/username/.ssh/id_rsa.pub error:2
debug1: identity file C:\Users\username/.ssh/id_rsa type -1
debug3: Failed to open file:C:/Users/username/.ssh/id_rsa-cert error:2
debug3: Failed to open file:C:/Users/username/.ssh/id_rsa-cert.pub error:2
debug1: identity file C:\Users\username/.ssh/id_rsa-cert type -1
debug3: Failed to open file:C:/Users/username/.ssh/id_dsa error:2
debug3: Failed to open file:C:/Users/username/.ssh/id_dsa.pub error:2
debug1: identity file C:\Users\username/.ssh/id_dsa type -1
debug3: Failed to open file:C:/Users/username/.ssh/id_dsa-cert error:2
debug3: Failed to open file:C:/Users/username/.ssh/id_dsa-cert.pub error:2
debug1: identity file C:\Users\username/.ssh/id_dsa-cert type -1
debug3: Failed to open file:C:/Users/username/.ssh/id_ecdsa error:2
debug3: Failed to open file:C:/Users/username/.ssh/id_ecdsa.pub error:2
debug1: identity file C:\Users\username/.ssh/id_ecdsa type -1
debug3: Failed to open file:C:/Users/username/.ssh/id_ecdsa-cert error:2
debug3: Failed to open file:C:/Users/username/.ssh/id_ecdsa-cert.pub error:2
debug1: identity file C:\Users\username/.ssh/id_ecdsa-cert type -1
debug3: Failed to open file:C:/Users/username/.ssh/id_ed25519 error:2
debug3: Failed to open file:C:/Users/username/.ssh/id_ed25519.pub error:2
debug1: identity file C:\Users\username/.ssh/id_ed25519 type -1
debug3: Failed to open file:C:/Users/username/.ssh/id_ed25519-cert error:2
debug3: Failed to open file:C:/Users/username/.ssh/id_ed25519-cert.pub error:2
debug1: identity file C:\Users\username/.ssh/id_ed25519-cert type -1
debug3: Failed to open file:C:/Users/username/.ssh/id_xmss error:2
debug3: Failed to open file:C:/Users/username/.ssh/id_xmss.pub error:2
debug1: identity file C:\Users\username/.ssh/id_xmss type -1
debug3: Failed to open file:C:/Users/username/.ssh/id_xmss-cert error:2
debug3: Failed to open file:C:/Users/username/.ssh/id_xmss-cert.pub error:2
debug1: identity file C:\Users\username/.ssh/id_xmss-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_for_Windows_8.1
debug1: Remote protocol version 2.0, remote software version dropbear_2017.75
debug1: no match: dropbear_2017.75
debug2: fd 3 setting O_NONBLOCK
debug1: Authenticating to 2001:db8:1234::567 as 'root'
debug3: hostkeys_foreach: reading file "C:\Users\username/.ssh/known_hosts"
debug3: Failed to open file:C:/Users/username/.ssh/known_hosts2 error:2
debug3: Failed to open file:C:/ProgramData/ssh/ssh_known_hosts error:2
debug3: Failed to open file:C:/ProgramData/ssh/ssh_known_hosts2 error:2
debug3: send packet: type 20
debug1: SSH2_MSG_KEXINIT sent
debug3: receive packet: type 20
debug1: SSH2_MSG_KEXINIT received
debug2: local client KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c
debug2: host key algorithms: ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519-cert-v01@openssh.com,rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa
debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none,zlib@openssh.com,zlib
debug2: compression stoc: none,zlib@openssh.com,zlib
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug2: peer server KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256@libssh.org,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,kexguess2@matt.ucc.asn.au
debug2: host key algorithms: ssh-rsa
debug2: ciphers ctos: aes128-ctr,aes256-ctr,aes128-cbc,aes256-cbc,twofish256-cbc,twofish-cbc,twofish128-cbc,3des-ctr,3des-cbc
debug2: ciphers stoc: aes128-ctr,aes256-ctr,aes128-cbc,aes256-cbc,twofish256-cbc,twofish-cbc,twofish128-cbc,3des-ctr,3des-cbc
debug2: MACs ctos: hmac-sha1-96,hmac-sha1,hmac-sha2-256,hmac-sha2-512,hmac-md5
debug2: MACs stoc: hmac-sha1-96,hmac-sha1,hmac-sha2-256,hmac-sha2-512,hmac-md5
debug2: compression ctos: zlib@openssh.com,none
debug2: compression stoc: zlib@openssh.com,none
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug1: kex: algorithm: curve25519-sha256@libssh.org
debug1: kex: host key algorithm: ssh-rsa
debug1: kex: server->client cipher: aes128-ctr MAC: hmac-sha2-256 compression: none
debug1: kex: client->server cipher: aes128-ctr MAC: hmac-sha2-256 compression: none
debug3: send packet: type 30
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug3: receive packet: type 31
debug1: Server host key: ssh-rsa SHA256:2oIgeSG/smq4GNl7z1jLMBEaMw4peSXOWGZlW9aZUaY
debug3: hostkeys_foreach: reading file "C:\Users\username/.ssh/known_hosts"
debug3: Failed to open file:C:/Users/username/.ssh/known_hosts2 error:2
debug3: Failed to open file:C:/ProgramData/ssh/ssh_known_hosts error:2
debug3: Failed to open file:C:/ProgramData/ssh/ssh_known_hosts2 error:2
debug3: failed to open file:C:/dev/tty error:3
debug1: read_passphrase: can't open /dev/tty: No such file or directory
The authenticity of host '2001:db8:1234::567 (2001:db8:1234::567)' can't be established.
RSA key fingerprint is SHA256:2oIgeSG/smq4GNl7z1jLMBEaMw4peSXOWGZlW9aZUaY.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '2001:db8:1234::567' (RSA) to the list of known hosts.
debug3: send packet: type 21
debug2: set_newkeys: mode 1
debug1: rekey out after 4294967296 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug3: receive packet: type 21
debug1: SSH2_MSG_NEWKEYS received
debug2: set_newkeys: mode 0
debug1: rekey in after 4294967296 blocks
debug3: unable to connect to pipe \\.\pipe\openssh-ssh-agent, error: 2
debug1: pubkey_prepare: ssh_get_authentication_socket: No such file or directory
debug1: Will attempt key: C:\Users\username/.ssh/id_rsa
debug1: Will attempt key: C:\Users\username/.ssh/id_dsa
debug1: Will attempt key: C:\Users\username/.ssh/id_ecdsa
debug1: Will attempt key: C:\Users\username/.ssh/id_ed25519
debug1: Will attempt key: C:\Users\username/.ssh/id_xmss
debug2: pubkey_prepare: done
debug3: send packet: type 5
debug3: receive packet: type 6
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug3: send packet: type 50
debug3: receive packet: type 52
debug1: Authentication succeeded (none).
Authenticated to 2001:db8:1234::567 ([2001:db8:1234::567]:22).
debug1: channel 0: new [client-session]
debug3: ssh_session2_open: channel_new: 0
debug2: channel 0: send open
debug3: send packet: type 90
debug1: Entering interactive session.
debug1: pledge: network
debug1: ENABLE_VIRTUAL_TERMINAL_INPUT is supported. Reading the VTSequence from console
debug3: This windows OS supports conpty
debug1: ENABLE_VIRTUAL_TERMINAL_PROCESSING is supported. Console supports the ansi parsing
debug3: Successfully set console output code page from:65001 to 65001
debug3: Successfully set console input code page from:850 to 65001
debug3: receive packet: type 91
debug2: channel_input_open_confirmation: channel 0: callback start
debug2: fd 3 setting TCP_NODELAY
debug2: client_session2_setup: id 0
debug2: channel 0: request pty-req confirm 1
debug3: send packet: type 98
debug2: channel 0: request shell confirm 1
debug3: send packet: type 98
debug2: channel_input_open_confirmation: channel 0: callback done
debug2: channel 0: open confirm rwindow 24576 rmax 32759
debug3: receive packet: type 99
debug2: channel_input_status_confirm: type 99 id 0
debug2: PTY allocation request accepted on channel 0
debug3: receive packet: type 99
debug2: channel_input_status_confirm: type 99 id 0
debug2: shell request accepted on channel 0
root@my_host:~# debug2: client_check_window_change: changed
debug2: channel 0: request window-change confirm 0
debug3: send packet: type 98
root@my_host:~# debug2: client_check_window_change: changed
debug2: channel 0: request window-change confirm 0
debug3: send packet: type 98
root@my_host:~# debug2: client_check_window_change: changed
debug2: channel 0: request window-change confirm 0
debug3: send packet: type 98
root@my_host:~# debug2: client_check_window_change: changed
debug2: channel 0: request window-change confirm 0
debug3: send packet: type 98
root@my_host:~# debug2: client_check_window_change: changed
debug2: channel 0: request window-change confirm 0
debug3: send packet: type 98
root@my_host:~# debug2: client_check_window_change: changed
debug2: channel 0: request window-change confirm 0
debug3: send packet: type 98
root@my_host:~# debug2: client_check_window_change: changed
debug2: channel 0: request window-change confirm 0
debug3: send packet: type 98
root@my_host:~# debug2: client_check_window_change: changed
debug2: channel 0: request window-change confirm 0
debug3: send packet: type 98
root@my_host:~# debug2: client_check_window_change: changed
debug2: channel 0: request window-change confirm 0
debug3: send packet: type 98
root@my_host:~# debug2: client_check_window_change: changed
debug2: channel 0: request window-change confirm 0
debug3: send packet: type 98
debug2: client_check_window_change: changed
debug2: channel 0: request window-change confirm 0
debug3: send packet: type 98
root@my_host:~# debug2: client_check_window_change: changed
debug2: channel 0: request window-change confirm 0
debug3: send packet: type 98
root@my_host:~# debug2: client_check_window_change: changed
debug2: channel 0: request window-change confirm 0
debug3: send packet: type 98
root@my_host:~# debug2: client_check_window_change: changed
debug2: channel 0: request window-change confirm 0
debug3: send packet: type 98
root@my_host:~# debug2: client_check_window_change: changed
debug2: channel 0: request window-change confirm 0
debug3: send packet: type 98
root@my_host:~# debug2: client_check_window_change: changed
debug2: channel 0: request window-change confirm 0
debug3: send packet: type 98
root@my_host:~# debug2: client_check_window_change: changed
debug2: channel 0: request window-change confirm 0
debug3: send packet: type 98
root@my_host:~# debug2: client_check_window_change: changed
debug2: channel 0: request window-change confirm 0
debug3: send packet: type 98
root@my_host:~# debug2: client_check_window_change: changed
debug2: channel 0: request window-change confirm 0
debug3: send packet: type 98
root@my_host:~# debug2: client_check_window_change: changed
debug2: channel 0: request window-change confirm 0
debug3: send packet: type 98
root@my_host:~# debug2: client_check_window_change: changed
debug2: channel 0: request window-change confirm 0
debug3: send packet: type 98
root@my_host:~# debug2: client_check_window_change: changed
debug2: channel 0: request window-change confirm 0
debug3: send packet: type 98
root@my_host:~# debug2: client_check_window_change: changed
debug2: channel 0: request window-change confirm 0
debug3: send packet: type 98
root@my_host:~# debug2: client_check_window_change: changed
debug2: channel 0: request window-change confirm 0
debug3: send packet: type 98
root@my_host:~# debug2: client_check_window_change: changed
debug2: channel 0: request window-change confirm 0
debug3: send packet: type 98
root@my_host:~#
Paramiko (2.9.2) 日志
DEBUG:paramiko.transport:starting thread (client mode): 0xbfd81bb0
DEBUG:paramiko.transport:Local version/idstring: SSH-2.0-paramiko_2.9.2
DEBUG:paramiko.transport:Remote version/idstring: SSH-2.0-dropbear_2017.75
INFO:paramiko.transport:Connected (version 2.0, client dropbear_2017.75)
DEBUG:paramiko.transport:=== Key exchange possibilities ===
DEBUG:paramiko.transport:kex algos: curve25519-sha256@libssh.org, ecdh-sha2-nistp521, ecdh-sha2-nistp384, ecdh-sha2-nistp256, diffie-hellman-group14-sha1, diffie-hellman-group1-sha1, kexguess2@matt.ucc.asn.au
DEBUG:paramiko.transport:server key: ssh-rsa
DEBUG:paramiko.transport:client encrypt: aes128-ctr, aes256-ctr, aes128-cbc, aes256-cbc, twofish256-cbc, twofish-cbc, twofish128-cbc, 3des-ctr, 3des-cbc
DEBUG:paramiko.transport:server encrypt: aes128-ctr, aes256-ctr, aes128-cbc, aes256-cbc, twofish256-cbc, twofish-cbc, twofish128-cbc, 3des-ctr, 3des-cbc
DEBUG:paramiko.transport:client mac: hmac-sha1-96, hmac-sha1, hmac-sha2-256, hmac-sha2-512, hmac-md5
DEBUG:paramiko.transport:server mac: hmac-sha1-96, hmac-sha1, hmac-sha2-256, hmac-sha2-512, hmac-md5
DEBUG:paramiko.transport:client compress: zlib@openssh.com, none
DEBUG:paramiko.transport:server compress: zlib@openssh.com, none
DEBUG:paramiko.transport:client lang: <none>
DEBUG:paramiko.transport:server lang: <none>
DEBUG:paramiko.transport:kex follows: False
DEBUG:paramiko.transport:=== Key exchange agreements ===
DEBUG:paramiko.transport:Kex: curve25519-sha256@libssh.org
DEBUG:paramiko.transport:HostKey: ssh-rsa
DEBUG:paramiko.transport:Cipher: aes128-ctr
DEBUG:paramiko.transport:MAC: hmac-sha2-256
DEBUG:paramiko.transport:Compression: none
DEBUG:paramiko.transport:=== End of kex handshake ===
DEBUG:paramiko.transport:kex engine KexCurve25519 specified hash_algo <built-in function openssl_sha256>
DEBUG:paramiko.transport:Switch to new keys ...
DEBUG:paramiko.transport:Adding ssh-rsa host key for [2001:db8:1234::567]: b'0366f1abed7f1a4625c3abd6185944bf'
DEBUG:paramiko.transport:userauth is OK
INFO:paramiko.transport:Authentication (password) failed.
Traceback (most recent call last):
File "C:\Users\username\src\minimal\minimal.py", line 12, in <module>
client.connect(
File "C:\Users\username\envs\envname\lib\site-packages\paramiko\client.py", line 435, in connect
self._auth(
File "C:\Users\username\envs\envname\lib\site-packages\paramiko\client.py", line 766, in _auth
raise saved_exception
File "C:\Users\username\envs\envname\lib\site-packages\paramiko\client.py", line 753, in _auth
self._transport.auth_password(username, password)
File "C:\Users\username\envs\envname\lib\site-packages\paramiko\transport.py", line 1563, in auth_password
return self.auth_handler.wait_for_response(my_event)
File "C:\Users\username\envs\envname\lib\site-packages\paramiko\auth_handler.py", line 258, in wait_for_response
raise e
paramiko.ssh_exception.AuthenticationException: Authentication failed.
DEBUG:paramiko.transport:EOF in transport thread
您似乎没有使用空白密码进行身份验证。您实际上根本没有向服务器进行身份验证(从技术上讲,ssh
使用“none”身份验证方法)。
Paramiko SSHClient
不会自动尝试该方法。
您必须使用 low-level Transport
class 及其 Transport.auth_none
而不是 high-level SSHClient
来明确编码:
transport = paramiko.Transport('example.com')
transport.connect()
transport.auth_none(username)
以上代码隐含地绕过了主机密钥验证(您的原始代码通过使用 AutoAddPolicy
明确地做了什么)。那是一个安全漏洞。使用 Transport.connect
的 hostkey
参数来更正。
Transport.connect
and still have a paramiko.SSHClient
to interact with, we can do the following (thanks to ttimasdf)
#!/usr/bin/env python
import paramiko
host = "[2001:db8:1234::567]"
port=22
username="root"
password=None
client = paramiko.SSHClient()
client.set_missing_host_key_policy(paramiko.AutoAddPolicy())
# Workaround for no authentication:
# https://github.com/paramiko/paramiko/issues/890#issuecomment-906893725
try:
client.connect(host, port=port, username=username, password=password)
except paramiko.SSHException as e:
if not password:
client.get_transport().auth_none(username)
else:
raise e
# Now we can interact with the client as usual
stdin, stdout, stderr = client.exec_command("ls /")
lines = stdout.readlines()
print(lines)