Python下SSH的简单实现

Python实现SSH

Linux下的ssh登录

1
2
3
4
5
6
7
8
9
root@ubuntu:~# ssh root@192.168.1.88
The authenticity of host '192.168.1.88 (192.168.1.88)' can't be established.
ECDSA key fingerprint is SHA256:/ufx+/OLtdsYy7vsdk4KDu9xJsBp6zHonRAf2jjT0GI.
Are you sure you want to continue connecting (yes/no)? y
Please type 'yes' or 'no': yes
Warning: Permanently added '192.168.1.88' (ECDSA) to the list of known hosts.
Password:
Last login: Fri Dec 2 14:15:36 2016
localhost:~ root$

查看known_hosts文件

1
2
root@ubuntu:~# cat .ssh/known_hosts 
|1|ohKgSMq+1NLbr37anPqNZKQxh/8=|83NZfZYMUwLGaH32oLhCW/2PsXk= ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBMTpJEzRyK6Bn96JT9+8IMK57ouWZspbs+oVuc7lD+aAwDB6C9Qgoy8P7cGjRaOA5ImDiBTLSQgHT+cZeGIJbI4=

Python实现ssh

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
import paramiko

#创建SSH对象
ssh = paramiko.SSHClient()

#把要连接的机器添加到known_hosts文件中
ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())

#连接服务器
ssh.connect(hostname='192.168.1.88', port=22, username='root', password='123456')

cmd = 'ps'
#cmd = 'ls -l;ifconfig' #多个命令用;隔开
stdin, stdout, stderr = ssh.exec_command(cmd)

result = stdout.read()

if not result:
result = stderr.read()
ssh.close()

print(result.decode())

Python实现sftp

1
2
3
4
5
6
7
8
9
10
11
12
13
import paramiko

transport = paramiko.Transport(('192.168.1.88', 22))

transport.connect(username='root', password='123456')

sftp = paramiko.SFTPClient.from_transport(transport)

sftp.put('123.py', '/tmp/test.py') # 将123.py 上传至服务器 /tmp下并改名为test.py

sftp.get('remove_path', 'local_path') # 将remove_path 下载到本地 local_path

transport.close()

传统的免密登录

生成公钥

使用ssh-keygen生产公钥和私钥

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
root@ubuntu:~$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/root/.ssh/id_rsa):
Created directory '/home/root/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/root/.ssh/id_rsa.
Your public key has been saved in /home/root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:8IVM56bc/2deLZcDXwVs2XDNCuTTbvvlCKmCnUxiHuw root@ubuntu
The key's randomart image is:
+---[RSA 2048]----+
| . ....o=o|
| o + ...+o+|
| . o + oo...|
| + = o. .|
| . S . .o .|
| = . . oo.+|
| + B . + o+=|
| E = . o **|
| .. o++|
+----[SHA256]-----+


#生成的公钥私钥存放在.ssh目录下,id_rsa.pub就是本机的公钥
root@ubuntu:~$ cd .ssh/
root@ubuntu:~/.ssh$ ls
id_rsa id_rsa.pub

复制公钥

最后把本机的id_rsa.pub文件中的内容copy到目标机的.ssh/authorized_keys下即可,如果没有authorized_keys,自己创建。但是要注意authorized_keys的权限一般是600

1
2
localhost:.ssh root$ ls -l authorized_keys 
-rw-r--r-- 1 root staff 393 Dec 6 16:33 authorized_keys

或者直接使用一条命令也可以实现公钥的复制,ssh-copy-id后面接入的用户就是要支持免密登录的用户。

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
root@ubuntu:~/.ssh$ ssh-copy-id "root@192.168.1.88"
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/root/.ssh/id_rsa.pub"
The authenticity of host '192.168.1.88 (192.168.1.88)' can't be established.
ECDSA key fingerprint is SHA256:/ufx+/OLtdsYy7vsdk4KDu9xJsBp6zHonRAf2jjT0GI.
Are you sure you want to continue connecting (yes/no)? n^H
Please type 'yes' or 'no': yes
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
Password:

Number of key(s) added: 1

Now try logging into the machine, with: "ssh 'root@192.168.1.88'" and check to make sure that only the key(s) you wanted were added.


#去目标机器下,检查authorized_keys文件
localhost:.ssh root$ cat authorized_keys
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDB/mkvSx1mo/l/huMiOSqQjTb3KSB+D67qDRe1VgbjeZpwtodpSNueqGMj3mGDtf8tfmfwygKHuMtkVCQuD+1trLZ/yn8dKK9JV2pM4iwmaEvSda/qbQR7lQ37lsmvGnwCloJ49h8MpsF9UsDVXnyo4kauOj+0HYlur1E5Y7dzBuuzBiKAnwS66ZVTtHpIzubfXYanyBEinClpHNr6B7DVWp0J4ubZ8k/AgFMyD8NyJmugoObD3+wry0Dk2LG/WadOaY1luooQN4m55WyfZE2w0Kzi4F7W6v8/GRnpxVKOmNUNk6/c6hr/CDWnthS1abMjI9u/bGru6X2kiyymq3wR root@ubuntu

登录测试

1
2
3
root@ubuntu:~/.ssh$ ssh 'root@192.168.1.88'
Last login: Tue Dec 6 16:28:07 2016 from 192.168.1.69
localhost:~ root$

登录方式注意区别

1
2
$ ssh root@192.168.1.88    #用户名密码登录
$ ssh 'root@192.168.1.88' #公钥免密登录

使用pythonssh免密实现

免密ssh

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
import paramiko

private_key = paramiko.RSAKey.from_private_key_file('id_rsa96') #使用目标的私钥来登录

ssh = paramiko.SSHClient()
ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())

ssh.connect(hostname='192.168.1.96',port=22,username='root',pkey=private_key)

cmd = 'ps'
stdin, stdout, stderr = ssh.exec_command(cmd)

result = stdout.read()

if not result:
result = stderr.read()
ssh.close()

print(result.decode())

免密sftp

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
import paramiko

private_key = paramiko.RSAKey.from_private_key_file('/home/auto/.ssh/id_rsa')

transport = paramiko.Transport(('hostname', 22))
transport.connect(username='wupeiqi', pkey=private_key )

sftp = paramiko.SFTPClient.from_transport(transport)

sftp.put('/tmp/location.py', '/tmp/test.py')
# 将location.py 上传至服务器 /tmp/test.py
sftp.get('remove_path', 'local_path')
# 将remove_path 下载到本地 local_path

transport.close()

案例

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
import paramiko
import uuid

class Haproxy(object):

def __init__(self):
self.host = '192.168.1.88'
self.port = 22
self.username = 'root'
self.pwd = '123456'
self.__k = None

def create_file(self):
file_name = str(uuid.uuid4())
with open(file_name,'w') as f:
f.write('sb')
return file_name

def run(self):
self.connect()
self.upload()
self.rename()
self.close()

def connect(self):
transport = paramiko.Transport((self.host,self.port))
transport.connect(username=self.username,password=self.pwd)
self.__transport = transport

def close(self):

self.__transport.close()

def upload(self):
# 连接,上传
file_name = self.create_file()

sftp = paramiko.SFTPClient.from_transport(self.__transport)
sftp.put(file_name, '/home/test.py') # 将location.py 上传至服务器 /tmp/test.pydef rename(self):

ssh = paramiko.SSHClient()
ssh._transport = self.__transport # 执行命令
stdin, stdout, stderr = ssh.exec_command('mv /home/test.py /home/test2.py')
result = stdout.read()


ha = Haproxy()
ha.run()

Powered by AppBlog.CN     浙ICP备14037229号

Copyright © 2012 - 2020 APP开发技术博客 All Rights Reserved.

访客数 : | 访问量 :