我在使用 paramiko SSHClient 进行身份验证时遇到问题。尝试从一台虚拟机转到网络上的另一台机器。总体思路是,我创建一个公钥/私钥对,使用给定的密码 ssh 进入客户端,获取客户端公钥并将其添加到我的known_hosts中。将我的公钥放入客户端的authorized_keys中。关闭该连接,然后尝试在不输入密码的情况下重新连接。重连时失败。我正在使用 paramiko 1.15.2 和 python 2.7.10。
import paramiko, StringIO, os
pkey = paramiko.rsakey.RSAKey.generate(1024)
pub_key = "ssh-rsa %s" % (pkey.get_base64())
file_obj = StringIO.StringIO()
pkey.write_private_key(file_obj)
priv_key = file_obj.getvalue()
server, username, password = ('host', 'username', 'password')
ssh = paramiko.SSHClient()
parmiko.util.log_to_file(log_filename)
ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())
ssh.load_host_keys(os.path.expanduser(os.path.join("~", ".ssh", "known_hosts")))
ssh.connect(server, username=username, password=password)
sftp = ssh.open_sftp()
sftp.get(remote_path, local_path)
sftp.put(local_path, remote_path)
sftp.close()
ssh.close()
key = StringIO.StringIO(priv_key)
privkey = paramiko.rsakey.RSAKey(key)
ssh.connect(server, username=username,pkey=privkey )
这是我得到的调试日志:
DEBUG:paramiko.transport:starting thread (client mode): 0x728ac950L
INFO:paramiko.transport:Connected (version 2.0, client OpenSSH_5.3)
DEBUG:paramiko.transport:kex algos:[u'diffie-hellman-group-exchange-sha256', u'diffie-hellman-group-exchange-sha1', u'diffie-hellman-group14-sha1', u'diffie-hellman-group1-sha1'] server key:[u'ssh-rsa', u'ssh-dss'] client encrypt:[u'aes128-ctr', u'aes192-ctr', u'aes256-ctr', u'arcfour256', u'arcfour128', u'aes128-cbc', u'3des-cbc', u'blowfish-cbc', u'cast128-cbc', u'aes192-cbc', u'aes256-cbc', u'arcfour', u'[email protected]'] server encrypt:[u'aes128-ctr', u'aes192-ctr', u'aes256-ctr', u'arcfour256', u'arcfour128', u'aes128-cbc', u'3des-cbc', u'blowfish-cbc', u'cast128-cbc', u'aes192-cbc', u'aes256-cbc', u'arcfour', u'[email protected]'] client mac:[u'hmac-md5', u'hmac-sha1', u'[email protected]', u'hmac-sha2-256', u'hmac-sha2-512', u'hmac-ripemd160', u'[email protected]', u'hmac-sha1-96', u'hmac-md5-96'] server mac:[u'hmac-md5', u'hmac-sha1', u'[email protected]', u'hmac-sha2-256', u'hmac-sha2-512', u'hmac-ripemd160', u'[email protected]', u'hmac-sha1-96', u'hmac-md5-96'] client compress:[u'none', u'[email protected]'] server compress:[u'none', u'[email protected]'] client lang:[u''] server lang:[u''] kex follows?False
DEBUG:paramiko.transport:Ciphers agreed: local=aes128-ctr, remote=aes128-ctr
DEBUG:paramiko.transport:using kex diffie-hellman-group14-sha1; server key type ssh-rsa; cipher: local aes128-ctr, remote aes128-ctr; mac: local hmac-sha1, remote hmac-sha1; compression: local none, remote none
DEBUG:paramiko.transport:Switch to new keys ...
DEBUG:paramiko.transport:Trying SSH key 36f4e43a968404ef8e7f277e1429f0fd
DEBUG:paramiko.transport:userauth is OK
INFO:paramiko.transport:Authentication (publickey) failed.
DEBUG:paramiko.transport:Trying discovered key 54b98c4b8ba454594e9df58bc8f9b5e7 in /home/apache/.ssh/id_rsa
DEBUG:paramiko.transport:userauth is OK
INFO:paramiko.transport:Authentication (publickey) failed.
DEBUG:paramiko.transport:Trying discovered key d2a34d82ebe4439672bd2c16540c5bb4 in /home/apache/.ssh/id_dsa
DEBUG:paramiko.transport:userauth is OK
INFO:paramiko.transport:Authentication (publickey) failed.
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "/home/apache/miniconda/lib/python2.7/site-packages/paramiko-1.15.2-py2.7.egg/paramiko/client.py", line 307, in connect
File "/home/apache/miniconda/lib/python2.7/site-packages/paramiko-1.15.2-py2.7.egg/paramiko/client.py", line 519, in _auth
paramiko.ssh_exception.AuthenticationException: Authentication failed.
>>> DEBUG:paramiko.transport:EOF in transport thread
编辑:真正让我困惑的是,这在网络上的两台实际机器之间有效。我可以通过 ssh 进入 apache@virtualmachine 并从终端中的 apache 进入。我已经验证密钥是在 ftp.put() 期间添加的。虽然我找不到任何关于 paramiko 从虚拟机出现问题的信息。
EDIT2:使用“look_for_keys=False”给出相同的输出,但仅使用给定的密钥。 注意:它使用了不同的密钥,因为我今天重新生成的密钥与昨天不同。
ssh.connect(server, username=username, pkey=rkey, look_for_keys=False)
DEBUG:paramiko.transport:starting thread (client mode): 0x84938990L
INFO:paramiko.transport:Connected (version 2.0, client OpenSSH_5.3)
DEBUG:paramiko.transport:kex algos:[u'diffie-hellman-group-exchange-sha256', u'diffie-hellman-group-exchange-sha1', u'diffie-hellman-group14-sha1', u'diffie-hellman-group1-sha1'] server key:[u'ssh-rsa', u'ssh-dss'] client encrypt:[u'aes128-ctr', u'aes192-ctr', u'aes256-ctr', u'arcfour256', u'arcfour128', u'aes128-cbc', u'3des-cbc', u'blowfish-cbc', u'cast128-cbc', u'aes192-cbc', u'aes256-cbc', u'arcfour', u'[email protected]'] server encrypt:[u'aes128-ctr', u'aes192-ctr', u'aes256-ctr', u'arcfour256', u'arcfour128', u'aes128-cbc', u'3des-cbc', u'blowfish-cbc', u'cast128-cbc', u'aes192-cbc', u'aes256-cbc', u'arcfour', u'[email protected]'] client mac:[u'hmac-md5', u'hmac-sha1', u'[email protected]', u'hmac-sha2-256', u'hmac-sha2-512', u'hmac-ripemd160', u'[email protected]', u'hmac-sha1-96', u'hmac-md5-96'] server mac:[u'hmac-md5', u'hmac-sha1', u'[email protected]', u'hmac-sha2-256', u'hmac-sha2-512', u'hmac-ripemd160', u'[email protected]', u'hmac-sha1-96', u'hmac-md5-96'] client compress:[u'none', u'[email protected]'] server compress:[u'none', u'[email protected]'] client lang:[u''] server lang:[u''] kex follows?False
DEBUG:paramiko.transport:Ciphers agreed: local=aes128-ctr, remote=aes128-ctr
DEBUG:paramiko.transport:using kex diffie-hellman-group14-sha1; server key type ssh-rsa; cipher: local aes128-ctr, remote aes128-ctr; mac: local hmac-sha1, remote hmac-sha1; compression: local none, remote none
DEBUG:paramiko.transport:Switch to new keys ...
DEBUG:paramiko.transport:Trying SSH key eb06556f5c3461c6e8c4fe70398717e3
DEBUG:paramiko.transport:userauth is OK
INFO:paramiko.transport:Authentication (publickey) failed.
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "/home/apache/miniconda/lib/python2.7/site-packages/paramiko-1.15.2-py2.7.egg/paramiko/client.py", line 307, in connect
File "/home/apache/miniconda/lib/python2.7/site-packages/paramiko-1.15.2-py2.7.egg/paramiko/client.py", line 519, in _auth
paramiko.ssh_exception.AuthenticationException: Authentication failed.
>>> DEBUG:paramiko.transport:EOF in transport thread
更新:我收到了从虚拟机到托管机器的连接调用。不知道从哪里考虑这可以缩小问题范围:/
从您提供的输出看来,好像 paramiko 正在尝试位于同一密钥文件中的多个不同密钥(在获得授权登录的正确密钥之前)。通常有最大尝试次数,这就是身份验证可能失败的原因。当您的
.ssh/ssh-o IdentitiesOnly=yes-i path/to/keylook_for_keysFalse