I want to ssh to remote servers and execute a script which is already on the remote servers.
Is it possible by python script using in-built modules? Unfortunately I can't use 3rd party modules due organization restrictions.
I believe its easier using SSH key based authentication but can't do that either. SSH login is by providing username and password.
Is there a way?
Thanks in advance!
Probably look into Python exec() and use sshpass for inline ssh login with username and password and the command you want to execute. Will require some experimentation on your end.
Related
I have a Solaris 10 system, with Python 2.6.4, and I have to retrieve the files via the SFTP protocol, from the server, which does not allow the SSH logging in, i.e. only SFTP with RSA key is allowed. Could anyone please tell me:
is this possible at all?
is this possible with the above version of Python, or I need to upgrade it to 2.7.* work with the latest version of Twisted?
I have found this treat with the relevant information: twisted conch filetransfer
And this one: Python Twisted: twisted conch filetransfer verifyHostKey
But it is said there that Twisted first creates the SSH channel, and then establishes SFTP on top of it (forgive me for my possible misunderstanding and/or illiteracy), from the Twisted documentation:
Conch also provides an endpoint that is initialized with an already established SSH connection. This endpoint just opens a new channel on the existing connection and launches a command in that.
Will the same approach work in case you can not logging in via SSH? I.e. might it be possible to create an SSH channel if terminal SSH logging in is forbidden?
Are there any other approaches except Paramico, any other libraries that can help me in case of "No" to the above questions?
I know nothing about "Twisted". But I believe that you just have a terminology problem.
which does not allow the SSH logging in, i.e. only SFTP with RSA key is allowed
The above is nonsense. You cannot allow SFTP, but disallow SSH, because as you have already found in Twisted documentation, SFTP runs on top of SSH (this is true in general, that's nothing Twisted-specific).
What your server most probably really "does not allow" is "shell" access. That's not the same as as SSH. So the server allows SSH, allows SFTP, but does not allow shell.
i am new to python scripting can someone please assist belo
1.read server, username and password
2.connect unix server
3.change directory and execute command
need some examples for above.
You can use the excellent paramiko package for this. It is an SSH (and SFTP) client library, which will let you easily connect to a Unix server running an ssh service, run commands, transfer files, etc.
You can also use fabric. Fabric is a Python (2.5-2.7) library and command-line tool for streamlining the use of SSH for application deployment or systems administration tasks.
So I've recently stumbled upon python fabric api and have been really happy with how it can help me with day-to-day sysadmin tasks. I would like to start using it at work but it is a very security-conscious environment. I was wondering how fabric handles the ssh password you provide to it while it runs it's tasks? I'm assuming it plonks it in memory somewhere and pulls it out when required to login to the next host in env.hosts? How does it protect this password while in memory?
I can see I'm going to be asked lots of questions along these lines so I'm looking for a nice way to explain to security-minded type of people that fabric is nice and friendly and doesn't pose a risk or at least no more of a risk than anything else we already have :)
I looked briefly through the source #dm03514 referenced and I believe you are correct in that if and when fabric needs to prompt interactively for a password, it will read it into memory and store it for the duration of the fabric python process. The way to address your concern is not with fabric itself but with ensuring your ssh infrastructure is using keys instead of passphrases and ssh agent forwarding where appropriate. Use enrypted ssh keys and ssh-agent to unlock them and fabric will be able to utilize that same mechanism and thus avoid ssh passwords getting involved at all. For sudo passwords, you'll either have to allow passwordless sudo or accept the risk of fabric having the sudo password in memory while it is working.
I would like to be able to use a Python script that I wrote to search files to login to an Ubuntu server that's password protected (which I have credentials ), and search files on that server.. Is there a straight forward way to accomplish this?
To login and run remote terminal commands through python, you should use either paramiko or pexpect. Pexpect is not touched very much by noah these days... I'm starting to wonder whether he is abandoning it.
The other way is to sftp the files from the remote server to your local machine... paramiko is useful for that as well.
Is fabric suitable for a new VPS setup like Linode or SliceHost?
The setup is explained in this slicehost article
The required actions are basically:
changing root password
creating a new user and group
add the group to the list of sudoers
set hostname
generate local ssh keys and upload securely the public key
set iptables
If fabric is not the tool, is there a better tool for this?
Thanks
Fabric would work very well for these tasks. Essentially anything you do over SSH can be automated with Fabric. It also allows you to upload and download files.
You would probably generate your local keys by invoking shell commands locally; but everything else is in fabric's domain.