(First a bit of context; for the actual programming question just skip the first paragraph.)
I'm one of the developers of the GC3Pie remote execution
framework. GC3Pie can spin up VMs on Amazon EC2 and then connect to
them via SSH to execute commands. Users specify a keypair (local
files) and remote keypair name, and GC3Pie will tell EC2 to authorize
the remote keypair for SSH access; if that keypair does not exist
(yet) on EC2, GC3Pie will create it by uploading the given local
public key.
We are using Boto to interact with EC2, and Paramiko for the
SSH connections.
Creation of the remote keypair works fine:
# context: self._conn = boto.connect_ec2(...)
with open(os.path.expanduser(self.public_key)) as fd:
key_material = fd.read()
imported_key = self._conn.import_key_pair(
self.keypair_name, key_material)
gc3libs.log.info(
"Successfully imported key `%s` with fingerprint `%s`", ...)
However, before connecting to the remote VM, we verify that the
fingerprints match (code slightly abridged for readability):
# context: self._conn = boto.connect_ec2(...)
keypairs = dict((k.name, k) for k in self._conn.get_all_key_pairs())
# ...
# `keyfile` is the path to the *private* SSH key
pkey = paramiko.RSAKey.from_private_key_file(keyfile)
# ...
localkey_fingerprint = str.join(
':', (i.encode('hex') for i in pkey.get_fingerprint()))
if localkey_fingerprint != keypairs[self.keypair_name].fingerprint:
gc3libs.log.error(
"Keypair `%s` is present but has different fingerprint: ", ...)
This code used to work, but we haven't check it live for some time.
We have recently gotten a bug report stating that the keypair is
successfully uploaded, but then the fingerprints do not match.
Investigation by the reporting user shows that Paramiko appears to
compute the fingerprint like ssh-keygen -lf $keyfile, whereas Amazon's EC2
seems to run openssl pkey -in $keyfile -pubout -outform DER | openssl md5 -c.
I could not find any relevant Google hit, so I'm asking here:
Is this a know issue?
Is it a version issue? (e.g. we should run Paramiko at least version X.Y.Z or Boto A.B.C?)
Are we missing some optional arguments in either the Paramiko or the Boto calls, that would influence how the fingerprints are computed?
Or is there any other known workaround?
Related
I have to extract data from a Notes database automatically for a data pipeline validation.
With HCL Notes I was able to connect to the database, so I know the access works.
I have the following information to access the database:
host (I got both hostname and ip address), domino server name, database name (.nsf filename)
I tried the noteslib library in the below way:
import noteslib
db = noteslib.Database('domino server name','db filename.nsf')
I also tried adding the host to the server parameter instead, but it does not work.
I receive this error:
Error connecting to ...Double-check the server and database file names, and make sure you have
read access to the database.
My question is how can I add the host and the domino server name as well (if it is required)?
Notes HCL authenticates me before accessing the database using the domino server name and the .nsf file. I tried adding the password parameter to the end, but also without luck. I am on company VPN, so that also should not be an issue.
In Order for noteslib to work you need an installed and configured HCL Notes Client on that machine. Only with an installed Notes Client the needed COM registrations and the dlls to connect to Domino are present.
In addition the Notes Client and the python version you are using need to be the same bitness: If Notes Client is 32Bit then python needs to be 32Bit. If Notes Client is 64Bit (only available since 12.0.2) then python needs to be 64Bit as well.
As soon as this requirement is met, you can simply use your example by adding the password parameter as a third parameter to your command:
db = noteslib.Database('domino server name','db filename.nsf', 'yourIDPassword')
If you still get an error when connecting to the server then you might need to put the server common name and its IP address into your hosts file.
So if your Domino- Servername is
YourServer/YourOrganization
and the IP address of that server is
192.168.1.20
then you put this into your hosts:
yourserver 192.168.1.20
You can connect using com on windows.
I use this python library https://pypi.org/project/pywin32/
import win32com.client
import sys
notesServer = "Servername/Domain"
notesFile = "file.nsf"
notesPass = ""
#Connect to notes database on server
notesSession = win32com.client.Dispatch('Lotus.NotesSession')
notesSession.Initialize(notesPass)
notesDatabase = notesSession.GetDatabase(notesServer,notesFile)
In my script, I need to do an SSH to a remote system using a private key and dump the file into its directory.
The command I am using to SSH into the system is this:
ssh -i private_key localhost
Followed by the standard input:
Enter passphrase for key 'private_key'
I am trying to do this in a Python script, but am not sure about the way of writing a command and passing a passphrase as a parameter so that the whole sequence can be automated.
Please suggest me a way to achieve this via a library (Paramiko SSHClient) or a code snippet would be highly really appreciated.
SSHClient.connect can handle public key authentication with a simple call:
import paramiko
ssh = paramiko.SSHClient()
ssh.connect(hostname, username=username, key_filename=key_path, password=passphrase)
The password argument is used as a passphrase, when key_filename is provided.
Additionally, you will also have to verify the server's host key (as you must have done with ssh before). See Paramiko "Unknown Server".
I need to connect to a server with SSH to download files. I have Ubuntu and I've set up SSH in the standard way: I have a ssh_config file in .ssh which defines a host entry (say host_key) for the server address (Hostname.com) and username, and I've set up an RSA key. So when I try to log into SSH from the command line or bash, I just need to use ssh host_key
I would like to do this in Python. The standard solutions seems to be to use Paramiko to set up the connection. I tried this:
from paramiko import SSHClient
from scp import SCPClient
ssh = SSHClient()
ssh.load_system_host_keys()
ssh.connect('host_key')
scp = SCPClient(ssh.get_transport())
# etc...
However, it always seems to hang and time out on ssh.connect('host_key'). Even when I try to include the username and password: ssh.connect('host_key', username='usrnm', password='pswd').
Are my host keys not loading properly? And would this take care of the RSA keys as well?
It only works if I use the whole Hostname.com with username and typed-out password. Which is maybe a bit insecure.
Since paramiko has a SSHConfig class, you can use it for your ~/.ssh/config.
However, it is slightly messy, I recommend you to use fabric instead of that.
Here is the code example:
from fabric.api import put
put('local path', 'remote path')
I do not think that it is common to use ssh_config file with Paramiko (or any other code/language). ssh_config is a configuration file for OpenSSH tools, not for SSH in general.
Usually, you specify your private key directly in your code as an argument of SSHClient.connect method:
How to access to a remote server using Paramiko with a public key-file
If you want to keep using ssh_config, Paramiko can parse it. Check parse_ssh_config and lookup_ssh_host_config functions. But I believe, you still have to look up the key file from the config and pass it explicitly to SSHClient.connect method.
We have a framework used to validate few test cases and results will be stored in local machine containing multiple text and images.
Need to move these files from our local host to server.
I have the sever IP address, username and password.
So using Python I need to move these files or copy it to server
If you are going for ssh, you'll have to use scp and there is a dedicated Python package for that: Paramiko. See this post on stackoverflow.
import paramiko
def createSSHClient(server, port, user, password):
client = paramiko.SSHClient()
client.load_system_host_keys()
client.set_missing_host_key_policy(paramiko.AutoAddPolicy())
client.connect(server, port, user, password)
return client
ssh = createSSHClient(server, port, user, password)
scp = SCPClient(ssh.get_transport())
scp.put([file1,file2],remotePath)
Of course, you have to specify the various variables according to their name. The scp.put function takes a list of local files and a destination path on the remote system as arguments.
used SCP to do the transfer
ssh -i ~/.ssh/id_rsa intel#10.223.98.165 "mkdir < Folder created >"
scp -i ~/.ssh/id_rsa < source >*.txt < destination >
using os.system()
Thanks for helping
This is not really a Python problem: You say you have a username and a password to the server, but that doesn't tell us the least in which way you can access that server. Do you have SSH access? Then use scp as a command-line program or one of the numerous Python modules that make that possible.
The same goes for protocols like FTP, WebDAV, cifs/smb, NFS, ... It all depends on what ways you have to access/modify/create files on the server. Hence, this answer is all I can give you to your extremely inaccurate question.
Currently I am logging in to the Unix server from my Windows desktop by giving a password in ssh.connect. Is there a way I can avoid giving the password?
import paramiko
ssh = paramiko.SSHClient()
ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())
ssh.connect('ltc02.force.com',username = 'user',password = 'pwd')
stdin,stdout,stderr = ssh.exec_command("pwd")
Thanks for your support.
Yes, you can use public key authentication using a private key that has no password.
The general process is you create a new key on the client machine using
ssh-keygen -t rsa
Then you upload your public key to the server, copy paste it into :
.ssh/authorized_keys
The .ssh directory will be located in your user home directory on the server.
Of course, because your private key has no password you need to ensure you take adequate steps to protect it.
Note that this is not a Python specific answer. SSH Public Key is a standard process and the keys uses are standard RSA (or DSA) keys. So you should be able to do SSH public key authentication in any language of your choice.