paramiko-客户端和服务器认证工具

required：

　　python+pycrypto

1.安装pycrypto

726  cd /opt/
727  wget http://ftp.dlitz.net/pub/dlitz/crypto/pycrypto/pycrypto-2.6.tar.gz 728  tar -zxvf pycrypto-2.6.tar.gz
729  cd pycrypto-2.6/
730  python
731  python setup.py build && python setup.py install

runtest:

>>> import Crypto
>>>

2.

pip install paramiko
error: command 'gcc' failed with exit status 1
yum install gcc libffi-devel python-devel openssl-devel

pip install paramiko

Installing collected packages: cffi, cryptography

Successfully installed cffi-1.6.0 cryptography-1.3.2

>>> import paramiko
>>>

　　

　　

import paramiko
import sys,os
host=sys.argv[1]
user='alex'
password=''
cmd=sys.argv[2]

s=paramiko.SSHClient()
#加载本机的host密码文件
s.load_system_host_host_keys()
#Set policy to use when connecting to servers without a known host key
#第一次连接输入yes or no
s.set_missing_host_key_policy()
s.connect(host,22,user,password,timeout=5)
stdin.stdout,stders.exec_command(cmd)
cmd_result=stout.read(),stderr.read()
for line in cmd_result:
print line
s.close()

#使用key连接远程
pkey_file=''
key=paramiko.RSAKey.from_private_key_file(pkey_file)
s.connect(host,port,username,pkey=key,timeout=5)
stdin,stout,stderr=s.exec_command(cmd)
s.close()

#使用paramiko上传文件
hostnam='localhost'
user='alex'
password=''
s=paramiko.SSHClient()
s.load_system.host_keys()
s.set_missing_host_key_policy(paramiko.AutoAddPolicy())
t=paramiko.Transport((host,22))
t.connect(username=user,password=password)
sftp=paramiko.SFTPClient.from_transport(t)
sftp.get('sourcefie','')
sftp.put('destfile','sourcefie')
s.close

import base64
from binascii import hexlify
import getpass
import os
import select
import socket
import sys
import time
import traceback
from paramiko.py3compat import input

import paramiko
try:
import interactive
except ImportError:
from . import interactive

def agent_auth(transport, username):
"""
Attempt to authenticate to the given transport using any of the private
keys available from an SSH agent.
"""

agent = paramiko.Agent()
agent_keys = agent.get_keys()
if len(agent_keys) == 0:
return

for key in agent_keys:
print('Trying ssh-agent key %s' % hexlify(key.get_fingerprint()))
try:
transport.auth_publickey(username, key)
print('... success!')
return
except paramiko.SSHException:
print('... nope.')

def manual_auth(username, hostname):
default_auth = 'p'
auth = input('Auth by (p)assword, (r)sa key, or (d)ss key? [%s] ' % default_auth)
if len(auth) == 0:
auth = default_auth

if auth == 'r':
default_path = os.path.join(os.environ['HOME'], '.ssh', 'id_rsa')
path = input('RSA key [%s]: ' % default_path)
if len(path) == 0:
path = default_path
try:
key = paramiko.RSAKey.from_private_key_file(path)
except paramiko.PasswordRequiredException:
password = getpass.getpass('RSA key password: ')
key = paramiko.RSAKey.from_private_key_file(path, password)
t.auth_publickey(username, key)
elif auth == 'd':
default_path = os.path.join(os.environ['HOME'], '.ssh', 'id_dsa')
path = input('DSS key [%s]: ' % default_path)
if len(path) == 0:
path = default_path
try:
key = paramiko.DSSKey.from_private_key_file(path)
except paramiko.PasswordRequiredException:
password = getpass.getpass('DSS key password: ')
key = paramiko.DSSKey.from_private_key_file(path, password)
t.auth_publickey(username, key)
else:
pw = getpass.getpass('Password for %s@%s: ' % (username, hostname))
t.auth_password(username, pw)

# setup logging
paramiko.util.log_to_file('demo.log')

username = ''
if len(sys.argv) > 1:
hostname = sys.argv[1]
if hostname.find('@') >= 0:
username, hostname = hostname.split('@')
else:
hostname = input('Hostname: ')
if len(hostname) == 0:
print('*** Hostname required.')
sys.exit(1)
port = 22
if hostname.find(':') >= 0:
hostname, portstr = hostname.split(':')
port = int(portstr)

# now connect
try:
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
sock.connect((hostname, port))
except Exception as e:
print('*** Connect failed: ' + str(e))
traceback.print_exc()
sys.exit(1)

try:
t = paramiko.Transport(sock)
try:
t.start_client()
except paramiko.SSHException:
print('*** SSH negotiation failed.')
sys.exit(1)

try:
keys = paramiko.util.load_host_keys(os.path.expanduser('~/.ssh/known_hosts'))
except IOError:
try:
keys = paramiko.util.load_host_keys(os.path.expanduser('~/ssh/known_hosts'))
except IOError:
print('*** Unable to open host keys file')
keys = {}

# check server's host key -- this is important.
key = t.get_remote_server_key()
if hostname not in keys:
print('*** WARNING: Unknown host key!')
elif key.get_name() not in keys[hostname]:
print('*** WARNING: Unknown host key!')
elif keys[hostname][key.get_name()] != key:
print('*** WARNING: Host key has changed!!!')
sys.exit(1)
else:
print('*** Host key OK.')

# get username
if username == '':
default_username = getpass.getuser()
username = input('Username [%s]: ' % default_username)
if len(username) == 0:
username = default_username

agent_auth(t, username)
if not t.is_authenticated():
manual_auth(username, hostname)
if not t.is_authenticated():
print('*** Authentication failed. :(')
t.close()
sys.exit(1)

chan = t.open_session()
chan.get_pty()
chan.invoke_shell()
print('*** Here we go!\n')
interactive.interactive_shell(chan)
chan.close()
t.close()

except Exception as e:
print('*** Caught exception: ' + str(e.__class__) + ': ' + str(e))
traceback.print_exc()
try:
t.close()
except:
pass
sys.exit(1)

#/paramiko-master/demos/interactive.py　　

def posix_shell(chan):
import select
f=open('/tmp/log.log','a+')

oldtty = termios.tcgetattr(sys.stdin)
try:
tty.setraw(sys.stdin.fileno())
tty.setcbreak(sys.stdin.fileno())
chan.settimeout(0.0)

while True:
r, w, e = select.select([chan, sys.stdin], [], [])
if chan in r:
try:
x = u(chan.recv(1024))
if len(x) == 0:
sys.stdout.write('\r\n*** EOF\r\n')
break
sys.stdout.write(x)
sys.stdout.flush()
except socket.timeout:
pass
if sys.stdin in r:
x = sys.stdin.read(1)
f.write(x)
f.flush()
if len(x) == 0:
break
chan.send(x)

finally:
termios.tcsetattr(sys.stdin, termios.TCSADRAIN, oldtty)
f.close()