paramiko允许没有密钥的sftp连接

时间:2013-07-17 19:19:03

标签: python ssh sftp paramiko

我在paramiko github的demo文件夹中运行了demo_sftp.py文件。我在PyDev中踩过它并期望得到一个错误,因为我没有给我试图连接的服务器的密钥但我得到了打印声明说该脚本无法打开主机密钥文件,然后它继续前进并完成了get和put。

这是一个代码段。

try:
    host_keys = paramiko.util.load_host_keys(os.path.expanduser('~/.ssh/known_hosts'))
except IOError:
    try:
        # try ~/ssh/ too, because windows can't have a folder named ~/.ssh/
        host_keys = paramiko.util.load_host_keys(os.path.expanduser('~/ssh/known_hosts'))
    except IOError:
        print '*** Unable to open host keys file'
        host_keys = {}

if host_keys.has_key(hostname):
    hostkeytype = host_keys[hostname].keys()[0]
    hostkey = host_keys[hostname][hostkeytype]
    print 'Using host key of type %s' % hostkeytype


# now, connect and use paramiko Transport to negotiate SSH2 across the connection
try:
    t = paramiko.Transport((hostname, port))
    t.connect(username=username, password=password, hostkey=hostkey)
    sftp = paramiko.SFTPClient.from_transport(t)

    # dirlist on remote host
    dirlist = sftp.listdir('.')
    print "Dirlist:", dirlist

我真的希望它转到t.connect行上的except,因为hostkey是NoneType。

当我用

打开ssh连接时
    ssh = paramiko.SSHClient()
    ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())
    try:
        ssh.connect('.'.join([self.name, self.domain]),
                    username=self.username, password=self.password)
        stdin, stdout, stderr = ssh.exec_command("ps aux | grep Xvnc | wc -l")

我必须拥有AutoAddPolicy()行或它失败。那么区别是什么?显然我只是学习这个,但我认为sftp和ssh一样严格。

2 个答案:

答案 0 :(得分:2)

看起来这是一种可接受的做法。

来自Transport.connect的评论

'''
Negotiate an SSH2 session, and optionally verify the server's host key
and authenticate using a password or private key.  This is a shortcut
for L{start_client}, L{get_remote_server_key}, and
L{Transport.auth_password} or L{Transport.auth_publickey}.  Use those
methods if you want more control.

You can use this method immediately after creating a Transport to
negotiate encryption with a server.  If it fails, an exception will be
thrown.  On success, the method will return cleanly, and an encrypted
session exists.  You may immediately call L{open_channel} or
L{open_session} to get a L{Channel} object, which is used for data
transfer.

@note: If you fail to supply a password or private key, this method may
succeed, but a subsequent L{open_channel} or L{open_session} call may
fail because you haven't authenticated yet.
'''

来自SSHClient.connect的评论

'''
Connect to an SSH server and authenticate to it.  The server's host key
is checked against the system host keys (see L{load_system_host_keys})
and any local host keys (L{load_host_keys}).  If the server's hostname
is not found in either set of host keys, the missing host key policy
is used (see L{set_missing_host_key_policy}).  The default policy is
to reject the key and raise an L{SSHException}.
'''

可能是因为sftp只能传输数据,而ssh可以运行终端命令。我觉得有趣的是,中间人攻击似乎不是一个问题。

答案 1 :(得分:0)

您可以使用以下语法

$Excel = New-Object -ComObject excel.application
$Excel.DisplayAlerts = $False
$Excel.visible = $False
$WorkBook = $Excel.Workbooks.Add()
$WorkSheet = $WorkBook.worksheets.item(1)
$WorkSheet.name = "data"

((Get-Content -path "$Path\Query - Singles - Template.odc" -Raw) -replace "TempSetCode",$Set) | Set-Content -Path  "$Path\$Set\Query - Singles - $Set.odc"

### Code to import .odc file into excel

$WorkBook.SaveAs("$SetPath\$Set-main-$ReleaseDate.xlsx", 51) 
$WorkBook.Close($True)

$Excel.Quit()
[void][System.Runtime.Interopservices.Marshal]::ReleaseComObject($WorkSheet)
[void][System.Runtime.Interopservices.Marshal]::ReleaseComObject($WorkBook)
[void][System.Runtime.Interopservices.Marshal]::ReleaseComObject($Excel)
[System.GC]::Collect()
[System.GC]::WaitForPendingFinalizers()