当强制命令打开时,paramiko不起作用

时间:2014-03-19 09:47:21

标签: python ssh paramiko

我正在尝试通过ssh执行一些命令。

import paramiko
client = paramiko.SSHClient()
client.set_missing_host_key_policy(paramiko.AutoAddPolicy())
private_key = paramiko.RSAKey.from_private_key_file("/home/kalombo/identity")
client.connect(hostname=host, username=username, pkey=private_key)
stdin, stdout, stderr = client.exec_command('pwd', timeout=5)
for line in stdout:
    print '... ' + line.strip('\n')
client.close()

如果ssh服务器有强制命令选项,则脚本会在超时过期时停止并不执行任何操作。有一个调试日志。您可以注意到"强制命令"行:

DEBUG:paramiko.transport:starting thread (client mode): 0xb6d1bb4cL
INFO:paramiko.transport:Connected (version 2.0, client OpenSSH_6.0p1)
DEBUG:paramiko.transport:kex algos:[u'ecdh-sha2-nistp256', u'ecdh-sha2-nistp384', u'ecdh-sha2-nistp521', u'diffie-hellman-group-exchange-sha256', u'diffie-hellman-group-exchange-sha1', u'diffie-hellman-group14-sha1', u'diffie-hellman-group1-sha1'] server key:[u'ssh-rsa', u'ssh-dss', u'ecdsa-sha2-nistp256'] client encrypt:[u'aes128-ctr', u'aes192-ctr', u'aes256-ctr', u'arcfour256', u'arcfour128', u'aes128-cbc', u'3des-cbc', u'blowfish-cbc', u'cast128-cbc', u'aes192-cbc', u'aes256-cbc', u'arcfour', u'rijndael-cbc@lysator.liu.se'] server encrypt:[u'aes128-ctr', u'aes192-ctr', u'aes256-ctr', u'arcfour256', u'arcfour128', u'aes128-cbc', u'3des-cbc', u'blowfish-cbc', u'cast128-cbc', u'aes192-cbc', u'aes256-cbc', u'arcfour', u'rijndael-cbc@lysator.liu.se'] client mac:[u'hmac-md5', u'hmac-sha1', u'umac-64@openssh.com', u'hmac-sha2-256', u'hmac-sha2-256-96', u'hmac-sha2-512', u'hmac-sha2-512-96', u'hmac-ripemd160', u'hmac-ripemd160@openssh.com', u'hmac-sha1-96', u'hmac-md5-96'] server mac:[u'hmac-md5', u'hmac-sha1', u'umac-64@openssh.com', u'hmac-sha2-256', u'hmac-sha2-256-96', u'hmac-sha2-512', u'hmac-sha2-512-96', u'hmac-ripemd160', u'hmac-ripemd160@openssh.com', u'hmac-sha1-96', u'hmac-md5-96'] client compress:[u'none', u'zlib@openssh.com'] server compress:[u'none', u'zlib@openssh.com'] client lang:[u''] server lang:[u''] kex follows?False
DEBUG:paramiko.transport:Ciphers agreed: local=aes128-ctr, remote=aes128-ctr
DEBUG:paramiko.transport:using kex diffie-hellman-group1-sha1; server key type ssh-rsa; cipher: local aes128-ctr, remote aes128-ctr; mac: local hmac-sha1, remote hmac-sha1; compression: local none, remote none
DEBUG:paramiko.transport:Switch to new keys ...
DEBUG:paramiko.transport:Adding ssh-rsa host key for 8.8.8.8: 54c2349797979732dda94989530c1f4
DEBUG:paramiko.transport:Trying SSH key 7d834324323429b09824eb
DEBUG:paramiko.transport:userauth is OK
INFO:paramiko.transport:Authentication (publickey) successful!
DEBUG:paramiko.transport:Debug msg: Forced command.
DEBUG:paramiko.transport:Debug msg: Port forwarding disabled.
DEBUG:paramiko.transport:Debug msg: X11 forwarding disabled.
DEBUG:paramiko.transport:Debug msg: Agent forwarding disabled.
DEBUG:paramiko.transport:Debug msg: Pty allocation disabled.
DEBUG:paramiko.transport:[chan 1] Max packet in: 34816 bytes
DEBUG:paramiko.transport:[chan 1] Max packet out: 32768 bytes
INFO:paramiko.transport:Secsh channel 1 opened.
DEBUG:paramiko.transport:[chan 1] Sesch channel 1 request ok

如果我禁用该选项一切正常。为什么会这样?我怎么解决它?

1 个答案:

答案 0 :(得分:0)

DEBUG:paramiko.transport:Debug msg: Forced command.

没有办法解决这个问题。如果服务器配置了密钥的强制命令,那么使用该密钥打开的任何会话都将导致服务器忽略您请求的命令并调用强制命令。

在不知道服务器正在运行什么命令的情况下,无法知道它为什么会挂起。强制命令可能正在等待来自远程ssh客户端的输入,在这种情况下它会无限期地等待。

强制命令可以通过环境变量“SSH_ORIGINAL_COMMAND”访问客户端请求的原始命令。强制命令可以检查此变量并调用客户端请求的命令,但强制命令必须记住此功能。