我正在编写一个脚本来定期在两个 SFTP 服务器之间传输文件,为此我使用了 Paramiko。服务器使用私钥+密码进行身份验证。但是,我已经努力了很多天才能完成这项工作,但在对 SFTP 服务器进行身份验证方面一直没有成功。
我必须建立连接的代码片段是这样的。
1 import paramiko
1 import logging
2
3 if __name__ == "__main__":
4 print(logging.DEBUG)
5 logging.basicConfig()
6 logging.getLogger("paramiko").setLevel(logging.DEBUG)
7 logging.getLogger("paramiko.transport").setLevel(logging.DEBUG)
8 client = paramiko.SSHClient()
9 client.load_system_host_keys()
10 client.set_missing_host_key_policy(paramiko.AutoAddPolicy)
11
12 client.connect(
13 hostname='host_ip',
14 port=123,
15 username='some_user',
16 password='some_pass',
17 key_filename='path_to_priv_key',
18 allow_agent=False,
19 look_for_keys=False)
20
21 client.open_sftp()
我收到以下错误。
DEBUG:paramiko.transport:starting thread (client mode): 0xcf48b610
DEBUG:paramiko.transport:Local version/idstring: SSH-2.0-paramiko_2.7.2
DEBUG:paramiko.transport:Remote version/idstring: SSH-2.0-WS_FTP-SSH_8.6.1.1504
INFO:paramiko.transport:Connected (version 2.0, client WS_FTP-SSH_8.6.1.1504)
DEBUG:paramiko.transport:kex algos:['diffie-hellman-group1-sha1', 'diffie-hellman-group14-sha1', 'diffie-hellman-group14-sha256', 'diffie-hellman-group-exchange-sha256'] server key:['ssh-dss', 'ssh-rsa'] client encrypt:['aes256-ctr', 'aes192-ctr', 'aes128-ctr', '3des-cbc', 'blowfish-cbc', 'aes256-cbc', 'aes128-cbc', 'cast128-cbc'] server encrypt:['aes256-ctr', 'aes192-ctr', 'aes128-ctr', '3des-cbc', 'blowfish-cbc', 'aes256-cbc', 'aes128-cbc', 'cast128-cbc'] client mac:['hmac-sha1', 'hmac-sha1-96', 'hmac-md5', 'hmac-md5-96', 'hmac-sha2-256', 'hmac-sha2-384', 'hmac-sha2-512'] server mac:['hmac-sha1', 'hmac-sha1-96', 'hmac-md5', 'hmac-md5-96', 'hmac-sha2-256', 'hmac-sha2-384', 'hmac-sha2-512'] client compress:['none'] server compress:['none'] client lang:[''] server lang:[''] kex follows?False
DEBUG:paramiko.transport:Kex agreed: diffie-hellman-group-exchange-sha256
DEBUG:paramiko.transport:HostKey agreed: ssh-rsa
DEBUG:paramiko.transport:Cipher agreed: aes128-ctr
DEBUG:paramiko.transport:MAC agreed: hmac-sha2-256
DEBUG:paramiko.transport:Compression agreed: none
DEBUG:paramiko.transport:Got server p (2048 bits)
DEBUG:paramiko.transport:kex engine KexGexSHA256 specified hash_algo <built-in function openssl_sha256>
DEBUG:paramiko.transport:Switch to new keys ...
DEBUG:paramiko.transport:Trying discovered key b'db7022e07xxxxxx366618922bacb6e21' in <priv_key_path>
DEBUG:paramiko.transport:userauth is OK
INFO:paramiko.transport:Authentication continues...
DEBUG:paramiko.transport:Methods: ['password']
DEBUG:paramiko.transport:EOF in transport thread
Traceback (most recent call last):
File "connect.py", line 13, in <module>
client.connect(
File "...code/sandbox/sftp/env/lib/python3.8/site-packages/paramiko/client.py", line 435, in connect
self._auth(
File "...code/sandbox/sftp/env/lib/python3.8/site-packages/paramiko/client.py", line 764, in _auth
raise saved_exception
File "...code/sandbox/sftp/env/lib/python3.8/site-packages/paramiko/client.py", line 751, in _auth
self._transport.auth_password(username, password)
File "...code/sandbox/sftp/env/lib/python3.8/site-packages/paramiko/transport.py", line 1509, in auth_password
return self.auth_handler.wait_for_response(my_event)
File "...code/sandbox/sftp/env/lib/python3.8/site-packages/paramiko/auth_handler.py", line 236, in wait_for_response
raise e
paramiko.ssh_exception.AuthenticationException: Authentication failed.
我什至尝试手动创建传输层,但无济于事。
auth_publickey() 成功进行了部分身份验证,但之后我所做的任何事情都会导致传输错误并显示 EOF。
s = socket.socket()
s.connect(('host_ip', 123))
t = paramiko.Transport(s)
t.connect()
try:
print('key auth')
pkey = paramiko.RSAKey.from_private_key_file(
'path_to_priv_key')
print(t.auth_publickey('some_user', pkey))
print('checking')
print(t.is_authenticated())
print('pass auth')
print(t.auth_password('some_user', 'some_pass'))
print('checking')
print(t.is_authenticated())
except paramiko.AuthenticationException as e:
print(e)
except paramiko.BadAuthenticationType as e:
print(e)
日志如下
DEBUG:paramiko.transport:starting thread (client mode): 0x6704b790
DEBUG:paramiko.transport:Local version/idstring: SSH-2.0-paramiko_2.7.2
DEBUG:paramiko.transport:Remote version/idstring: SSH-2.0-WS_FTP-SSH_8.6.1.1504
INFO:paramiko.transport:Connected (version 2.0, client WS_FTP-SSH_8.6.1.1504)
DEBUG:paramiko.transport:kex algos:['diffie-hellman-group1-sha1', 'diffie-hellman-group14-sha1', 'diffie-hellman-group14-sha256', 'diffie-hellman-group-exchange-sha256'] server key:['ssh-dss', 'ssh-rsa'] client encrypt:['aes256-ctr', 'aes192-ctr', 'aes128-ctr', '3des-cbc', 'blowfish-cbc', 'aes256-cbc', 'aes128-cbc', 'cast128-cbc'] server encrypt:['aes256-ctr', 'aes192-ctr', 'aes128-ctr', '3des-cbc', 'blowfish-cbc', 'aes256-cbc', 'aes128-cbc', 'cast128-cbc'] client mac:['hmac-sha1', 'hmac-sha1-96', 'hmac-md5', 'hmac-md5-96', 'hmac-sha2-256', 'hmac-sha2-384', 'hmac-sha2-512'] server mac:['hmac-sha1', 'hmac-sha1-96', 'hmac-md5', 'hmac-md5-96', 'hmac-sha2-256', 'hmac-sha2-384', 'hmac-sha2-512'] client compress:['none'] server compress:['none'] client lang:[''] server lang:[''] kex follows?False
DEBUG:paramiko.transport:Kex agreed: diffie-hellman-group-exchange-sha256
DEBUG:paramiko.transport:HostKey agreed: ssh-rsa
DEBUG:paramiko.transport:Cipher agreed: aes128-ctr
DEBUG:paramiko.transport:MAC agreed: hmac-sha2-256
DEBUG:paramiko.transport:Compression agreed: none
DEBUG:paramiko.transport:Got server p (2048 bits)
DEBUG:paramiko.transport:kex engine KexGexSHA256 specified hash_algo <built-in function openssl_sha256>
DEBUG:paramiko.transport:Switch to new keys ...
key auth
DEBUG:paramiko.transport:userauth is OK
INFO:paramiko.transport:Authentication continues...
DEBUG:paramiko.transport:Methods: ['password']
['password']
checking
False
pass auth
DEBUG:paramiko.transport:EOF in transport thread
Authentication failed.
有人可以帮忙解决这个问题或提供任何指示吗?如果 Paramiko 不支持此功能,是否有更低级别的方法来执行此操作?
我的版本是
蟒蛇:3.8.7
帕拉米科:2.7.2
更新:
当我在命令行上使用 sftp 时,这很好用。执行此操作时的详细日志如下。
OpenSSH_8.2p1, OpenSSL 1.1.1g 21 Apr 2020
debug1: Reading configuration data ~/.ssh/config
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 93: Applying options for *.*
debug1: hostname canonicalisation enabled, will re-parse configuration
debug1: re-parsing configuration
debug1: Reading configuration data ~/.ssh/config
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 93: Applying options for *.*
debug1: Authenticator provider $SSH_SK_PROVIDER did not resolve; disabling
debug1: Connecting to host_ip [host_ip] port 123.
debug1: using TCP window size of 4194304 / 4194304
debug1: Connection established.
debug1: identity file ~/.ssh/keyfile type 1
debug1: identity file ~/.ssh/keyfile-cert type -1
debug1: identity file ~/.ssh/identity type -1
debug1: identity file ~/.ssh/identity-cert type -1
debug1: identity file ~/.ssh/localhost/identity type -1
debug1: identity file ~/.ssh/localhost/identity-cert type -1
debug1: identity file ~/.ssh/clusterhost/identity type -1
debug1: identity file ~/.ssh/clusterhost/identity-cert type -1
debug1: identity file ~/.ssh/id_dsa type -1
debug1: identity file ~/.ssh/id_dsa-cert type -1
debug1: identity file ~/.ssh/localhost/id_dsa type -1
debug1: identity file ~/.ssh/localhost/id_dsa-cert type -1
debug1: identity file ~/.ssh/clusterhost/id_dsa type -1
debug1: identity file ~/.ssh/clusterhost/id_dsa-cert type -1
debug1: identity file ~/.ssh/id_rsa type 0
debug1: identity file ~/.ssh/id_rsa-cert type -1
debug1: identity file ~/.ssh/localhost/id_rsa type -1
debug1: identity file ~/.ssh/localhost/id_rsa-cert type -1
debug1: identity file ~/.ssh/clusterhost/id_rsa type -1
debug1: identity file ~/.ssh/clusterhost/id_rsa-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_8.2
debug1: Remote protocol version 2.0, remote software version WS_FTP-SSH_8.6.1.1504
debug1: no match: WS_FTP-SSH_8.6.1.1504
debug1: Authenticating to host_ip:123 as 'some_user'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: diffie-hellman-group-exchange-sha256
debug1: kex: host key algorithm: ssh-rsa
debug1: kex: server->client cipher: aes128-ctr MAC: hmac-sha2-256 compression: none
debug1: kex: client->server cipher: aes128-ctr MAC: hmac-sha2-256 compression: none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(2048<8192<8192) sent
debug1: got SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: got SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Server host key: ssh-rsa SHA256:etDpHOm1sxxxxxxGk42y8peYNjUfHIb3+Y3vu12gkjA
debug1: KRL version 0 generated at 20190904T045457
debug1: Host '[host_ip]:123' is known and matches the RSA host key.
debug1: Found key in ~/.ssh/known_hosts:21
debug1: rekey out after 4294967296 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey in after 4294967296 blocks
debug1: Will attempt key: ~/.ssh/keyfile DSA SHA256:6FzoJ/xxxxxx+WrlZ4mhZBi0+Q7
Ancc59Wqn+D5k7HE explicit
debug1: Will attempt key: ~/.ssh/identity
debug1: Will attempt key: ~/.ssh/localhost/identity
debug1: Will attempt key: ~/.ssh/clusterhost/identity
debug1: Will attempt key: ~/.ssh/id_dsa
debug1: Will attempt key: ~/.ssh/localhost/id_dsa
debug1: Will attempt key: ~/.ssh/clusterhost/id_dsa
debug1: Will attempt key: ~/.ssh/id_rsa RSA SHA256:k2p9JH9AfcZlxxxxxxsJgBfQ0Fhuvxuukr
KnxxxxviU
debug1: Will attempt key: ~/.ssh/localhost/id_rsa
debug1: Will attempt key: ~/.ssh/clusterhost/id_rsa
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Offering public key: ~/.ssh/keyfile DSA SHA256:6FzoJ/xxxxxx+WrlZ4mhZBi0
+xxxxxx59Wqn+D5k7HE explicit
debug1: Server accepts key: ~/.ssh/keyfile DSA SHA256:6FzoJ/xxxxxx+WrlZ4mhZBi0+
xxxxxx59Wqn+D5k7HE explicit
Authenticated with partial success.
debug1: Authentications that can continue: password
debug1: Next authentication method: password
debug1: Authentication succeeded (password).
Authenticated to host_ip ([host_ip]:123).
debug1: channel 0: new [client-session]
debug1: Entering interactive session.
debug1: pledge: network
debug1: Sending subsystem: sftp
Connected to host_ip.
Cannot download non-regular file: /OutPutFolder/202009/2020-09-29/
debug1: channel 0: free: client-session, nchannels 1
debug1: fd 0 clearing O_NONBLOCK
debug1: fd 2 clearing O_NONBLOCK
Transferred: sent 49640, received 25837144 bytes, in 60.3 seconds
Bytes per second: sent 823.2, received 428468.5
debug1: Exit status -1
在这里工作但在 Paramiko 上失败的部分是
debug1: Authentications that can continue: password
debug1: Next authentication method: password
debug1: Authentication succeeded (password).
PS:上面的日志是使用 DSA 密钥显示的,此后我已更改为 RSA 密钥,并且它以相同的方式正常工作。
答案 0 :(得分:0)
提供给链接问题的答案非常适合我的用例。
Multi-factor authentication (password and key) with Paramiko
感谢 Martin Prikryl!