logo标签列表

paramiko允许无需密钥进行SFTP连接。

pythonsshsftpparamiko
3
我正在运行来自paramiko github的demo文件夹中的demo_sftp.py文件。我在PyDev中逐步执行它,并期望会出现错误,因为我没有连接到服务器所需的密钥,但是我得到了一条打印语句,说明脚本无法打开主机密钥文件,然后继续进行get和put操作。
以下是代码片段。
try:
    host_keys = paramiko.util.load_host_keys(os.path.expanduser('~/.ssh/known_hosts'))
except IOError:
    try:
        # try ~/ssh/ too, because windows can't have a folder named ~/.ssh/
        host_keys = paramiko.util.load_host_keys(os.path.expanduser('~/ssh/known_hosts'))
    except IOError:
        print '*** Unable to open host keys file'
        host_keys = {}

if host_keys.has_key(hostname):
    hostkeytype = host_keys[hostname].keys()[0]
    hostkey = host_keys[hostname][hostkeytype]
    print 'Using host key of type %s' % hostkeytype


# now, connect and use paramiko Transport to negotiate SSH2 across the connection
try:
    t = paramiko.Transport((hostname, port))
    t.connect(username=username, password=password, hostkey=hostkey)
    sftp = paramiko.SFTPClient.from_transport(t)

    # dirlist on remote host
    dirlist = sftp.listdir('.')
    print "Dirlist:", dirlist

我本来希望在t.connect行出现异常,因为hostkey是NoneType。

当我使用ssh进行连接时

    ssh = paramiko.SSHClient()
    ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())
    try:
        ssh.connect('.'.join([self.name, self.domain]),
                    username=self.username, password=self.password)
        stdin, stdout, stderr = ssh.exec_command("ps aux | grep Xvnc | wc -l")

我必须有AutoAddPolicy()这行,否则它就会失败。那么有什么区别呢?显然,我只是在学习这个,但我认为sftp应该和ssh一样严格。

2个回答
2

看起来这是一种可接受的做法。

来自 Transport.connect 的评论。

'''
Negotiate an SSH2 session, and optionally verify the server's host key
and authenticate using a password or private key.  This is a shortcut
for L{start_client}, L{get_remote_server_key}, and
L{Transport.auth_password} or L{Transport.auth_publickey}.  Use those
methods if you want more control.

You can use this method immediately after creating a Transport to
negotiate encryption with a server.  If it fails, an exception will be
thrown.  On success, the method will return cleanly, and an encrypted
session exists.  You may immediately call L{open_channel} or
L{open_session} to get a L{Channel} object, which is used for data
transfer.

@note: If you fail to supply a password or private key, this method may
succeed, but a subsequent L{open_channel} or L{open_session} call may
fail because you haven't authenticated yet.
'''

SSHClient.connect的注释

'''
Connect to an SSH server and authenticate to it.  The server's host key
is checked against the system host keys (see L{load_system_host_keys})
and any local host keys (L{load_host_keys}).  If the server's hostname
is not found in either set of host keys, the missing host key policy
is used (see L{set_missing_host_key_policy}).  The default policy is
to reject the key and raise an L{SSHException}.
'''

也许这是因为sftp只能传输数据,而ssh可以运行终端命令。我发现有趣的是,中间人攻击似乎不是一个问题。
0

您可以使用以下语法

    import pysftp
    cnopts = pysftp.CnOpts()
    cnopts.hostkeys = None
    with pysftp.Connection(hostname, port=port, username=user_id, password=password,
                           cnopts=cnopts) as sftp:
        with sftp.cd(self.directory):  # temporarily chdir to public
            sftp.put(filepath)
网页内容由stack overflow 提供, 点击上面的
可以查看英文原文,
原文链接