Paramiko的使用

来自CloudWiki
跳转至: 导航搜索

Paramiko的使用

在线安装

pip3 install paramiko

pip会自动安装Paramiko所依赖的包。

离线安装

如果要离线安装,则先使用pip下载。 

mkdir paramiko && cd paramiko #创建一个目录存放安装包
pip download paramiko #下载到paramiko中,并传输至离线环境
pip install paramiko –no-index -f paramiko #离线环境下在目录paramiko中检索安装包

思考:

  • SecureRT怎么使用?
  • SecureFX怎么使用?

SSHClient方式登录

基于用户名和密码的SSHClient方式登录

编程步骤如下:

(1)初始化一个SSHClient类的实例。

(2)调用connect方法连接远程主机。

(3)执行命令获取输出结果和返回值,关闭连接。 

# -*- coding: utf-8 -*-
# File Name: paramiko_user_pwd.py
# Description: 使用用户名密码来登陆并执行远程命令
import paramiko

# 建立一个sshclient对象
ssh = paramiko.SSHClient()
# 将信任的主机自动加入到host_allow列表,须放在connect方法前面
ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())
# 调用connect方法连接服务器
ssh.connect(hostname="192.168.1.3", port=22, username="root", password="000000")
# 执行命令
stdin, stdout, stderr = ssh.exec_command("echo `date` && df -hl")
# 结果放到stdout中,如果有错误将放到stderr中
print(stdout.read().decode('utf-8'))
# 
returncode = stdout.channel.recv_exit_status()
print("returncode:",returncode)
# 关闭连接
ssh.close()

运行结果:

[root@localhost op]# python3 paramiko_user_pwd.py 

Sat May 23 16:26:31 CST 2020
Filesystem               Size  Used Avail Use% Mounted on
devtmpfs                 979M     0  979M   0% /dev
tmpfs                    991M     0  991M   0% /dev/shm
tmpfs                    991M  9.6M  981M   1% /run
tmpfs                    991M     0  991M   0% /sys/fs/cgroup
/dev/mapper/centos-root   17G  2.3G   15G  14% /
/dev/sda1               1014M  139M  876M  14% /boot
tmpfs                    199M     0  199M   0% /run/user/0

returncode: 0

本方法是传统的连接服务器、执行命令、关闭一个操作,有时候需要登录上服务器执行多个操作,如执行命令、上传/下载文件,该方法则无法实现。

基于公钥密钥的SSHClient方式登录

有些场景下,两台主机已经做过SSH授信,此时不需要密码即可登录。例如,若主机A不需要密码即可登录主机B执行命令,则在主机A上使用paramiko时只需要指定A的公钥路径即可。

生成私钥公钥对

使用ssh-keygen生成私钥公钥对,一直输入回车即可

[root@localhost op]# ssh-keygen 

Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:jmj7JU89ntQezYCa6BSL269a6YOIxpNdlcMF3Ni6nNE root@localhost.localdomain
The key's randomart image is:
+---[RSA 2048]----+
|      ..=        |
|       o +       |
|      . =        |
|       B E .     |
|      + S . .    |
|     + @ + . +   |
|..o.=.O * + o o  |
|.=.o.O.= o + .   |
|. . +o*+o o .    |
+----[SHA256]-----+

将公钥推送到远端服务器上

查看生成的公钥,cat /root/.ssh/id_rsa.pub

目的是验证该文件是否存在和格式是否正确

一般后面会把主机名带上,检查好格式

输出: 

ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCccmWiXD7bAJ9Qhwcvc8a40cm6USaDBXZRGLnyYrTRy4TRhj6cnjSCC3i9agZYrDbLcII3aX9myXUf+KSMbVPcjJ/6d6tpu16Iyi2PN+X7rXL0LbOHpaZ4MNTtm+UMFMnvmf2LlEMg7pnBBbMz5RCYblB2xrTsUQC/2N91NVPyuPltZAbImLnefhCUBJmNvkwQZFpKyxACn/TpB/WO+0xcylg4/HyQGEC9Jvny7G2CrcuNZZyWWE5PBk433slJ7FTcGu+JuqVnAfpE1qpd7Y8+jtLphE6fWamYOvnBEIJgCLzxlJmvOW1p/grUTaJ4BKkeP1f6sncfZWoAJZP8Ex7R root@localhost.localdomain

将公钥推送到远端服务器上

ssh-copy-id -i ~/.ssh/id_rsa.pub 10.0.0.32

第一次需要验证密码: 

/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
The authenticity of host '10.0.0.32 (10.0.0.32)' can't be established.
ECDSA key fingerprint is SHA256:i02Bc0iO8z6mp3BcZc6nNAjBowdF16KWaXdNEu7tUr0.
ECDSA key fingerprint is MD5:d9:fb:c9:a0:37:4d:b7:bc:e9:81:b1:27:ab:15:b5:67.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@10.0.0.32's password:

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh '10.0.0.32'"
and check to make sure that only the key(s) you wanted were added.

出现“wanted were added”说明添加成功了

现在我们验证一下: 

ssh -l root 10.0.0.33

就可以从当前机器远程访问主机,输入命令exit退出。

附:windows 生成密钥的方法:

从官网或国内镜像 下载安装git,https://npm.taobao.org/mirrors/git-for-windows/

安装好之后,可以通过 git --version 来测试git是否安装成功。 

C:\Users\maxin>git --version
git version 2.28.0.windows.1

随后打开cmd,在其中使用:

ssh-keygen -t rsa 

C:\Users\maxin>ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (C:\Users\maxin/.ssh/id_rsa):
Created directory 'C:\Users\maxin/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in C:\Users\maxin/.ssh/id_rsa.
Your public key has been saved in C:\Users\maxin/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:7Ip2HoPhUjiJ7dHJH9rEIZboskFOtS9YI4u0Rf7yvTo maxin@LAPTOP-28C3GCM7
The key's randomart image is:
+---[RSA 2048]----+
|   o             |
|  +...           |
| =.*+ .          |
|*+B*++ o         |
|==Bo*o+ S        |
| = =+B.o         |
|. o +.=..        |
|   ..E.+.        |
|   ..+=.         |
+----[SHA256]-----+

基于公钥密钥远程登陆

python文件: 

# -*- coding: utf-8 -*-
#Time: 2018/8/23 22:28:37
#Description: 实现公钥登陆
#File Name: sshclient_public_key.py
import paramiko
# 指定本地的RSA私钥文件,如果建立密钥对时设置的有密码,提供password参数即可,如无则不提供
pkey = paramiko.RSAKey.from_private_key_file('/root/.ssh/id_rsa')
#建立连接
ssh = paramiko.SSHClient()
ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())
ssh.connect(hostname='10.0.0.32',
            port=22,
            username='root',
            pkey=pkey)
# 执行命令
stdin, stdout, stderr = ssh.exec_command('echo `date` && df -hl')
# 输出
print(stdout.read().decode('utf-8'))
# 关闭连接
ssh.close()

[root@localhost op]# python3 sshclicent_public_key.py 

Fri Jun 5 09:46:31 CST 2020
Filesystem               Size  Used Avail Use% Mounted on
devtmpfs                 979M     0  979M   0% /dev
tmpfs                    991M     0  991M   0% /dev/shm
tmpfs                    991M  9.7M  981M   1% /run
tmpfs                    991M     0  991M   0% /sys/fs/cgroup
/dev/mapper/centos-root   17G  2.3G   15G  14% /
/dev/sda1               1014M  139M  876M  14% /boot
tmpfs                    199M     0  199M   0% /run/user/0

SFTPClient方式登录

使用sftp上传文件(基于用户名和密码)

echo "hello world" >> 123.txt

14-2.py: 

import paramiko
#获取Transport实例
tran = paramiko.Transport("10.0.0.32",22)
#连接SSH服务端
tran.connect(username = "root", password = "000000")
#获取SFTP实例
sftp = paramiko.SFTPClient.from_transport(tran)
#设置上传的本地/远程文件路径
localpath="123.txt" ##本地文件路径
remotepath="/opt/123.txt" ##上传对象保存的文件路径
#执行上传动作
sftp.put(localpath,remotepath)
tran.close()

python3 14-2.py

使用sftp下载文件(基于用户名和密码)

import paramiko
#获取Transport实例
tran = paramiko.Transport("10.0.0.32",22)
#连接SSH服务端
tran.connect(username = "root", password = "000000")
#获取SFTP实例
sftp = paramiko.SFTPClient.from_transport(tran)
#设置上传的本地/远程文件路径
localpath="456.txt" ##本地文件路径
remotepath="/opt/456.txt" ##下载对象保存的文件路径
#执行下载动作
sftp.get(remotepath,localpath)
tran.close()


基于公钥的上传

# -*- coding: utf-8 -*-
#Time: 2018/8/23 22:28:37
#Description: 实现公钥登陆
#File Name: transport_public_key.py
import paramiko
# 指定本地的RSA私钥文件,如果建立密钥对时设置的有密码,提供password参数即可,如无
则不提供
pkey = paramiko.RSAKey.from_private_key_file('/root/.ssh/id_rsa')
#建立连接
tran = paramiko.Transport(('10.0.0.32',22))
tran.connect(username='root',pkey=pkey)
#获取SFTP实例
sftp = paramiko.SFTPClient.from_transport(tran)
#设置上传的本地/远程文件路径
localpath="123.txt" ##本地文件路径
remotepath="/opt/789.txt" ##上传对象保存的文件路径
#执行上传动作
sftp.put(localpath,remotepath)
# 关闭连接
tran.close()

基于公钥的下载

# -*- coding: utf-8 -*-
#Time: 2018/8/23 22:28:37
#Description: 实现公钥登陆
#File Name: transport_public_key.py
import paramiko
# 指定本地的RSA私钥文件,如果建立密钥对时设置的有密码,提供password参数即可,如无
#则不提供
pkey = paramiko.RSAKey.from_private_key_file('/root/.ssh/id_rsa')
#建立连接
tran = paramiko.Transport(('10.0.0.32',22))
tran.connect(username='root',pkey=pkey)
#获取SFTP实例
sftp = paramiko.SFTPClient.from_transport(tran)
#设置上传的本地/远程文件路径
localpath="012.txt" ##本地文件路径
remotepath="/opt/789.txt" ##下载对象保存的文件路径
#执行下载动作
sftp.get(remotepath,localpath)
# 关闭连接
tran.close()


参考文档:https://www.cnblogs.com/xiao-apple36/p/9144092.html

https://developer.51cto.com/art/201910/604700.htm

取自“http://www.openbrains.net/mediawiki/index.php?title=Paramiko的使用&oldid=24349