Paramiko - 身份验证失败 [重复]

Paramiko - Authentication failed [duplicate]

提问人:Alberto Lopes 提问时间:11/16/2023 最后编辑:Alberto Lopes 更新时间:11/17/2023 访问量:61

问:

使用 paramiko 进行 ssh 连接时,发生身份验证错误。 通过命令提示符使用putty和openssh,通信效果很好。 使用paramiko时。我尝试了简单甚至更复杂的功能。

import paramiko

host = ""
user = ""
keyfile = ""
command = ""

ssh = paramiko.SSHClient()
ssh.set_missing_host_key_polic(paramiko.AutoAddPolicy())
#ssh.set_missing_host_key_polic(paramiko.WarningPolicy())
#ssh.set_missing_host_key_polic(paramiko.MissingHostKeyPolicy())
#ssh.set_missing_host_key_polic(paramiko.RejectPolicy())

ssh.connect(hostname=host, username=user, password=None, port=22)
#, look_for_keys=False, disable_algorithms={'keys':['rsa-sha2-256', 'rsa-sha2-512']}, allow_agent=False)

stdin, stdout, stderr = ssh.exec_comand('cd')

在 python 中记录执行 Paramiko。

: starting thread (client mode): 0xe4051010
:
Local version/idstring: SSH-2.0-paramiko_3.1.0
: Remote version/idstring: SSH-2.0-dropbear_2017.75
: Connected (version 2.0, client dropbear_2017.75)
Key exchange possibilities ===
: kex algos: [email protected], ecdh-sha2-nistp521, ecdh-sha2-nistp384, ecdh-sha2-nistp256, diffie-hellman-group14-shal, diffie-he
: server key: ssh-rsa
:
client encrypt: aes128-ctr, aes256-ctr, aes128-cbc, aes256-cbc, twofish256-cbc, twofish-cbc, twofish128-cbc, 3des-ctr, 3des-cbc
: server encrypt: aes128-ctr, aes256-ctr, aes128-cbc, aes256-cbc, twofish256-cbc, twofish-cbc, twofish128-cbc, 3des-ctr, 3des-cbc
: client mac: hmac-sha1-96, hmac-shal, hmac-sha2-256, hmac-sha2-512, hmac-md5 : server mac: hmac-sha1-96, hmac-sha1, hmac-sha2-256, hmac-sha2-512, hmac-md5
: client compress: [email protected], none
: server compress: [email protected], none
: client lang: <none>
: server lang: <none>
: kex follows: False
Key exchange agreements ---
: Kex: [email protected]
: HostKey: ssh-rsa
: Cipher: aes128-ctr
: MAC: hmac-sha2-256
: Compression: none
: --- End of kex handshake ===
: kex engine KexCurve25519 specified hash_algo <built-in function openssl_sha256> : Switch to new keys ...
: Adding ssh-rsa host key for fe:7:383:4::67: b'0366f1abed7f1a4625c3abd6185944bf : Trying discovered key b'3e418e1455f5113caeca987a320c0f4a in C:\Users\NV_VwdB/.ssh/id_rsa
: userauth is OK
: Finalizing pubkey algorithm for key of type 'ssh-rsa'
: Our pubkey algorithm list: ['rsa-sha2-512', 'rsa-sha2-256", ssh-rsa']
: Server did not send a server-sig-algs list; defaulting to our first preferred algo ('rsa-sha2-512')
: NOTE: you may use the 'disabled_algorithms SSHClient/Transport init kwarg to disable that or other algorithms if your server does not supp
: Authentication (publickey) failed.
: EOF in transport thread

我收集了应用程序日志以找到解决它的方法。 使用 Plink 应用程序,它通过命令提示符完美工作 - 日志:

plink -ssh -v -l 用户 “host”

C:\Users\NV_VwdB>plink -ssh -v -1 root "f!. 383:4::67"
Looking up host "f.:7:383:4::67" for SSH connection
Connecting to f":7 :383:4::67 port 22
We claim version: SSH-2.0-PuTTY_Release_0.78
Connected to f:7 :383:4::67
Remote version: SSH-2.0-dropbear_2017.75
Using SSH protocol version 2
No GSSAPI security context available
Doing ECDH key exchange with curve Curve25519, using hash SHA-256 (unaccelerated)
Host key fingerprint is:
ssh-rsa 2048 SHA256:20IgeSG/smq4GN17z1jLMBEaMw4peSXOWGZ1w9aZUaY
Initialised AES-256 SDCTR (AES-NI accelerated) outbound encryption
Initialised HMAC-SHA-256 (unaccelerated) outbound MAC algorithm
Initialised AES-256 SDCTR (AES-NI accelerated) inbound encryption Initialised HMAC-SHA-256 (unaccelerated) inbound MAC algorithm
Using username "root".
Access granted
Access granted. Press Return to begin session.
Opening main session channel
Opened main channel
Allocated pty
Started a shell/command
root@swi-mdm9x40-03hmqcsop1buevxxrel:~# pwd
/home/root

使用 OpenSSH - Windows 应用程序,它通过命令提示符完美工作 - 日志:

ssh -v user@host

C:\Users\NV_VWdB>ssh -v root@fr :7c :383:4::67
OpenSSH_for_Windows_8.1p1, LibreSSL 3.0.2
debug1: Connecting to f...:7:383:4::67 [fd** 4::67] port 22.
debug1: Connection established.
debug1: identity file C:\\Users\\NV_VWdB/.ssh/id_rsa type >
debug1: identity file C:\\Users\\NV_VWdB/.ssh/id_rsa-cert type -1
debug1: identity file C:\\Users\\NV_VWdB/.ssh/id_dsa type -1 debug1: identity file C:\\Users\\NV_VWdB/.ssh/id_dsa-cert type -1
debug1: identity file C:\\Users\\NV_VWdB/.ssh/id_ecdsa type -1
debug1: identity file C:\\Users\\NV_VWdB/.ssh/id_ecdsa-cert type -1
debug1: identity file C:\\Users\\NV_VWdB/.ssh/id_ed25519 type -1
debug1: identity file C:\\Users\\NV_VWdB/.ssh/id_ed25519-cert type -1
debug1: identity file C:\\Users\\NV_VWdB/.ssh/id_xmss type -1 debug1: identity file C:\\Users\\NV_VWdB/.ssh/id_xmss-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_for_Windows_8.1
debug1: Remote protocol version 2.0, remote software version dropbear_2017.75
debug1: no match: dropbear_2017.75
debug1: Authenticating to f :7c. 383:4::67:22 as 'root'
debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: [email protected] debug1: kex: host key algorithm: ssh-rsa
debug1: kex: server->client cipher: aes128-ctr MAC: hmac-sha2-256 compression: none
debug1: kex: client->server cipher: aes128-ctr MAC: hmac-sha2-256 compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ssh-rsa SHA256:20IgeSG/smq4GN17z1jLMBEaMw4peSXOWGZ1W9aZUAY
debug1: Host 'f' :7:383:4::67' is known and matches the RSA host key.
debug1: Found key in C:\\Users\\NV_VWdB/.ssh/known_hosts:1
debug1: rekey out after 4294967296 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received debug1: rekey in after 4294967296 blocks
debug1: pubkey_prepare: ssh_get_authentication_socket: No such file or directory debug1: Will attempt key: C:\\Users\\NV_VWdB/.ssh/id_rsa RSA SHA256:mWX1DkzfUCV5yZAKYS1tLPkTGqTtVxcOHDJqFhi7Aac
debug1: Will attempt key: C:\\Users\\NV_VWdB/.ssh/id_dsa
debug1: Will attempt key: C:\\Users\\NV_VWdB/.ssh/id_ecdsa
debug1: Will attempt key: C:\\Users\\NV_VWdB/.ssh/id_ed25519
debug1: Will attempt key: C:\\Users\\NV_VWdB/.ssh/id_xmss
debug1: SSH2_MSG_SERVICE_ACCEPT received debug1 : Authentication succeeded (none).
Authenticated to f :7:383:4::67 ([f :7 :383:4::67]:22).
debug1: channel 0: new [client-session]
debug1: Entering interactive session.
debug1: pledge: network
debug1: ENABLE_VIRTUAL TERMINAL_INPUT is supported. Reading the VTSequence from console
root@swi-mu....... evxxrel:~#
debug1: ENABLE_VIRTUAL TERMINAL PROCESSING is 

我可以使用您的帮助来理解和寻找解决方案,因为连接通过 Putty、Plink 和 Openssh 程序工作,但不能通过 Python 通过 Paramiko 工作。

python ssh paramiko openssh plink

评论

0赞 Jim Redmond 11/16/2023
你能复制和粘贴而不是截取文本的屏幕截图吗?
0赞 Alberto Lopes 11/16/2023
是的。我做了一个更新,把所有的照片都改成了文字。谢谢。
0赞 Prav 11/16/2023
您需要在 Python 命令之前在终端实例上运行。由于 Paramiko 的工作方式,它无法访问本机,更多内容请在此处进行ssh-addssh-agent
0赞 Alberto Lopes 11/16/2023
是的,我做到了 ssh-add 和 ssh-agent,并且正在启用并运行。通过命令提示符发送命令 ssh user@host和新计算机,代理添加了文件known_hosts的新指纹并打开与新计算机的通信。但是用 paramiko 测试是行不通的。

答:

0赞 Alberto Lopes 11/17/2023 #1

你好马丁和时间。 完善!

共享解决方案解决了这个问题。 服务器端使用没有密码的 dropbear 进行访问,因此实现 Martin 的建议非常有效。 非常感谢大家的帮助。

在此处输入链接描述

这是我修改后使用的代码。

import paramiko

host = "192.168.56.101"
port = 22
password = "123456"
user = "tester"

paramiko.util.log_to_file("C:/tmp/paramiko.txt", level = "DEBUG")

ssh_client =paramiko.SSHClient()
ssh_client.set_missing_host_key_policy(paramiko.AutoAddPolicy())

try:
    ssh_client.connect(hostname=host,port=22 ,username=user ,password=password)
except paramiko.ssh_exception.AuthenticationException as e:
    if not password:
        ssh_client.get_transport().auth_none(user)
    else:
        raise e

channel = ssh_client.invoke_shell()
#stdin = channel.makefile('wb')
#stdout = channel.makefile('r')

channel.send('cm' + '\n')
resp = channel.recv(4096)
print(resp)

stdin, stdout, stderr = ssh_client.exec_command('devtest-1', timeout = 60)
lines = stdout.readlines()
print(lines)