python下ssh的简单实现

python下的ssh都需要借助第三方模块paramiko来实现，在使用前需要手动安装。

一、python实现ssh

(1) linux下的ssh登录

root@ubuntu:~# ssh morra@192.168.1.42
The authenticity of host '192.168.1.42 (192.168.1.42)' can't be established.
ECDSA key fingerprint is SHA256:/ufx+/OLtdsYy7vsdk4KDu9xJsBp6zHonRAf2jjT0GI.
Are you sure you want to continue connecting (yes/no)? y
Please type 'yes' or 'no': yes
Warning: Permanently added '192.168.1.42' (ECDSA) to the list of known hosts.
Password:
Last login: Fri Dec  2 14:15:36 2016
localhost:~ morra$

查看known_hosts文件

root@ubuntu:~# cat .ssh/known_hosts
|1|ohKgSMq+1NLbr37anPqNZKQxh/8=|83NZfZYMUwLGaH32oLhCW/2PsXk= ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBMTpJEzRyK6Bn96JT9+8IMK57ouWZspbs+oVuc7lD+aAwDB6C9Qgoy8P7cGjRaOA5ImDiBTLSQgHT+cZeGIJbI4=

(2) python实现ssh

import paramiko

#创建SSH对象
ssh = paramiko.SSHClient()

#把要连接的机器添加到known_hosts文件中
ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())

#连接服务器
ssh.connect(hostname='192.168.1.96', port=22, username='morra', password='123456')

cmd = 'ps'
#cmd = 'ls -l;ifconfig'       #多个命令用;隔开
stdin, stdout, stderr = ssh.exec_command(cmd)

result = stdout.read()

if not result:
    result = stderr.read()
ssh.close()

print(result.decode())

(3) python实现sftp

import paramiko

transport = paramiko.Transport(('192.168.1.96', 22))

transport.connect(username='morra', password='357447218')

sftp = paramiko.SFTPClient.from_transport(transport)

sftp.put('123.py', '/tmp/test.py')  # 将123.py 上传至服务器 /tmp下并改名为test.py

sftp.get('remove_path', 'local_path')  # 将remove_path 下载到本地 local_path

transport.close()

二、传统的免密登录

(1) 生成公钥

使用ssh-keygen生产公钥和私钥

morra@ubuntu:~$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/morra/.ssh/id_rsa):
Created directory '/home/morra/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/morra/.ssh/id_rsa.
Your public key has been saved in /home/morra/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:8IVM56bc/2deLZcDXwVs2XDNCuTTbvvlCKmCnUxiHuw morra@ubuntu
The key's randomart image is:
+---[RSA 2048]----+
|        . ....o=o|
|       o + ...+o+|
|      . o + oo...|
|       + =   o. .|
|     .  S .  .o .|
|      = .  . oo.+|
|     + B .  + o+=|
|      E =  . o **|
|         ..   o++|
+----[SHA256]-----+

#生成的公钥私钥存放在.ssh目录下，id_rsa.pub就是本机的公钥
morra@ubuntu:~$ cd .ssh/
morra@ubuntu:~/.ssh$ ls
id_rsa  id_rsa.pub

(2) 复制公钥

最后把本机的id_rsa.pub文件中的内容copy到目标机的.ssh/authorized_keys中就可以了，如果没有authorized_keys，自己创建。但是要注意authorized_keys的权限一般是600

localhost:.ssh morra$ ls -l authorized_keys
-rw-r--r--  1 morra  staff  393 Dec  6 16:33 authorized_keys

或者直接使用一条命令也可以实现公钥的复制，ssh-copy-id后面接入的用户就是要支持免密登录的用户。

morra@ubuntu:~/.ssh$ ssh-copy-id "morra@192.168.1.42"
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/morra/.ssh/id_rsa.pub"
The authenticity of host '192.168.1.42 (192.168.1.42)' can't be established.
ECDSA key fingerprint is SHA256:/ufx+/OLtdsYy7vsdk4KDu9xJsBp6zHonRAf2jjT0GI.
Are you sure you want to continue connecting (yes/no)? n^H
Please type 'yes' or 'no': yes
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
Password:

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh 'morra@192.168.1.42'"   and check to make sure that only the key(s) you wanted were added.

#去目标机器下，检查authorized_keys文件
localhost:.ssh morra$ cat authorized_keys
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDB/mkvSx1mo/l/huMiOSqQjTb3KSB+D67qDRe1VgbjeZpwtodpSNueqGMj3mGDtf8tfmfwygKHuMtkVCQuD+1trLZ/yn8dKK9JV2pM4iwmaEvSda/qbQR7lQ37lsmvGnwCloJ49h8MpsF9UsDVXnyo4kauOj+0HYlur1E5Y7dzBuuzBiKAnwS66ZVTtHpIzubfXYanyBEinClpHNr6B7DVWp0J4ubZ8k/AgFMyD8NyJmugoObD3+wry0Dk2LG/WadOaY1luooQN4m55WyfZE2w0Kzi4F7W6v8/GRnpxVKOmNUNk6/c6hr/CDWnthS1abMjI9u/bGru6X2kiyymq3wR morra@ubuntu

(3) 登录测试

morra@ubuntu:~/.ssh$ ssh 'morra@192.168.1.42'
Last login: Tue Dec  6 16:28:07 2016 from 192.168.1.69
localhost:~ morra$

登录方式注意区别

$ ssh morra@192.168.1.42    #用户名密码登录
$ ssh 'morra@192.168.1.42'  #公钥免密登录

三、用pythonssh免密实现

(1) 免密ssh

import paramiko

private_key = paramiko.RSAKey.from_private_key_file('id_rsa96')   #使用目标的私钥来登录

ssh = paramiko.SSHClient()
ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())

ssh.connect(hostname='192.168.1.96',port=22,username='morra',pkey=private_key)

cmd = 'ps'
stdin, stdout, stderr = ssh.exec_command(cmd)

result = stdout.read()

if not result:
    result = stderr.read()
ssh.close()

print(result.decode())

(2) 免密sftp

import paramiko

private_key = paramiko.RSAKey.from_private_key_file('/home/auto/.ssh/id_rsa')

transport = paramiko.Transport(('hostname', 22))
transport.connect(username='wupeiqi', pkey=private_key )

sftp = paramiko.SFTPClient.from_transport(transport)

sftp.put('/tmp/location.py', '/tmp/test.py')
# 将location.py 上传至服务器 /tmp/test.py
sftp.get('remove_path', 'local_path')
# 将remove_path 下载到本地 local_path

transport.close()

四、练手Demo

import paramiko
import uuid

class Haproxy(object):

    def __init__(self):
        self.host = '192.168.1.96'
        self.port = 22
        self.username = 'morra'
        self.pwd = '123456'
        self.__k = None

    def create_file(self):
        file_name = str(uuid.uuid4())
        with open(file_name,'w') as f:
            f.write('sb')
        return file_name

    def run(self):
        self.connect()
        self.upload()
        self.rename()
        self.close()

    def connect(self):
        transport = paramiko.Transport((self.host,self.port))
        transport.connect(username=self.username,password=self.pwd)
        self.__transport = transport

    def close(self):

        self.__transport.close()

    def upload(self):
        # 连接，上传
        file_name = self.create_file()

        sftp = paramiko.SFTPClient.from_transport(self.__transport)
        sftp.put(file_name, '/home/test.py')    # 将location.py 上传至服务器 /tmp/test.pydef rename(self):

        ssh = paramiko.SSHClient()
        ssh._transport = self.__transport # 执行命令
        stdin, stdout, stderr = ssh.exec_command('mv /home/test.py /home/test2.py')
        result = stdout.read()

ha = Haproxy()
ha.run()