All geek questions in one place

Paramiko, not talking to an ssh agent. same behavior in tissue

At first I tried to get the fabric to work, but she kept asking me for the password.

Therefore, I am trying to reduce the problem. Perhaps it would be a good POC just to create an SSH connection from Python. I found that the fabric uses parmico to process SSH. Hm. Ok, let's try to get an example of work.

Here is what I wrote.

from ssh import * import os print "SSH-AGENT VARS" print "SSH_AGENT_PID: %s " % os.environ['SSH_AGENT_PID'] print "SSH_AUTH_SOCK: %s " % os.environ['SSH_AUTH_SOCK'] a = Agent() keys=a.get_keys() print keys.count("192.168.1.10") client = SSHClient() client.load_system_host_keys() client.connect('192.168.1.10')

As a result, the following error messages appear:

 % ./ssh_test.py SSH-AGENT VARS SSH_AGENT_PID: 26557 SSH_AUTH_SOCK: /tmp/ssh-pZHBElj26556/agent.26556 0 Traceback (most recent call last): File "./ssh_test.py", line 18, in <module> client.connect('192.168.1.10') File "/usr/local/lib/python2.7/dist-packages/ssh/client.py", line 332, in connect self._auth(username, password, pkey, key_filenames, allow_agent, look_for_keys) File "/usr/local/lib/python2.7/dist-packages/ssh/client.py", line 493, in _auth raise saved_exception ssh.PasswordRequiredException: Private key file is encrypted

Ssh-agent is running in my session, I can connect to this SSH without problems, it does not ask me for a password or anything else.

I assume that paramiko cannot connect to a running ssh-agent for some strange reason.

Has anyone else had such a problem? I am using Ubuntu 11.10

It seems that I remember how I tried Fabric some time ago and had similar problems, maybe it broke for a while?

I connect just using the hostname as an argument. This is according to the documentation.

http://www.lag.net/paramiko/docs/paramiko.SSHClient-class.html

 connect(self, hostname, port=22, username=None, password=None, pkey=None, key_filename=None, timeout=None, allow_agent=True, look_for_keys=True, compress=False)
+7
source share
5 answers

So, the first thing I discovered was that Paramiko was outdated and did not receive support.

Now it is known as the ssh package, at least under Ubuntu and has another supporting one (bitprophet)

Here is an example session using it:

 $ ./ssh_demo.py Hostname: 192.168.1.10 *** Host key OK. Username [bryan]: root Trying ssh-agent key eee5638f390e1698898984b10adfa9317 ... success! *** Here we go! Linux top.secret.com 2.9.37-1-amd64 #1 SMP Thu Nov 3 03:41:26 UTC 2011 x86_64 β”Œβ”Œ( root@top )-(10:44am-:-03/27)β”Œ-Β¨-¨¨˙

This does not answer the question of why the fabric is not authenticated against the correct ssh-agent representation. Therefore, the question remains open.

Update:

Thanks to Morgan's prompt, I got a little better with this problem. As he suggested, I turned on ssh protocols by adding the following to the beginning of the fabfile.py file

 from fabric.api import * import ssh ssh.util.log_to_file("paramiko.log", 10)

I also tracked the server log. In doing so, I found that the user I specified is ignored, and instead uses the local username.

On server:

 tail -f /var/log/auth.log Mar 28 11:12:36 xxxxxxxxxxx sshd[17652]: Invalid user bryan from xxx.xxx.xxx.xxx

Locally:

 tail -f paramiko.log DEB [20120328-11:39:29.038] thr=1 ssh.transport: starting thread (client mode): 0x8dfc66cL INF [20120328-11:39:29.066] thr=1 ssh.transport: Connected (version 2.0, client OpenSSH_5.5p1) DEB [20120328-11:39:29.093] thr=1 ssh.transport: kex algos:['diffie-hellman-group-exchange-sha256', 'diffie-hellman-group-exchange-sha1', 'diffie-hellman-group14-sha1', 'diffie-hellman-group1-sha1'] server key:['ssh-rsa', 'ssh-dss'] client encrypt:['aes128-ctr', 'aes192-ctr', 'aes256-ctr', 'arcfour256', 'arcfour128', 'aes128-cbc', '3des-cbc', 'blowfish-cbc', 'cast128-cbc', 'aes192-cbc', 'aes256-cbc', 'arcfour', ' rijndael-cbc@lysator.liu.se '] server encrypt:['aes128-ctr', 'aes192-ctr', 'aes256-ctr', 'arcfour256', 'arcfour128', 'aes128-cbc', '3des-cbc', 'blowfish-cbc', 'cast128-cbc', 'aes192-cbc', 'aes256-cbc', 'arcfour', ' rijndael-cbc@lysator.liu.se '] client mac:['hmac-md5', 'hmac-sha1', ' umac-64@openssh.com ', 'hmac-ripemd160', ' hmac-ripemd160@openssh.com ', 'hmac-sha1-96', 'hmac-md5-96'] server mac:['hmac-md5', 'hmac-sha1', ' umac-64@openssh.com ', 'hmac-ripemd160', ' hmac-ripemd160@openssh.com ', 'hmac-sha1-96', 'hmac-md5-96'] client compress:['none', ' zlib@openssh.com '] server compress:['none', ' zlib@openssh.com '] client lang:[''] server lang:[''] kex follows?False DEB [20120328-11:39:29.093] thr=1 ssh.transport: Ciphers agreed: local=aes128-ctr, remote=aes128-ctr DEB [20120328-11:39:29.093] thr=1 ssh.transport: using kex diffie-hellman-group1-sha1; server key type ssh-rsa; cipher: local aes128-ctr, remote aes128-ctr; mac: local hmac-sha1, remote hmac-sha1; compression: local none, remote none DEB [20120328-11:39:29.183] thr=1 ssh.transport: Switch to new keys ... DEB [20120328-11:39:29.224] thr=2 ssh.transport: Trying SSH agent key cda5638f390e166864444b1093b91017 DEB [20120328-11:39:29.272] thr=1 ssh.transport: userauth is OK INF [20120328-11:39:53.310] thr=1 ssh.transport: Authentication (publickey) failed. DEB [20120328-11:41:29.076] thr=1 ssh.transport: EOF in transport thread

Hmm, this is strange, I ran a command like: fab diskfree -H xxx.xxx.xxx.xxx -u root

But what is it?

 $ cat ./fabfile.py from fabric.api import * import ssh ssh.util.log_to_file("paramiko.log", 10) env.user = 'bryan' def host_type(): run('uname -s') def diskfree(): run('df -h')

Hmm

 env.user = 'bryan'

Could this be the cause of the problem? Could ssh error messages be misleading to me?

I deleted the line and it worked, so I think this is the answer.

+4
source

So, from the paramiko code and yours, when you do a.get_keys (), which should return a list. I'll see what he returns. And it will not return what you can consider so, as it returns the actual encrypted bits of the key. But anyway, when you switched to ssh and it works, go to Fabric.

You can get more protocols by enabling it for ssh lib by doing:

 import ssh ssh.util.log_to_file("paramiko.log", 10)

In your file. This will lead to all the logs and show more about what paramiko / ssh is doing, which can help you further debug the problem.

+7
source

I would try to specify the passphrase as the password keyword for the connect() argument.

As indicated in the docs for SSHCLient.connect() , it uses PKey it can be found in the system, unless specified. The class methods from_private_key() and from_private_key_file() (I "I don’t know which one is being called, maybe both of them) take an optional password argument. The docs say,

If the secret key is encrypted and the password is not None, this password will be used to decrypt the key (otherwise, a PasswordRequiredException will be thrown).

... what is probably happening in your case.

0
source

I had this problem and what worked for me is that it launches SSH_AGENT:

 eval $(ssh-agent)

and add SSH_KEY:

 ssh-add ~/.ssh/id_rsa
0
source

You may need to run to add the key to the agent.

 $ ssh-add ~/.ssh/id_dsa

https://groups.google.com/forum/?fromgroups=#!topic/ansible-project/yRSMmlqKsAA

-1
source

Source: https://habr.com/ru/post/1403128/

More articles:


All Articles