如何使用 Python 的 Paramiko 模块通过 ssh 进入需要两个密码身份验证的服务器?
[英]How can I ssh into a server that requires two password authentication using Python's Paramiko module?
问题描述
How do I ssh to a server that requires dual password authentication using Paramiko?
如何使用 Paramiko SSH 到需要双密码身份验证的服务器?
When using a particular user, it first prompts for the user password and then for another password, so my session needs to be interactive.使用特定用户时,它首先提示输入用户密码,然后提示输入另一个密码,因此我的会话需要是交互式的。 I have done the same using pexpect module to spawn an ssh process on Linux, but since I cannot do that in Windows I need a way to do it using Paramiko.我已经使用 pexpect 模块在 Linux 上生成了一个ssh进程,但由于我无法在 Windows 中执行此操作,因此我需要一种使用 Paramiko 的方法来执行此操作。
The server is our product that is a slightly modified version of CentOS.服务器是我们的产品,是对 CentOS 稍作修改的版本。 I am writing automation code to test some functionality which requires me to ssh into the server and verify some commands.我正在编写自动化代码来测试一些需要我通过 ssh 进入服务器并验证一些命令的功能。 I am able to login as root user, but for the user I am interested in it asks for a second password.我能够以 root 用户身份登录,但对于我感兴趣的用户,它要求输入第二个密码。
This is the output from the ssh -vvv command:这是ssh -vvv命令的输出:
ssh -vvv -p2222 nobrk1n@10.213.23.112 OpenSSH_6.4, OpenSSL 1.0.1e-fips 11 Feb 2013 debug1: Reading configuration data /etc/ssh/ssh_config debug1: /etc/ssh/ssh_config line 51: Applying options for * debug2: ssh_connect: needpriv 0 debug1: Connecting to 10.213.23.112 [10.213.23.112] port 2222. debug1: Connection established. debug1: permanently_set_uid: 0/0 debug3: Incorrect RSA1 identifier debug3: Could not load "/root/.ssh/id_rsa" as a RSA1 public key debug1: identity file /root/.ssh/id_rsa type 1 debug1: identity file /root/.ssh/id_rsa-cert type -1 debug1: identity file /root/.ssh/id_dsa type -1 debug1: identity file /root/.ssh/id_dsa-cert type -1 debug1: identity file /root/.ssh/id_ecdsa type -1 debug1: identity file /root/.ssh/id_ecdsa-cert type -1 debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_6.4 debug1: Remote protocol version 2.0, remote software version OpenSSH_7.4 debug1: match: OpenSSH_7.4 pat OpenSSH* debug2: fd 3 setting O_NONBLOCK debug3: put_host_port: [10.213.23.112]:2222 debug3: load_hostkeys: loading entries for host "[10.213.23.112]:2222" from file "/root/.ssh/known_hosts" debug3: load_hostkeys: found key type ECDSA in file /root/.ssh/known_hosts:1 debug3: load_hostkeys: loaded 1 keys debug3: order_hostkeyalgs: prefer hostkeyalgs: ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521 debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug2: kex_parse_kexinit: ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 debug2: kex_parse_kexinit: ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-rsa-cert-v01@openssh.com,ssh-dss-cert-v01@openssh.com,ssh-rsa-cert-v00@openssh.com,ssh-dss-cert-v00@openssh.com,ssh-rsa,ssh-dss debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se debug2: kex_parse_kexinit: hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-sha1,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-sha1,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: first_kex_follows 0 debug2: kex_parse_kexinit: reserved 0 debug2: kex_parse_kexinit: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 debug2: kex_parse_kexinit: ssh-rsa,rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519 debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com debug2: kex_parse_kexinit: hmac-sha2-256,hmac-sha2-512 debug2: kex_parse_kexinit: hmac-sha2-256,hmac-sha2-512 debug2: kex_parse_kexinit: none,zlib@openssh.com debug2: kex_parse_kexinit: none,zlib@openssh.com debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: first_kex_follows 0 debug2: kex_parse_kexinit: reserved 0 debug2: mac_setup: found hmac-sha2-256 debug1: kex: server->client aes128-ctr hmac-sha2-256 none debug2: mac_setup: found hmac-sha2-256 debug1: kex: client->server aes128-ctr hmac-sha2-256 none debug1: sending SSH2_MSG_KEX_ECDH_INIT debug1: expecting SSH2_MSG_KEX_ECDH_REPLY debug1: Server host key: ECDSA 30:5c:e6:be:81:31:79:b8:71:80:bf:49:95:a9:79:12 debug3: put_host_port: [10.213.23.112]:2222 debug3: put_host_port: [10.213.23.112]:2222 debug3: load_hostkeys: loading entries for host "[10.213.23.112]:2222" from file "/root/.ssh/known_hosts" debug3: load_hostkeys: found key type ECDSA in file /root/.ssh/known_hosts:1 debug3: load_hostkeys: loaded 1 keys debug3: load_hostkeys: loading entries for host "[10.213.23.112]:2222" from file "/root/.ssh/known_hosts" debug3: load_hostkeys: found key type ECDSA in file /root/.ssh/known_hosts:1 debug3: load_hostkeys: loaded 1 keys debug1: Host '[10.213.23.112]:2222' is known and matches the ECDSA host key. debug1: Found key in /root/.ssh/known_hosts:1 debug1: ssh_ecdsa_verify: signature correct debug2: kex_derive_keys debug2: set_newkeys: mode 1 debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug2: set_newkeys: mode 0 debug1: SSH2_MSG_NEWKEYS received debug1: Roaming not allowed by server debug1: SSH2_MSG_SERVICE_REQUEST sent debug2: service_accept: ssh-userauth debug1: SSH2_MSG_SERVICE_ACCEPT received debug2: key: /root/.ssh/id_rsa (0x55f959096720), debug2: key: /root/.ssh/id_dsa ((nil)), debug2: key: /root/.ssh/id_ecdsa ((nil)), debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password debug3: start over, passed a different list publickey,gssapi-keyex,gssapi-with-mic,password debug3: preferred gssapi-keyex,gssapi-with-mic,publickey,keyboard-interactive,password debug3: authmethod_lookup gssapi-keyex debug3: remaining preferred: gssapi-with-mic,publickey,keyboard-interactive,password debug3: authmethod_is_enabled gssapi-keyex debug1: Next authentication method: gssapi-keyex debug1: No valid Key exchange context debug2: we did not send a packet, disable method debug3: authmethod_lookup gssapi-with-mic debug3: remaining preferred: publickey,keyboard-interactive,password debug3: authmethod_is_enabled gssapi-with-mic debug1: Next authentication method: gssapi-with-mic debug1: Unspecified GSS failure. Minor code may provide more information No Kerberos credentials available (default cache: KEYRING:persistent:0) debug1: Unspecified GSS failure. Minor code may provide more information No Kerberos credentials available (default cache: KEYRING:persistent:0) debug2: we did not send a packet, disable method debug3: authmethod_lookup publickey debug3: remaining preferred: keyboard-interactive,password debug3: authmethod_is_enabled publickey debug1: Next authentication method: publickey debug1: Offering RSA public key: /root/.ssh/id_rsa debug3: send_pubkey_test debug2: we sent a publickey packet, wait for reply debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password debug1: Trying private key: /root/.ssh/id_dsa debug3: no such identity: /root/.ssh/id_dsa: No such file or directory debug1: Trying private key: /root/.ssh/id_ecdsa debug3: no such identity: /root/.ssh/id_ecdsa: No such file or directory debug2: we did not send a packet, disable method debug3: authmethod_lookup password debug3: remaining preferred: ,password debug3: authmethod_is_enabled password debug1: Next authentication method: password nobrk1n@10.213.23.112's password: debug3: packet_send2: adding 64 (len 60 padlen 4 extra_pad 64) debug2: we sent a password packet, wait for reply debug1: Authentication succeeded (password). Authenticated to 10.213.23.112 ([10.213.23.112]:2222). debug1: channel 0: new [client-session] debug3: ssh_session2_open: channel_new: 0 debug2: channel 0: send open debug1: Requesting no-more-sessions@openssh.com debug1: Entering interactive session. debug1: client_input_global_request: rtype hostkeys-00@openssh.com want_reply 0 debug2: callback start debug2: fd 3 setting TCP_NODELAY debug3: packet_set_tos: set IP_TOS 0x10 debug2: client_session2_setup: id 0 debug2: channel 0: request pty-req confirm 1 debug1: Sending environment. debug3: Ignored env XDG_SESSION_ID debug3: Ignored env HOSTNAME debug3: Ignored env TERM debug3: Ignored env SHELL debug3: Ignored env HISTSIZE debug3: Ignored env SSH_CLIENT debug3: Ignored env SSH_TTY debug3: Ignored env USER debug3: Ignored env LS_COLORS debug3: Ignored env MAIL debug3: Ignored env PATH debug3: Ignored env PWD debug1: Sending env LANG = en_US.UTF-8 debug2: channel 0: request env confirm 0 debug3: Ignored env HISTCONTROL debug3: Ignored env SHLVL debug3: Ignored env HOME debug3: Ignored env LOGNAME debug3: Ignored env XDG_DATA_DIRS debug3: Ignored env SSH_CONNECTION debug3: Ignored env LESSOPEN debug3: Ignored env XDG_RUNTIME_DIR debug3: Ignored env _ debug2: channel 0: request shell confirm 1 debug2: callback done debug2: channel 0: open confirm rwindow 0 rmax 32768 debug2: channel_input_status_confirm: type 99 id 0 debug2: PTY allocation request accepted on channel 0 debug2: channel 0: rcvd adjust 2097152 debug2: channel_input_status_confirm: type 99 id 0 debug2: shell request accepted on channel 0 Last login: Tue Dec 11 21:17:10 2018 from 10.213.23.201 Please enter the shell password : debug3: Received SSH2_MSG_IGNORE debug3: Received SSH2_MSG_IGNORE debug3: Received SSH2_MSG_IGNORE debug3: Received SSH2_MSG_IGNORE debug3: Received SSH2_MSG_IGNORE debug3: Received SSH2_MSG_IGNORE debug3: Received SSH2_MSG_IGNORE debug3: Received SSH2_MSG_IGNORE debug3: Received SSH2_MSG_IGNORE debug3: Received SSH2_MSG_IGNORE debug3: Received SSH2_MSG_IGNORE debug3: Received SSH2_MSG_IGNORE debug3: Received SSH2_MSG_IGNORE debug3: Received SSH2_MSG_IGNORE debug3: Received SSH2_MSG_IGNORE debug3: Received SSH2_MSG_IGNORE debug3: Received SSH2_MSG_IGNORE Entering shell... [root@atd-reg root]#
I am not able to execute commands like this:我无法执行这样的命令:
ssh -vvv -p2222 nobrk1n@10.213.23.112 ls
On executing the above command I am prompted for nobrk1n user's password.执行上述命令时,系统会提示我输入 nobrk1n 用户的密码。 However on entering the password it gets stuck.但是在输入密码时它会卡住。 I have pasted the output from the above command at https://pastebin.com/hSfiCmdi .我已将上述命令的输出粘贴到https://pastebin.com/hSfiCmdi 。 Usually I first ssh into the server using ssh -p2222 user@host and when connection is established and I have successfully logged in, I start executing the commands.通常我首先使用ssh -p2222 user@host ssh 进入服务器,当建立连接并成功登录时,我开始执行命令。
1 个解决方案
解决方案1
2 已采纳 2018-12-12 10:46:14
Your server uses a standard password authentication for the first password.您的服务器对第一个密码使用标准密码身份验证。
The second password is asked only once shell is starting.只有在 shell 启动时才询问第二个密码。 Simple I/O is used for that.简单的 I/O 就是用来做这个的。
Additionally, your server does not seem to support "exec" interface/channel to execute commands (as ssh user@host command does not work).此外,您的服务器似乎不支持“exec”接口/通道来执行命令(因为ssh user@host command不起作用)。 What is probably related to the "shell password" feature.什么可能与“shell 密码”功能有关。 So you probably have to use "shell" channel to execute your command, what is otherwise not recommended .所以你可能必须使用“shell”通道来执行你的命令,否则不推荐。
ssh = paramiko.SSHClient()
ssh.connect(hostname, username = username, password = password1)
channel = ssh.invoke_shell()
channel.send(password2 + "\n")
channel.send(command + "\n")
while not channel.recv_ready():
time.sleep(1)
out = channel.recv(9999)
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.
相关问题
与 Python Paramiko 连接到 SSH 服务器,除了密码提示外,还需要使用 Enter 键提交键盘交互式横幅 - Connect with Python Paramiko to SSH server that in addition to password prompt requires submitting an keyboard interactive banner with Enter key
通过在Python中使用Paramiko模块,如何在Linux服务器上编辑文件? - By using Paramiko module in Python how can I edit a file on Linux server?
在 Python 中的 Paramiko 中强制密码验证(忽略.ssh 文件夹中的密钥) - Force password authentication (ignore keys in .ssh folder) in Paramiko in Python
如何使用python的paramiko获取当天的SSH消息(MOTD)? - How to get SSH message of the day (MOTD) using python's paramiko?
使用基于主机的身份验证的无密码 Paramiko ssh - Paramiko ssh without password using host based authentication
在python脚本中使用paramiko模块建立ssh连接时如何保护密码? - How to protect password while use paramiko module make ssh connection in python scripts?
没有密码的服务器的 Paramiko 身份验证失败 - Paramiko authentication to server with no password fails
如何使用 Python 和 Paramiko 创建 SSH 隧道? - How to create a SSH tunnel using Python and Paramiko?
在Paramiko中,如何确定是通过SSH密钥还是通过密码成功建立连接? - In Paramiko, how can I determine if a successful connection was via the SSH key or the password?
Python - Paramiko - 不兼容的ssh服务器 - Python - Paramiko - incompatible ssh server
相关标签