ssh - python Paramiko AuthenticationException问题

我在使用Paramiko (版本1.7.6 -2)ssh客户端连接到设备时遇到问题:


$ python


Python 2.6.5 (r265:79063, Apr 16 2010, 13:09:56) 


[GCC 4.4.3] on linux2


Type"help","copyright","credits" or"license" for more information.


>>> import paramiko


>>> ssh = paramiko.SSHClient()


>>> ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())


>>> ssh.connect("123.0.0.1", username="root", password=None)


Traceback (most recent call last):


 File"<stdin>", line 1, in <module>


 File"/usr/lib/pymodules/python2.6/paramiko/client.py", line 327, in connect


 self._auth(username, password, pkey, key_filenames, allow_agent, look_for_keys)


 File"/usr/lib/pymodules/python2.6/paramiko/client.py", line 481, in _auth


 raise saved_exception


paramiko.AuthenticationException: Authentication failed.


>>> 



当我使用来自命令行的ssh时,它工作正常:


ssh root@123.0.0.1



BusyBox v1.12.1 (2010-11-03 13:18:46 EDT) built-in shell (ash)


Enter 'help' for a list of built-in commands.



# 



下面是ssh命令的详细输出:


:~$ ssh -v root@123.0.0.1


OpenSSH_5.3p1 Debian-3ubuntu4, OpenSSL 0.9.8k 25 Mar 2009


debug1: Reading configuration data /etc/ssh/ssh_config


debug1: Applying options for *


debug1: Connecting to 123.0.0.1 [123.0.0.1] port 22.


debug1: Connection established.


debug1: identity file /home/waffleman/.ssh/identity type -1


debug1: identity file /home/waffleman/.ssh/id_rsa type -1


debug1: identity file /home/waffleman/.ssh/id_dsa type -1


debug1: Remote protocol version 2.0, remote software version OpenSSH_5.1


debug1: match: OpenSSH_5.1 pat OpenSSH*


debug1: Enabling compatibility mode for protocol 2.0


debug1: Local version string SSH-2.0-OpenSSH_5.3p1 Debian-3ubuntu4


debug1: SSH2_MSG_KEXINIT sent


debug1: SSH2_MSG_KEXINIT received


debug1: kex: server->client aes128-ctr hmac-md5 none


debug1: kex: client->server aes128-ctr hmac-md5 none


debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent


debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP


debug1: SSH2_MSG_KEX_DH_GEX_INIT sent


debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY


debug1: Host '123.0.0.1' is known and matches the RSA host key.


debug1: Found key in /home/waffleman/.ssh/known_hosts:3


debug1: ssh_rsa_verify: signature correct


debug1: SSH2_MSG_NEWKEYS sent


debug1: expecting SSH2_MSG_NEWKEYS


debug1: SSH2_MSG_NEWKEYS received


debug1: SSH2_MSG_SERVICE_REQUEST sent


debug1: SSH2_MSG_SERVICE_ACCEPT received


debug1: Authentication succeeded (none).


debug1: channel 0: new [client-session]


debug1: Requesting no-more-sessions@openssh.com


debug1: Entering interactive session.


debug1: Sending environment.


debug1: Sending env LANG = en_US.utf8



带有调试输出的python输出:


Python 2.6.5 (r265:79063, Apr 16 2010, 13:09:56) 


[GCC 4.4.3] on linux2


Type"help","copyright","credits" or"license" for more information.


>>> import paramiko, os


>>> paramiko.common.logging.basicConfig(level=paramiko.common.DEBUG)


>>> ssh = paramiko.SSHClient()


>>> ssh.load_system_host_keys()


>>> ssh.load_host_keys(os.path.expanduser('~/.ssh/known_hosts'))


>>> ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())


>>> ssh.connect("123.0.0.1", username='root', password=None)


DEBUG:paramiko.transport:starting thread (client mode): 0x928756cL


INFO:paramiko.transport:Connected (version 2.0, client OpenSSH_5.1)


DEBUG:paramiko.transport:kex algos:['diffie-hellman-group-exchange-sha256', 'diffie-hellman-group-exchange-sha1', 'diffie-hellman-group14-sha1', 'diffie-hellman-group1-sha1'] server key:['ssh-rsa', 'ssh-dss'] client encrypt:['aes128-cbc', '3des-cbc', 'blowfish-cbc', 'cast128-cbc', 'arcfour128', 'arcfour256', 'arcfour', 'aes192-cbc', 'aes256-cbc', 'rijndael-cbc@lysator.liu.se', 'aes128-ctr', 'aes192-ctr', 'aes256-ctr'] server encrypt:['aes128-cbc', '3des-cbc', 'blowfish-cbc', 'cast128-cbc', 'arcfour128', 'arcfour256', 'arcfour', 'aes192-cbc', 'aes256-cbc', 'rijndael-cbc@lysator.liu.se', 'aes128-ctr', 'aes192-ctr', 'aes256-ctr'] client mac:['hmac-md5', 'hmac-sha1', 'umac-64@openssh.com', 'hmac-ripemd160', 'hmac-ripemd160@openssh.com', 'hmac-sha1-96', 'hmac-md5-96'] server mac:['hmac-md5', 'hmac-sha1', 'umac-64@openssh.com', 'hmac-ripemd160', 'hmac-ripemd160@openssh.com', 'hmac-sha1-96', 'hmac-md5-96'] client compress:['none', 'zlib@openssh.com'] server compress:['none', 'zlib@openssh.com'] client lang:[''] server lang:[''] kex follows?False


DEBUG:paramiko.transport:Ciphers agreed: local=aes128-ctr, remote=aes128-ctr


DEBUG:paramiko.transport:using kex diffie-hellman-group1-sha1; server key type ssh-rsa; cipher: local aes128-ctr, remote aes128-ctr; mac: local hmac-sha1, remote hmac-sha1; compression: local none, remote none


DEBUG:paramiko.transport:Switch to new keys ...


DEBUG:paramiko.transport:Trying discovered key b945197b1de1207d9aa0663f01888c3c in /home/waffleman/.ssh/id_rsa


DEBUG:paramiko.transport:userauth is OK


INFO:paramiko.transport:Authentication (publickey) failed.


Traceback (most recent call last):


 File"<stdin>", line 1, in <module>


 File"/usr/lib/pymodules/python2.6/paramiko/client.py", line 327, in connect


 self._auth(username, password, pkey, key_filenames, allow_agent, look_for_keys)


 File"/usr/lib/pymodules/python2.6/paramiko/client.py", line 481, in _auth


 raise saved_exception


paramiko.AuthenticationException: Authentication failed.


>>> 



时间:

远程设备上的ssh服务器拒绝了你的身份验证,确保使用的密钥正确,并且设备没有访问限制,

我看了看输出,你正在使用None身份验证进行身份验证,通常不允许这样做,它用于确定服务器允许哪些身份验证方法,你的服务器可能使用基于主机的身份验证(或者根本没有),

由于很少使用auth_none(),所以无法从SSHClient类访问它,因此你需要直接使用Transport


transport.auth_none('root') 



我只是重写了_auth方法。


from paramiko import SSHClient



class SSHClient_noauth(SSHClient):



 def _auth(self, username, *args):


 self._transport.auth_none(username)


 return



paramiko的SSHClient有load_system_host_keys方法,你可以使用它来加载用户特定的一组密钥。

我认为这是paramiko的错误,在使用paramiko之前必须设置ssh密钥。

...