小贝子编程

在具有非默认端口的Paramiko中设置SFTP服务器主机公钥



我正在尝试在建立连接之前设置一个已知的主机公钥。我已经尝试使用合作伙伴与我共享的公钥文件,但我无法连接,所以现在我正在尝试添加服务器返回的密钥。以下是我正在执行的步骤:

1.从主机检索密钥

from io import StringIO
import paramiko
paramiko.util.log_to_file('paramiko.log')
private_key_data = '...'
private_key = paramiko.RSAKey.from_private_key(StringIO(private_key_data))
ssh_client = paramiko.SSHClient()
ssh_client.set_missing_host_key_policy(paramiko.AutoAddPolicy())
ssh_client.connect('my-host', port='5022', username='my-username', pkey=private_key)
public_key = ssh_client.get_transport().get_remote_server_key()
print(public_key.get_name())
print(public_key.get_base64())

有了这个,我可以检索主机信息,它是:

ssh-rsa
AAAAB3NzaC1yc2EAAAADAQABAAACAQCe+JHg9baP3+RiUfURnMx+KUWV+BU2KxPItLzY7b2bxQYirzOhvrgEyLNQxD/DFPlPX+BZVbu1DnLjclmvRx9mpY2ksMH75S/xCoqTleOk1Xyaq001SjjcjVFfkgpBdxDx6amWighSqyzYHMS0NLE+0w2i3TTtAw8AfqtPBloXC+dAXOuBS97uKLm6RDmFq6gx0NAn7WoGM1Tpbb8WFsNbLqlRriqMwCd8WRvAFEsvUbbnq7XboCH0nWLJ85//k6UX7Oz9Xbv7YEq4O6BpYr86iUoCaJ6+XVJ1Gs1LG4ALyBeD78lLQUHiXuXcAuIoIF7UHPhAF3mL2iPrl30xZ+WId3LvtGJukWYNE7kdkxwspQi42K8OFdRPTa8Ana7a1e6iP8/MTfrddBBb7W1jHrTWgQCDEerv3nc7sUWHmbdePoSySuzon+4v/zNppUwyYVrscDT6alKrGGHt3cnoEuln584i0z4fEWyY6Y0MO5DXCqGJEJaUDIkZZYsHvD0EkiKe0dAeQ28jsVBqHIvGVSKtUxL9Vh4uG0Px6LMlToCsknrz0/Ur+V1HkZTRzd9A8MDCjK083GElto+9neVIuDTglIp3EJHwW/vw/z9XX2qVGRUODp/G/sD73vhQeVT0WNp5LviZa59ReNcw2p2djQpn/LlvwAU4kjywTpbSX/PHww==

连接已成功建立,如日志所示:

DEB [20220923-13:50:09.046] thr=1   paramiko.transport: starting thread (client mode): 0x341f6040
DEB [20220923-13:50:09.047] thr=1   paramiko.transport: Local version/idstring: SSH-2.0-paramiko_2.11.0
DEB [20220923-13:50:09.113] thr=1   paramiko.transport: Remote version/idstring: SSH-2.0-SSHD
INF [20220923-13:50:09.114] thr=1   paramiko.transport: Connected (version 2.0, client SSHD)
DEB [20220923-13:50:09.117] thr=1   paramiko.transport: === Key exchange possibilities ===
DEB [20220923-13:50:09.118] thr=1   paramiko.transport: kex algos: diffie-hellman-group1-sha1, diffie-hellman-group14-sha1, diffie-hellman-group-exchange-sha256, diffie-hellman-group-exchange-sha1
DEB [20220923-13:50:09.119] thr=1   paramiko.transport: server key: ssh-rsa
DEB [20220923-13:50:09.121] thr=1   paramiko.transport: client encrypt: aes128-ctr, aes256-cbc, aes192-cbc, aes128-cbc, aes256-ctr, aes192-ctr, blowfish-cbc, 3des-cbc
DEB [20220923-13:50:09.122] thr=1   paramiko.transport: server encrypt: aes128-ctr, aes256-cbc, aes192-cbc, aes128-cbc, aes256-ctr, aes192-ctr, blowfish-cbc, 3des-cbc
DEB [20220923-13:50:09.122] thr=1   paramiko.transport: client mac: hmac-sha1, hmac-md5, hmac-sha1-96, hmac-md5-96, hmac-sha256, hmac-sha256@ssh.com
DEB [20220923-13:50:09.122] thr=1   paramiko.transport: server mac: hmac-sha256, hmac-sha1, hmac-md5, hmac-sha1-96, hmac-md5-96, hmac-sha256@ssh.com
DEB [20220923-13:50:09.123] thr=1   paramiko.transport: client compress: none, zlib
DEB [20220923-13:50:09.123] thr=1   paramiko.transport: server compress: none, zlib
DEB [20220923-13:50:09.123] thr=1   paramiko.transport: client lang: <none>
DEB [20220923-13:50:09.124] thr=1   paramiko.transport: server lang: <none>
DEB [20220923-13:50:09.124] thr=1   paramiko.transport: kex follows: False
DEB [20220923-13:50:09.124] thr=1   paramiko.transport: === Key exchange agreements ===
DEB [20220923-13:50:09.124] thr=1   paramiko.transport: Kex: diffie-hellman-group-exchange-sha256
DEB [20220923-13:50:09.125] thr=1   paramiko.transport: HostKey: ssh-rsa
DEB [20220923-13:50:09.125] thr=1   paramiko.transport: Cipher: aes128-ctr
DEB [20220923-13:50:09.125] thr=1   paramiko.transport: MAC: hmac-sha1
DEB [20220923-13:50:09.125] thr=1   paramiko.transport: Compression: none
DEB [20220923-13:50:09.125] thr=1   paramiko.transport: === End of kex handshake ===
DEB [20220923-13:50:09.278] thr=1   paramiko.transport: Got server p (2048 bits)
DEB [20220923-13:50:09.382] thr=1   paramiko.transport: kex engine KexGexSHA256 specified hash_algo <built-in function openssl_sha256>
DEB [20220923-13:50:09.383] thr=1   paramiko.transport: Switch to new keys ...
DEB [20220923-13:50:09.384] thr=2   paramiko.transport: Adding ssh-rsa host key for [my-host]:5022: b'466adf2cd4948be2edf7f8d3336aa337'
DEB [20220923-13:50:09.385] thr=2   paramiko.transport: Trying SSH key b'3954a61f2e2692563090acefd187b519'
DEB [20220923-13:50:09.518] thr=1   paramiko.transport: userauth is OK
DEB [20220923-13:50:09.519] thr=1   paramiko.transport: Finalizing pubkey algorithm for key of type 'ssh-rsa'
DEB [20220923-13:50:09.520] thr=1   paramiko.transport: Our pubkey algorithm list: ['rsa-sha2-512', 'rsa-sha2-256', 'ssh-rsa']
DEB [20220923-13:50:09.520] thr=1   paramiko.transport: Server did not send a server-sig-algs list; defaulting to our first preferred algo ('rsa-sha2-512')
DEB [20220923-13:50:09.521] thr=1   paramiko.transport: NOTE: you may use the 'disabled_algorithms' SSHClient/Transport init kwarg to disable that or other algorithms if your server does not support them!
INF [20220923-13:50:09.804] thr=1   paramiko.transport: Authentication (publickey) successful!

2.设置期望的主机公钥

现在,我想手动设置我检查的公钥:

from io import StringIO
from base64 import decodebytes
import paramiko
paramiko.util.log_to_file('paramiko.log')
public_key_data = b'AAAAB3NzaC1yc2EAAAADAQABAAACAQCe+JHg9baP3+RiUfURnMx+KUWV+BU2KxPItLzY7b2bxQYirzOhvrgEyLNQxD/DFPlPX+BZVbu1DnLjclmvRx9mpY2ksMH75S/xCoqTleOk1Xyaq001SjjcjVFfkgpBdxDx6amWighSqyzYHMS0NLE+0w2i3TTtAw8AfqtPBloXC+dAXOuBS97uKLm6RDmFq6gx0NAn7WoGM1Tpbb8WFsNbLqlRriqMwCd8WRvAFEsvUbbnq7XboCH0nWLJ85//k6UX7Oz9Xbv7YEq4O6BpYr86iUoCaJ6+XVJ1Gs1LG4ALyBeD78lLQUHiXuXcAuIoIF7UHPhAF3mL2iPrl30xZ+WId3LvtGJukWYNE7kdkxwspQi42K8OFdRPTa8Ana7a1e6iP8/MTfrddBBb7W1jHrTWgQCDEerv3nc7sUWHmbdePoSySuzon+4v/zNppUwyYVrscDT6alKrGGHt3cnoEuln584i0z4fEWyY6Y0MO5DXCqGJEJaUDIkZZYsHvD0EkiKe0dAeQ28jsVBqHIvGVSKtUxL9Vh4uG0Px6LMlToCsknrz0/Ur+V1HkZTRzd9A8MDCjK083GElto+9neVIuDTglIp3EJHwW/vw/z9XX2qVGRUODp/G/sD73vhQeVT0WNp5LviZa59ReNcw2p2djQpn/LlvwAU4kjywTpbSX/PHww=='
public_key = paramiko.RSAKey(data=decodebytes(public_key_data))
private_key_data = '...'
private_key = paramiko.RSAKey.from_private_key(StringIO(private_key_data))
ssh_client = paramiko.SSHClient()
ssh_client.get_host_keys().add('my-host', 'ssh-rsa', public_key)
ssh_client.connect('my-host', port='5022', username='my-username', pkey=private_key)

然而,连接抛出了一个错误,可以在日志中检查:

DEB [20220923-14:00:18.113] thr=4   paramiko.transport: starting thread (client mode): 0x34153ee0
DEB [20220923-14:00:18.115] thr=4   paramiko.transport: Local version/idstring: SSH-2.0-paramiko_2.11.0
DEB [20220923-14:00:18.163] thr=4   paramiko.transport: Remote version/idstring: SSH-2.0-SSHD
INF [20220923-14:00:18.165] thr=4   paramiko.transport: Connected (version 2.0, client SSHD)
DEB [20220923-14:00:18.169] thr=4   paramiko.transport: === Key exchange possibilities ===
DEB [20220923-14:00:18.170] thr=4   paramiko.transport: kex algos: diffie-hellman-group1-sha1, diffie-hellman-group14-sha1, diffie-hellman-group-exchange-sha256, diffie-hellman-group-exchange-sha1
DEB [20220923-14:00:18.170] thr=4   paramiko.transport: server key: ssh-rsa
DEB [20220923-14:00:18.171] thr=4   paramiko.transport: client encrypt: aes128-ctr, aes256-cbc, aes192-cbc, aes128-cbc, aes256-ctr, aes192-ctr, blowfish-cbc, 3des-cbc
DEB [20220923-14:00:18.171] thr=4   paramiko.transport: server encrypt: aes128-ctr, aes256-cbc, aes192-cbc, aes128-cbc, aes256-ctr, aes192-ctr, blowfish-cbc, 3des-cbc
DEB [20220923-14:00:18.172] thr=4   paramiko.transport: client mac: hmac-sha1, hmac-md5, hmac-sha1-96, hmac-md5-96, hmac-sha256, hmac-sha256@ssh.com
DEB [20220923-14:00:18.172] thr=4   paramiko.transport: server mac: hmac-sha256, hmac-sha1, hmac-md5, hmac-sha1-96, hmac-md5-96, hmac-sha256@ssh.com
DEB [20220923-14:00:18.173] thr=4   paramiko.transport: client compress: none, zlib
DEB [20220923-14:00:18.173] thr=4   paramiko.transport: server compress: none, zlib
DEB [20220923-14:00:18.173] thr=4   paramiko.transport: client lang: <none>
DEB [20220923-14:00:18.173] thr=4   paramiko.transport: server lang: <none>
DEB [20220923-14:00:18.173] thr=4   paramiko.transport: kex follows: False
DEB [20220923-14:00:18.174] thr=4   paramiko.transport: === Key exchange agreements ===
DEB [20220923-14:00:18.174] thr=4   paramiko.transport: Kex: diffie-hellman-group-exchange-sha256
DEB [20220923-14:00:18.174] thr=4   paramiko.transport: HostKey: ssh-rsa
DEB [20220923-14:00:18.174] thr=4   paramiko.transport: Cipher: aes128-ctr
DEB [20220923-14:00:18.174] thr=4   paramiko.transport: MAC: hmac-sha1
DEB [20220923-14:00:18.174] thr=4   paramiko.transport: Compression: none
DEB [20220923-14:00:18.174] thr=4   paramiko.transport: === End of kex handshake ===
DEB [20220923-14:00:18.316] thr=4   paramiko.transport: Got server p (2048 bits)
DEB [20220923-14:00:18.422] thr=4   paramiko.transport: kex engine KexGexSHA256 specified hash_algo <built-in function openssl_sha256>
DEB [20220923-14:00:18.423] thr=4   paramiko.transport: Switch to new keys ...
DEB [20220923-14:00:18.424] thr=2   paramiko.transport: Rejecting ssh-rsa host key for [my-host]:5022: b'466adf2cd4948be2edf7f8d3336aa337'

连接似乎拒绝了我设置的ssh-rsa主机密钥。知道为什么会发生这种事吗?

当您使用非标准端口号(而非22(时,主机密钥存储库的密钥是[host]:port,而不仅仅是host

ssh_client.get_host_keys().add('[my-host]:5022', 'ssh-rsa', public_key)

相关内容

最新更新


热门标签:

javascript python java c# php android html jquery c++ css ios sql mysql arrays asp.net json python-3.x ruby-on-rails .net sql-server django objective-c excel regex ruby linux ajax iphone xml vba spring asp.net-mvc database wordpress string postgresql wpf windows xcode bash git oracle list vb.net multithreading eclipse algorithm macos powershell visual-studio image forms numpy scala function api selenium