Asp Forum - Q: paramiko/SSH/ how to get a remote host_key

dima.hristov

1/21/2008 11:53:00 AM

I'm trying to run the simpliest example form paramiko readme(Homepage:
http://www.lag.net...), and
cannot find out how to get the remote SSH server host_key.

This is the code. It is supposed to connect to a remote SSH host and
execute an 'ls' command:

import paramiko, base64

key = paramiko.RSAKey(data=base64.decodestring('AAA...'))
client = paramiko.SSHClient()
client.get_host_keys().add('ssh.example.com', 'ssh-rsa', key)
client.connect('227.112.168.273', username='uname', password='pass')
stdin, stdout, stderr = client.exec_command('ls')
for line in stdout:
print '... ' + line.strip('\n')

client.close()

Now, if I understand it correctly I need to get somehow the host_key
from the server and
write it insted of the 'AAA...' thing. Is there a command to get the
host_key from a remote SSH
server?

8 Answers

Guilherme Polo

1/21/2008 12:30:00 PM

2008/1/21, DHR <dima.hristov@gmail.com>:
> I'm trying to run the simpliest example form paramiko readme(Homepage:
> http://www.lag.net...), and
> cannot find out how to get the remote SSH server host_key.
>
>
> This is the code. It is supposed to connect to a remote SSH host and
> execute an 'ls' command:
>
> import paramiko, base64
>
> key = paramiko.RSAKey(data=base64.decodestring('AAA...'))
> client = paramiko.SSHClient()
> client.get_host_keys().add('ssh.example.com', 'ssh-rsa', key)
> client.connect('227.112.168.273', username='uname', password='pass')
> stdin, stdout, stderr = client.exec_command('ls')
> for line in stdout:
> print '... ' + line.strip('\n')
>
> client.close()
>
> Now, if I understand it correctly I need to get somehow the host_key
> from the server and
> write it insted of the 'AAA...' thing. Is there a command to get the
> host_key from a remote SSH
> server?
> --
> http://mail.python.org/mailman/listinfo/p...
>

You need a key to connect to that server, so you should want this:

keys = paramiko.util.load_host_keys(os.path.expanduser('~/.ssh/known_hosts'))

Then keys[hostname] should contain a RSAKey object that you are looking for

--
-- Guilherme H. Polo Goncalves

dima.hristov

1/21/2008 12:56:00 PM

I am connecting from a WindowsXP SP2 machine. When using Putty as an
SSH client, if you connect for the first time then you get somethign
like this:

''' The server's host key is not cached in the registry. You
have no guarantee that the server is the computer you
think it is.
The server's rsa2 key fingerprint is:
ssh-rsa 1024 7b:e5:6f:a7:f4:f9:81:62:5c:e3:1f:bf:8b:57:6c:5a
If you trust this host, hit Yes to add the key to
PuTTY's cache and carry on connecting.
If you want to carry on connecting just once, without
adding the key to the cache, hit No.
If you do not trust this host, hit Cancel to abandon the
connection. '''

If I get it correctly, Putty is using such a command to recieve the
host_key the first time it connects to a remote SSH server. Then it
stores it into the registry. The question is how can I do it from
Python?

Guilherme Polo wrote:
> 2008/1/21, DHR <dima.hristov@gmail.com>:
> > I'm trying to run the simpliest example form paramiko readme(Homepage:
> > http://www.lag.net...), and
> > cannot find out how to get the remote SSH server host_key.
> >
> >
> > This is the code. It is supposed to connect to a remote SSH host and
> > execute an 'ls' command:
> >
> > import paramiko, base64
> >
> > key = paramiko.RSAKey(data=base64.decodestring('AAA...'))
> > client = paramiko.SSHClient()
> > client.get_host_keys().add('ssh.example.com', 'ssh-rsa', key)
> > client.connect('227.112.168.273', username='uname', password='pass')
> > stdin, stdout, stderr = client.exec_command('ls')
> > for line in stdout:
> > print '... ' + line.strip('\n')
> >
> > client.close()
> >
> > Now, if I understand it correctly I need to get somehow the host_key
> > from the server and
> > write it insted of the 'AAA...' thing. Is there a command to get the
> > host_key from a remote SSH
> > server?
> > --
> > http://mail.python.org/mailman/listinfo/p...
> >
>
> You need a key to connect to that server, so you should want this:
>
> keys = paramiko.util.load_host_keys(os.path.expanduser('~/.ssh/known_hosts'))
>
> Then keys[hostname] should contain a RSAKey object that you are looking for
>
>
> --
> -- Guilherme H. Polo Goncalves

Guilherme Polo

1/21/2008 1:10:00 PM

2008/1/21, DHR <dima.hristov@gmail.com>:
> I am connecting from a WindowsXP SP2 machine. When using Putty as an
> SSH client, if you connect for the first time then you get somethign
> like this:
>
> ''' The server's host key is not cached in the registry. You
> have no guarantee that the server is the computer you
> think it is.
> The server's rsa2 key fingerprint is:
> ssh-rsa 1024 7b:e5:6f:a7:f4:f9:81:62:5c:e3:1f:bf:8b:57:6c:5a
> If you trust this host, hit Yes to add the key to
> PuTTY's cache and carry on connecting.
> If you want to carry on connecting just once, without
> adding the key to the cache, hit No.
> If you do not trust this host, hit Cancel to abandon the
> connection. '''
>
> If I get it correctly, Putty is using such a command to recieve the
> host_key the first time it connects to a remote SSH server. Then it
> stores it into the registry. The question is how can I do it from
> Python?

When you call method connect of SSHClient it checks if server's
hostname is in system_hot_keys or any local host keys, if it is not,
the missing host key policy is used. The default policy is to reject
the key and raise an SSHException, but you can change that default
policy to AutoAddPolicy

>
>
> Guilherme Polo wrote:
> > 2008/1/21, DHR <dima.hristov@gmail.com>:
> > > I'm trying to run the simpliest example form paramiko readme(Homepage:
> > > http://www.lag.net...), and
> > > cannot find out how to get the remote SSH server host_key.
> > >
> > >
> > > This is the code. It is supposed to connect to a remote SSH host and
> > > execute an 'ls' command:
> > >
> > > import paramiko, base64
> > >
> > > key = paramiko.RSAKey(data=base64.decodestring('AAA...'))
> > > client = paramiko.SSHClient()
> > > client.get_host_keys().add('ssh.example.com', 'ssh-rsa', key)
> > > client.connect('227.112.168.273', username='uname', password='pass')
> > > stdin, stdout, stderr = client.exec_command('ls')
> > > for line in stdout:
> > > print '... ' + line.strip('\n')
> > >
> > > client.close()
> > >
> > > Now, if I understand it correctly I need to get somehow the host_key
> > > from the server and
> > > write it insted of the 'AAA...' thing. Is there a command to get the
> > > host_key from a remote SSH
> > > server?
> > > --
> > > http://mail.python.org/mailman/listinfo/p...
> > >
> >
> > You need a key to connect to that server, so you should want this:
> >
> > keys = paramiko.util.load_host_keys(os.path.expanduser('~/.ssh/known_hosts'))
> >
> > Then keys[hostname] should contain a RSAKey object that you are looking for
> >
> >
> > --
> > -- Guilherme H. Polo Goncalves
> --
> http://mail.python.org/mailman/listinfo/p...
>

--
-- Guilherme H. Polo Goncalves

dima.hristov

1/21/2008 1:44:00 PM

Thank you! Now it works and the code looks like this:

import paramiko
import base64
from paramiko import AutoAddPolicy, SSHClient

client = paramiko.SSHClient()
client.set_missing_host_key_policy(AutoAddPolicy())
client.connect('hostIP', username='uname', password='pass')
stdin, stdout, stderr = client.exec_command('ls')
for line in stdout:
print '... ' + line.strip('\n')

client.close()

On Jan 21, 3:10 pm, "Guilherme Polo" <ggp...@gmail.com> wrote:
> 2008/1/21, DHR <dima.hris...@gmail.com>:
>
>
>
> > I am connecting from a WindowsXP SP2 machine. When using Putty as an
> > SSH client, if you connect for the first time then you get somethign
> > like this:
>
> > ''' The server's host key is not cached in the registry. You
> > have no guarantee that the server is the computer you
> > think it is.
> > The server's rsa2 key fingerprint is:
> > ssh-rsa 1024 7b:e5:6f:a7:f4:f9:81:62:5c:e3:1f:bf:8b:57:6c:5a
> > If you trust this host, hit Yes to add the key to
> > PuTTY's cache and carry on connecting.
> > If you want to carry on connecting just once, without
> > adding the key to the cache, hit No.
> > If you do not trust this host, hit Cancel to abandon the
> > connection. '''
>
> > If I get it correctly, Putty is using such a command to recieve the
> > host_key the first time it connects to a remote SSH server. Then it
> > stores it into the registry. The question is how can I do it from
> > Python?
>
> When you call method connect of SSHClient it checks if server's
> hostname is in system_hot_keys or any local host keys, if it is not,
> the missing host key policy is used. The default policy is to reject
> the key and raise an SSHException, but you can change that default
> policy to AutoAddPolicy
>
>
>
>
>
> > Guilherme Polo wrote:
> > > 2008/1/21, DHR <dima.hris...@gmail.com>:
> > > > I'm trying to run the simpliest example form paramiko readme(Homepage:
> > > >http://www.lag.net...), and
> > > > cannot find out how to get the remote SSH server host_key.
>
> > > > This is the code. It is supposed to connect to a remote SSH host and
> > > > execute an 'ls' command:
>
> > > > import paramiko, base64
>
> > > > key = paramiko.RSAKey(data=base64.decodestring('AAA...'))
> > > > client = paramiko.SSHClient()
> > > > client.get_host_keys().add('ssh.example.com', 'ssh-rsa', key)
> > > > client.connect('227.112.168.273', username='uname', password='pass')
> > > > stdin, stdout, stderr = client.exec_command('ls')
> > > > for line in stdout:
> > > > print '... ' + line.strip('\n')
>
> > > > client.close()
>
> > > > Now, if I understand it correctly I need to get somehow the host_key
> > > > from the server and
> > > > write it insted of the 'AAA...' thing. Is there a command to get the
> > > > host_key from a remote SSH
> > > > server?
> > > > --
> > > >http://mail.python.org/mailman/listinfo/p...
>
> > > You need a key to connect to that server, so you should want this:
>
> > > keys = paramiko.util.load_host_keys(os.path.expanduser('~/.ssh/known_hosts'))
>
> > > Then keys[hostname] should contain a RSAKey object that you are looking for
>
> > > --
> > > -- Guilherme H. Polo Goncalves
> > --
> >http://mail.python.org/mailman/listinfo/p...
>
> --
> -- Guilherme H. Polo Goncalves

Guilherme Polo

1/21/2008 2:08:00 PM

2008/1/21, DHR <dima.hristov@gmail.com>:
> Thank you! Now it works and the code looks like this:
>
> import paramiko
> import base64
> from paramiko import AutoAddPolicy, SSHClient
>
> client = paramiko.SSHClient()
> client.set_missing_host_key_policy(AutoAddPolicy())
> client.connect('hostIP', username='uname', password='pass')
> stdin, stdout, stderr = client.exec_command('ls')
> for line in stdout:
> print '... ' + line.strip('\n')
>
> client.close()

Very nice =)

Just an advice, you dont need to import base64. Method decode of
strings allows you to specify encoding as 'base64' to perform needed
operations.

>
> On Jan 21, 3:10 pm, "Guilherme Polo" <ggp...@gmail.com> wrote:
> > 2008/1/21, DHR <dima.hris...@gmail.com>:
> >
> >
> >
> > > I am connecting from a WindowsXP SP2 machine. When using Putty as an
> > > SSH client, if you connect for the first time then you get somethign
> > > like this:
> >
> > > ''' The server's host key is not cached in the registry. You
> > > have no guarantee that the server is the computer you
> > > think it is.
> > > The server's rsa2 key fingerprint is:
> > > ssh-rsa 1024 7b:e5:6f:a7:f4:f9:81:62:5c:e3:1f:bf:8b:57:6c:5a
> > > If you trust this host, hit Yes to add the key to
> > > PuTTY's cache and carry on connecting.
> > > If you want to carry on connecting just once, without
> > > adding the key to the cache, hit No.
> > > If you do not trust this host, hit Cancel to abandon the
> > > connection. '''
> >
> > > If I get it correctly, Putty is using such a command to recieve the
> > > host_key the first time it connects to a remote SSH server. Then it
> > > stores it into the registry. The question is how can I do it from
> > > Python?
> >
> > When you call method connect of SSHClient it checks if server's
> > hostname is in system_hot_keys or any local host keys, if it is not,
> > the missing host key policy is used. The default policy is to reject
> > the key and raise an SSHException, but you can change that default
> > policy to AutoAddPolicy
> >
> >
> >
> >
> >
> > > Guilherme Polo wrote:
> > > > 2008/1/21, DHR <dima.hris...@gmail.com>:
> > > > > I'm trying to run the simpliest example form paramiko readme(Homepage:
> > > > >http://www.lag.net...), and
> > > > > cannot find out how to get the remote SSH server host_key.
> >
> > > > > This is the code. It is supposed to connect to a remote SSH host and
> > > > > execute an 'ls' command:
> >
> > > > > import paramiko, base64
> >
> > > > > key = paramiko.RSAKey(data=base64.decodestring('AAA...'))
> > > > > client = paramiko.SSHClient()
> > > > > client.get_host_keys().add('ssh.example.com', 'ssh-rsa', key)
> > > > > client.connect('227.112.168.273', username='uname', password='pass')
> > > > > stdin, stdout, stderr = client.exec_command('ls')
> > > > > for line in stdout:
> > > > > print '... ' + line.strip('\n')
> >
> > > > > client.close()
> >
> > > > > Now, if I understand it correctly I need to get somehow the host_key
> > > > > from the server and
> > > > > write it insted of the 'AAA...' thing. Is there a command to get the
> > > > > host_key from a remote SSH
> > > > > server?
> > > > > --
> > > > >http://mail.python.org/mailman/listinfo/p...
> >
> > > > You need a key to connect to that server, so you should want this:
> >
> > > > keys = paramiko.util.load_host_keys(os.path.expanduser('~/.ssh/known_hosts'))
> >
> > > > Then keys[hostname] should contain a RSAKey object that you are looking for
> >
> > > > --
> > > > -- Guilherme H. Polo Goncalves
> > > --
> > >http://mail.python.org/mailman/listinfo/p...
> >
> > --
> > -- Guilherme H. Polo Goncalves
>
> --
> http://mail.python.org/mailman/listinfo/p...
>

--
-- Guilherme H. Polo Goncalves

charles

1/30/2008 6:55:00 PM

I tried to get what host_key has been aquired after AutoPolicy is set. I
added the following code just before client.close() in rosty's final code:

try:
host_keys =
paramiko.util.load_host_keys(os.path.expanduser('~/.ssh/known_hosts'))
except IOError:
try:
host_keys =
paramiko.util.load_host_keys(os.path.expanduser('~/ssh/known_hosts'))
except IOError:
print '*** Unable to open host keys file'

I still got 'Unable to open host keys file'. Can you tell me how to get the
remote host_key under this situation? Thanks!

Charles
1/30/2008

by Guilherme Polo Jan 21, 2008; 09:08am :

2008/1/21, DHR <dima.hristov@gmail.com>:

Very nice =)

Just an advice, you dont need to import base64. Method decode of
strings allows you to specify encoding as 'base64' to perform needed
operations.

by rosty Jan 21, 2008; 08:43am :

Thank you! Now it works and the code looks like this:

import paramiko
import base64
from paramiko import AutoAddPolicy, SSHClient

client = paramiko.SSHClient()
client.set_missing_host_key_policy(AutoAddPolicy())
client.connect('hostIP', username='uname', password='pass')
stdin, stdout, stderr = client.exec_command('ls')
for line in stdout:
print '... ' + line.strip('\n')

client.close()
--
View this message in context: http://www.nabble.com/Q%3A-paramiko-SSH--how-to-get-a-remote-host_key-tp14996119p151...
Sent from the Python - python-list mailing list archive at Nabble.com.

Guilherme Polo

1/30/2008 7:05:00 PM

2008/1/30, Charles_hans <charles_hans@yahoo.com>:
>
> I tried to get what host_key has been aquired after AutoPolicy is set. I
> added the following code just before client.close() in rosty's final code:
>
> try:
> host_keys =
> paramiko.util.load_host_keys(os.path.expanduser('~/.ssh/known_hosts'))
> except IOError:
> try:
> host_keys =
> paramiko.util.load_host_keys(os.path.expanduser('~/ssh/known_hosts'))
> except IOError:
> print '*** Unable to open host keys file'
>
> I still got 'Unable to open host keys file'. Can you tell me how to get the
> remote host_key under this situation? Thanks!
>
> Charles
> 1/30/2008

Hey Charles,

If you take a look on your code, you will see that you are catching
IOError. So the problem you are noticing is related to I/O failing
such as non-existent file. Be sure to check if '~/.ssh/known_hosts'
exists, if the first try fails, check if "~/ssh/known_hosts" exists
then (since you are trying to access that file).

Cheers,

>
> by Guilherme Polo Jan 21, 2008; 09:08am :
>
> 2008/1/21, DHR <dima.hristov@gmail.com>:
>
> Very nice =)
>
> Just an advice, you dont need to import base64. Method decode of
> strings allows you to specify encoding as 'base64' to perform needed
> operations.
>
>
> by rosty Jan 21, 2008; 08:43am :
>
> Thank you! Now it works and the code looks like this:
>
> import paramiko
> import base64
> from paramiko import AutoAddPolicy, SSHClient
>
> client = paramiko.SSHClient()
> client.set_missing_host_key_policy(AutoAddPolicy())
> client.connect('hostIP', username='uname', password='pass')
> stdin, stdout, stderr = client.exec_command('ls')
> for line in stdout:
> print '... ' + line.strip('\n')
>
> client.close()
> --
> View this message in context: http://www.nabble.com/Q%3A-paramiko-SSH--how-to-get-a-remote-host_key-tp14996119p151...
> Sent from the Python - python-list mailing list archive at Nabble.com.
>
> --
> http://mail.python.org/mailman/listinfo/p...
>

--
-- Guilherme H. Polo Goncalves

charles

1/30/2008 9:41:00 PM

Thank you, Guilherme. I was running demo_sftp.py included in paramiko
download.

It seems that '.ssh/known_hosts' should be the path of a key file on my
working directory on local PC. (Right?) I replaced this with 'test_rsa.key'
in C:\paramiko-1.7.2\demos and this did not generate error. But the returned
host_keys is empty. I traced the code to 'hostkeys.py' and found that the
line

e = HostKeyEntry.from_line(line)

always retuned None. This means that my remote host name should have been in
this key file. (Right?)

I am very new to paramiko. How to create such a key file (with my remote
host name)? Should I also load this key file into the remote server? Please
advise. Thanks!

Charles
1/30

2008/1/30, Charles_hans <charles_hans@yahoo.com>:
>
> I tried to get what host_key has been aquired after AutoPolicy is set. I
> added the following code just before client.close() in rosty's final code:
>
> try:
> host_keys =
> paramiko.util.load_host_keys(os.path.expanduser('~/.ssh/known_hosts'))
> except IOError:
> try:
> host_keys =
> paramiko.util.load_host_keys(os.path.expanduser('~/ssh/known_hosts'))
> except IOError:
> print '*** Unable to open host keys file'
>
> I still got 'Unable to open host keys file'. Can you tell me how to get
> the
> remote host_key under this situation? Thanks!
>
> Charles
> 1/30/2008

Hey Charles,

If you take a look on your code, you will see that you are catching
IOError. So the problem you are noticing is related to I/O failing
such as non-existent file. Be sure to check if '~/.ssh/known_hosts'
exists, if the first try fails, check if "~/ssh/known_hosts" exists
then (since you are trying to access that file).

Cheers,

> by rosty Jan 21, 2008; 08:43am :
>
> Thank you! Now it works and the code looks like this:
>
> import paramiko
> import base64
> from paramiko import AutoAddPolicy, SSHClient
>
> client = paramiko.SSHClient()
> client.set_missing_host_key_policy(AutoAddPolicy())
> client.connect('hostIP', username='uname', password='pass')
> stdin, stdout, stderr = client.exec_command('ls')
> for line in stdout:
> print '... ' + line.strip('\n')
>
> client.close()
--
View this message in context: http://www.nabble.com/Q%3A-paramiko-SSH--how-to-get-a-remote-host_key-tp14996119p151...
Sent from the Python - python-list mailing list archive at Nabble.com.

comp.lang.python

Q: paramiko/SSH/ how to get a remote host_key

dima.hristov

Guilherme Polo

dima.hristov

Guilherme Polo

dima.hristov

Guilherme Polo

charles

Guilherme Polo

charles

x Login to ForumsZone