0

I need to execute several shell commands using python, but I couldn't resolve one of the problems. When I scp to another machine, usually it prompts and asks whether to add this machine to known host. I want the program to input "yes" automatically, but I couldn't get it to work. My program so far looks like this:

from subprocess import Popen, PIPE, STDOUT

def auto():
  user = "abc"
  inst_dns = "example.com"    
  private_key = "sample.sem"
  capFile = "/home/ubuntu/*.cap"

  temp = "%s@%s:~" %(user, inst_dns)
  scp_cmd = ["scp", "-i", private_key, capFile, temp]

  print ( "The scp command is: %s" %" ".join(scp_cmd) )
  scpExec = Popen(scp_cmd, shell=False, stdin=PIPE, stdout=PIPE)
  # this is the place I tried to write "yes" 
  # but doesn't work
  scpExec.stdin.write("yes\n")
  scpExec.stdin.flush()
  while True:
    output = scpExec.stdout.readline()
    print ("output: %s" %output)
    if output == "": 
      break

If I run this program, it still prompt and ask for input. How can I response to the prompt automatically? Thanks.

Improve this question
3
  • 1
    Won't the -q flag help? man says -q Quiet mode: disables the progress meter as well as warning and diagnostic messages from ssh(1). Commented Apr 27, 2012 at 20:19
  • @LevLevitsky: Well, not really, that only silents the warning, but adding to known host is standard prompt I suppose. Commented Apr 27, 2012 at 20:23
  • 2
    Maybe you would be better off using lag.net/paramiko instead of ssh subprocesses. Commented Apr 27, 2012 at 20:25

2 Answers 2

Reset to default
5

You're being prompted to add the host key to your know hosts file because ssh is configured for StrictHostKeyChecking. From the man page:

StrictHostKeyChecking

If this flag is set to “yes”, ssh(1) will never automatically add host keys to the ~/.ssh/known_hosts file, and refuses to connect to hosts whose host key has changed. This provides maximum protection against trojan horse attacks, though it can be annoying when the /etc/ssh/ssh_known_hosts file is poorly maintained or when connections to new hosts are frequently made. This option forces the user to manually add all new hosts. If this flag is set to “no”, ssh will automatically add new host keys to the user known hosts files. If this flag is set to “ask”, new host keys will be added to the user known host files only after the user has confirmed that is what they really want to do, and ssh will

You can set StrictHostKeyChecking to "no" if you want ssh/scp to automatically accept new keys without prompting. On the command line:

scp -o StrictHostKeyChecking=no ...

You can also enable batch mode:

BatchMode

If set to “yes”, passphrase/password querying will be disabled. This option is useful in scripts and other batch jobs where no user is present to supply the password. The argument must be “yes” or “no”. The default is “no”.

With BatchMode=yes, ssh/scp will fail instead of prompting (which is often an improvement for scripts).

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Wonderful answer in terms of solution!! Although I'm still expecting an answer from python stand point. :)
1

Best way I know to avoid being asked about fingerprint matches is to pre-populate the relevant keys in .ssh/known_hosts. In most cases, you really should already know what the remote machines' public keys are, and it is straightforward to put them in a known_hosts that ssh can find.

In the few cases where you don't, and can't, know the remote public key, then the most correct solution depends on why you don't know. If, say, you're writing software that needs to be run on arbitrary user boxes and may need to ssh on the user's behalf to other arbitrary boxes, it may be best for your software to run ssh-keyscan on its own to acquire the ostensible remote public key, let the user approve or reject it explicitly if at all possible, and if approved, append the key to known_hosts and then invoke ssh.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.