11

I need to connect to a server with SSH to download files. I have Ubuntu and I've set up SSH in the standard way: I have a ssh_config file in .ssh which defines a host entry (say host_key) for the server address (Hostname.com) and username, and I've set up an RSA key. So when I try to log into SSH from the command line or bash, I just need to use ssh host_key

I would like to do this in Python. The standard solutions seems to be to use Paramiko to set up the connection. I tried this:

from paramiko import SSHClient
from scp import SCPClient

ssh = SSHClient()
ssh.load_system_host_keys()
ssh.connect('host_key')

scp = SCPClient(ssh.get_transport())
# etc...

However, it always seems to hang and time out on ssh.connect('host_key'). Even when I try to include the username and password: ssh.connect('host_key', username='usrnm', password='pswd').

Are my host keys not loading properly? And would this take care of the RSA keys as well?

It only works if I use the whole Hostname.com with username and typed-out password. Which is maybe a bit insecure.

Improve this question
0

3 Answers 3

Reset to default
0

Since paramiko has a SSHConfig class, you can use it for your ~/.ssh/config. However, it is slightly messy, I recommend you to use fabric instead of that. Here is the code example:

from fabric.api import put
put('local path', 'remote path')
Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

This does not answer OP's question. I'm still looking for an example of the use of a Paramiko SSHConfig object. (Fabric is off the table because there seems to be no up-to-date Fabric built for Debian. I have unfortunately discovered a deal-breaker bug that loses stdin data, long since fixed, in the only version of Fabric that is available for Debian (2.6). Also there is no usable documentation for building a library distribution from the Fabric source; the doc for that is many years out of date and it doesn't appear to be applicable to the current source.
0

Just in case the OP was looking for an example of the use of paramiko.SSHConfig() (Martin, you're right, it's hard to tell), here's an answer that works for me on current Linux (Debian 12.x):

    sshHostName = <a host name defined in ~/.ssh/config>
    userName = <login name on sshHostName>
    command = <the command to run on sshHostName>

    import os.path, paramiko    
    sshClientConfig = paramiko.SSHConfig.from_path(
        os.path.expanduser(
            '~%s/.ssh/config' % ( userName),
        ),
    ).lookup(
        sshHostName,
    )
    sshClientConfig.update(  ## sshClientConfig is a dict
        {
            'user': userName,  ## this is unnecessary in my case, because
                                   ## the user is always root at both ends.

            ## N.B. In my case, the remote user already has the public key
            ## of the local user.
        },
    )
    with paramiko.SSHClient() as sshClient:
        sshClient.set_missing_host_key_policy( paramiko.AutoAddPolicy())
        sshClient.connect(
            hostname = sshClientConfig[ 'hostname'],           
            port = sshClientConfig[ 'port'],           
            username = sshClientConfig[ 'user'],
        )
        (
           stdin, stdout, stderr,
        ) = sshClient.exec_command( command)
Improve this answer

3 Comments

Using AutoAddPolicy this way is a security flaw. You are losing a protection against MITM attacks.
Shouldn't it be sshClientConfig['user']?
@Caesar: In answer to your question, "Yes". Fixed. (For this example it doesn't matter, but it might matter in another context.) N.B. Paramiko's naming inconsistency in the edited line username = sshClientConfig[ 'user'].
-3

I do not think that it is common to use ssh_config file with Paramiko (or any other code/language). ssh_config is a configuration file for OpenSSH tools, not for SSH in general.

Usually, you specify your private key directly in your code as an argument of SSHClient.connect method:
How to access to a remote server using Paramiko with a public key-file

If you want to keep using ssh_config, Paramiko can parse it. Check parse_ssh_config and lookup_ssh_host_config functions. But I believe, you still have to look up the key file from the config and pass it explicitly to SSHClient.connect method.

Improve this answer

2 Comments

AFAICT, this isn't an answer to the OP's question and it reflects a misunderstanding. SSH keys and dictionary keys (such as "host_key" in the OP's question) are entirely different things.
@SteveNewcomb OP asks about BOTH auth private key and host key. While I indeed covered explicitly only auth private key in my answer, it's not the point of the answer. The point is that it's common misconception that people believe that OpenSSH config file is some kind of generic magic SSH config file that all SSH clients and libraries automatically use. It's not. Imo, I've answered OP's question, even though OP (and you) might not like it.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.