Paramiko身份验证异常问题

$ python Python 2.6.5 (r265:79063, Apr 16 2010, 13:09:56) [GCC 4.4.3] on linux2 Type "help", "copyright", "credits" or "license" for more information. >>> import paramiko >>> ssh = paramiko.SSHClient() >>> ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy()) >>> ssh.connect("123.0.0.1", username="root", password=None) Traceback (most recent call last): File "<stdin>", line 1, in <module> File "/usr/lib/pymodules/python2.6/paramiko/client.py", line 327, in connect self._auth(username, password, pkey, key_filenames, allow_agent, look_for_keys) File "/usr/lib/pymodules/python2.6/paramiko/client.py", line 481, in _auth raise saved_exception paramiko.AuthenticationException: Authentication failed. >>>

:~$ ssh -v root@123.0.0.1 OpenSSH_5.3p1 Debian-3ubuntu4, OpenSSL 0.9.8k 25 Mar 2009 debug1: Reading configuration data /etc/ssh/ssh_config debug1: Applying options for * debug1: Connecting to 123.0.0.1 [123.0.0.1] port 22. debug1: Connection established. debug1: identity file /home/waffleman/.ssh/identity type -1 debug1: identity file /home/waffleman/.ssh/id_rsa type -1 debug1: identity file /home/waffleman/.ssh/id_dsa type -1 debug1: Remote protocol version 2.0, remote software version OpenSSH_5.1 debug1: match: OpenSSH_5.1 pat OpenSSH* debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_5.3p1 Debian-3ubuntu4 debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: server->client aes128-ctr hmac-md5 none debug1: kex: client->server aes128-ctr hmac-md5 none debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP debug1: SSH2_MSG_KEX_DH_GEX_INIT sent debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY debug1: Host '123.0.0.1' is known and matches the RSA host key. debug1: Found key in /home/waffleman/.ssh/known_hosts:3 debug1: ssh_rsa_verify: signature correct debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: SSH2_MSG_NEWKEYS received debug1: SSH2_MSG_SERVICE_REQUEST sent debug1: SSH2_MSG_SERVICE_ACCEPT received debug1: Authentication succeeded (none). debug1: channel 0: new [client-session] debug1: Requesting no-more-sessions@openssh.com debug1: Entering interactive session. debug1: Sending environment. debug1: Sending env LANG = en_US.utf8

Python 2.6.5 (r265:79063, Apr 16 2010, 13:09:56) [GCC 4.4.3] on linux2 Type "help", "copyright", "credits" or "license" for more information. >>> import paramiko, os >>> paramiko.common.logging.basicConfig(level=paramiko.common.DEBUG) >>> ssh = paramiko.SSHClient() >>> ssh.load_system_host_keys() >>> ssh.load_host_keys(os.path.expanduser('~/.ssh/known_hosts')) >>> ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy()) >>> ssh.connect("123.0.0.1", username='root', password=None) DEBUG:paramiko.transport:starting thread (client mode): 0x928756cL INFO:paramiko.transport:Connected (version 2.0, client OpenSSH_5.1) DEBUG:paramiko.transport:kex algos:['diffie-hellman-group-exchange-sha256', 'diffie-hellman-group-exchange-sha1', 'diffie-hellman-group14-sha1', 'diffie-hellman-group1-sha1'] server key:['ssh-rsa', 'ssh-dss'] client encrypt:['aes128-cbc', '3des-cbc', 'blowfish-cbc', 'cast128-cbc', 'arcfour128', 'arcfour256', 'arcfour', 'aes192-cbc', 'aes256-cbc', 'rijndael-cbc@lysator.liu.se', 'aes128-ctr', 'aes192-ctr', 'aes256-ctr'] server encrypt:['aes128-cbc', '3des-cbc', 'blowfish-cbc', 'cast128-cbc', 'arcfour128', 'arcfour256', 'arcfour', 'aes192-cbc', 'aes256-cbc', 'rijndael-cbc@lysator.liu.se', 'aes128-ctr', 'aes192-ctr', 'aes256-ctr'] client mac:['hmac-md5', 'hmac-sha1', 'umac-64@openssh.com', 'hmac-ripemd160', 'hmac-ripemd160@openssh.com', 'hmac-sha1-96', 'hmac-md5-96'] server mac:['hmac-md5', 'hmac-sha1', 'umac-64@openssh.com', 'hmac-ripemd160', 'hmac-ripemd160@openssh.com', 'hmac-sha1-96', 'hmac-md5-96'] client compress:['none', 'zlib@openssh.com'] server compress:['none', 'zlib@openssh.com'] client lang:[''] server lang:[''] kex follows?False DEBUG:paramiko.transport:Ciphers agreed: local=aes128-ctr, remote=aes128-ctr DEBUG:paramiko.transport:using kex diffie-hellman-group1-sha1; server key type ssh-rsa; cipher: local aes128-ctr, remote aes128-ctr; mac: local hmac-sha1, remote hmac-sha1; compression: local none, remote none DEBUG:paramiko.transport:Switch to new keys ... DEBUG:paramiko.transport:Trying discovered key b945197b1de1207d9aa0663f01888c3c in /home/waffleman/.ssh/id_rsa DEBUG:paramiko.transport:userauth is OK INFO:paramiko.transport:Authentication (publickey) failed. Traceback (most recent call last): File "<stdin>", line 1, in <module> File "/usr/lib/pymodules/python2.6/paramiko/client.py", line 327, in connect self._auth(username, password, pkey, key_filenames, allow_agent, look_for_keys) File "/usr/lib/pymodules/python2.6/paramiko/client.py", line 481, in _auth raise saved_exception paramiko.AuthenticationException: Authentication failed. >>>

3条回答

网友

1楼 · 编辑于 2024-05-17 05:44:46

远程设备上的ssh服务器拒绝了您的身份验证。确保使用的密钥正确，公钥存在于authorized_keys，.ssh目录权限正确，authorized_keys权限正确，并且设备没有任何其他访问限制。如果没有服务器的日志，很难说发生了什么。

[编辑]我刚刚回顾了您的输出，您正在使用None身份验证进行身份验证。这通常是不允许的，用于确定服务器允许哪些身份验证方法。您的服务器可能正在使用基于主机的身份验证（或者根本没有）。

由于auth_none()很少使用，因此无法从SSHClient类访问它，因此需要直接使用Transport。

transport.auth_none('root')

网友

2楼 · 编辑于 2024-05-17 05:44:46

作为这件事的一个很晚的后续行动，我相信我遇到了和华夫饼一样的问题，在一个封闭的网络环境中。

关于在Transport对象上使用auth_none的提示非常有用，但是我发现自己对于如何实现这个有点困惑。事情是，至少从今天起，我不能得到一个SSHClient对象的Transport对象，除非它已经连接；但是它不会首先连接。。。

如果这对其他人有用，我的工作如下。我只是重写了_auth方法。

好吧，这很脆弱，因为_auth是私人物品。我的另一个选择是-实际上仍然是-手动创建Transport和Channel对象，但目前我觉得我还是能更好地处理这一切。

from paramiko import SSHClient, BadAuthenticationType

class SSHClient_try_noauth(SSHClient):

    def _auth(self, username, *args):
        try:
            self._transport.auth_none(username)
        except BadAuthenticationType:
            super()._auth(username, *args)

网友

3楼 · 编辑于 2024-05-17 05:44:46

确保对公钥和私钥文件（以及可能包含的文件夹）的权限设置为非常严格（即chmod 600 id_rsa）。原来这是必需的（操作系统？）将文件用作ssh密钥。从我的同事那里得知：）还要确保对给定的ssh密钥使用正确的用户名。

相关问题更多 >

编程相关推荐

热门问题

热门文章