When using paramiko for an ssh connection, an authentication error occurs. Using putty and openssh via command prompt the communication worked perfectly. When using paramiko. I tried simple and even more complex features.
import paramiko
host = ""
user = ""
keyfile = ""
command = ""
ssh = paramiko.SSHClient()
ssh.set_missing_host_key_polic(paramiko.AutoAddPolicy())
#ssh.set_missing_host_key_polic(paramiko.WarningPolicy())
#ssh.set_missing_host_key_polic(paramiko.MissingHostKeyPolicy())
#ssh.set_missing_host_key_polic(paramiko.RejectPolicy())
ssh.connect(hostname=host, username=user, password=None, port=22)
#, look_for_keys=False, disable_algorithms={'keys':['rsa-sha2-256', 'rsa-sha2-512']}, allow_agent=False)
stdin, stdout, stderr = ssh.exec_comand('cd')
Log execute Paramiko in python.
: starting thread (client mode): 0xe4051010
:
Local version/idstring: SSH-2.0-paramiko_3.1.0
: Remote version/idstring: SSH-2.0-dropbear_2017.75
: Connected (version 2.0, client dropbear_2017.75)
Key exchange possibilities ===
: kex algos: curve25519-sha256@libssh.org, ecdh-sha2-nistp521, ecdh-sha2-nistp384, ecdh-sha2-nistp256, diffie-hellman-group14-shal, diffie-he
: server key: ssh-rsa
:
client encrypt: aes128-ctr, aes256-ctr, aes128-cbc, aes256-cbc, twofish256-cbc, twofish-cbc, twofish128-cbc, 3des-ctr, 3des-cbc
: server encrypt: aes128-ctr, aes256-ctr, aes128-cbc, aes256-cbc, twofish256-cbc, twofish-cbc, twofish128-cbc, 3des-ctr, 3des-cbc
: client mac: hmac-sha1-96, hmac-shal, hmac-sha2-256, hmac-sha2-512, hmac-md5 : server mac: hmac-sha1-96, hmac-sha1, hmac-sha2-256, hmac-sha2-512, hmac-md5
: client compress: zlib@openssh.com, none
: server compress: zlib@openssh.com, none
: client lang: <none>
: server lang: <none>
: kex follows: False
Key exchange agreements ---
: Kex: curve25519-sha256@libssh.org
: HostKey: ssh-rsa
: Cipher: aes128-ctr
: MAC: hmac-sha2-256
: Compression: none
: --- End of kex handshake ===
: kex engine KexCurve25519 specified hash_algo <built-in function openssl_sha256> : Switch to new keys ...
: Adding ssh-rsa host key for fe:7:383:4::67: b'0366f1abed7f1a4625c3abd6185944bf : Trying discovered key b'3e418e1455f5113caeca987a320c0f4a in C:\Users\NV_VwdB/.ssh/id_rsa
: userauth is OK
: Finalizing pubkey algorithm for key of type 'ssh-rsa'
: Our pubkey algorithm list: ['rsa-sha2-512', 'rsa-sha2-256", ssh-rsa']
: Server did not send a server-sig-algs list; defaulting to our first preferred algo ('rsa-sha2-512')
: NOTE: you may use the 'disabled_algorithms SSHClient/Transport init kwarg to disable that or other algorithms if your server does not supp
: Authentication (publickey) failed.
: EOF in transport thread
I collected application logs to find a way to solve it. Use of the Plink application it works perfectly by command prompt - log:
plink -ssh -v -l user "host"
C:\Users\NV_VwdB>plink -ssh -v -1 root "f!. 383:4::67"
Looking up host "f.:7:383:4::67" for SSH connection
Connecting to f":7 :383:4::67 port 22
We claim version: SSH-2.0-PuTTY_Release_0.78
Connected to f:7 :383:4::67
Remote version: SSH-2.0-dropbear_2017.75
Using SSH protocol version 2
No GSSAPI security context available
Doing ECDH key exchange with curve Curve25519, using hash SHA-256 (unaccelerated)
Host key fingerprint is:
ssh-rsa 2048 SHA256:20IgeSG/smq4GN17z1jLMBEaMw4peSXOWGZ1w9aZUaY
Initialised AES-256 SDCTR (AES-NI accelerated) outbound encryption
Initialised HMAC-SHA-256 (unaccelerated) outbound MAC algorithm
Initialised AES-256 SDCTR (AES-NI accelerated) inbound encryption Initialised HMAC-SHA-256 (unaccelerated) inbound MAC algorithm
Using username "root".
Access granted
Access granted. Press Return to begin session.
Opening main session channel
Opened main channel
Allocated pty
Started a shell/command
root@swi-mdm9x40-03hmqcsop1buevxxrel:~# pwd
/home/root
Use of the OpenSSH - Windows application it works perfectly by command prompt - log:
ssh -v user@host
C:\Users\NV_VWdB>ssh -v root@fr :7c :383:4::67
OpenSSH_for_Windows_8.1p1, LibreSSL 3.0.2
debug1: Connecting to f...:7:383:4::67 [fd** 4::67] port 22.
debug1: Connection established.
debug1: identity file C:\\Users\\NV_VWdB/.ssh/id_rsa type >
debug1: identity file C:\\Users\\NV_VWdB/.ssh/id_rsa-cert type -1
debug1: identity file C:\\Users\\NV_VWdB/.ssh/id_dsa type -1 debug1: identity file C:\\Users\\NV_VWdB/.ssh/id_dsa-cert type -1
debug1: identity file C:\\Users\\NV_VWdB/.ssh/id_ecdsa type -1
debug1: identity file C:\\Users\\NV_VWdB/.ssh/id_ecdsa-cert type -1
debug1: identity file C:\\Users\\NV_VWdB/.ssh/id_ed25519 type -1
debug1: identity file C:\\Users\\NV_VWdB/.ssh/id_ed25519-cert type -1
debug1: identity file C:\\Users\\NV_VWdB/.ssh/id_xmss type -1 debug1: identity file C:\\Users\\NV_VWdB/.ssh/id_xmss-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_for_Windows_8.1
debug1: Remote protocol version 2.0, remote software version dropbear_2017.75
debug1: no match: dropbear_2017.75
debug1: Authenticating to f :7c. 383:4::67:22 as 'root'
debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256@libssh.org debug1: kex: host key algorithm: ssh-rsa
debug1: kex: server->client cipher: aes128-ctr MAC: hmac-sha2-256 compression: none
debug1: kex: client->server cipher: aes128-ctr MAC: hmac-sha2-256 compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ssh-rsa SHA256:20IgeSG/smq4GN17z1jLMBEaMw4peSXOWGZ1W9aZUAY
debug1: Host 'f' :7:383:4::67' is known and matches the RSA host key.
debug1: Found key in C:\\Users\\NV_VWdB/.ssh/known_hosts:1
debug1: rekey out after 4294967296 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received debug1: rekey in after 4294967296 blocks
debug1: pubkey_prepare: ssh_get_authentication_socket: No such file or directory debug1: Will attempt key: C:\\Users\\NV_VWdB/.ssh/id_rsa RSA SHA256:mWX1DkzfUCV5yZAKYS1tLPkTGqTtVxcOHDJqFhi7Aac
debug1: Will attempt key: C:\\Users\\NV_VWdB/.ssh/id_dsa
debug1: Will attempt key: C:\\Users\\NV_VWdB/.ssh/id_ecdsa
debug1: Will attempt key: C:\\Users\\NV_VWdB/.ssh/id_ed25519
debug1: Will attempt key: C:\\Users\\NV_VWdB/.ssh/id_xmss
debug1: SSH2_MSG_SERVICE_ACCEPT received debug1 : Authentication succeeded (none).
Authenticated to f :7:383:4::67 ([f :7 :383:4::67]:22).
debug1: channel 0: new [client-session]
debug1: Entering interactive session.
debug1: pledge: network
debug1: ENABLE_VIRTUAL TERMINAL_INPUT is supported. Reading the VTSequence from console
root@swi-mu....... evxxrel:~#
debug1: ENABLE_VIRTUAL TERMINAL PROCESSING is
I could use your help to understand and look for a solution because the connection works through the Putty, Plink and Openssh programs but does not work through Paramiko through Python.
Hello Martin and Time. Perfect!
The shared solution solved the problem. The server side uses dropbear without a password for access, so implementing Martin's suggestion worked perfectly. Thank you all very much for your help.
This is the code I used after the modification.
import paramiko
host = "192.168.56.101"
port = 22
password = "123456"
user = "tester"
paramiko.util.log_to_file("C:/tmp/paramiko.txt", level = "DEBUG")
ssh_client =paramiko.SSHClient()
ssh_client.set_missing_host_key_policy(paramiko.AutoAddPolicy())
try:
ssh_client.connect(hostname=host,port=22 ,username=user ,password=password)
except paramiko.ssh_exception.AuthenticationException as e:
if not password:
ssh_client.get_transport().auth_none(user)
else:
raise e
channel = ssh_client.invoke_shell()
#stdin = channel.makefile('wb')
#stdout = channel.makefile('r')
channel.send('cm' + '\n')
resp = channel.recv(4096)
print(resp)
stdin, stdout, stderr = ssh_client.exec_command('devtest-1', timeout = 60)
lines = stdout.readlines()
print(lines)