pythonsshparamikoopensshplink

Paramiko - Authentication failed


When using paramiko for an ssh connection, an authentication error occurs. Using putty and openssh via command prompt the communication worked perfectly. When using paramiko. I tried simple and even more complex features.

import paramiko

host = ""
user = ""
keyfile = ""
command = ""

ssh = paramiko.SSHClient()
ssh.set_missing_host_key_polic(paramiko.AutoAddPolicy())
#ssh.set_missing_host_key_polic(paramiko.WarningPolicy())
#ssh.set_missing_host_key_polic(paramiko.MissingHostKeyPolicy())
#ssh.set_missing_host_key_polic(paramiko.RejectPolicy())

ssh.connect(hostname=host, username=user, password=None, port=22)
#, look_for_keys=False, disable_algorithms={'keys':['rsa-sha2-256', 'rsa-sha2-512']}, allow_agent=False)

stdin, stdout, stderr = ssh.exec_comand('cd')

Log execute Paramiko in python.

: starting thread (client mode): 0xe4051010
:
Local version/idstring: SSH-2.0-paramiko_3.1.0
: Remote version/idstring: SSH-2.0-dropbear_2017.75
: Connected (version 2.0, client dropbear_2017.75)
Key exchange possibilities ===
: kex algos: curve25519-sha256@libssh.org, ecdh-sha2-nistp521, ecdh-sha2-nistp384, ecdh-sha2-nistp256, diffie-hellman-group14-shal, diffie-he
: server key: ssh-rsa
:
client encrypt: aes128-ctr, aes256-ctr, aes128-cbc, aes256-cbc, twofish256-cbc, twofish-cbc, twofish128-cbc, 3des-ctr, 3des-cbc
: server encrypt: aes128-ctr, aes256-ctr, aes128-cbc, aes256-cbc, twofish256-cbc, twofish-cbc, twofish128-cbc, 3des-ctr, 3des-cbc
: client mac: hmac-sha1-96, hmac-shal, hmac-sha2-256, hmac-sha2-512, hmac-md5 : server mac: hmac-sha1-96, hmac-sha1, hmac-sha2-256, hmac-sha2-512, hmac-md5
: client compress: zlib@openssh.com, none
: server compress: zlib@openssh.com, none
: client lang: <none>
: server lang: <none>
: kex follows: False
Key exchange agreements ---
: Kex: curve25519-sha256@libssh.org
: HostKey: ssh-rsa
: Cipher: aes128-ctr
: MAC: hmac-sha2-256
: Compression: none
: --- End of kex handshake ===
: kex engine KexCurve25519 specified hash_algo <built-in function openssl_sha256> : Switch to new keys ...
: Adding ssh-rsa host key for fe:7:383:4::67: b'0366f1abed7f1a4625c3abd6185944bf : Trying discovered key b'3e418e1455f5113caeca987a320c0f4a in C:\Users\NV_VwdB/.ssh/id_rsa
: userauth is OK
: Finalizing pubkey algorithm for key of type 'ssh-rsa'
: Our pubkey algorithm list: ['rsa-sha2-512', 'rsa-sha2-256", ssh-rsa']
: Server did not send a server-sig-algs list; defaulting to our first preferred algo ('rsa-sha2-512')
: NOTE: you may use the 'disabled_algorithms SSHClient/Transport init kwarg to disable that or other algorithms if your server does not supp
: Authentication (publickey) failed.
: EOF in transport thread

I collected application logs to find a way to solve it. Use of the Plink application it works perfectly by command prompt - log:

plink -ssh -v -l user "host"

C:\Users\NV_VwdB>plink -ssh -v -1 root "f!. 383:4::67"
Looking up host "f.:7:383:4::67" for SSH connection
Connecting to f":7 :383:4::67 port 22
We claim version: SSH-2.0-PuTTY_Release_0.78
Connected to f:7 :383:4::67
Remote version: SSH-2.0-dropbear_2017.75
Using SSH protocol version 2
No GSSAPI security context available
Doing ECDH key exchange with curve Curve25519, using hash SHA-256 (unaccelerated)
Host key fingerprint is:
ssh-rsa 2048 SHA256:20IgeSG/smq4GN17z1jLMBEaMw4peSXOWGZ1w9aZUaY
Initialised AES-256 SDCTR (AES-NI accelerated) outbound encryption
Initialised HMAC-SHA-256 (unaccelerated) outbound MAC algorithm
Initialised AES-256 SDCTR (AES-NI accelerated) inbound encryption Initialised HMAC-SHA-256 (unaccelerated) inbound MAC algorithm
Using username "root".
Access granted
Access granted. Press Return to begin session.
Opening main session channel
Opened main channel
Allocated pty
Started a shell/command
root@swi-mdm9x40-03hmqcsop1buevxxrel:~# pwd
/home/root

Use of the OpenSSH - Windows application it works perfectly by command prompt - log:

ssh -v user@host

C:\Users\NV_VWdB>ssh -v root@fr :7c :383:4::67
OpenSSH_for_Windows_8.1p1, LibreSSL 3.0.2
debug1: Connecting to f...:7:383:4::67 [fd** 4::67] port 22.
debug1: Connection established.
debug1: identity file C:\\Users\\NV_VWdB/.ssh/id_rsa type >
debug1: identity file C:\\Users\\NV_VWdB/.ssh/id_rsa-cert type -1
debug1: identity file C:\\Users\\NV_VWdB/.ssh/id_dsa type -1 debug1: identity file C:\\Users\\NV_VWdB/.ssh/id_dsa-cert type -1
debug1: identity file C:\\Users\\NV_VWdB/.ssh/id_ecdsa type -1
debug1: identity file C:\\Users\\NV_VWdB/.ssh/id_ecdsa-cert type -1
debug1: identity file C:\\Users\\NV_VWdB/.ssh/id_ed25519 type -1
debug1: identity file C:\\Users\\NV_VWdB/.ssh/id_ed25519-cert type -1
debug1: identity file C:\\Users\\NV_VWdB/.ssh/id_xmss type -1 debug1: identity file C:\\Users\\NV_VWdB/.ssh/id_xmss-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_for_Windows_8.1
debug1: Remote protocol version 2.0, remote software version dropbear_2017.75
debug1: no match: dropbear_2017.75
debug1: Authenticating to f :7c. 383:4::67:22 as 'root'
debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256@libssh.org debug1: kex: host key algorithm: ssh-rsa
debug1: kex: server->client cipher: aes128-ctr MAC: hmac-sha2-256 compression: none
debug1: kex: client->server cipher: aes128-ctr MAC: hmac-sha2-256 compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ssh-rsa SHA256:20IgeSG/smq4GN17z1jLMBEaMw4peSXOWGZ1W9aZUAY
debug1: Host 'f' :7:383:4::67' is known and matches the RSA host key.
debug1: Found key in C:\\Users\\NV_VWdB/.ssh/known_hosts:1
debug1: rekey out after 4294967296 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received debug1: rekey in after 4294967296 blocks
debug1: pubkey_prepare: ssh_get_authentication_socket: No such file or directory debug1: Will attempt key: C:\\Users\\NV_VWdB/.ssh/id_rsa RSA SHA256:mWX1DkzfUCV5yZAKYS1tLPkTGqTtVxcOHDJqFhi7Aac
debug1: Will attempt key: C:\\Users\\NV_VWdB/.ssh/id_dsa
debug1: Will attempt key: C:\\Users\\NV_VWdB/.ssh/id_ecdsa
debug1: Will attempt key: C:\\Users\\NV_VWdB/.ssh/id_ed25519
debug1: Will attempt key: C:\\Users\\NV_VWdB/.ssh/id_xmss
debug1: SSH2_MSG_SERVICE_ACCEPT received debug1 : Authentication succeeded (none).
Authenticated to f :7:383:4::67 ([f :7 :383:4::67]:22).
debug1: channel 0: new [client-session]
debug1: Entering interactive session.
debug1: pledge: network
debug1: ENABLE_VIRTUAL TERMINAL_INPUT is supported. Reading the VTSequence from console
root@swi-mu....... evxxrel:~#
debug1: ENABLE_VIRTUAL TERMINAL PROCESSING is 

I could use your help to understand and look for a solution because the connection works through the Putty, Plink and Openssh programs but does not work through Paramiko through Python.


Solution

  • Hello Martin and Time. Perfect!

    The shared solution solved the problem. The server side uses dropbear without a password for access, so implementing Martin's suggestion worked perfectly. Thank you all very much for your help.

    enter link description here

    This is the code I used after the modification.

    import paramiko
    
    host = "192.168.56.101"
    port = 22
    password = "123456"
    user = "tester"
    
    paramiko.util.log_to_file("C:/tmp/paramiko.txt", level = "DEBUG")
    
    ssh_client =paramiko.SSHClient()
    ssh_client.set_missing_host_key_policy(paramiko.AutoAddPolicy())
    
    try:
        ssh_client.connect(hostname=host,port=22 ,username=user ,password=password)
    except paramiko.ssh_exception.AuthenticationException as e:
        if not password:
            ssh_client.get_transport().auth_none(user)
        else:
            raise e
    
    channel = ssh_client.invoke_shell()
    #stdin = channel.makefile('wb')
    #stdout = channel.makefile('r')
    
    channel.send('cm' + '\n')
    resp = channel.recv(4096)
    print(resp)
    
    stdin, stdout, stderr = ssh_client.exec_command('devtest-1', timeout = 60)
    lines = stdout.readlines()
    print(lines)