is a module for  (or higher) that implements the SSH2 protocol for secure (encrypted and authenticated) connections to remote machines.

Emphasis is on using SSH2 as an alternative to SSL for making secure connections between python scripts. All major ciphers and hash methods are supported. SFTP client and server mode are both supported too.

Installing paramiko

First, we need to install paramiko, if you don’t have it already.

On Ubuntu/Debian:

$ sudo apt-get install python-paramiko

On Gentoo Linux:

$ emerge paramiko

Or install from source:

$ wget http:///paramiko/download/paramiko-1.7.6.tar.gz
$ tar xzf paramiko-1.7.6.tar.gz
$ cd paramiko-1.7.6
$ python setup.py build
$ su -c "python setup.py install"

Working with paramiko

SSHClient is the main class provided by the paramkio module. It provides the basic interface you are going to want to use to instantiate server connections. The above code creates a new SSHClient object, and then calls ”connect()” to connect us to the local SSH server.

Here’s a simple example:

import paramiko
ssh = paramiko.SSHClient() ssh.connect('192.168.1.2', username='vinod', password='screct')

Another way is to use an SSH key:

import paramiko import os privatekeyfile = os.path.expanduser('~/.ssh/id_rsa') mykey = paramiko.RSAKey.from_private_key_file(privatekeyfile) ssh.connect('192.168.1.2', username = 'vinod', pkey = mykey)

Running Simple Commands

Lets run some simple commands on a remote machine.

import paramiko
 
ssh = paramiko.SSHClient() ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy()) ssh.connect('beastie', username='vinod', password='secret') stdin, stdout, stderr = ssh.exec_command('df -h') print stdout.readlines() ssh.close()

“paramiko.AutoAddPolicy()” which will auto-accept unknown keys.

Using sudo in running commands:

import paramiko
  cmd = "sudo /etc/rc.d/apache2 restart"  
ssh = paramiko.SSHClient() ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy()) ssh.connect('beastie', username='vinod', password='secret') stdin, stdout, stderr = ssh.exec_command(cmd) stdin.write('secret\n') stdin.flush() print stdout.readlines() ssh.close()

Secure File Transfer Using SFTPClient

SFTPClient is used to open an sftp session across an open ssh Transport and do remote file operations.

An SSH Transport attaches to a stream (usually a socket), negotiates an encrypted session, authenticates, and then creates stream tunnels, called s, across the session. Multiple channels can be multiplexed across a single session (and often are, in the case of port forwardings).

First we will create a Transport

import paramiko import os privatekeyfile = os.path.expanduser('~/.ssh/id_rsa') mykey = paramiko.RSAKey.from_private_key_file(privatekeyfile) username = 'vinod' transport.connect(username = username, pkey = mykey)

Now we can start the SFTP client:

sftp = paramiko.SFTPClient.from_transport(transport)

Now lets pull a file across from the remote to the local system:

remotepath='/var/log/system.log' localpath='/tmp/system.log' sftp.get(remotepath, localpath)

Now lets push a file to remote system:

remotepath='/var/www/images/file.png' localpath='/tmp/file.png' sftp.put(remotepath, localpath)

Finally, close the SFTP connection and the transport:

sftp.close() transport.close()

本文转自: