zoukankan      html  css  js  c++  java

  • 系统批量运维管理器paramiko详解

    一、paramiko介绍

      paramiko是基于Python实现的SSH2远程安全连接,支持认证及密钥方式。可以实现远程命令执行、文件传输、中间SSH代理等功能,相对于Pexpect,封装的层次更高,更贴近SSH协议的功能

    官网地址:http://www.paramiko.org/installing.html

           http://docs.paramiko.org/en/2.4/

           https://pypi.org/project/paramiko/

    二、paramiko安装

    root@localhost ~]# pip3 install paramiko

    简单实现远程SSH运行命令示例

    import paramiko

hostname = '192.168.56.132'
username = 'root'
password = '1234567'
paramiko.util.log_to_file('syslogin.log')     #发送paramiko日志到syslogin.log文件

ssh = paramiko.SSHClient()          #创建一个SSH客户端client对象
ssh.load_system_host_keys()         #获取客户端host_keys,默认~/.ssh/known_hosts,非默认路径需指定
ssh.connect(hostname=hostname,username=username,password=password)    #创建SSH连接
stdin,stdout,stderr = ssh.exec_command('free -m')      #调用远程执行命令方法exec_command()
print(stdout.read().decode('utf-8'))        #打印命令执行结果,得到Python列表形式,可以使用stdout_readlines()
ssh.close()      #关闭SSH连接

    程序运行结果如下图所示:

    [root@localhost p_paramiko]# cat syslogin.log
DEB [20180602-18:36:47.022] thr=1   paramiko.transport: starting thread (client mode): 0xf5b8d668
DEB [20180602-18:36:47.023] thr=1   paramiko.transport: Local version/idstring: SSH-2.0-paramiko_2.4.1
DEB [20180602-18:36:47.026] thr=1   paramiko.transport: Remote version/idstring: SSH-2.0-OpenSSH_5.3
INF [20180602-18:36:47.026] thr=1   paramiko.transport: Connected (version 2.0, client OpenSSH_5.3)
DEB [20180602-18:36:47.027] thr=1   paramiko.transport: kex algos:['diffie-hellman-group-exchange-sha256', 'diffie-hellman-group-exchange-sha1', 'diffie-hellman-group14-sha1', 'diffie-hellman-group1-sha1'] server key:['ssh-rsa', 'ssh-dss'] client encrypt:['aes128-ctr', 'aes192-ctr', 'aes256-ctr', 'arcfour256', 'arcfour128', 'aes128-cbc', '3des-cbc', 'blowfish-cbc', 'cast128-cbc', 'aes192-cbc', 'aes256-cbc', 'arcfour', 'rijndael-cbc@lysator.liu.se'] server encrypt:['aes128-ctr', 'aes192-ctr', 'aes256-ctr', 'arcfour256', 'arcfour128', 'aes128-cbc', '3des-cbc', 'blowfish-cbc', 'cast128-cbc', 'aes192-cbc', 'aes256-cbc', 'arcfour', 'rijndael-cbc@lysator.liu.se'] client mac:['hmac-md5', 'hmac-sha1', 'umac-64@openssh.com', 'hmac-sha2-256', 'hmac-sha2-512', 'hmac-ripemd160', 'hmac-ripemd160@openssh.com', 'hmac-sha1-96', 'hmac-md5-96'] server mac:['hmac-md5', 'hmac-sha1', 'umac-64@openssh.com', 'hmac-sha2-256', 'hmac-sha2-512', 'hmac-ripemd160', 'hmac-ripemd160@openssh.com', 'hmac-sha1-96', 'hmac-md5-96'] client compress:['none', 'zlib@openssh.com'] server compress:['none', 'zlib@openssh.com'] client lang:[''] server lang:[''] kex follows?False
DEB [20180602-18:36:47.028] thr=1   paramiko.transport: Kex agreed: diffie-hellman-group-exchange-sha256
DEB [20180602-18:36:47.028] thr=1   paramiko.transport: HostKey agreed: ssh-rsa
DEB [20180602-18:36:47.028] thr=1   paramiko.transport: Cipher agreed: aes128-ctr
DEB [20180602-18:36:47.028] thr=1   paramiko.transport: MAC agreed: hmac-sha2-256
DEB [20180602-18:36:47.028] thr=1   paramiko.transport: Compression agreed: none
DEB [20180602-18:36:47.072] thr=1   paramiko.transport: Got server p (2048 bits)
DEB [20180602-18:36:47.139] thr=1   paramiko.transport: kex engine KexGexSHA256 specified hash_algo <built-in function openssl_sha256>
DEB [20180602-18:36:47.139] thr=1   paramiko.transport: Switch to new keys ...
DEB [20180602-18:36:47.182] thr=1   paramiko.transport: userauth is OK
INF [20180602-18:36:47.351] thr=1   paramiko.transport: Authentication (password) successful!
DEB [20180602-18:36:47.352] thr=2   paramiko.transport: [chan 0] Max packet in: 32768 bytes
DEB [20180602-18:36:47.353] thr=1   paramiko.transport: [chan 0] Max packet out: 32768 bytes
DEB [20180602-18:36:47.353] thr=1   paramiko.transport: Secsh channel 0 opened.
DEB [20180602-18:36:47.354] thr=1   paramiko.transport: [chan 0] Sesch channel 0 request ok
DEB [20180602-18:36:47.360] thr=1   paramiko.transport: [chan 0] EOF received (0)
DEB [20180602-18:37:26.006] thr=1   paramiko.transport: starting thread (client mode): 0x5f2736d8
DEB [20180602-18:37:26.006] thr=1   paramiko.transport: Local version/idstring: SSH-2.0-paramiko_2.4.1
DEB [20180602-18:37:26.010] thr=1   paramiko.transport: Remote version/idstring: SSH-2.0-OpenSSH_5.3
INF [20180602-18:37:26.010] thr=1   paramiko.transport: Connected (version 2.0, client OpenSSH_5.3)
DEB [20180602-18:37:26.010] thr=1   paramiko.transport: kex algos:['diffie-hellman-group-exchange-sha256', 'diffie-hellman-group-exchange-sha1', 'diffie-hellman-group14-sha1', 'diffie-hellman-group1-sha1'] server key:['ssh-rsa', 'ssh-dss'] client encrypt:['aes128-ctr', 'aes192-ctr', 'aes256-ctr', 'arcfour256', 'arcfour128', 'aes128-cbc', '3des-cbc', 'blowfish-cbc', 'cast128-cbc', 'aes192-cbc', 'aes256-cbc', 'arcfour', 'rijndael-cbc@lysator.liu.se'] server encrypt:['aes128-ctr', 'aes192-ctr', 'aes256-ctr', 'arcfour256', 'arcfour128', 'aes128-cbc', '3des-cbc', 'blowfish-cbc', 'cast128-cbc', 'aes192-cbc', 'aes256-cbc', 'arcfour', 'rijndael-cbc@lysator.liu.se'] client mac:['hmac-md5', 'hmac-sha1', 'umac-64@openssh.com', 'hmac-sha2-256', 'hmac-sha2-512', 'hmac-ripemd160', 'hmac-ripemd160@openssh.com', 'hmac-sha1-96', 'hmac-md5-96'] server mac:['hmac-md5', 'hmac-sha1', 'umac-64@openssh.com', 'hmac-sha2-256', 'hmac-sha2-512', 'hmac-ripemd160', 'hmac-ripemd160@openssh.com', 'hmac-sha1-96', 'hmac-md5-96'] client compress:['none', 'zlib@openssh.com'] server compress:['none', 'zlib@openssh.com'] client lang:[''] server lang:[''] kex follows?False
DEB [20180602-18:37:26.010] thr=1   paramiko.transport: Kex agreed: diffie-hellman-group-exchange-sha256
DEB [20180602-18:37:26.010] thr=1   paramiko.transport: HostKey agreed: ssh-rsa
DEB [20180602-18:37:26.011] thr=1   paramiko.transport: Cipher agreed: aes128-ctr
DEB [20180602-18:37:26.011] thr=1   paramiko.transport: MAC agreed: hmac-sha2-256
DEB [20180602-18:37:26.011] thr=1   paramiko.transport: Compression agreed: none
DEB [20180602-18:37:26.054] thr=1   paramiko.transport: Got server p (2048 bits)
DEB [20180602-18:37:26.119] thr=1   paramiko.transport: kex engine KexGexSHA256 specified hash_algo <built-in function openssl_sha256>
DEB [20180602-18:37:26.119] thr=1   paramiko.transport: Switch to new keys ...
DEB [20180602-18:37:26.162] thr=1   paramiko.transport: userauth is OK
INF [20180602-18:37:26.243] thr=1   paramiko.transport: Authentication (password) successful!
DEB [20180602-18:37:26.243] thr=2   paramiko.transport: [chan 0] Max packet in: 32768 bytes
DEB [20180602-18:37:26.244] thr=1   paramiko.transport: [chan 0] Max packet out: 32768 bytes
DEB [20180602-18:37:26.244] thr=1   paramiko.transport: Secsh channel 0 opened.
DEB [20180602-18:37:26.245] thr=1   paramiko.transport: [chan 0] Sesch channel 0 request ok
DEB [20180602-18:37:26.250] thr=1   paramiko.transport: [chan 0] EOF received (0)
DEB [20180602-18:38:19.574] thr=1   paramiko.transport: starting thread (client mode): 0x4546a710
DEB [20180602-18:38:19.574] thr=1   paramiko.transport: Local version/idstring: SSH-2.0-paramiko_2.4.1
DEB [20180602-18:38:19.578] thr=1   paramiko.transport: Remote version/idstring: SSH-2.0-OpenSSH_5.3
INF [20180602-18:38:19.578] thr=1   paramiko.transport: Connected (version 2.0, client OpenSSH_5.3)
DEB [20180602-18:38:19.579] thr=1   paramiko.transport: kex algos:['diffie-hellman-group-exchange-sha256', 'diffie-hellman-group-exchange-sha1', 'diffie-hellman-group14-sha1', 'diffie-hellman-group1-sha1'] server key:['ssh-rsa', 'ssh-dss'] client encrypt:['aes128-ctr', 'aes192-ctr', 'aes256-ctr', 'arcfour256', 'arcfour128', 'aes128-cbc', '3des-cbc', 'blowfish-cbc', 'cast128-cbc', 'aes192-cbc', 'aes256-cbc', 'arcfour', 'rijndael-cbc@lysator.liu.se'] server encrypt:['aes128-ctr', 'aes192-ctr', 'aes256-ctr', 'arcfour256', 'arcfour128', 'aes128-cbc', '3des-cbc', 'blowfish-cbc', 'cast128-cbc', 'aes192-cbc', 'aes256-cbc', 'arcfour', 'rijndael-cbc@lysator.liu.se'] client mac:['hmac-md5', 'hmac-sha1', 'umac-64@openssh.com', 'hmac-sha2-256', 'hmac-sha2-512', 'hmac-ripemd160', 'hmac-ripemd160@openssh.com', 'hmac-sha1-96', 'hmac-md5-96'] server mac:['hmac-md5', 'hmac-sha1', 'umac-64@openssh.com', 'hmac-sha2-256', 'hmac-sha2-512', 'hmac-ripemd160', 'hmac-ripemd160@openssh.com', 'hmac-sha1-96', 'hmac-md5-96'] client compress:['none', 'zlib@openssh.com'] server compress:['none', 'zlib@openssh.com'] client lang:[''] server lang:[''] kex follows?False
DEB [20180602-18:38:19.579] thr=1   paramiko.transport: Kex agreed: diffie-hellman-group-exchange-sha256
DEB [20180602-18:38:19.579] thr=1   paramiko.transport: HostKey agreed: ssh-rsa
DEB [20180602-18:38:19.579] thr=1   paramiko.transport: Cipher agreed: aes128-ctr
DEB [20180602-18:38:19.579] thr=1   paramiko.transport: MAC agreed: hmac-sha2-256
DEB [20180602-18:38:19.579] thr=1   paramiko.transport: Compression agreed: none
DEB [20180602-18:38:19.580] thr=1   paramiko.transport: Got server p (2048 bits)
DEB [20180602-18:38:19.639] thr=1   paramiko.transport: kex engine KexGexSHA256 specified hash_algo <built-in function openssl_sha256>
DEB [20180602-18:38:19.640] thr=1   paramiko.transport: Switch to new keys ...
DEB [20180602-18:38:19.682] thr=1   paramiko.transport: userauth is OK
INF [20180602-18:38:19.817] thr=1   paramiko.transport: Authentication (password) successful!
DEB [20180602-18:38:19.817] thr=2   paramiko.transport: [chan 0] Max packet in: 32768 bytes
DEB [20180602-18:38:19.818] thr=1   paramiko.transport: [chan 0] Max packet out: 32768 bytes
DEB [20180602-18:38:19.818] thr=1   paramiko.transport: Secsh channel 0 opened.
DEB [20180602-18:38:19.820] thr=1   paramiko.transport: [chan 0] Sesch channel 0 request ok
DEB [20180602-18:38:19.824] thr=1   paramiko.transport: [chan 0] EOF received (0)
DEB [20180602-18:38:23.623] thr=1   paramiko.transport: starting thread (client mode): 0xd3c8710
DEB [20180602-18:38:23.624] thr=1   paramiko.transport: Local version/idstring: SSH-2.0-paramiko_2.4.1
DEB [20180602-18:38:23.627] thr=1   paramiko.transport: Remote version/idstring: SSH-2.0-OpenSSH_5.3
INF [20180602-18:38:23.627] thr=1   paramiko.transport: Connected (version 2.0, client OpenSSH_5.3)
DEB [20180602-18:38:23.627] thr=1   paramiko.transport: kex algos:['diffie-hellman-group-exchange-sha256', 'diffie-hellman-group-exchange-sha1', 'diffie-hellman-group14-sha1', 'diffie-hellman-group1-sha1'] server key:['ssh-rsa', 'ssh-dss'] client encrypt:['aes128-ctr', 'aes192-ctr', 'aes256-ctr', 'arcfour256', 'arcfour128', 'aes128-cbc', '3des-cbc', 'blowfish-cbc', 'cast128-cbc', 'aes192-cbc', 'aes256-cbc', 'arcfour', 'rijndael-cbc@lysator.liu.se'] server encrypt:['aes128-ctr', 'aes192-ctr', 'aes256-ctr', 'arcfour256', 'arcfour128', 'aes128-cbc', '3des-cbc', 'blowfish-cbc', 'cast128-cbc', 'aes192-cbc', 'aes256-cbc', 'arcfour', 'rijndael-cbc@lysator.liu.se'] client mac:['hmac-md5', 'hmac-sha1', 'umacimport paramiko
-64@openssh.com', 'hmac-sha2-256', 'hmac-sha2-512', 'hmac-ripemd160', 'hmac-ripemd160@openssh.com', 'hmac-sha1-96', 'hmac-md5-96'] server mac:['hmac-md5', 'hmac-sha1', 'umac-64@openssh.com', 'hmac-sha2-256', 'hmac-sha2-512', 'hmac-ripemd160', 'hmac-ripemd160@openssh.com', 'hmac-sha1-96', 'hmac-md5-96'] client compress:['none', 'zlib@openssh.com'] server compress:['none', 'zlib@openssh.com'] client lang:[''] server lang:[''] kex follows?False
DEB [20180602-18:38:23.627] thr=1   paramiko.transport: Kex agreed: diffie-hellman-group-exchange-sha256
DEB [20180602-18:38:23.627] thr=1   paramiko.transport: HostKey agreed: ssh-rsa
DEB [20180602-18:38:23.627] thr=1   paramiko.transport: Cipher agreed: aes128-ctr
DEB [20180602-18:38:23.628] thr=1   paramiko.transport: MAC agreed: hmac-sha2-256
DEB [20180602-18:38:23.628] thr=1   paramiko.transport: Compression agreed: none
DEB [20180602-18:38:23.672] thr=1   paramiko.transport: Got server p (2048 bits)
DEB [20180602-18:38:23.741] thr=1   paramiko.transport: kex engine KexGexSHA256 specified hash_algo <built-in function openssl_sha256>
DEB [20180602-18:38:23.741] thr=1   paramiko.transport: Switch to new keys ...
DEB [20180602-18:38:23.782] thr=1   paramiko.transport: userauth is OK
INF [20180602-18:38:23.861] thr=1   paramiko.transport: Authentication (password) successful!
DEB [20180602-18:38:23.862] thr=2   paramiko.transport: [chan 0] Max packet in: 32768 bytes
DEB [20180602-18:38:23.863] thr=1   paramiko.transport: [chan 0] Max packet out: 32768 bytes
DEB [20180602-18:38:23.863] thr=1   paramiko.transport: Secsh channel 0 opened.
DEB [20180602-18:38:23.864] thr=1   paramiko.transport: [chan 0] Sesch channel 0 request ok
DEB [20180602-18:38:23.868] thr=1   paramiko.transport: [chan 0] EOF received (0)
    syslogin.log信息

    三、paramiko的核心组件

    paramiko包含两个核心组件,一个为SSHClient类,另一个为SFTPClient类。

    SSHClient类

    SSHClient类是SSH服务会话的高级表示,该类封装了传输(transport)、通道(channel)及SFTPClient的校验、建立的方法,通常用于执行远程命令。

    client = SSHClient()
client.load_system_host_keys()
client.connect('ssh.example.com')
stdin, stdout,stderr = client.exec_command('ls -l')

    SSHClient常用的方法介绍

    官方文档:http://docs.paramiko.org/en/2.4/api/client.html?highlight=connect

    connect方法

    conect方法实现了远程SSH连接并校验

    方法定义:

    connect(hostname, port=22, username=None, password=None, pkey=None, key_filename=None, timeout=None, allow_agent=True, look_for_keys=True, compress=False, sock=None, gss_auth=False, gss_kex=False, gss_deleg_creds=True, gss_host=None, banner_timeout=None, auth_timeout=None, gss_trust_dns=True, passphrase=None)

    参数说明:

    • hostname(str类型),连接的目标主机地址;
    • port(int类型),连接目标主机的端口,默认为22;
    • username(str类型),校验的用户名(默认为当前的本地用户名);
    • password(str类型),密码用于身份校验或解锁私钥;
    • pkey(Pkey类型),私钥方式用于身份验证;
    • key_filename(str or list(str)类型),一个文件名或文件名列表,用于私钥的身份验证;
    • timeout(float类型),一个可选的超时时间(以秒为单位)的TCP连接;
    • allow_agent(bool类型),设置为False时用于禁用连接到SSH代理;
    • look_for_keys(bool类型),设置为False时用于来禁用在~/.ssh中搜索私钥文件;
    • compress(bool类型),设置为True时打开压缩。

    exec_command方法

    远程命令执行方法,该命令的输入与输出流为标准输入(stdin)、输出(stdout)、错误(stderr)的Python文件对像。

    方法定义:

    exec_command(command, bufsize=-1, timeout=None, get_pty=False, environment=None)

    参数说明:

    • command(str类型),执行的命令串;
    • bufsize(int类型),文件缓冲区大小,默认为-1(不限制)

    load_system_host_keys方法

    加载本地公钥校验文件,默认为~/.ssh/known_host,非默认路径需要手工指定。

    方法定义:

    load_system_host_keys(self,filename=None)

    参数说明:

    filename(str类型),指定远程主机公钥记录文件。

    set_missing_host_policy方法

      设置连接的远程主机没有主机密钥或HostKeys对象时的策略,目前支持三种,分别是AutoAddPolicy、RejectPolicy(默认)、WarningPolicy,仅限用于SSHClient类。
    • AutoAddPolicy,目标添加主机名及主机密钥到本地HostKeys对象,并将其保存,不依赖load_system_host_keys()的配置,即使~/.ssh/hnown_hosts不存在也不产生影响;
    • RejectPolicy,自动拒绝未知的主机名和密钥,依赖load_system_host_keys()的配置;
    • WarningPolicy,用于记录一个未知的主机密钥的Python警告,并接收它,功能上AutoAddPolicy相似,但未知主机会有告警。

    使用方法如下:

    ssh = paramiko.SSHClient()
ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())

    SFTPClient类

      SFTPClient作为一个SFTP客户端对象,根据SSH传输协议的sftp会话,实现远程文件操作,比如文件上传、下载、权限、状态等操作。

    SFTPClient类常用方法

    官方文档:http://docs.paramiko.org/en/2.4/api/sftp.html

    from_transport方法

    创建一个已连通的SFTP客户端通道。

    方法定义:

    from_transport(cls,t)

    参数说明:

    t(transport),一个已通过验证的传输对象。

    示例说明:

    import paramiko

t = paramiko.Transport(('192.168.56.132',22))
t.connect(username='root',password='1234567')
sftp = paramiko.SFTPClient.from_transport(t)

     put方法

    上传本地文件到远程SFTP服务端

    方法定义:

    put(localpath, remotepath, callback=None, confirm=True)

    参数说明:

    • localpath(str类型),需上传的本地文件(源);
    • remotepath(str类型),远程路径(目标);
    • callback(funcation(int,int)),获取已接收的字节数及总传输字节数,以便回调函数调用,默认为None;
    • confirm(bool类型),文件上传完毕后是否调用stat()方法,以便确认文件的大小。

    示例说明:

    localpath='/home/access.log'
remotepath='/data/logs/access.log'
sftp.put(localpath,remotepath)

    get方法

    从远程SFTP服务端下载文件到本地。

    方法定义:

    get(remotepath, localpath, callback=None)

    参数说明:

    • remotepath(str类型),需要下载的远程文件(源);
    • callback(funcation(int,int)),获取已接收的字节数及总和传输字节数,以便回调函数调用,默认为None.

    示例说明:

    remotepath = '/data/logs/access.log'
localpath = '/home/access.log'
sftp.get(remotepath,localpath)

    其它方法

    SFTPClient类其它常用方法说明:

    • mkdir,在SFTP服务端创建目录,如sftp.mkdir("/home/userdir",mode=0777),默认模式是0777(八进制),在某些系统上,mode被忽略。在使用它的地方,当前的umask值首先被屏蔽掉。
    • remove,删除SFTP服务端指定目录,如sftp.remove("/home/userdir")。
    • rename,重命名SFTP服务端文件或目录,如sftp.rename("/home/test.sh","/home/testfile.sh")
    • stat,获取远程SFTP服务端指定文件信息,如sftp.stat("/home/testfile.sh")。
    • listdir,获取远程SFTP服务端指定目录列表,以Python的列表(List)形式返回,如sftp.listdir("/home")。

    SFTPClient类应用示例

    下面为SFTPClient类的一个完整示例,实现了文件上传、下载、创建与删除目录等,需要注意的是,put和get方法需要指定文件名,不能省略。
  • 相关阅读:
    两种常用的启动和关闭MySQL服务
    磁盘分区(20G升50G)
    Google的一些功能和软件
    Google辅助类软件
    Google协作平台
    Google邮箱:Gmail国际顶级邮箱
    Google表单
    Google幻灯片
    在VC/MFC中嵌入Google地图——图文并茂
    与走在创业路上的学子交流——记网维“海大快点”创业团队
  • 原文地址:https://www.cnblogs.com/hwlong/p/9126281.html
Copyright © 2011-2022 走看看