python模块之：paramiko

1. 介绍：

paramiko是一个用于做远程控制的模块，使用该模块可以对远程服务器进行命令或文件操作，值得一说的是，fabric和ansible内部的远程管理就是使用的paramiko来实现。
安装：  python3.6 -m pip install paramiko

2. 使用：

SSHClient

用于连接远程服务器并执行基本命令

基于用户名密码连接：

#!/usr/bin/env python3
# _*_ coding:utf-8 _*_
import paramiko
ip,port = '10.0.3.60','22'
username,password = 'lishichao','123

# 创建ssh对象
ssh = paramiko.SSHClient()
# 解决ssh第一次连接,认证问题
ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())
# 连接服务器
ssh.connect(ip,port,username,password)

# 执行命令
stdin,stdout,stderr = ssh.exec_command('hostname')     # stdin 标准输入,  stdout 命令执行的结果， stderr 命令执行错误的结果

# 获取命令结果
ret = stdout.read()
if ret:
    print(ret.decode('utf-8').strip())
else:
    print("命令执行失败")
    print(stderr.read().decode('utf-8').strip())

# 关闭连接
ssh.close()

# 执行结果：
b'docker-server
'   # byte 类型,需要decode转码

基于公钥密钥连接：

#创建秘钥对
ssh-keygen
# 推送到指定服务器
ssh-copy-id -i .ssh/id_rsa.pub  用户名字@192.168.x.xxx

import paramiko

# 秘钥文件
private_key = paramiko.RSAKey.from_private_key_file('/root/.ssh/id_rsa')

# 创建SSH对象
ssh = paramiko.SSHClient()

# 允许连接不在know_hosts文件中的主机
ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())

# 连接服务器
ssh.connect(hostname='10.0.3.56', port=22, username='root', pkey=private_key)

# 执行命令
stdin, stdout, stderr = ssh.exec_command('df')

# 获取命令结果
result = stdout.read()
print(result.decode('utf-8'))

# 关闭连接
ssh.close()

出现警告：CryptographyDeprecationWarning

/usr/local/lib/python3.6/site-packages/paramiko/kex_ecdh_nist.py:39: CryptographyDeprecationWarning: encode_point has been deprecated on EllipticCurvePublicNumbers and will be removed in a future version. Please use EllipticCurvePublicKey.public_bytes to obtain both compressed and uncompressed point encoding.
  m.add_string(self.Q_C.public_numbers().encode_point())
/usr/local/lib/python3.6/site-packages/paramiko/kex_ecdh_nist.py:96: CryptographyDeprecationWarning: Support for unsafe construction of public numbers from encoded data will be removed in a future version. Please use EllipticCurvePublicKey.from_encoded_point
  self.curve, Q_S_bytes
/usr/local/lib/python3.6/site-packages/paramiko/kex_ecdh_nist.py:111: CryptographyDeprecationWarning: encode_point has been deprecated on EllipticCurvePublicNumbers and will be removed in a future version. Please use EllipticCurvePublicKey.public_bytes to obtain both compressed and uncompressed point encoding.
  hm.add_string(self.Q_C.public_numbers().encode_point())

原因：
paramiko 2.4.2 依赖 cryptography，而最新的cryptography==2.5里有一些弃用的API。

解决：
删掉cryptography 2.5，安装2.4.2，就不会报错了。
python3 -m pip uninstall cryptography==2.5
python3 -m pip install cryptography==2.4.2

 

SFTPClient

用于连接远程服务器并执行上传下载

基于用户名密码上传下载

import paramiko

transport = paramiko.Transport(('10.0.3.56',22))
transport.connect(username='root', password='buguniao123!@#')

sftp = paramiko.SFTPClient.from_transport(transport)

# 将/tmp/test.txt 上传至服务器 /data/test.txt
sftp.put('/tmp/test.txt', '/data/test.txt')

# 将/data/test.txt 下载到本地 /tmp/a.txt
sftp.get('/data/test.txt', '/tmp/a.txt')

transport.close()

基于公钥密钥上传下载

import paramiko

private_key = paramiko.RSAKey.from_private_key_file('/root/.ssh/id_rsa')

transport = paramiko.Transport(('10.0.3.56', 22))
transport.connect(username='root', pkey=private_key)

sftp = paramiko.SFTPClient.from_transport(transport)

# 将/tmp/haha.txt 上传至服务器 /tmp/a.txt
sftp.put('/tmp/haha.txt', '/tmp/a.txt')

# 将/tmp/a.txt 下载到本地 /root/a.txt
sftp.get('/tmp/a.txt', '/root/a.txt')

transport.close()