Sending a password over SSH or SCP with subprocess.Popen
I\'m trying to run an scp (secure copy) command using subprocess.Popen. The login requires that I send a password:
from subprocess import Popen
-
Here's a function to
sshwith a password usingpexpect:import pexpect def ssh(host, cmd, user, password, timeout=30, bg_run=False): """SSH'es to a host using the supplied credentials and executes a command. Throws an exception if the command doesn't return 0. bgrun: run command in the background""" fname = tempfile.mktemp() fout = open(fname, 'w') options = '-q -oStrictHostKeyChecking=no -oUserKnownHostsFile=/dev/null -oPubkeyAuthentication=no' if bg_run: options += ' -f' ssh_cmd = 'ssh %s@%s %s "%s"' % (user, host, options, cmd) child = pexpect.spawn(ssh_cmd, timeout=timeout) #spawnu for Python 3 child.expect(['[pP]assword: ']) child.sendline(password) child.logfile = fout child.expect(pexpect.EOF) child.close() fout.close() fin = open(fname, 'r') stdout = fin.read() fin.close() if 0 != child.exitstatus: raise Exception(stdout) return stdoutSomething similar should be possible using
scp.讨论(0) -
I guess some applications interact with the user using stdin and some applications interact using terminal. In this case when we write the password using PIPE we are writing to stdin. But SCP application reads the password from terminal. As subprocess cannot interact with user using terminal but can only interact using stdin we cannot use the subprocess module and we must use pexpect for copying the file using scp.
Feel free for corrections.
讨论(0) -
Here is my scp function based on pexpect. It can handle wildcards (i.e. multiple file transfer), in addition to the password. To handle multiple file transfer (i.e. wildcards), we need to issue a command via a shell. Refer to pexpect FAQ.
import pexpect def scp(src,user2,host2,tgt,pwd,opts='',timeout=30): ''' Performs the scp command. Transfers file(s) from local host to remote host ''' cmd = f'''/bin/bash -c "scp {opts} {src} {user2}@{host2}:{tgt}"''' print("Executing the following cmd:",cmd,sep='\n') tmpFl = '/tmp/scp.log' fp = open(tmpFl,'wb') childP = pexpect.spawn(cmd,timeout=timeout) try: childP.sendline(cmd) childP.expect([f"{user2}@{host2}'s password:"]) childP.sendline(pwd) childP.logfile = fp childP.expect(pexpect.EOF) childP.close() fp.close() fp = open(tmpFl,'r') stdout = fp.read() fp.close() if childP.exitstatus != 0: raise Exception(stdout) except KeyboardInterrupt: childP.close() fp.close() return print(stdout)It can be used this way:
params = { 'src': '/home/src/*.txt', 'user2': 'userName', 'host2': '192.168.1.300', 'tgt': '/home/userName/', 'pwd': myPwd(), 'opts': '', } scp(**params)讨论(0) -
Pexpect has a library for exactly this: pxssh
http://pexpect.readthedocs.org/en/stable/api/pxssh.html
import pxssh import getpass try: s = pxssh.pxssh() hostname = raw_input('hostname: ') username = raw_input('username: ') password = getpass.getpass('password: ') s.login(hostname, username, password) s.sendline('uptime') # run a command s.prompt() # match the prompt print(s.before) # print everything before the prompt. s.logout() except pxssh.ExceptionPxssh as e: print("pxssh failed on login.") print(e)讨论(0) -
The second answer you linked suggests you use Pexpect(which is usually the right way to go about interacting with command line programs that expect input). There is a fork of it which works for python3 which you can use.
讨论(0) -
The OpenSSH
scputility invokes thesshprogram to make the SSH connection to the remote host, and the ssh process handles authentication. Thesshutility doesn't accept a password on the command line or on its standard input. I believe this is a deliberate decision on the part of the OpenSSH developers, because they feel that people should be using more secure mechanisms like key-based authentication. Any solution for invoking ssh is going to follow one of these approaches:- Use an SSH key for authentication, instead of a password.
- Use sshpass, expect, or a similar tool to automate responding to the password prompt.
- Use (abuse) the SSH_ASKPASS feature to get
sshto get the password by invoking another command, described here or here, or in some of the answers here. - Get the SSH server administrator to enable host-based authentication and use that. Note that host-based authentication is only suitable for certain network environments. See additional notes here and here.
- Write your own ssh client using perl, python, java, or your favorite language. There are ssh client libraries available for most modern programming languages, and you'd have full control over how the client gets the password.
- Download the ssh source code and build a modified version of
sshthat works the way you want. - Use a different ssh client. There are other ssh clients available, both free and commercial. One of them might suit your needs better than the OpenSSH client.
In this particular case, given that you're already invoking
scpfrom a python script, it seems that one of these would be the most reasonable approach:- Use pexpect, the python expect module, to invoke
scpand feed the password to it. - Use paramiko, the python ssh implementation, to do this ssh task instead of invoking an outside program.
讨论(0)
加载中...
- 热议问题