Paramiko / Python:键盘交互式身份验证

前端之家收集整理的这篇文章主要介绍了Paramiko / Python:键盘交互式身份验证 前端之家小编觉得挺不错的,现在分享给大家,也给大家做个参考。

我在尝试使用Paramiko(Python)创建SFTP客户端时遇到了困难.

码:

 import paramiko as sftp

 transport = sftp.Transport(('myhost',port),default_max_packet_size=10000,default_window_size=10000)
 transport.connect(username='myuser',password='mypassword')
 client_from_transport = sftp.SFTPClient.from_transport(transport)

错误

   

Traceback (most recent call last):
    File "sftp.py",line 91,in <module>
    sftp_client = create_sftp_client()
    File "...\sftp.py",line 63,in create_sftp_client
    client_from_transport = sftp.SFTPClient.from_transport(transport)
    File "...\Python\Python37\Lib\site-packages\paramiko\sftp_client.py",line 165,in from_transport
    window_size=window_size,max_packet_size=max_packet_size
    File "...\Python\Python37\Lib\site-packages\paramiko\transport.py",line 
    806,in open_session
    timeout=timeout,File "...\Python\Python37\Lib\site-packages\paramiko\transport.py",line 
    933,in open_channel
    raise e
    File "...\Python\Python37\Lib\site-packages\paramiko\transport.py",line 
    1982,in run
    ptype,m = self.packetizer.read_message()
    File "...\Python\Python37\Lib\site-packages\paramiko\packet.py",line 
    441,in read_message
    header = self.read_all(self.__block_size_in,check_rekey=True)
    File "...\Python\Python37\Lib\site-packages\paramiko\packet.py",line 
    290,in read_all
    raise EOFError()
    EOFError

打印运输对象显示

<paramiko.Transport at 0x68d0c1d0 (cipher aes128-ctr,128 bits) (connected; awaiting auth)>

Paramiko日志文件

DEB [20190403-12:31:01.550] thr=1   paramiko.transport: starting thread (client mode): 0xfbc42780
DEB [20190403-12:31:01.550] thr=1   paramiko.transport: Local version/idstring: SSH-2.0-paramiko_2.4.2
DEB [20190403-12:31:01.567] thr=1   paramiko.transport: Remote version/idstring: SSH-2.0-Server
INF [20190403-12:31:01.567] thr=1   paramiko.transport: Connected (version 2.0,client Server)
DEB [20190403-12:31:01.571] thr=1   paramiko.transport: kex algos:['ecdh-sha2-nistp521','ecdh-sha2-nistp384','ecdh-sha2-nistp256','diffie-hellman-group-exchange-sha256','diffie-hellman-group-exchange-sha1','diffie-hellman-group18-sha512','diffie-hellman-group17-sha512','diffie-hellman-group16-sha512','diffie-hellman-group15-sha512','diffie-hellman-group14-sha256','diffie-hellman-group14-sha1','diffie-hellman-group1-sha1'] server key:['ssh-rsa'] client encrypt:['aes128-ctr','aes192-ctr','aes256-ctr','arcfour256','arcfour128','aes128-cbc','3des-cbc','blowfish-cbc','aes192-cbc','aes256-cbc'] server encrypt:['aes128-ctr','aes256-cbc'] client mac:['hmac-md5','hmac-sha1','hmac-sha2-256','hmac-sha2-512','hmac-sha1-96','hmac-md5-96'] server mac:['hmac-md5','hmac-md5-96'] client compress:['none','zlib','zlib@openssh.com'] server compress:['none','zlib@openssh.com'] client lang:[''] server lang:[''] kex follows?False
DEB [20190403-12:31:01.572] thr=1   paramiko.transport: Kex agreed: ecdh-sha2-nistp256
DEB [20190403-12:31:01.572] thr=1   paramiko.transport: HostKey agreed: ssh-rsa
DEB [20190403-12:31:01.572] thr=1   paramiko.transport: Cipher agreed: aes128-ctr
DEB [20190403-12:31:01.572] thr=1   paramiko.transport: MAC agreed: hmac-sha2-256
DEB [20190403-12:31:01.572] thr=1   paramiko.transport: Compression agreed: none
DEB [20190403-12:31:01.654] thr=1   paramiko.transport: kex engine KexNistp256 specified hash_algo <built-in function openssl_sha256>
DEB [20190403-12:31:01.669] thr=1   paramiko.transport: Switch to new keys ...
DEB [20190403-12:31:01.670] thr=2   paramiko.transport: Attempting password auth...
DEB [20190403-12:31:01.689] thr=1   paramiko.transport: userauth is OK
INF [20190403-12:31:02.010] thr=1   paramiko.transport: Authentication continues...
DEB [20190403-12:31:02.010] thr=1   paramiko.transport: Methods: ['keyboard-interactive']
DEB [20190403-12:31:02.010] thr=2   paramiko.transport: [chan 0] Max packet in: 10000 bytes
DEB [20190403-12:31:02.026] thr=1   paramiko.transport: EOF in transport thread

但是SFTP可在FileZilla中使用:

2019-04-03 13:02:36 13796 1 Status: Connecting to xxxxxx...
2019-04-03 13:02:36 13796 1 Trace: CControlSocket::SendNextCommand()
2019-04-03 13:02:36 13796 1 Trace: CSftpDeleteOpData::Send() in state 0
2019-04-03 13:02:36 13796 1 Trace: Going to execute C:\Program Files\FileZilla FTP Client\fzsftp.exe
2019-04-03 13:02:36 13796 1 Response: fzSftp started,protocol_version=8
2019-04-03 13:02:36 13796 1 Trace: CSftpDeleteOpData::ParseResponse() in state 0
2019-04-03 13:02:36 13796 1 Trace: CControlSocket::SendNextCommand()
2019-04-03 13:02:36 13796 1 Trace: CSftpDeleteOpData::Send() in state 3
2019-04-03 13:02:36 13796 1 Command: open "user" 2222
2019-04-03 13:02:36 13796 1 Trace: Connecting to ip port 2222
2019-04-03 13:02:36 13796 1 Trace: We claim version: SSH-2.0-FileZilla_3.41.2
2019-04-03 13:02:36 13796 1 Trace: Server version: SSH-2.0-Server
2019-04-03 13:02:36 13796 1 Trace: Using SSH protocol version 2
2019-04-03 13:02:36 13796 1 Trace: Doing ECDH key exchange with curve nistp256 and hash SHA-256
2019-04-03 13:02:36 13796 1 Trace: Host key fingerprint is:
2019-04-03 13:02:36 13796 1 Trace: ssh-rsa 1024 xxxx=
2019-04-03 13:02:36 13796 1 Trace: Initialised AES-256 SDCTR client->server encryption
2019-04-03 13:02:36 13796 1 Trace: Initialised HMAC-SHA-256 client->server MAC algorithm
2019-04-03 13:02:36 13796 1 Trace: Initialised AES-256 SDCTR server->client encryption
2019-04-03 13:02:36 13796 1 Trace: Initialised HMAC-SHA-256 server->client MAC algorithm
2019-04-03 13:02:36 13796 1 Trace: Attempting keyboard-interactive authentication
2019-04-03 13:02:36 13796 1 Trace: Using keyboard-interactive authentication. inst_len: 0,num_prompts: 1
2019-04-03 13:02:36 13796 1 Command: Pass: ********
2019-04-03 13:02:36 13796 1 Trace: Access granted
2019-04-03 13:02:36 13796 1 Trace: opening session as main channel
2019-04-03 13:02:37 13796 1 Trace: Opened main channel
2019-04-03 13:02:37 13796 1 Trace: Started a shell/command
2019-04-03 13:02:37 13796 1 Status: Connected to xxxx

尝试使用sftp_client = SSHClient()而不是通过传输对象创建SFTP客户端时,出现了相同的错误.在创建我的传输对象时也尝试添加timeout = timeout,没有帮助.

请问对此有何想法?

最佳答案
您的服务器正在使用键盘交互式身份验证,而不是简单的密码身份验证.

通常,当密码验证失败并且键盘交互提示仅包含一个字段(可能是密码)时,Paramiko足够聪明,可以退回到键盘交互验证.

问题是您的服务器的行为就像密码验证成功一样.

您可以使用以下代码明确使Paramiko尝试键盘交互式身份验证:

def handler(title,instructions,fields):
    if len(fields) > 1:
        raise SSHException("Expecting one field only.")
    return [password]

transport.connect(username='myuser')
transport.auth_interactive(username,handler)

猜你在找的Python相关文章