Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Automatically updating known_hosts file when host key changes using Paramiko

Tags:

python

ssh

key

ssh-keys

paramiko

Currently I am using Paramiko (in Python) to execute remote command on a node. At times, remote nodes change theirs public key, and consequently Paramiko fails as fingerprints do not match. Is there a way to update the keys in known_hosts file when they change? If this is not possible is there any other way to ignore the warning thrown?

Currently I have a hacky solution where known_hosts file is deleted before making the call which is not good.

like image 375
pkumarn Avatar asked Nov 22 '17 15:11

pkumarn

People also ask

What key is stored in known_hosts?

The known_hosts File is a client file containing all remotely connected known hosts, and the ssh client uses this file. This file authenticates for the client to the server they are connecting to. The known_hosts file contains the host public key for all known hosts.

What is host key Paramiko?

HostKeys (filename=None) Representation of an OpenSSH-style “known hosts” file. Host keys can be read from one or more files, and then individual hosts can be looked up to verify server keys during SSH negotiation. A HostKeys object can be treated like a dict; any dict lookup is equivalent to calling lookup .

What is the purpose of the known_hosts file?

Definition(s): A file associated with a specific account that contains one or more host keys. Each host key is associated with an SSH server address (IP or hostname) so that the server can be authenticated when a connection is initiated.

1 Answers

BadHostKeyException is thrown when a host key changes, as that is a sign of the connecting being hijacked (aka Man-in-the-middle attack).

You should never blindly ignore the exception. Unless maybe, if you connect to a server located in the same private network as your client.

In your specific case, a better strategy is to preserve host keys during server reinstall.

Anyway, if you really do not care about security, and are willing to blindly accept any host key:

  • do not call SSHClient.load_host_keys, so that you start with a blank list of known host keys;

  • and use AutoAddPolicy, to automatically accept host keys of new hosts (all hosts are new due to the previous point):

    ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())
like image 76
Martin Prikryl Avatar answered Sep 23 '22 13:09

Martin Prikryl
Sign in to Comment

Related questions

Pandas Get Day of Week from date type column
Group python pandas dataframe per weeks (starting on Monday)
Retrieve final hidden activation layer output from sklearn's MLPClassifier
PyTest fails on a directory with multiple test files when modularizing fixtures
Python timedelta object with negative values
Online or batch training by default in tensorflow
How to check is numpy 2d array "surrounded" by zeros
How to crop an image from the center with certain dimensions?
How to retrieve all the css properties of an element using selenium python?
Understanding the matrix output of Tfidfvectorizer in Sklearn
Celery 4 not auto-discovering tasks
Pass a list of strings as parameter of a dependant task in Airflow
ParameterVailidation Failed When Sending List to DynamoDB
How to use tf.data.Dataset.padded_batch with a nested shape?
Pandas Loc select by index as well as boolean condition in single expression
How can I use a custom function within an expression using the eval dataframe method?
How to calculate (statistical) power function vs. sample size in python?
Can I pickle Python objects in memory instead of a physical file? [duplicate]
Django ModuleNotFoundError
Python socket listen on all ports

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!