Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Force password authentication (ignore keys in .ssh folder) in Paramiko in Python

I'm trying to write a small Python program to check whether an SSH server allows a password authentication. Here is the current plan:

import base64
import paramiko
client = paramiko.SSHClient()
client.set_missing_host_key_policy(paramiko.AutoAddPolicy())
client.connect('ssh.example.com', username='strongbad', password='thecheat')
stdin, stdout, stderr = client.exec_command('ls')
for line in stdout:
    print('... ' + line.strip('\n'))
client.close()

The idea is to grep the output or to later put a try catch block around the connect statement.

My problem however is that some of the systems that I run the program on have access via a RSA key that is stored under ~/.ssh. And in these cases, the connect will simply succeed (which I want to avoid).

So, here is the question: Does anybody know any way to force Paramiko (or another SSH client) to use passwords?

Thanks

like image 879
Norbert Avatar asked Oct 03 '18 17:10

Norbert


People also ask

What is Paramiko SSHClient ()?

SSHClient. A high-level representation of a session with an SSH server. This class wraps Transport , Channel , and SFTPClient to take care of most aspects of authenticating and opening channels. A typical use case is: client = SSHClient() client.

How do I SSH into Paramiko and server in Python?

A Paramiko SSH Example: Connect to Your Server Using a Password. This section shows you how to authenticate to a remote server with a username and password. To begin, create a new file named first_experiment.py and add the contents of the example file. Ensure that you update the file with your own Linode's details.

Does Paramiko use OpenSSH?

Paramiko relies on cryptography for crypto functionality, which makes use of C and Rust extensions but has many precompiled options available. See our installation page for details. SSH is defined in RFC 4251, RFC 4252, RFC 4253 and RFC 4254. The primary working implementation of the protocol is the OpenSSH project.


1 Answers

The SSHClient.connect method has look_for_keys argument. Set it to False:

client.connect(
    'ssh.example.com', username='strongbad', password='thecheat',
    look_for_keys=False)

Similarly you may want to set allow_agent to False as well.


Obligatory warning: Do not use AutoAddPolicy, unless you do not care about security. You are losing a protection against MITM attacks this way.
For a correct solution, see Paramiko "Unknown Server"
.

like image 125
Martin Prikryl Avatar answered Nov 07 '22 18:11

Martin Prikryl