Esempio n. 1
0
 def test_load_EC_key_new_format(self):
     key = ECDSAKey.from_private_key_file(_support('test_ecdsa_384_o.key'),
                                          b'television')
     self.assert_key_values(key, 'ecdsa-sha2-nistp384', 384,
                            PUB_EC_384_OPENSSH,
                            FINGER_EC_384_OPENSSH.split()[1],
                            FINGER_SHA256_EC_384_OPENSSH)
Esempio n. 2
0
 def test_load_ecdsa_password_521(self):
     key = ECDSAKey.from_private_key_file(
         _support("test_ecdsa_password_521.key"), b"television")
     self.assertEqual("ecdsa-sha2-nistp521", key.get_name())
     self.assert_key_fingerprints(key, FINGER_ECDSA_521)
     self.assertEqual(PUB_ECDSA_521.split()[1], key.get_base64())
     self.assertEqual(521, key.get_bits())
Esempio n. 3
0
    def test_certificates(self):
        # NOTE: we also test 'live' use of cert auth for all key types in
        # test_client.py; this and nearby cert tests are more about the gritty
        # details.
        # PKey.load_certificate
        key_path = _support(os.path.join('cert_support', 'test_rsa.key'))
        key = RSAKey.from_private_key_file(key_path)
        self.assertTrue(key.public_blob is None)
        cert_path = _support(
            os.path.join('cert_support', 'test_rsa.key-cert.pub'))
        key.load_certificate(cert_path)
        self.assertTrue(key.public_blob is not None)
        self.assertEqual(key.public_blob.key_type,
                         '*****@*****.**')
        self.assertEqual(key.public_blob.comment, 'test_rsa.key.pub')
        # Delve into blob contents, for test purposes
        msg = Message(key.public_blob.key_blob)
        self.assertEqual(msg.get_text(), '*****@*****.**')
        nonce = msg.get_string()  # noqa: F841
        e = msg.get_mpint()
        n = msg.get_mpint()
        self.assertEqual(e, key.public_numbers.e)
        self.assertEqual(n, key.public_numbers.n)
        # Serial number
        self.assertEqual(msg.get_int64(), 1234)

        # Prevented from loading certificate that doesn't match
        key_path = _support(os.path.join('cert_support', 'test_ecdsa_256.key'))
        key1 = ECDSAKey.from_private_key_file(key_path)
        self.assertRaises(
            ValueError,
            key1.load_certificate,
            _support('test_rsa.key-cert.pub'),
        )
Esempio n. 4
0
    def _set_authentication(self, password, private_key, private_key_pass):
        '''Authenticate the transport. prefer password if given'''
        if password is None:
            # Use Private Key.
            if not private_key:
                # Try to use default key.
                if os.path.exists(os.path.expanduser('~/.ssh/id_rsa')):
                    private_key = '~/.ssh/id_rsa'
                elif os.path.exists(os.path.expanduser('~/.ssh/id_dsa')):
                    private_key = '~/.ssh/id_dsa'
                else:
                    raise CredentialException("No password or key specified.")

            if isinstance(private_key, (AgentKey, RSAKey)):
                # use the paramiko agent or rsa key
                self._tconnect['pkey'] = private_key
            else:
                # isn't a paramiko AgentKey or RSAKey, try to build a
                # key from what we assume is a path to a key
                private_key_file = os.path.expanduser(private_key)
                try:  # try rsa
                    self._tconnect['pkey'] = RSAKey.from_private_key_file(
                        private_key_file, private_key_pass)
                except paramiko.SSHException:  # if it fails, try dss
                    # pylint:disable=r0204
                    try:
                        self._tconnect['pkey'] = DSSKey.from_private_key_file(
                            private_key_file, private_key_pass)
                    except paramiko.SSHException:
                        self._tconnect[
                            'pkey'] = ECDSAKey.from_private_key_file(
                                private_key_file, private_key_pass)
 def test_19_load_ecdsa_password_521(self):
     key = ECDSAKey.from_private_key_file(test_path('test_ecdsa_password_521.key'), b'television')
     self.assertEqual('ecdsa-sha2-nistp521', key.get_name())
     exp_ecdsa = b(FINGER_ECDSA_521.split()[1].replace(':', ''))
     my_ecdsa = hexlify(key.get_fingerprint())
     self.assertEqual(exp_ecdsa, my_ecdsa)
     self.assertEqual(PUB_ECDSA_521.split()[1], key.get_base64())
     self.assertEqual(521, key.get_bits())
Esempio n. 6
0
 def test_20_compare_ecdsa_521(self):
     # verify that the private & public keys compare equal
     key = ECDSAKey.from_private_key_file(test_path('test_ecdsa_521.key'))
     self.assertEqual(key, key)
     pub = ECDSAKey(data=key.asbytes())
     self.assertTrue(key.can_sign())
     self.assertTrue(not pub.can_sign())
     self.assertEqual(key, pub)
Esempio n. 7
0
 def test_11_load_ecdsa_password(self):
     key = ECDSAKey.from_private_key_file('tests/test_ecdsa_password.key', 'television')
     self.assertEquals(b'ecdsa-sha2-nistp256', key.get_name())
     exp_ecdsa = FINGER_ECDSA.split()[1].replace(b':', b'')
     my_ecdsa = hexlify(key.get_fingerprint())
     self.assertEquals(exp_ecdsa, my_ecdsa)
     self.assertEquals(PUB_ECDSA.split()[1], key.get_base64())
     self.assertEquals(256, key.get_bits())
Esempio n. 8
0
 def test_16_compare_ecdsa_384(self):
     # verify that the private & public keys compare equal
     key = ECDSAKey.from_private_key_file(_support("test_ecdsa_384.key"))
     self.assertEqual(key, key)
     pub = ECDSAKey(data=key.asbytes())
     self.assertTrue(key.can_sign())
     self.assertTrue(not pub.can_sign())
     self.assertEqual(key, pub)
Esempio n. 9
0
 def test_12_compare_ecdsa(self):
     # verify that the private & public keys compare equal
     key = ECDSAKey.from_private_key_file('tests/test_ecdsa.key')
     self.assertEquals(key, key)
     pub = ECDSAKey(data=bytes(key))
     self.assert_(key.can_sign())
     self.assert_(not pub.can_sign())
     self.assertEquals(key, pub)
Esempio n. 10
0
 def test_15_load_ecdsa_password_384(self):
     key = ECDSAKey.from_private_key_file(_support('test_ecdsa_password_384.key'), b'television')
     self.assertEqual('ecdsa-sha2-nistp384', key.get_name())
     exp_ecdsa = b(FINGER_ECDSA_384.split()[1].replace(':', ''))
     my_ecdsa = hexlify(key.get_fingerprint())
     self.assertEqual(exp_ecdsa, my_ecdsa)
     self.assertEqual(PUB_ECDSA_384.split()[1], key.get_base64())
     self.assertEqual(384, key.get_bits())
Esempio n. 11
0
 def test_11_load_ecdsa_password(self):
     key = ECDSAKey.from_private_key_file(test_path("test_ecdsa_password.key"), b"television")
     self.assertEqual("ecdsa-sha2-nistp256", key.get_name())
     exp_ecdsa = b(FINGER_ECDSA.split()[1].replace(":", ""))
     my_ecdsa = hexlify(key.get_fingerprint())
     self.assertEqual(exp_ecdsa, my_ecdsa)
     self.assertEqual(PUB_ECDSA.split()[1], key.get_base64())
     self.assertEqual(256, key.get_bits())
Esempio n. 12
0
 def test_15_load_ecdsa_password_384(self):
     key = ECDSAKey.from_private_key_file(_support('test_ecdsa_password_384.key'), b'television')
     self.assertEqual('ecdsa-sha2-nistp384', key.get_name())
     exp_ecdsa = b(FINGER_ECDSA_384.split()[1].replace(':', ''))
     my_ecdsa = hexlify(key.get_fingerprint())
     self.assertEqual(exp_ecdsa, my_ecdsa)
     self.assertEqual(PUB_ECDSA_384.split()[1], key.get_base64())
     self.assertEqual(384, key.get_bits())
Esempio n. 13
0
 def test_16_compare_ecdsa_384(self):
     # verify that the private & public keys compare equal
     key = ECDSAKey.from_private_key_file(test_path('test_ecdsa_384.key'))
     self.assertEqual(key, key)
     pub = ECDSAKey(data=key.asbytes())
     self.assertTrue(key.can_sign())
     self.assertTrue(not pub.can_sign())
     self.assertEqual(key, pub)
Esempio n. 14
0
 def test_12_compare_ecdsa(self):
     # verify that the private & public keys compare equal
     key = ECDSAKey.from_private_key_file('tests/test_ecdsa.key')
     self.assertEquals(key, key)
     pub = ECDSAKey(data=str(key))
     self.assert_(key.can_sign())
     self.assert_(not pub.can_sign())
     self.assertEquals(key, pub)
Esempio n. 15
0
 def test_20_compare_ecdsa_521(self):
     # verify that the private & public keys compare equal
     key = ECDSAKey.from_private_key_file(_support("test_ecdsa_521.key"))
     self.assertEqual(key, key)
     pub = ECDSAKey(data=key.asbytes())
     self.assertTrue(key.can_sign())
     self.assertTrue(not pub.can_sign())
     self.assertEqual(key, pub)
Esempio n. 16
0
 def test_load_EC_key_new_format(self):
     key = ECDSAKey.from_private_key_file(_support('test_ecdsa_384_o.key'),
                                          b'television')
     self.assertEqual('ecdsa-sha2-nistp384', key.get_name())
     self.assertEqual(PUB_EC_384_OPENSSH.split()[1], key.get_base64())
     self.assertEqual(384, key.get_bits())
     exp_fp = b(FINGER_EC_384_OPENSSH.split()[1].replace(':', ''))
     my_fp = hexlify(key.get_fingerprint())
     self.assertEqual(exp_fp, my_fp)
Esempio n. 17
0
 def test_11_load_ecdsa_password(self):
     key = ECDSAKey.from_private_key_file('tests/test_ecdsa_password.key',
                                          'television')
     self.assertEquals('ecdsa-sha2-nistp256', key.get_name())
     exp_ecdsa = FINGER_ECDSA.split()[1].replace(':', '')
     my_ecdsa = hexlify(key.get_fingerprint())
     self.assertEquals(exp_ecdsa, my_ecdsa)
     self.assertEquals(PUB_ECDSA.split()[1], key.get_base64())
     self.assertEquals(256, key.get_bits())
Esempio n. 18
0
 def test_load_ecdsa_password_521(self):
     key = ECDSAKey.from_private_key_file(
         _support("test_ecdsa_password_521.key"), b"television")
     self.assertEqual("ecdsa-sha2-nistp521", key.get_name())
     exp_ecdsa = b(FINGER_ECDSA_521.split()[1].replace(":", ""))
     my_ecdsa = hexlify(key.get_fingerprint())
     self.assertEqual(exp_ecdsa, my_ecdsa)
     self.assertEqual(PUB_ECDSA_521.split()[1], key.get_base64())
     self.assertEqual(521, key.get_bits())
Esempio n. 19
0
 def test_load_openssh_format_EC_key(self):
     key = ECDSAKey.from_private_key_file(
         _support("test_ecdsa_384_openssh.key"), b"television")
     self.assertEqual("ecdsa-sha2-nistp384", key.get_name())
     self.assertEqual(PUB_EC_384_OPENSSH.split()[1], key.get_base64())
     self.assertEqual(384, key.get_bits())
     exp_fp = b(FINGER_EC_384_OPENSSH.split()[1].replace(":", ""))
     my_fp = hexlify(key.get_fingerprint())
     self.assertEqual(exp_fp, my_fp)
Esempio n. 20
0
 def test_19_load_ecdsa_password_521(self):
     key = ECDSAKey.from_private_key_file(
         _support("test_ecdsa_password_521.key"), b"television"
     )
     self.assertEqual("ecdsa-sha2-nistp521", key.get_name())
     exp_ecdsa = b(FINGER_ECDSA_521.split()[1].replace(":", ""))
     my_ecdsa = hexlify(key.get_fingerprint())
     self.assertEqual(exp_ecdsa, my_ecdsa)
     self.assertEqual(PUB_ECDSA_521.split()[1], key.get_base64())
     self.assertEqual(521, key.get_bits())
Esempio n. 21
0
    def test_load_ecdsa_384(self):
        key = ECDSAKey.from_private_key_file(_support('test_ecdsa_384.key'))
        self.assert_key_values(key, 'ecdsa-sha2-nistp384', 384, PUB_ECDSA_384,
                               FINGER_ECDSA_384.split()[1],
                               FINGER_SHA256_ECDSA_384)

        s = StringIO()
        key.write_private_key(s)
        self.assertEqual(ECDSA_PRIVATE_OUT_384, s.getvalue())
        s.seek(0)
        key2 = ECDSAKey.from_private_key(s)
        self.assertEqual(key, key2)
Esempio n. 22
0
 def test_sign_ecdsa_384(self):
     # verify that the rsa private key can sign and verify
     key = ECDSAKey.from_private_key_file(_support('test_ecdsa_384.key'))
     msg = key.sign_ssh_data(b'ice weasels')
     self.assertTrue(type(msg) is Message)
     msg.rewind()
     self.assertEqual('ecdsa-sha2-nistp384', msg.get_text())
     # ECDSA signatures, like DSS signatures, tend to be different
     # each time, so we can't compare against a "known correct" signature.
     # Even the length of the signature can change.
     msg.rewind()
     pub = ECDSAKey(data=key.asbytes())
     self.assertTrue(pub.verify_ssh_sig(b'ice weasels', msg))
Esempio n. 23
0
    def test_load_ecdsa_384(self):
        key = ECDSAKey.from_private_key_file(_support("test_ecdsa_384.key"))
        self.assertEqual("ecdsa-sha2-nistp384", key.get_name())
        self.assert_key_fingerprints(key, FINGER_ECDSA_384)
        self.assertEqual(PUB_ECDSA_384.split()[1], key.get_base64())
        self.assertEqual(384, key.get_bits())

        s = StringIO()
        key.write_private_key(s)
        self.assertEqual(ECDSA_PRIVATE_OUT_384, s.getvalue())
        s.seek(0)
        key2 = ECDSAKey.from_private_key(s)
        self.assertEqual(key, key2)
Esempio n. 24
0
    def test_21_sign_ecdsa_521(self):
        # verify that the rsa private key can sign and verify
        key = ECDSAKey.from_private_key_file(test_path('test_ecdsa_521.key'))
        msg = key.sign_ssh_data(b'ice weasels')
        self.assertTrue(type(msg) is Message)
        msg.rewind()
        self.assertEqual('ecdsa-sha2-nistp521', msg.get_text())
        # ECDSA signatures, like DSS signatures, tend to be different
        # each time, so we can't compare against a "known correct"
        # signature.
        # Even the length of the signature can change.

        msg.rewind()
        pub = ECDSAKey(data=key.asbytes())
        self.assertTrue(pub.verify_ssh_sig(b'ice weasels', msg))
Esempio n. 25
0
    def test_14_load_ecdsa_384(self):
        key = ECDSAKey.from_private_key_file(test_path('test_ecdsa_384.key'))
        self.assertEqual('ecdsa-sha2-nistp384', key.get_name())
        exp_ecdsa = b(FINGER_ECDSA_384.split()[1].replace(':', ''))
        my_ecdsa = hexlify(key.get_fingerprint())
        self.assertEqual(exp_ecdsa, my_ecdsa)
        self.assertEqual(PUB_ECDSA_384.split()[1], key.get_base64())
        self.assertEqual(384, key.get_bits())

        s = StringIO()
        key.write_private_key(s)
        self.assertEqual(ECDSA_PRIVATE_OUT_384, s.getvalue())
        s.seek(0)
        key2 = ECDSAKey.from_private_key(s)
        self.assertEqual(key, key2)
Esempio n. 26
0
    def test_10_load_ecdsa(self):
        key = ECDSAKey.from_private_key_file('tests/test_ecdsa.key')
        self.assertEquals(b'ecdsa-sha2-nistp256', key.get_name())
        exp_ecdsa = FINGER_ECDSA.split()[1].replace(b':', b'')
        my_ecdsa = hexlify(key.get_fingerprint())
        self.assertEquals(exp_ecdsa, my_ecdsa)
        self.assertEquals(PUB_ECDSA.split()[1], key.get_base64())
        self.assertEquals(256, key.get_bits())

        s = BytesIO()
        key.write_private_key(s)
        self.assertEquals(ECDSA_PRIVATE_OUT, s.getvalue())
        s.seek(0)
        key2 = ECDSAKey.from_private_key(StringIO(s.getvalue().decode()))
        self.assertEquals(key, key2)
Esempio n. 27
0
    def test_load_ecdsa_521(self):
        key = ECDSAKey.from_private_key_file(_support('test_ecdsa_521.key'))
        self.assert_key_values(key, 'ecdsa-sha2-nistp521', 521, PUB_ECDSA_521,
                               FINGER_ECDSA_521.split()[1],
                               FINGER_SHA256_ECDSA_521)

        s = StringIO()
        key.write_private_key(s)
        # Different versions of OpenSSL (SSLeay versions 0x1000100f and
        # 0x1000207f for instance) use different apparently valid (as far as
        # ssh-keygen is concerned) padding. So we can't check the actual value
        # of the pem encoded key.
        s.seek(0)
        key2 = ECDSAKey.from_private_key(s)
        self.assertEqual(key, key2)
Esempio n. 28
0
    def test_14_load_ecdsa_384(self):
        key = ECDSAKey.from_private_key_file(_support("test_ecdsa_384.key"))
        self.assertEqual("ecdsa-sha2-nistp384", key.get_name())
        exp_ecdsa = b(FINGER_ECDSA_384.split()[1].replace(":", ""))
        my_ecdsa = hexlify(key.get_fingerprint())
        self.assertEqual(exp_ecdsa, my_ecdsa)
        self.assertEqual(PUB_ECDSA_384.split()[1], key.get_base64())
        self.assertEqual(384, key.get_bits())

        s = StringIO()
        key.write_private_key(s)
        self.assertEqual(ECDSA_PRIVATE_OUT_384, s.getvalue())
        s.seek(0)
        key2 = ECDSAKey.from_private_key(s)
        self.assertEqual(key, key2)
Esempio n. 29
0
    def test_13_sign_ecdsa(self):
        # verify that the rsa private key can sign and verify
        key = ECDSAKey.from_private_key_file('tests/test_ecdsa.key')
        msg = key.sign_ssh_data(rng, 'ice weasels')
        self.assert_(type(msg) is Message)
        msg.rewind()
        self.assertEquals('ecdsa-sha2-nistp256', msg.get_string())
        # ECDSA signatures, like DSS signatures, tend to be different
        # each time, so we can't compare against a "known correct"
        # signature.
        # Even the length of the signature can change.

        msg.rewind()
        pub = ECDSAKey(data=str(key))
        self.assert_(pub.verify_ssh_sig('ice weasels', msg))
Esempio n. 30
0
    def test_10_load_ecdsa_256(self):
        key = ECDSAKey.from_private_key_file(test_path('test_ecdsa_256.key'))
        self.assertEqual('ecdsa-sha2-nistp256', key.get_name())
        exp_ecdsa = b(FINGER_ECDSA_256.split()[1].replace(':', ''))
        my_ecdsa = hexlify(key.get_fingerprint())
        self.assertEqual(exp_ecdsa, my_ecdsa)
        self.assertEqual(PUB_ECDSA_256.split()[1], key.get_base64())
        self.assertEqual(256, key.get_bits())

        s = StringIO()
        key.write_private_key(s)
        self.assertEqual(ECDSA_PRIVATE_OUT_256, s.getvalue())
        s.seek(0)
        key2 = ECDSAKey.from_private_key(s)
        self.assertEqual(key, key2)
Esempio n. 31
0
    def test_13_sign_ecdsa(self):
        # verify that the rsa private key can sign and verify
        key = ECDSAKey.from_private_key_file('tests/test_ecdsa.key')
        msg = key.sign_ssh_data(rng, b'ice weasels')
        self.assert_(type(msg) is Message)
        msg.rewind()
        self.assertEquals(b'ecdsa-sha2-nistp256', msg.get_string())
        # ECDSA signatures, like DSS signatures, tend to be different
        # each time, so we can't compare against a "known correct"
        # signature.
        # Even the length of the signature can change.

        msg.rewind()
        pub = ECDSAKey(data=bytes(key))
        self.assert_(pub.verify_ssh_sig(b'ice weasels', msg))
Esempio n. 32
0
    def test_10_load_ecdsa_256(self):
        key = ECDSAKey.from_private_key_file(_support("test_ecdsa_256.key"))
        self.assertEqual("ecdsa-sha2-nistp256", key.get_name())
        exp_ecdsa = b(FINGER_ECDSA_256.split()[1].replace(":", ""))
        my_ecdsa = hexlify(key.get_fingerprint())
        self.assertEqual(exp_ecdsa, my_ecdsa)
        self.assertEqual(PUB_ECDSA_256.split()[1], key.get_base64())
        self.assertEqual(256, key.get_bits())

        s = StringIO()
        key.write_private_key(s)
        self.assertEqual(ECDSA_PRIVATE_OUT_256, s.getvalue())
        s.seek(0)
        key2 = ECDSAKey.from_private_key(s)
        self.assertEqual(key, key2)
Esempio n. 33
0
    def test_18_load_ecdsa_521(self):
        key = ECDSAKey.from_private_key_file(_support("test_ecdsa_521.key"))
        self.assertEqual("ecdsa-sha2-nistp521", key.get_name())
        exp_ecdsa = b(FINGER_ECDSA_521.split()[1].replace(":", ""))
        my_ecdsa = hexlify(key.get_fingerprint())
        self.assertEqual(exp_ecdsa, my_ecdsa)
        self.assertEqual(PUB_ECDSA_521.split()[1], key.get_base64())
        self.assertEqual(521, key.get_bits())

        s = StringIO()
        key.write_private_key(s)
        # Different versions of OpenSSL (SSLeay versions 0x1000100f and
        # 0x1000207f for instance) use different apparently valid (as far as
        # ssh-keygen is concerned) padding. So we can't check the actual value
        # of the pem encoded key.
        s.seek(0)
        key2 = ECDSAKey.from_private_key(s)
        self.assertEqual(key, key2)
Esempio n. 34
0
    def test_18_load_ecdsa_521(self):
        key = ECDSAKey.from_private_key_file(test_path('test_ecdsa_521.key'))
        self.assertEqual('ecdsa-sha2-nistp521', key.get_name())
        exp_ecdsa = b(FINGER_ECDSA_521.split()[1].replace(':', ''))
        my_ecdsa = hexlify(key.get_fingerprint())
        self.assertEqual(exp_ecdsa, my_ecdsa)
        self.assertEqual(PUB_ECDSA_521.split()[1], key.get_base64())
        self.assertEqual(521, key.get_bits())

        s = StringIO()
        key.write_private_key(s)
        # Different versions of OpenSSL (SSLeay versions 0x1000100f and
        # 0x1000207f for instance) use different apparently valid (as far as
        # ssh-keygen is concerned) padding. So we can't check the actual value
        # of the pem encoded key.
        s.seek(0)
        key2 = ECDSAKey.from_private_key(s)
        self.assertEqual(key, key2)
Esempio n. 35
0
 def test_load_ecdsa_password_521(self):
     key = ECDSAKey.from_private_key_file(
         _support('test_ecdsa_password_521.key'), b'television')
     self.assert_key_values(key, 'ecdsa-sha2-nistp521', 521, PUB_ECDSA_521,
                            FINGER_ECDSA_521.split()[1],
                            FINGER_SHA256_ECDSA_521)
Esempio n. 36
0
    def test_load_openssh_format_EC_key(self):
        key = ECDSAKey.from_private_key_file(
            _support("test_ecdsa_384_openssh.key"), b"television")
        self.assertEqual("ecdsa-sha2-nistp384", key.get_name())

        self.assert_key_fingerprints(key, FINGER_EC_384_OPENSSH)
Esempio n. 37
0
args = parser.parse_args()
args.local_dir = os.path.abspath(args.local_dir)

logging.basicConfig(level=logging.INFO,
                    format="%(asctime)s - %(message)s",
                    datefmt="%H:%M:%S")
logging.getLogger("paramiko.transport").setLevel(logging.ERROR)
logger = logging.getLogger()

if args.configure:
    logger.info("here is where we run ansible playbooks")
    exit(0)

try:
    key_file = os.path.expanduser(args.identity)
    private_key = ECDSAKey.from_private_key_file(key_file)
except FileNotFoundError as e:
    logger.error(f"{args.identity} not found")
    exit(1)
except SSHException as e:
    logger.error(f"{key_file}; {e}")
    exit(1)

ssh = SSHClient()
ssh.set_missing_host_key_policy(AutoAddPolicy())
ssh.load_system_host_keys()

try:
    logger.info(f"connecting to {args.hostname}")
    ssh.connect(args.hostname, username=args.user, pkey=private_key)
except AuthenticationException as e: