def ssh(self, address):
"""
Create an SSH connection to the instance.
"""
try:
ssh = SSHClient()
# ssh.load_system_host_keys()
"""
VM instances' IP addresses are indeterminate,
so there is no good way to detect
a Man In The Middle attack.
The fact that a different instance now has the same IP address
could be a MITM attack, or it could be due to deletion
of the old instance, or it could be due to re-arranging of
IP addresses among the same set of instances.
We don't care much about MITM attacks anyway - they would
merely cause us to test the correct functioning of some
attacker's computer, instead of our instance, which would
be bad only if the attacker's computer were less broken
than our instance, thus hiding problems with our instance.
This is a less bad problem than SSH connectivity randomly
failing when IP addresses get re-used.
So just disable protection against MITM attacks, by:
1. Auto-adding unknown hosts to the known hosts file and
2. Not loading any known hosts files.
"""
ssh.set_missing_host_key_policy(AutoAddPolicy())
ssh.connect(address,
username=self.params['ssh_username'],
key_filename=self.params['ssh_key_file'])
except:
self.logger.debug(self.instance().get_console_output(10))
raise
return ssh
def __init__(self, host, user='******'):
self.host = host
self.user = user
self.client = SSHClient()
self.sftpclient = None
self.client.set_missing_host_key_policy(AutoAddPolicy())
self.client.load_system_host_keys()
def __init__(self, host, user, password, interpreter, cwd):
# UploadDownloadMixin.__init__(self)
try:
import paramiko
from paramiko.client import SSHClient, AutoAddPolicy
except ImportError:
print(
"\nThis back-end requires an extra package named 'paramiko'."
" Install it from 'Tools => Manage plug-ins' or via your system package manager.",
file=sys.stderr,
)
sys.exit()
self._host = host
self._user = user
self._password = password
self._remote_interpreter = interpreter
self._cwd = cwd
self._proc = None # type: Optional[RemoteProcess]
self._sftp = None # type: Optional[paramiko.SFTPClient]
self._client = SSHClient()
self._client.load_system_host_keys()
self._client.set_missing_host_key_policy(paramiko.client.AutoAddPolicy())
# TODO: does it get closed properly after process gets killed?
self._connect()
def __enter__(self):
self.local.depth = getattr(self.local, 'depth', 0) + 1
if self.local.depth < 2:
self.wait_state()
self.local.client = SSHClient()
self.local.client.set_missing_host_key_policy(AutoAddPolicy())
trial = 1
logger = self.get_logger()
while 1:
try:
logger.info('try to connect %s@%s... [attempt #%d]',
self.login,
self.instance.public_dns_name,
trial)
self.local.client.connect(
self.instance.public_dns_name,
username=self.login,
pkey=self.app.private_key
)
except socket.error as e:
if e.errno in (60, 61, 111, 113) and trial <= 20:
time.sleep(3)
trial += 1
continue
logger.exception(e)
raise
else:
break
return self.local.client
def ParamikoMethod(self):
trans = Transport((self.ip, 22))
trans.connect(username=self.username, password=self.password)
paramiko_client = SSHClient()
paramiko_client.set_missing_host_key_policy(AutoAddPolicy())
paramiko_client._transport = trans
return paramiko_client
def __connect(self): assert self._server_pub_key and self._server_url and isinstance(self._my_host_key_policy, MissingHostKeyPolicy) client = SSHClient() client.set_missing_host_key_policy(self._my_host_key_policy) client.connect(self._server_url) # host alias from .ssh/config # self._ssh_client = client return True
def turn_off(id):
server = SERVERS.get(id)
if not server:
return server_not_found()
exit_status = -1
ssh_settings = server['ssh']
client = SSHClient()
client.load_system_host_keys()
client.set_missing_host_key_policy(AutoAddPolicy())
client.connect(ssh_settings['address'],
username=ssh_settings['username'],
password=ssh_settings['password'])
stdin, stdout, stderr = client.exec_command('shutdown -p now')
#print("stdout: " + str(stdout.readlines()))
#print("stderr: " + str(stderr.readlines()))
exit_status = stdout.channel.recv_exit_status()
print("Shutdown, exit status: %s" % exit_status)
client.close()
return jsonify({"success": exit_status == 0})
def __init__(self):
self.config = configparser.ConfigParser()
self.filename = os.path.join(os.path.dirname(__file__),
args.filename).replace("\\", "/")
self.config.read(self.filename)
self.ssh_client = SSHClient()
self.shell = None
def __init__(self, host, port=22, timeout=10):
self.host = host
self.port = int(port)
self.timeout = timeout
self.ssh_client = SSHClient()
self.ssh_client.set_missing_host_key_policy(AutoAddPolicy())
def Upload(self, files, dsDir):
try:
self.ssh = SSHClient()
self.ssh.set_missing_host_key_policy(AutoAddPolicy())
self.ssh.connect(self.host,
port=self.port,
username=self.usr,
password=self.pwd,
pkey=self.pk,
key_filename=self.kf,
banner_timeout=3.0,
auth_timeout=3.0)
self.stftp = self.ssh.open_sftp()
result = []
for f in files:
if os.path.isfile(f):
dir, fn = os.path.split(f)
result.append((f,
self.UploadFile(self.stftp, f,
os.path.join(dsDir, fn))))
elif os.path.isdir(f):
for root, dirs, fns in os.walk(f):
for fn in fns:
result.append(
(os.path.join(root, fn),
self.UploadFile(
self.stftp, os.path.join(root, fn),
os.path.join(dsDir, root.replace(f, ''),
fn))))
self.__close()
return True, result
except Exception as e:
self.__close()
return False, traceback.format_exc()
def run_remote_command(args, hostgroup_name, hostgroup, command):
"""Run the appropriate command on hosts in a given host group based on
the action being taken"""
client = SSHClient()
client.load_system_host_keys()
client.set_missing_host_key_policy(AutoAddPolicy())
ssh_key = None
host_results = {}
if args.ssh_key:
ssh_key = "%s/.ssh/%s" % (os.environ['HOME'], args.ssh_key)
for host in hostgroup:
try:
client.connect(host.address,
allow_agent=True,
username=os.getenv('USER'))
except Exception, e:
print "Error running remote command on (%s:%s) (%s)" % (
host.name, host.address, e)
continue
print "(%s:%s) => (%s)" % (host.name, host.address, command)
chan = client.get_transport().open_session()
chan.set_combine_stderr(True)
chan.exec_command(command)
dump_channel(chan)
rv = chan.recv_exit_status()
host_results[host.name] = rv
chan.close()
client.close()
_summarize_exit_code(rv)
def create_worker(host):
config = SSHConfig()
proxy = None
if os.path.exists(os.path.expanduser('~/.ssh/config')):
with open(os.path.expanduser('~/.ssh/config')) as f:
config.parse(f)
if host.hostname is not None and 'proxycommand' in config.lookup(
host.hostname):
proxy = ProxyCommand(config.lookup(host.hostname)['proxycommand'])
worker = SSHClient()
worker.load_system_host_keys()
worker.set_missing_host_key_policy(AutoAddPolicy())
# store data for later reference
worker.host = host.hostname
worker.username = host.username
worker.password = host.password
worker.key_filename = host.key_filename
worker.connect(hostname=host.hostname,
username=host.username,
password=host.password,
key_filename=host.key_filename,
sock=proxy)
return worker
def create_worker(host):
config = SSHConfig()
proxy = None
if os.path.exists(os.path.expanduser('~/.ssh/config')):
config.parse(open(os.path.expanduser('~/.ssh/config')))
if host.hostname is not None and \
'proxycommand' in config.lookup(host.hostname):
proxy = ProxyCommand(config.lookup(host.hostname)['proxycommand'])
# proxy = paramiko.ProxyCommand("ssh -o StrictHostKeyChecking=no [email protected] nc 118.138.239.241 22")
worker = SSHClient()
worker.load_system_host_keys()
worker.set_missing_host_key_policy(AutoAddPolicy())
worker.hostname = host.hostname # store all this for later reference (e.g., logging, reconnection)
worker.username = host.username
worker.password = host.password
worker.proxy = proxy
if not host.key_filename is None:
worker.pkey = RSAKey.from_private_key_file(host.key_filename,
host.key_password)
else:
worker.pkey = None
# time.sleep(4)
# worker.connect(hostname=host.hostname, username=host.username, password=host.password, key_filename=host.key_filename, sock=proxy, timeout=3600)
worker.connect(hostname=host.hostname,
username=host.username,
password=host.password,
pkey=worker.pkey,
sock=proxy)
return worker
def try_ssh(virtual_machine: VirtualMachine, retries: int = 10):
"""
Try to connect to a virtual machine using ssh
:param virtual_machine: the virtual machine
:param retries: the maximum of retries
"""
retry = 0
connected = False
ssh = SSHClient()
ssh.set_missing_host_key_policy(AutoAddPolicy())
ssh.load_system_host_keys()
while retry < retries and not connected:
try:
logger.debug('Trying ssh connection to %s %s out of %s retries',
virtual_machine.hostname, retry, retries)
ssh.connect(virtual_machine.hostname,
port=virtual_machine.ssh_port,
username=virtual_machine.ssh_username,
password=virtual_machine.ssh_password)
connected = True
except (BadHostKeyException, AuthenticationException, SSHException,
socket.error):
time.sleep(10)
retry += 1
if not connected:
raise Exception(
'[{}] Unable to connect to the machine after {} tries'.format(
virtual_machine.hostname, retry))
logger.info('Connection established to %s after %d out of %d retries',
virtual_machine.name, retry, retries)
def ssh_connection(
instance: Instance, ssh_credentials: SSHCredentials
) -> Iterator[SSHClient]:
"""Connect to server and yield SSH client."""
username, key_filename = ssh_credentials
instance_ssh_port: int = cast(int, instance.ssh_port)
ignore_host_key_policy: Union[
Type[MissingHostKeyPolicy], MissingHostKeyPolicy
] = cast(
Union[Type[MissingHostKeyPolicy], MissingHostKeyPolicy], IgnoreHostKeyPolicy
)
client = SSHClient()
client.set_missing_host_key_policy(ignore_host_key_policy)
client.connect(
hostname=str(instance.public_ip),
port=instance_ssh_port,
username=username,
key_filename=key_filename,
)
yield client
client.close()
def create_backup_repository(service):
"""
- create filesystem folders
- store ssh key
- create subaccount
"""
# Create folder and SSH key
client = SSHClient()
client.load_system_host_keys()
client.connect(**settings.STORAGE_SERVER)
ftp = client.open_sftp()
dirname = str(uuid4())
ftp.mkdir(dirname)
ftp.chdir(dirname)
ftp.mkdir(".ssh")
ftp.chdir(".ssh")
with ftp.open("authorized_keys", "w") as handle:
handle.write(service.last_report.ssh_key)
# Create account on the service
url = "https://robot-ws.your-server.de/storagebox/{}/subaccount".format(
settings.STORAGE_BOX)
response = requests.post(
url,
data={
"homedirectory": "weblate/{}".format(dirname),
"ssh": "1",
"external_reachability": "1",
"comment": "Weblate backup service {}".format(service.pk),
},
auth=(settings.STORAGE_USER, settings.STORAGE_PASSWORD),
)
data = response.json()
return "ssh://{}@{}:23/./backups".format(data["subaccount"]["username"],
data["subaccount"]["server"])
def set_session(self,
hostname: str,
port: int = None,
username: str = None):
"""
Set up a SFTP session.
:param str hostname: The SSH host.
:param port: The port where the SSH host is listening, defaults to
:const:`None`.
:type port: int, optional
:param username: The username on the target SSH host, defaults to :const:`None`.
:type username: str, optional
"""
self.client = SSHClient()
self.client.set_missing_host_key_policy(paramiko.AutoAddPolicy())
if port and username:
self.client.connect(hostname, port, username)
elif port:
self.client.connect(hostname, port)
elif username:
self.client.connect(hostname, username=username)
else:
self.client.connect(hostname)
self.sftp_session = self.client.open_sftp()
def run_command_on_instances(instances, command, env_file, key_file):
ec2r = boto3.resource('ec2')
ssh = SSHClient()
ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())
for instance in instances['Instances']:
inst_id = instance['InstanceId']
instance_obj = ec2r.Instance(inst_id)
instance_obj.reload()
inst_ip = instance_obj.public_dns_name
sys.stderr.write("Copying env_file.txt to host...\n")
call([
'scp', '-i', key_file, env_file.name,
'ubuntu@%s:/home/ubuntu/env_file.txt' % inst_ip
])
time.sleep(2)
sys.stderr.write("Running command %s on remote host...\n" % (command))
ssh.connect(inst_ip, username='******', key_filename=key_file)
stdin, stdout, stderr = ssh.exec_command(command)
stdin.flush()
output = stdout.read().splitlines()
error = stderr.read().splitlines()
sys.stderr.write(
'Startup standard output\n%s:Startup standard error:\n%s\n' %
(output, error))
ssh.close()
def _get_ssh_connection(self):
"""Returns an ssh connection to the specified host"""
_timeout = True
ssh = SSHClient()
ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())
_start_time = time.time()
saved_exception = exceptions.StandardError()
#doing this because the log file fills up with these messages
#this way it only logs it once
log_attempted = False
socket_error_logged = False
auth_error_logged = False
ssh_error_logged = False
while not self._is_timed_out(self.timeout, _start_time):
try:
if not log_attempted:
self._log.debug('Attempting to SSH connect to: ')
self._log.debug('host: %s, username: %s, password: %s' %
(self.host, self.username, self.password))
log_attempted = True
ssh.connect(hostname=self.host,
username=self.username,
password=self.password,
timeout=20,
key_filename=[],
look_for_keys=False,
allow_agent=False)
_timeout = False
break
except socket.error as e:
if not socket_error_logged:
self._log.error('Socket Error: %s' % str(e))
socket_error_logged = True
saved_exception = e
continue
except paramiko.AuthenticationException as e:
if not auth_error_logged:
self._log.error('Auth Exception: %s' % str(e))
auth_error_logged = True
saved_exception = e
time.sleep(2)
continue
except paramiko.SSHException as e:
if not ssh_error_logged:
self._log.error('SSH Exception: %s' % str(e))
ssh_error_logged = True
saved_exception = e
time.sleep(2)
continue
#Wait 2 seconds otherwise
time.sleep(2)
if _timeout:
self._log.error('SSHConnector timed out while trying to establish a connection')
raise saved_exception
#This MUST be done because the transport gets garbage collected if it
#is not done here, which causes the connection to close on invoke_shell
#which is needed for exec_shell_command
ResourceManager.register(self, ssh.get_transport())
return ssh
def open(self):
self._client = SSHClient()
self._client.load_system_host_keys()
self._client.set_missing_host_key_policy(WarningPolicy())
print(f'Connecting to {self.username}@{self.hostname}')
self._client.connect(hostname=self.hostname, username=self.username)
self._transport = self._client.get_transport()
def __init__(self):
self.ssh = SSHClient()
self.ssh.load_system_host_keys()
self.ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())
self.ssh.connect(hostname='127.0.0.1',
username='******',
password='******')
def run_commands_on_servers():
"""
this function will create an instance of ssh client and run
commands sequentially as specified in the json configuration
file
"""
if SERVERS is None:
return
for server in SERVERS['servers']:
print("{:^30s}".format(server['hostname']))
hostname = server['hostname']
username = server['username']
password = server['password']
with SSHClient() as client:
client.set_missing_host_key_policy(AutoAddPolicy)
client.load_system_host_keys()
client.connect(hostname, username=username, password=password)
for command in server['commands']:
stdin, stdout, stderr = client.exec_command(command)
print(stdout.read().decode("utf-8"))
print(stderr.read().decode("utf-8"))
def report(self):
'''
Get instance and connection info for all enabled projects.
'''
client = SSHClient()
client.set_missing_host_key_policy(paramiko.AutoAddPolicy())
client.connect(env['OS_SSH_HOST'], username=env['OS_SSH_USERNAME'], password=env['OS_SSH_PASSWORD'])
for project in self.project_list:
if not eval(project[2]) or project[1] in ('admin', 'services'):
continue
ttys = []
stdin, stdout, stderr = client.exec_command('source /etc/nova/openrc && nova list --tenant %s'%project[0])
output = stdout.read()
serverlist = filter(lambda x: x.count(project[0]), output.splitlines()).__len__()
stdin, stdout, stderr = client.exec_command('source /etc/nova/openrc && neutron floatingip-list --tenant-id %s -F floating_ip_address'%project[0])
floatingips = re.findall('\d+\.\d+\.\d+\.\d+', stdout.read())
print "====INFO====", project[1], project[2], project[0], serverlist, floatingips
ttys = []
for ip in floatingips:
if not self.ping_ip_reachable(ip):
continue
sshp = SshconnectionProcess(ip)
sshp.run()
ttys += sshp.return_result()
self.report_result.append({project[1].encode('ascii'): \
{'instance':serverlist, 'connection':ttys.__len__(), 'enable': eval(project[2]), \
'tenant_id':project[0].encode('ascii'), 'floatingips':floatingips}})
client.close()
def create_new_connection(self, index):
"""Attempts to create a new SSHThread object at the given index"""
# Spawns a paramiko SSHClient
ssh_client = SSHClient()
ssh_client.load_system_host_keys()
ssh_client.set_missing_host_key_policy(AutoAddPolicy())
# We loop until we can make a connection
while True:
# Get the next ssh connection name (hostname) to attempt
ssh_name = next(self.ssh_gen)
# Ignore if we already have a connection with this computer
if ssh_name in self.active_connections:
continue
# Try the connection and continue on a fail
try:
ssh_client.connect(ssh_name, timeout=TIMEOUT, port=PORT)
except Exception as e:
#print(e)
time.sleep(0.1)
continue
# Store connection in array and add hostname to set
self.ssh_threads[index] = SSHThread(ssh_client, self.command,
ssh_name, self.print_finish)
self.active_connections.add(ssh_name)
print("Connection made with %s." % ssh_name)
break
def create_ssh_client(host, account, password, port=22):
client = SSHClient()
client.load_system_host_keys()
client.set_missing_host_key_policy(AutoAddPolicy())
client.connect(host, port=port, username=account, password=password)
return client
def __init__(self):
self.client = SSHClient()
self.client.load_system_host_keys()
self.client.set_missing_host_key_policy(paramiko.AutoAddPolicy())
config = ConfigParser.ConfigParser()
config.read("/home/forlinux/www/4803-Python/ProjetoDexter/config.cfg")
self.client.connect(config.get("docker","address"))
def __enter__(self):
self._client = SSHClient()
self._client.set_missing_host_key_policy(paramiko.AutoAddPolicy())
username = parse('config.ssh.user').find(self._cluster)[0].value
hostname = parse('config.host').find(self._cluster)[0].value
port = parse('config.port').find(self._cluster)
if port:
port = port[0].value
else:
port = 22
passphrase \
= parse('config.ssh.passphrase').find(self._cluster)
if passphrase:
passphrase = passphrase[0].value
else:
passphrase = None
key_name = parse('config.ssh.key').find(self._cluster)[0].value
key_path = os.path.join(cumulus.config.ssh.keyStore, key_name)
private_key = self._load_rsa_key(key_path, passphrase)
self._client.connect(hostname=hostname,
port=port,
username=username,
pkey=private_key)
return self
def __init__(self, config_filepath: str, local_source_filepath: dict,
remote_dest_filepath: dict) -> None:
super().__init__(config_filepath)
self.mfs_ssh_client = SSHClient()
self.client_host_ips_list = list()
self.local_source_filepath = local_source_filepath
self.remote_dest_filepath = remote_dest_filepath
def get_client(self):
if self.client is not None:
return self.client
self.client = SSHClient()
self.client.set_missing_host_key_policy(AutoAddPolicy)
self.client.connect(**self.arguments)
return self.client
def __init__(self, uid, addr, port, private_key_path):
self.uid = uid
self.addr = addr
self.port = port
self.private_key_path = private_key_path
self.ssh_client = c = SSHClient()
c.set_missing_host_key_policy(IgnoreMissingKeyPolicy())
