系統批量運維管理器paramiko詳解
1、paramiko介紹
paramiko是基於Python實現的SSH2遠程安全鏈接,支持認證及密鑰方式。能夠實現遠程命令執行、文件傳輸、中間SSH代理等功能,相對於Pexpect,封裝的層次更高,更貼近SSH協議的功能
官網地址:http://www.paramiko.org/installing.htmlhtml
http://docs.paramiko.org/en/2.4/api
https://pypi.org/project/paramiko/安全
2、paramiko安裝
root@localhost ~]# pip3 install paramiko
簡單實現遠程SSH運行命令示例
import paramiko hostname = '192.168.56.132' username = 'root' password = '1234567' paramiko.util.log_to_file('syslogin.log') #發送paramiko日誌到syslogin.log文件 ssh = paramiko.SSHClient() #建立一個SSH客戶端client對象 ssh.load_system_host_keys() #獲取客戶端host_keys,默認~/.ssh/known_hosts,非默認路徑需指定 ssh.connect(hostname=hostname,username=username,password=password) #建立SSH鏈接 stdin,stdout,stderr = ssh.exec_command('free -m') #調用遠程執行命令方法exec_command() print(stdout.read().decode('utf-8')) #打印命令執行結果,獲得Python列表形式,可使用stdout_readlines() ssh.close() #關閉SSH鏈接
程序運行結果以下圖所示:ssh
[root@localhost p_paramiko]# cat syslogin.log DEB [20180602-18:36:47.022] thr=1 paramiko.transport: starting thread (client mode): 0xf5b8d668 DEB [20180602-18:36:47.023] thr=1 paramiko.transport: Local version/idstring: SSH-2.0-paramiko_2.4.1 DEB [20180602-18:36:47.026] thr=1 paramiko.transport: Remote version/idstring: SSH-2.0-OpenSSH_5.3 INF [20180602-18:36:47.026] thr=1 paramiko.transport: Connected (version 2.0, client OpenSSH_5.3) DEB [20180602-18:36:47.027] thr=1 paramiko.transport: kex algos:['diffie-hellman-group-exchange-sha256', 'diffie-hellman-group-exchange-sha1', 'diffie-hellman-group14-sha1', 'diffie-hellman-group1-sha1'] server key:['ssh-rsa', 'ssh-dss'] client encrypt:['aes128-ctr', 'aes192-ctr', 'aes256-ctr', 'arcfour256', 'arcfour128', 'aes128-cbc', '3des-cbc', 'blowfish-cbc', 'cast128-cbc', 'aes192-cbc', 'aes256-cbc', 'arcfour', 'rijndael-cbc@lysator.liu.se'] server encrypt:['aes128-ctr', 'aes192-ctr', 'aes256-ctr', 'arcfour256', 'arcfour128', 'aes128-cbc', '3des-cbc', 'blowfish-cbc', 'cast128-cbc', 'aes192-cbc', 'aes256-cbc', 'arcfour', 'rijndael-cbc@lysator.liu.se'] client mac:['hmac-md5', 'hmac-sha1', 'umac-64@openssh.com', 'hmac-sha2-256', 'hmac-sha2-512', 'hmac-ripemd160', 'hmac-ripemd160@openssh.com', 'hmac-sha1-96', 'hmac-md5-96'] server mac:['hmac-md5', 'hmac-sha1', 'umac-64@openssh.com', 'hmac-sha2-256', 'hmac-sha2-512', 'hmac-ripemd160', 'hmac-ripemd160@openssh.com', 'hmac-sha1-96', 'hmac-md5-96'] client compress:['none', 'zlib@openssh.com'] server compress:['none', 'zlib@openssh.com'] client lang:[''] server lang:[''] kex follows?False DEB [20180602-18:36:47.028] thr=1 paramiko.transport: Kex agreed: diffie-hellman-group-exchange-sha256 DEB [20180602-18:36:47.028] thr=1 paramiko.transport: HostKey agreed: ssh-rsa DEB [20180602-18:36:47.028] thr=1 paramiko.transport: Cipher agreed: aes128-ctr DEB [20180602-18:36:47.028] thr=1 paramiko.transport: MAC agreed: hmac-sha2-256 DEB [20180602-18:36:47.028] thr=1 paramiko.transport: Compression agreed: none DEB [20180602-18:36:47.072] thr=1 paramiko.transport: Got server p (2048 bits) DEB [20180602-18:36:47.139] thr=1 paramiko.transport: kex engine KexGexSHA256 specified hash_algo <built-in function openssl_sha256> DEB [20180602-18:36:47.139] thr=1 paramiko.transport: Switch to new keys ... DEB [20180602-18:36:47.182] thr=1 paramiko.transport: userauth is OK INF [20180602-18:36:47.351] thr=1 paramiko.transport: Authentication (password) successful! DEB [20180602-18:36:47.352] thr=2 paramiko.transport: [chan 0] Max packet in: 32768 bytes DEB [20180602-18:36:47.353] thr=1 paramiko.transport: [chan 0] Max packet out: 32768 bytes DEB [20180602-18:36:47.353] thr=1 paramiko.transport: Secsh channel 0 opened. DEB [20180602-18:36:47.354] thr=1 paramiko.transport: [chan 0] Sesch channel 0 request ok DEB [20180602-18:36:47.360] thr=1 paramiko.transport: [chan 0] EOF received (0) DEB [20180602-18:37:26.006] thr=1 paramiko.transport: starting thread (client mode): 0x5f2736d8 DEB [20180602-18:37:26.006] thr=1 paramiko.transport: Local version/idstring: SSH-2.0-paramiko_2.4.1 DEB [20180602-18:37:26.010] thr=1 paramiko.transport: Remote version/idstring: SSH-2.0-OpenSSH_5.3 INF [20180602-18:37:26.010] thr=1 paramiko.transport: Connected (version 2.0, client OpenSSH_5.3) DEB [20180602-18:37:26.010] thr=1 paramiko.transport: kex algos:['diffie-hellman-group-exchange-sha256', 'diffie-hellman-group-exchange-sha1', 'diffie-hellman-group14-sha1', 'diffie-hellman-group1-sha1'] server key:['ssh-rsa', 'ssh-dss'] client encrypt:['aes128-ctr', 'aes192-ctr', 'aes256-ctr', 'arcfour256', 'arcfour128', 'aes128-cbc', '3des-cbc', 'blowfish-cbc', 'cast128-cbc', 'aes192-cbc', 'aes256-cbc', 'arcfour', 'rijndael-cbc@lysator.liu.se'] server encrypt:['aes128-ctr', 'aes192-ctr', 'aes256-ctr', 'arcfour256', 'arcfour128', 'aes128-cbc', '3des-cbc', 'blowfish-cbc', 'cast128-cbc', 'aes192-cbc', 'aes256-cbc', 'arcfour', 'rijndael-cbc@lysator.liu.se'] client mac:['hmac-md5', 'hmac-sha1', 'umac-64@openssh.com', 'hmac-sha2-256', 'hmac-sha2-512', 'hmac-ripemd160', 'hmac-ripemd160@openssh.com', 'hmac-sha1-96', 'hmac-md5-96'] server mac:['hmac-md5', 'hmac-sha1', 'umac-64@openssh.com', 'hmac-sha2-256', 'hmac-sha2-512', 'hmac-ripemd160', 'hmac-ripemd160@openssh.com', 'hmac-sha1-96', 'hmac-md5-96'] client compress:['none', 'zlib@openssh.com'] server compress:['none', 'zlib@openssh.com'] client lang:[''] server lang:[''] kex follows?False DEB [20180602-18:37:26.010] thr=1 paramiko.transport: Kex agreed: diffie-hellman-group-exchange-sha256 DEB [20180602-18:37:26.010] thr=1 paramiko.transport: HostKey agreed: ssh-rsa DEB [20180602-18:37:26.011] thr=1 paramiko.transport: Cipher agreed: aes128-ctr DEB [20180602-18:37:26.011] thr=1 paramiko.transport: MAC agreed: hmac-sha2-256 DEB [20180602-18:37:26.011] thr=1 paramiko.transport: Compression agreed: none DEB [20180602-18:37:26.054] thr=1 paramiko.transport: Got server p (2048 bits) DEB [20180602-18:37:26.119] thr=1 paramiko.transport: kex engine KexGexSHA256 specified hash_algo <built-in function openssl_sha256> DEB [20180602-18:37:26.119] thr=1 paramiko.transport: Switch to new keys ... DEB [20180602-18:37:26.162] thr=1 paramiko.transport: userauth is OK INF [20180602-18:37:26.243] thr=1 paramiko.transport: Authentication (password) successful! DEB [20180602-18:37:26.243] thr=2 paramiko.transport: [chan 0] Max packet in: 32768 bytes DEB [20180602-18:37:26.244] thr=1 paramiko.transport: [chan 0] Max packet out: 32768 bytes DEB [20180602-18:37:26.244] thr=1 paramiko.transport: Secsh channel 0 opened. DEB [20180602-18:37:26.245] thr=1 paramiko.transport: [chan 0] Sesch channel 0 request ok DEB [20180602-18:37:26.250] thr=1 paramiko.transport: [chan 0] EOF received (0) DEB [20180602-18:38:19.574] thr=1 paramiko.transport: starting thread (client mode): 0x4546a710 DEB [20180602-18:38:19.574] thr=1 paramiko.transport: Local version/idstring: SSH-2.0-paramiko_2.4.1 DEB [20180602-18:38:19.578] thr=1 paramiko.transport: Remote version/idstring: SSH-2.0-OpenSSH_5.3 INF [20180602-18:38:19.578] thr=1 paramiko.transport: Connected (version 2.0, client OpenSSH_5.3) DEB [20180602-18:38:19.579] thr=1 paramiko.transport: kex algos:['diffie-hellman-group-exchange-sha256', 'diffie-hellman-group-exchange-sha1', 'diffie-hellman-group14-sha1', 'diffie-hellman-group1-sha1'] server key:['ssh-rsa', 'ssh-dss'] client encrypt:['aes128-ctr', 'aes192-ctr', 'aes256-ctr', 'arcfour256', 'arcfour128', 'aes128-cbc', '3des-cbc', 'blowfish-cbc', 'cast128-cbc', 'aes192-cbc', 'aes256-cbc', 'arcfour', 'rijndael-cbc@lysator.liu.se'] server encrypt:['aes128-ctr', 'aes192-ctr', 'aes256-ctr', 'arcfour256', 'arcfour128', 'aes128-cbc', '3des-cbc', 'blowfish-cbc', 'cast128-cbc', 'aes192-cbc', 'aes256-cbc', 'arcfour', 'rijndael-cbc@lysator.liu.se'] client mac:['hmac-md5', 'hmac-sha1', 'umac-64@openssh.com', 'hmac-sha2-256', 'hmac-sha2-512', 'hmac-ripemd160', 'hmac-ripemd160@openssh.com', 'hmac-sha1-96', 'hmac-md5-96'] server mac:['hmac-md5', 'hmac-sha1', 'umac-64@openssh.com', 'hmac-sha2-256', 'hmac-sha2-512', 'hmac-ripemd160', 'hmac-ripemd160@openssh.com', 'hmac-sha1-96', 'hmac-md5-96'] client compress:['none', 'zlib@openssh.com'] server compress:['none', 'zlib@openssh.com'] client lang:[''] server lang:[''] kex follows?False DEB [20180602-18:38:19.579] thr=1 paramiko.transport: Kex agreed: diffie-hellman-group-exchange-sha256 DEB [20180602-18:38:19.579] thr=1 paramiko.transport: HostKey agreed: ssh-rsa DEB [20180602-18:38:19.579] thr=1 paramiko.transport: Cipher agreed: aes128-ctr DEB [20180602-18:38:19.579] thr=1 paramiko.transport: MAC agreed: hmac-sha2-256 DEB [20180602-18:38:19.579] thr=1 paramiko.transport: Compression agreed: none DEB [20180602-18:38:19.580] thr=1 paramiko.transport: Got server p (2048 bits) DEB [20180602-18:38:19.639] thr=1 paramiko.transport: kex engine KexGexSHA256 specified hash_algo <built-in function openssl_sha256> DEB [20180602-18:38:19.640] thr=1 paramiko.transport: Switch to new keys ... DEB [20180602-18:38:19.682] thr=1 paramiko.transport: userauth is OK INF [20180602-18:38:19.817] thr=1 paramiko.transport: Authentication (password) successful! DEB [20180602-18:38:19.817] thr=2 paramiko.transport: [chan 0] Max packet in: 32768 bytes DEB [20180602-18:38:19.818] thr=1 paramiko.transport: [chan 0] Max packet out: 32768 bytes DEB [20180602-18:38:19.818] thr=1 paramiko.transport: Secsh channel 0 opened. DEB [20180602-18:38:19.820] thr=1 paramiko.transport: [chan 0] Sesch channel 0 request ok DEB [20180602-18:38:19.824] thr=1 paramiko.transport: [chan 0] EOF received (0) DEB [20180602-18:38:23.623] thr=1 paramiko.transport: starting thread (client mode): 0xd3c8710 DEB [20180602-18:38:23.624] thr=1 paramiko.transport: Local version/idstring: SSH-2.0-paramiko_2.4.1 DEB [20180602-18:38:23.627] thr=1 paramiko.transport: Remote version/idstring: SSH-2.0-OpenSSH_5.3 INF [20180602-18:38:23.627] thr=1 paramiko.transport: Connected (version 2.0, client OpenSSH_5.3) DEB [20180602-18:38:23.627] thr=1 paramiko.transport: kex algos:['diffie-hellman-group-exchange-sha256', 'diffie-hellman-group-exchange-sha1', 'diffie-hellman-group14-sha1', 'diffie-hellman-group1-sha1'] server key:['ssh-rsa', 'ssh-dss'] client encrypt:['aes128-ctr', 'aes192-ctr', 'aes256-ctr', 'arcfour256', 'arcfour128', 'aes128-cbc', '3des-cbc', 'blowfish-cbc', 'cast128-cbc', 'aes192-cbc', 'aes256-cbc', 'arcfour', 'rijndael-cbc@lysator.liu.se'] server encrypt:['aes128-ctr', 'aes192-ctr', 'aes256-ctr', 'arcfour256', 'arcfour128', 'aes128-cbc', '3des-cbc', 'blowfish-cbc', 'cast128-cbc', 'aes192-cbc', 'aes256-cbc', 'arcfour', 'rijndael-cbc@lysator.liu.se'] client mac:['hmac-md5', 'hmac-sha1', 'umacimport paramiko -64@openssh.com', 'hmac-sha2-256', 'hmac-sha2-512', 'hmac-ripemd160', 'hmac-ripemd160@openssh.com', 'hmac-sha1-96', 'hmac-md5-96'] server mac:['hmac-md5', 'hmac-sha1', 'umac-64@openssh.com', 'hmac-sha2-256', 'hmac-sha2-512', 'hmac-ripemd160', 'hmac-ripemd160@openssh.com', 'hmac-sha1-96', 'hmac-md5-96'] client compress:['none', 'zlib@openssh.com'] server compress:['none', 'zlib@openssh.com'] client lang:[''] server lang:[''] kex follows?False DEB [20180602-18:38:23.627] thr=1 paramiko.transport: Kex agreed: diffie-hellman-group-exchange-sha256 DEB [20180602-18:38:23.627] thr=1 paramiko.transport: HostKey agreed: ssh-rsa DEB [20180602-18:38:23.627] thr=1 paramiko.transport: Cipher agreed: aes128-ctr DEB [20180602-18:38:23.628] thr=1 paramiko.transport: MAC agreed: hmac-sha2-256 DEB [20180602-18:38:23.628] thr=1 paramiko.transport: Compression agreed: none DEB [20180602-18:38:23.672] thr=1 paramiko.transport: Got server p (2048 bits) DEB [20180602-18:38:23.741] thr=1 paramiko.transport: kex engine KexGexSHA256 specified hash_algo <built-in function openssl_sha256> DEB [20180602-18:38:23.741] thr=1 paramiko.transport: Switch to new keys ... DEB [20180602-18:38:23.782] thr=1 paramiko.transport: userauth is OK INF [20180602-18:38:23.861] thr=1 paramiko.transport: Authentication (password) successful! DEB [20180602-18:38:23.862] thr=2 paramiko.transport: [chan 0] Max packet in: 32768 bytes DEB [20180602-18:38:23.863] thr=1 paramiko.transport: [chan 0] Max packet out: 32768 bytes DEB [20180602-18:38:23.863] thr=1 paramiko.transport: Secsh channel 0 opened. DEB [20180602-18:38:23.864] thr=1 paramiko.transport: [chan 0] Sesch channel 0 request ok DEB [20180602-18:38:23.868] thr=1 paramiko.transport: [chan 0] EOF received (0)
3、paramiko的核心組件
paramiko包含兩個核心組件,一個爲SSHClient類,另外一個爲SFTPClient類。ide
SSHClient類
SSHClient類是SSH服務會話的高級表示,該類封裝了傳輸(transport)、通道(channel)及SFTPClient的校驗、創建的方法,一般用於執行遠程命令。函數
client = SSHClient() client.load_system_host_keys() client.connect('ssh.example.com') stdin, stdout,stderr = client.exec_command('ls -l')
SSHClient經常使用的方法介紹
官方文檔:http://docs.paramiko.org/en/2.4/api/client.html?highlight=connectui
connect方法
conect方法實現了遠程SSH鏈接並校驗
方法定義:spa
connect(hostname, port=22, username=None, password=None, pkey=None, key_filename=None, timeout=None, allow_agent=True, look_for_keys=True, compress=False, sock=None, gss_auth=False, gss_kex=False, gss_deleg_creds=True, gss_host=None, banner_timeout=None, auth_timeout=None, gss_trust_dns=True, passphrase=None)
參數說明:3d
- hostname(str類型),鏈接的目標主機地址;
- port(int類型),鏈接目標主機的端口,默認爲22;
- username(str類型),校驗的用戶名(默認爲當前的本地用戶名);
- password(str類型),密碼用於身份校驗或解鎖私鑰;
- pkey(Pkey類型),私鑰方式用於身份驗證;
- key_filename(str or list(str)類型),一個文件名或文件名列表,用於私鑰的身份驗證;
- timeout(float類型),一個可選的超時時間(以秒爲單位)的TCP鏈接;
- allow_agent(bool類型),設置爲False時用於禁用鏈接到SSH代理;
- look_for_keys(bool類型),設置爲False時用於來禁用在~/.ssh中搜索私鑰文件;
- compress(bool類型),設置爲True時打開壓縮。
exec_command方法
遠程命令執行方法,該命令的輸入與輸出流爲標準輸入(stdin)、輸出(stdout)、錯誤(stderr)的Python文件對像。代理
方法定義:
exec_command(command, bufsize=-1, timeout=None, get_pty=False, environment=None)
參數說明:
- command(str類型),執行的命令串;
- bufsize(int類型),文件緩衝區大小,默認爲-1(不限制)
load_system_host_keys方法
加載本地公鑰校驗文件,默認爲~/.ssh/known_host,非默認路徑須要手工指定。
方法定義:
load_system_host_keys(self,filename=None)
參數說明:
filename(str類型),指定遠程主機公鑰記錄文件。
set_missing_host_policy方法
設置鏈接的遠程主機沒有主機密鑰或HostKeys對象時的策略,目前支持三種,分別是AutoAddPolicy、RejectPolicy(默認)、WarningPolicy,僅限用於SSHClient類。
- AutoAddPolicy,目標添加主機名及主機密鑰到本地HostKeys對象,並將其保存,不依賴load_system_host_keys()的配置,即便~/.ssh/hnown_hosts不存在也不產生影響;
- RejectPolicy,自動拒絕未知的主機名和密鑰,依賴load_system_host_keys()的配置;
- WarningPolicy,用於記錄一個未知的主機密鑰的Python警告,並接收它,功能上AutoAddPolicy類似,但未知主機會有告警。
使用方法以下:
ssh = paramiko.SSHClient()
ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())
SFTPClient類
SFTPClient做爲一個SFTP客戶端對象,根據SSH傳輸協議的sftp會話,實現遠程文件操做,好比文件上傳、下載、權限、狀態等操做。
SFTPClient類經常使用方法
官方文檔:http://docs.paramiko.org/en/2.4/api/sftp.html
from_transport方法
建立一個已連通的SFTP客戶端通道。
方法定義:
from_transport(cls,t)
參數說明:
t(transport),一個已經過驗證的傳輸對象。
示例說明:
import paramiko t = paramiko.Transport(('192.168.56.132',22)) t.connect(username='root',password='1234567') sftp = paramiko.SFTPClient.from_transport(t)
put方法
上傳本地文件到遠程SFTP服務端
方法定義:
put(localpath, remotepath, callback=None, confirm=True)
參數說明:
- localpath(str類型),需上傳的本地文件(源);
- remotepath(str類型),遠程路徑(目標);
- callback(funcation(int,int)),獲取已接收的字節數及總傳輸字節數,以便回調函數調用,默認爲None;
- confirm(bool類型),文件上傳完畢後是否調用stat()方法,以便確認文件的大小。
示例說明:
localpath='/home/access.log' remotepath='/data/logs/access.log' sftp.put(localpath,remotepath)
get方法
從遠程SFTP服務端下載文件到本地。
方法定義:
get(remotepath, localpath, callback=None)
參數說明:
- remotepath(str類型),須要下載的遠程文件(源);
- callback(funcation(int,int)),獲取已接收的字節數及總和傳輸字節數,以便回調函數調用,默認爲None.
示例說明:
remotepath = '/data/logs/access.log' localpath = '/home/access.log' sftp.get(remotepath,localpath)
其它方法
SFTPClient類其它經常使用方法說明:
- mkdir,在SFTP服務端建立目錄,如sftp.mkdir("/home/userdir",mode=0777),默認模式是0777(八進制),在某些系統上,mode被忽略。在使用它的地方,當前的umask值首先被屏蔽掉。
- remove,刪除SFTP服務端指定目錄,如sftp.remove("/home/userdir")。
- rename,重命名SFTP服務端文件或目錄,如sftp.rename("/home/test.sh","/home/testfile.sh")
- stat,獲取遠程SFTP服務端指定文件信息,如sftp.stat("/home/testfile.sh")。
- listdir,獲取遠程SFTP服務端指定目錄列表,以Python的列表(List)形式返回,如sftp.listdir("/home")。
SFTPClient類應用示例
下面爲SFTPClient類的一個完整示例,實現了文件上傳、下載、建立與刪除目錄等,須要注意的是,put和get方法須要指定文件名,不能省略。
相關文章
- 1. 4.python 系統批量運維管理器之paramiko模塊
- 2. 系統批量運維工具paramiko
- 3. 系統批量運維管理器Fabric詳解
- 4. 系統批量運維管理器pexpect詳解
- 5. 9.python 系統批量運維管理器之Fabric模塊
- 6. 8.python 系統批量運維管理器之pexpect模塊
- 7. 系統批量運維管理工具pexpect
- 8. 自動化運維批量管理saltstack
- 9. 運維管理系統
- 10. 如何批量管理自動運維100+臺服務器?
- 更多相關文章...
- • Spring體系結構詳解 - Spring教程
- • MySQL常用運算符詳解 - MySQL教程
- • Docker容器實戰(七) - 容器眼光下的文件系統
- • Flink 數據傳輸及反壓詳解
相關標籤/搜索
每日一句
-
每一个你不满意的现在,都有一个你没有努力的曾经。
歡迎關注本站公眾號,獲取更多信息
