Re: Q: paramiko/SSH/ how to get a remote host_key

2008/1/21, DHR <dima.hristov@xxxxxxxxx>:
I am connecting from a WindowsXP SP2 machine. When using Putty as an
SSH client, if you connect for the first time then you get somethign
like this:

''' The server's host key is not cached in the registry. You
have no guarantee that the server is the computer you
think it is.
The server's rsa2 key fingerprint is:
ssh-rsa 1024 7b:e5:6f:a7:f4:f9:81:62:5c:e3:1f:bf:8b:57:6c:5a
If you trust this host, hit Yes to add the key to
PuTTY's cache and carry on connecting.
If you want to carry on connecting just once, without
adding the key to the cache, hit No.
If you do not trust this host, hit Cancel to abandon the
connection. '''

If I get it correctly, Putty is using such a command to recieve the
host_key the first time it connects to a remote SSH server. Then it
stores it into the registry. The question is how can I do it from
Python?

When you call method connect of SSHClient it checks if server's
hostname is in system_hot_keys or any local host keys, if it is not,
the missing host key policy is used. The default policy is to reject
the key and raise an SSHException, but you can change that default
policy to AutoAddPolicy



Guilherme Polo wrote:
2008/1/21, DHR <dima.hristov@xxxxxxxxx>:
I'm trying to run the simpliest example form paramiko readme(Homepage:
http://www.lag.net/paramiko/), and
cannot find out how to get the remote SSH server host_key.


This is the code. It is supposed to connect to a remote SSH host and
execute an 'ls' command:

import paramiko, base64

key = paramiko.RSAKey(data=base64.decodestring('AAA...'))
client = paramiko.SSHClient()
client.get_host_keys().add('ssh.example.com', 'ssh-rsa', key)
client.connect('227.112.168.273', username='uname', password='pass')
stdin, stdout, stderr = client.exec_command('ls')
for line in stdout:
print '... ' + line.strip('\n')

client.close()

Now, if I understand it correctly I need to get somehow the host_key
from the server and
write it insted of the 'AAA...' thing. Is there a command to get the
host_key from a remote SSH
server?
--
http://mail.python.org/mailman/listinfo/python-list


You need a key to connect to that server, so you should want this:

keys = paramiko.util.load_host_keys(os.path.expanduser('~/.ssh/known_hosts'))

Then keys[hostname] should contain a RSAKey object that you are looking for


--
-- Guilherme H. Polo Goncalves
--
http://mail.python.org/mailman/listinfo/python-list



--
-- Guilherme H. Polo Goncalves
.

Relevant Pages

  • Re: ssh warning about man in middle attack
    ... >>> It is also possible that the host key has just been changed. ... this machine that you are trying to SSH to, ... The administrator has installed a new server with the same IP number? ...
    (comp.os.linux.security)
  • Re: ssh warning about man in middle attack
    ... >>> It is also possible that the host key has just been changed. ... this machine that you are trying to SSH to, ... The administrator has installed a new server with the same IP number? ...
    (comp.security.ssh)
  • [NEWS] SSH Protocol Weakness Vulnerability (MITM)
    ... A weakness in the backward compatibility of the SSH Protocol has been ... SSH version 1.0) is unlikely to have the host key for the other protocol ... The SSH daemons advertise one of two major versions, ...
    (Securiteam)
  • Re: SSH auto trust all host keys,how to?
    ... 'man ssh' probably has the full information. ... host key, so I really dont need the host key for the SSH connection. ... runing on my remote linux server. ... So you said OpenSSH client has the option I want? ...
    (comp.security.ssh)
  • Help SSH client does not see SSH agent...
    ... permissions of my .ssh dir on both client and server and they are ... Host 'server' is known and matches the host key. ... SSH_CLIENT: Remote: RSA authentication accepted. ...
    (comp.security.ssh)