Reputation: 2063
Paramiko connect without asking ssh key
This is my python script to connect to server. But when I run the script, it is asking me to keying my ssh passphrase. How could I avoid to asking my ssh passphrase key?
host = '192.168.43.3'
user = 'root'
passwd = 'ppawd'
ssh = paramiko.SSHClient()
ssh.load_system_host_keys()
ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())
ssh.connect(host, username=user, password=passwd)
transport = ssh.get_transport()
channel = transport.open_session()
channel.setblocking(1)
channel.settimeout(30)
command = "ls -a"
ssh.exec_command(command)
Upvotes: 3
Views: 12623
Answers (4)
Reputation: 131
I ran into the same issue. I don't think the other answers here realized what the question was actually for. This is an old question but I wanted to help anyone else like me who ended up here after googling.
You need to disable the ssh agent feature allow_agent=False and then it will no longer prompt you for a passphrase. Paramiko is trying to connect to the ssh agent and I assume trying to read the key. I also added look_for_keys=False, as it will disable checking for private keys to use.
Example:
client.connect(server, port=port, username=username, password=password, look_for_keys=False, allow_agent=False)
Upvotes: 7
Reputation: 21931
You can add the fingerprint to each server's known_hosts. For a single user:
cat ~/.ssh/known_hosts
echo "$SERVER,$PORT ssh-rsa $SERVER_KEY_FINGERPRINT" >> ~/.ssh/known_hosts
add your connection host ip to known_hosts then it will not ask for any questions like Are you sure you want to continue connecting (yes/no)? or if u want to disable the password asking too, then check this links http://www.linuxproblem.org/art_9.html https://www.debian.org/devel/passwordlessssh
Upvotes: 1
Reputation: 2063
I solved the problem as
ssh-copy-id [email protected]
Credit to http://sshmenu.sourceforge.net/articles/key-setup.html
Upvotes: 1
Reputation: 23322
My advice would be generating a key without a passphrase - just press enter when asked for a password while creating the key.
This key should be used specifically for your script - avoid re-using keys you use for other purposes (such as your user's interactive login), since it makes key revocation and access control harder.
A passphrase-less key has some advantages compared to hardcoding the password in your script:
- The presence of a passphrase-less key makes it clear to anyone that the key is compromised as soon as anyone has access to it. Separating the password from the key hides this fact without providing any additional security.
- It avoids you publishing your password to source-control accidentally (separation of source code and access control credentials)
- Possibly, it'll make it less tempting to re-use any existing user's ssh key with a proper passphrase.
A few security considerations:
Remember that anyone with access to that key will get access to the remote system. You may consider putting restrictive permissions on the key file, and create a separate user for your script to login into in the remote system, if it's possible at all.
If your script is single purpose, you may also consider limiting the list of shell commands available to the user on the remote system
If you have no physical security on the system that stores the key (i.e.: a laptop or desktop in a untrusted location), you may also want to use full disk encryption, block device encryption (LUKS) or file-level encryption (encfs).
Upvotes: 1
Related Questions
- Paramiko authentication to server with no password fails
- Force password authentication (ignore keys in .ssh folder) in Paramiko in Python
- Passwordless SSH connection with Paramiko fails where as with SSH works
- How to provide private key as string to paramiko for an ssh connection?
- SSH connection - hostkey
- How to connect to remote server with paramiko without a password?
- Passwordless SSH using paramiko
- SSH Key-Forwarding using python paramiko
- Paramiko ssh connection without password
- how to use a paramiko.PKey() in the .connect() method?