python ssh script for linux ssh command

Question

My Linux script is as below to ssh to host & search patch update which has kernel update

 for host in `cat patch.csv`
    do 
      echo "Host $host" >> /tmp/patching
      ssh -o "UserKnownHostsFile=/dev/null" -o "StrictHostKeyChecking=no" $host  'sudo yum check-update | grep "kernel.x86"'>>/tmp/patching
    done

Now i am trying to write a python script equivalent to this & its showing error(not able to conenct to ssh). I tried to use subprocess comamnd which is not working - its not able to pick up hostname & public key error.

import subprocess
import os
def read_file():
    # Read and print the entire file line by line
    with open('patch.csv', 'r') as reader:
        with open('server_names.txt', 'w') as writer:
            for host in reader:
                writer.write(host)
                p = subprocess.Popen(["ssh -o 'UserKnownHostsFile=/dev/null' -o 'StrictHostKeyChecking=no' host 'sudo yum check-update | grep kernel.x86'"], shell=True, stdout=subprocess.PIPE)
                output, err = p.communicate()
                print(host)
    print("file read done")

read_file()

Answer 1

You can use "sshscript" package. For the above shell script, it might be able to convert to python script of sshscript-syntax like this:

# filename: test.spy
with open('patch.csv') as fd:
  for host in fd:
    host = host.strip()
    account = f'user@{host}'
    $$echo "Host @{host}" >>  /tmp/patching
    $$ssh -o "UserKnownHostsFile=/dev/null" -o "StrictHostKeyChecking=no" @{account}  'sudo yum check-update | grep "kernel.x86"'>>/tmp/patching

Executing command on console:

$ sshscript test.spy

The link to documents of the sshscript package: https://iapyeh.github.io/sshscript/index

Answer 2

I got some idea from your given code @lucasgvarela & came up with this using some other posts in stackoverflow which actually worked.

import subprocess
import sys    
# Ports are handled in ~/.ssh/config since we use OpenSSH
COMMAND="uname -a"
COMMAND2="UserKnownHostsFile=/dev/null"
COMMAND3="StrictHostKeyChecking=no"

with open('patch.csv', 'r') as reader:
    with open('server_names.txt', 'w') as writer:
        for HOST in reader:
            print(HOST)
            HOST=HOST.strip()
            ssh = subprocess.Popen(["ssh","-o",COMMAND2,"-o",COMMAND3, "%s" % HOST, COMMAND],
                                shell=False,
                                stdout=subprocess.PIPE,
                                stderr=subprocess.PIPE)
            result = ssh.stdout.readlines()
            if result == []:
                error = ssh.stderr.readlines()
            # print >>sys.stderr, "ERROR: %s" % error
                writer.write(f'The Host failed is {HOST} & the error is {error}')
                print(error)
            else:
                print (result)

Answer 3

You can use paramiko to solve that problem to ssh to another host using python, we use it on an internal project, works very well.

http://www.paramiko.org/
$ pip install paramiko

You can use password or passphrase as input if it's required by the host, so authentication can be automated.

http://docs.paramiko.org/en/stable/api/client.html#paramiko.client.SSHClient.connect

connect(hostname, port=22, username=None, password=None, pkey=None, key_filename=None, timeout=None, allow_agent=True, look_for_keys=True, compress=False, sock=None, gss_auth=False, gss_kex=False, gss_deleg_creds=True, gss_host=None, banner_timeout=None, auth_timeout=None, gss_trust_dns=True, passphrase=None, disabled_algorithms=None)
Connect to an SSH server and authenticate to it. The server’s host key is checked against the system host keys (see load_system_host_keys) and any local host keys (load_host_keys). If the server’s hostname is not found in either set of host keys, the missing host key policy is used (see set_missing_host_key_policy). The default policy is to reject the key and raise an SSHException.

Code sample adapted from https://gist.github.com/mlafeldt/841944

import paramiko

hostname = host
password = pass123
command = 'sudo yum check-update | grep kernel.x86'
username = "admin"
port = 22

try:
    client = paramiko.SSHClient()
    client.load_system_host_keys()
    client.set_missing_host_key_policy(paramiko.WarningPolicy)
    client.connect(hostname, port=port, username=username, password=password)
    stdin, stdout, stderr = client.exec_command(command)
    print stdout.read()
finally:
    client.close()