1. overview
I didn't want to write paramiko originally, because I think the previous article about Netmiko module is more suitable for network workers. Later, I found that paramiko contains SFTP function, so it's necessary to talk about it. After all, we often download configuration, upload version / upgrade version on the device, and SFTP is more secure than FTP and TFTP.
So, you don't have to use other tools to upload and download. You can use general Python to help you.
SSH and SFTP both use the same port number 22. If we pay more attention to data security transmission, SFTP is the first choice to replace FTP and TFTP.
Description of experimental environment:
- One Cisco router for SSH login;
- One Huawei switch for SFTP upload / download;
- PyCharm Pro
2. Basic use of paramiko
2.1 introduction to key parameters of sshclient
connect() function:
Purpose: used to connect to the remote host, where 'hostname' is a required parameter.
Common parameters hostname //Remote host, IP and domain name can be filled in port=SSH_PORT //Port 22 by default username=None //User name used to log in to the remote host password=None //Password used to log in to the remote host pkey=None //Use private key for identity authentication, also known as' password free 'login key_filename=None //Use private key filename timeout=None //tcp connection timeout allow_agent=True //Connect to ssh agent is allowed by default look_for_keys=True //Search private key file in ~ /. ssh by default, and True by default allows compress=False //Compression is not enabled by default
Load? System? Host? Keys() function:
Purpose: used to load the host key. The key is saved in the "known hosts" file.
filename=None //The "~ /. SSH / known hosts" file is loaded by default
Set missing host key policy() function:
Purpose: used to check whether the remote host has records in the local 'host keys' and which policy is used.
#There are three strategies currently supported: 1.AutoAddPolicy //Automatically add the host name and host key to the local HostKeys object, independent of the configuration of load ﹣ system ﹣ host ﹣ key. That is to say, you don't need to enter yes or no to confirm when you establish a new ssh connection 2.WarningPolicy //python warning to log an unknown host key. And accept. It is similar to AutoAddPolicy in function, but it will prompt for new connection 3.RejectPolicy //Automatically reject unknown host name and key, depending on the configuration of load ﹣ system ﹣ host ﹣ key. This is the default option
exec_command() function:
Purpose: it is used to execute commands on the remote host and return input, output and error information.
command //Commands executed stdin, stdout, stderr //Input, output and error respectively
2.2 common sshclient examples
2.2.1 log in by user name and password:
import paramiko
def ssh_client():
# Create an instance
ssh = paramiko.SSHClient()
# Load system HostKeys key
ssh.load_system_host_keys()
# Automatically add a policy to save the host name and key information of the remote host. If not added, the host not recorded in the local knowledge hosts file will not be able to connect. It is rejected by default
ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())
#Connect to remote host
ssh.connect('192.168.0.101',port=22, username='admin', password='Admin@123')
#Executive order
stdin, stdout,stderr = ssh.exec_command('show ip int br')
print(stdout.read().decode('utf-8'))
#Close connection
ssh.close()
if __name__ == '__main__':
ssh_client()The execution code returns the following results:
2.2.2 log in by user name and password (transport mode)
def ssh_client():
# Create an instance
ssh = paramiko.SSHClient()
#transport encapsulation
t = paramiko.Transport('192.168.0.101', 22)
t.connect(username='admin', password='Admin@123')
ssh._transport = t
# Load system HostKeys key
ssh.load_system_host_keys()
# Automatically add a policy to save the host name and key information of the remote host. If not added, the host not recorded in the local knowledge hosts file will not be able to connect. It is rejected by default
ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())
#Executive order
stdin, stdout,stderr = ssh.exec_command('show ip int br')
print(stdout.read().decode('utf-8'))
#Close connection
ssh.close()
if __name__ == '__main__':
ssh_client()The execution code returns the following results:
The result is the same as above, and the output is the same.
2.2.3 log in by user name and key
Cisco router public key configuration:
username admin privilege 15 password Admin@123 ip domain name cisco.com crypto key generate rsa modulus 1024 ip ssh version 2 ip ssh pubkey-chain username admin key-hash ssh-rsa 560DE41351E40FF6C237F9BBFF4238AC singvis@DESKTOP-IQ964AEendend line vty 0 4 exec-timeout 5 0 logging synchronous login local transport input ssh privilege level 15
python code:
import paramiko
def ssh_client():
#Absolute path of private key
private = paramiko.RSAKey.from_private_key_file(r'C:\Users\singvis\Documents\Identity')
# Create an instance
ssh = paramiko.SSHClient()
# Load system HostKeys key
ssh.load_system_host_keys()
# Automatically add a policy to save the host name and key information of the remote host. If not added, the host not recorded in the local knowledge hosts file will not be able to connect. It is rejected by default
ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())
#Connect to the remote host. No password is required here. It is a private key file
ssh.connect('192.168.0.101',port=22, username='admin', pkey=private)
#Executive order
stdin, stdout,stderr = ssh.exec_command('show ip int br')
print(stdout.read().decode('utf-8'))
ssh.close()
if __name__ == '__main__':
ssh_client()Log in to 192.168.0.101 through SecurityCRT in the key mode, and log in directly without entering the password:
Note: key generation path: Tools - > create public key (this time through SecurityCRT)
2.3 introduction to key parameters of sftpclient
As a client object of sftp, SFTPCLient implements remote file operations, such as upload, download, permission and status, according to the sftp session of ssh transport protocol.
from_transport(cls,t) //Create a connected SFTP Client channel put(localpath, remotepath, callback=None, confirm=True) //Upload local file to remote host get(remotepath, localpath, callback=None) //Download files from remote host to local mkdir() //Create directory remove() //Delete directory rename() //rename directory stat() //View file status listdir() //List files in directory
2.4 common examples of sftpclient
Taking Huawei switch as an example, the switch configuration is as follows:
rsa local-key-pair create # stelnet server enable sftp server enable # aaa local-user admin password simple Admin@123 local-user admin privilege level 15 local-user admin service-type terminal ssh # ssh authentication-type default password ssh user admin authentication-type password ssh user admin service-type all ssh user admin sftp-directory flash:/ # user-interface vty 0 4 authentication-mode aaa protocol inbound ssh
The Python code is as follows:
import paramiko
def sftp_put():
#File path
local_file =r'D:\test\123.txt'
remote_file ='flash:/123.txt'
t = paramiko.Transport('192.168.0.200', 22)
t.connect(username='admin', password='Admin@123')
sftp = paramiko.SFTPClient.from_transport(t)
sftp.put(local_file,remote_file)
t.close()
def sftp_get():
local_path = r'D:\test\vrpcfg.zip'
remote_path = 'flash:/vrpcfg.zip'
t = paramiko.Transport('192.168.0.200', 22)
t.connect(username='admin', password='Admin@123')
#
sftp = paramiko.SFTPClient.from_transport(t)
sftp.get(remote_path, local_path)
t.close()
if __name__ == '__main__':
sftp_put()
sftp_get()The execution code returns the following results:
3. Complete code
#!/usr/bin/env python
#coding:utf-8
#Welcome to WeChat public: drip Technology
#There are reliable, valuable and co grown ones here, which belong to the network siege lions
import paramiko, time
from paramiko.ssh_exception import NoValidConnectionsError,AuthenticationException
def ssh_client(host, user, pwd, cmds, verbose=True):
# Storage path of private key file
# private = paramiko.RSAKey.from_private_key_file(r'C:\Users\singvis\Documents\Identity')
# Create an instance
ssh = paramiko.SSHClient()
# Load system SSH key
ssh.load_system_host_keys()
# Automatically add a policy to save the host name and key information of the server. If you do not add it, the hosts that are not recorded in the local knowledge hosts file will not be able to connect, and will be rejected by default
ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())
# Connecting device
try:
ssh.connect(hostname=host,
username=user,
timeout=5,
compress=True,
password=pwd
#pkey=private, #Can use key connection
)
print("Connecting to host{}.....".format(host))
except NoValidConnectionsError:
print('There is a problem with the connection')
except AuthenticationException:
print('Wrong user name or password')
except Exception as e:
print('Other error problems{}'.format(e))
finally:
#Activate interactive shell
chan = ssh.invoke_shell()
time.sleep(1)
for cmd in cmds:
chan.send(cmd.encode())
#There must be a "Enter" action
chan.send(b'\n')
time.sleep(2)
r = chan.recv(40960).decode()
if verbose:
print(r)
chan.close()
ssh.close()
def sftp_get(ip, user, pwd, local_file,remote_file, port=22):
try:
t = paramiko.Transport(ip, port)
t.connect(username=user, password=pwd)
sftp = paramiko.SFTPClient.from_transport(t)
sftp.get(remote_file, local_file)
t.close()
except Exception as e:
print(e)
def sftp_put(ip, user, pwd, local_file, remote_file, port=22):
try:
t = paramiko.Transport(ip, port)
t.connect(username=user, password=pwd)
sftp = paramiko.SFTPClient.from_transport(t)
sftp.put(local_file, remote_file)
t.close()
except Exception as e:
print(e)
if __name__ == '__main__':
'''
//Don't run it. Please comment it out and add 'ා' before it
'''
ip = '192.168.0.101'
user= 'admin'
pwd= 'Admin@123'
# local_file = r'D:\test\123.txt'
# remote_file = 'flash:/vrpcfg.zip'
# sftp_get(ip='192.168.0.200', user=user, pwd=pwd, remote_file=remote_file, local_file=r'D:\test\vrpcfg.zip')
# sftp_put(ip='192.168.0.200', user=user, pwd=pwd, local_file=local_file, remote_file='flash:/123.txt')
cmds = ['terminal length 0', 'show version', 'show ip int br','show ip route']
# cmds = ['disp ip int br','disp device','disp clock']
ssh_client(ip, user, pwd, cmds)Reference:
Cisco router and switch SSH configuration
If you like my article, please pay attention to my public number: drip technology, scan code attention, and share it regularly.
