Paramiko:从公钥字符串创建 PKey [英] Paramiko: Creating a PKey from a public key string

问题描述

我正在尝试在低级别使用 SSH 协议(即我不想启动 shell 或任何东西，我只想传递数据).因此，我使用 Paramiko 的 Transport 直接上课.

I'm trying to use the SSH protocol at a low level (i.e. I don't want to start a shell or anything, I just want to pass data). Thus, I am using Paramiko's Transport class directly.

我已经完成了服务器端，但现在我正在为一些愚蠢的事情碰壁.对于客户端连接到服务器，Transport 的 connect 方法 将两个 PKey 对象作为参数:客户端的私钥(pkey)和服务器的公钥(hostkey).

I've got the server side done, but now I'm hitting a wall over something silly. For the client to connect to the server, the Transport's connect method takes as two PKey objects as argument: The private key of the client (pkey), and the public key of the server (hostkey).

PKey 类被描述为公钥的基类".然而问题是我不知道如何创建这样一个 PKey 对象只是一个 ssh 公钥(即字符串 ssh-whatever AAblablabla).它有用私钥构建这样一个对象的方法，但显然我不希望客户端知道服务器的私钥.

The PKey class is described as "Base class for public keys". Yet the problem is that I can't figure out how to create such a PKey object out of just an ssh public key (i.e. a string ssh-whatever AAblablabla). It has methods for building such an object out of a private key, but obviously I don't want the client to know the server's private key.

我觉得我忽略了一些简单的事情，但我无法在网络上找到有关这样做的信息；大多数教程都使用更高级别的 SSHClient类 加载系统的known_hosts 键.

I feel like I'm overlooking something simple, but I can't find info on doing that on the web; most tutorials out there use the higher-level SSHClient class which loads the system's known_hosts keys.

推荐答案

不得不在另一个上下文中再次解决这个问题，这不仅仅是为了密钥比较(它是为了签名检查).这是正确的方法.回想起来，这很简单，但几乎没有记录.

Had to solve this problem again in another context that wasn't just for key comparison (it was for signature checking). Here's the proper way to do it. In retrospect it was pretty simple, but hardly documented at all.

# For a public key "ssh-rsa AAblablabla...":
key = paramiko.RSAKey(data=base64.b64decode('AAblablabla...'))
key.verify_ssh_sig(..., ...)

这篇关于Paramiko:从公钥字符串创建 PKey的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！