Paramiko SSH失败,并显示“在known_hosts中找不到服务器'..."在Web服务器上运行时 [英] Paramiko SSH failing with "Server '...' not found in known_hosts" when run on web server
问题描述
我正在尝试使用Paramiko在专用网络上的2台服务器之间进行SSH通信.客户端服务器是Web服务器,而主机服务器将是工作"服务器.想法是不向Worker服务器开放HTTP连接.唯一需要进行的通信是Web服务器需要将字符串传递给工作服务器上的脚本.为此,我希望使用Paramiko并通过SSH将信息传递给脚本.
I am trying to use Paramiko to make an SSH communication between 2 servers on a private network. The client server is a web server and the host server is going to be a "worker" server. The idea was to not open up the worker server to HTTP connections. The only communication that needs to happen, is the web server needs to pass strings to a script on the worker server. For this I was hoping to use Paramiko and pass the information to the script via SSH.
我设置了一个新用户,并在Python 3中创建了一个测试脚本,当我从自己用户的SSH会话的命令行中运行该脚本时,该脚本便可以工作.我将相同的代码放入我的Django Web应用程序中,以为它应该可以工作,因为它可以从命令行测试OK,并且出现以下错误:
I set up a new user and created a test script in Python 3, which works when I run it from the command line from my own user's SSH session. I put the same code into my Django web app, thinking that it should work, since it tests OK from the command line, and I get the following error:
在known_hosts中找不到服务器'worker-server'
Server 'worker-server' not found in known_hosts
现在,我想我理解此错误.执行测试脚本时,我正在使用某个用户来访问服务器,并且即使该用户实际上是仅为该工作而创建的第三方用户,已知主机信息也会保存到~/.ssh/known_hosts
.因此,Django应用程序在另一个用户下运行,该用户找不到存储的已知主机信息,因为该用户无权访问该文件夹.据我所知,该用户没有哪个Apache用于执行Django脚本的主目录.
Now, I think I understand this error. When performing the test script, I was using a certain user to access the server, and the known hosts information is saved to ~/.ssh/known_hosts
even though the user is actually a 3rd party user created just for this one job. So the Django app is running under a different user who doesn't find the saved known hosts info because it doesn't have access to that folder. As far as I can tell the user which Apache uses to execute the Django scripts doesn't have a home directory.
是否可以通过Django进程可以看到的方式添加此已知主机?
Is there a way I can add this known host in a way that the Django process can see it?
脚本:
import paramiko
client = paramiko.SSHClient()
client.load_system_host_keys()
client.connect('worker-server', 22, 'workeruser', 'workerpass')
code = "123wfdv"
survey_id = 111
stdin, stdout, stderr =
client.exec_command('python3 /path/to/test_script/test.py %s %s' % ( code, survey_id ))
print( "ssh succuessful. Closing connection" )
stdout = stdout.readlines()
client.close()
print ( "Connection closed" )
output = ""
for line in stdout:
output = output + line
if output!="":
print ( output )
else:
print ( "There was no output for this command" )
推荐答案
You can hard-code the host key in your Python code, using HostKeys.add
:
import paramiko
from base64 import decodebytes
keydata = b"""AAAAB3NzaC1yc2EAAAABIwAAAQEA0hV..."""
key = paramiko.RSAKey(data=decodebytes(keydata))
client = paramiko.SSHClient()
client.get_host_keys().add('example.com', 'ssh-rsa', key)
client.connect(...)
-
这是基于我对以下问题的回答:
Paramiko未知服务器" .This is based on my answer to:
Paramiko "Unknown Server".要查看如何获取在代码中使用的指纹,请参阅我的回答:
使用pysftp验证主机密钥.To see how to obtain the fingerprint for use in the code, see my answer to:
Verify host key with pysftp.如果使用pysftp,而不是直接使用Paramiko,请参阅:
PySFTP失败,并显示未找到主机X的主机密钥";部署Django/Heroku时If using pysftp, instead of Paramiko directly, see:
PySFTP failing with "No hostkey for host X found" when deploying Django/HerokuOr, as you are connecting within a private network, you can give up on verifying host key altogether, using
AutoAddPolicy
:client = paramiko.SSHClient() client.set_missing_host_key_policy(paramiko.AutoAddPolicy()) client.connect(...)
(只有在不需要安全连接(例如在专用网络中进行连接时)时,才可以这样做)
这篇关于Paramiko SSH失败,并显示“在known_hosts中找不到服务器'..."在Web服务器上运行时的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!