在Paramiko中使用Kerberos身份验证 [英] Using Kerberos authentication with Paramiko
问题描述
我正在努力弄清楚如何在python和paramiko中使用kerberos身份验证.我已经找到了paramiko的文档,但是不知道如何实现它,而且自从出现以来,似乎缺少专门针对kerberos和paramiko的教程.
I'm struggling to figure out how to use kerberos authentication with python and paramiko. I've found the documentation for paramiko but don't know how to implement it and there seems to be a lack of tutorials specifically for kerberos and paramiko since its so new.
当我在python之外使用ssh进行正常使用时,我插入了一个智能卡,并在OSX Mavericks的命令行中键入以下内容...
When I ssh outside of python for normal usage, I insert a smart card and type the following from the command line in OSX Mavericks...
$ kshell
$ pkinit
...然后会提示我输入与卡关联的密码.从那里,我会得到一张kerberos票,并且可以SSH到服务器.
...which then prompts me for my pin number associated with the card. From there I get a kerberos ticket and can ssh to the server.
我过去使用过paramiko,但没有使用kerberos ...以下代码是我尝试过的示例,但出现错误并且无法连接.
I've used paramiko in the past but without kerberos... The following code is an example of what I've tried, but I get errors and can't connect.
import paramiko
import gssapi
ssh = paramiko.SSHClient()
ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())
ssh.connect(hostname = 'my.server.name',
username = 'user.name',
gss_auth = True,
gss_kex = True)
推荐答案
作为 Kerberos是否与SSH一起使用?说,如果服务器在可用的身份验证机制中报告gssapi-with-mic,则SSH中的Kerberos身份验证本质上是一些自定义数据传输,而不是常规身份验证(包括从KDC获取票证).
As How does Kerberos work with SSH? says, Kerberos authentication in SSH is essentially some custom data transfer instead of regular authentication (that includes getting a ticket from KDC) if the server reports gssapi-with-mic in available authentication mechanisms.
对它的支持paramiko已于2014年9月9日在拉动请求267 中提交.并且可以从v1.15开始使用.
Support for it paramiko has been committed in 09.2014 in pull request 267 and is available from v1.15 onwards.
要使用它,
- 请参见安装文档满足其他要求
- 使用gss_auth参数>
SSHClient.connect.gss_kex是可选的,它也可以使用Kerberos而不是它的SSH密钥来验证服务器.
- See Installing docs for additional requirements
- use
gss_authparameter ofSSHClient.connect.gss_kexis optional to authenticate the server using Kerberos as well rather than its SSH key.
这篇关于在Paramiko中使用Kerberos身份验证的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
