Paramiko -- 在 OS X 上使用加密的私钥文件 [英] Paramiko -- using encrypted private key file on OS X
问题描述
我正在尝试使用 Paramiko 从 Python 连接到 SSH 服务器.这是我到目前为止尝试过的:
<预><代码>>>>进口paramiko>>>导入操作系统>>>privatekeyfile = os.path.expanduser('~/.ssh/id_rsa')>>>mykey = paramiko.RSAKey.from_private_key_file(privatekeyfile)回溯(最近一次调用最后一次):文件<stdin>",第 1 行,在 <module> 中文件/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/site-packages/paramiko/pkey.py",第 198 行,在 from_private_key_filekey = cls(文件名=文件名,密码=密码)文件/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/site-packages/paramiko/rsakey.py",第 51 行,在 __init__ 中self._from_private_key_file(文件名,密码)文件/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/site-packages/paramiko/rsakey.py",第 163 行,在 _from_private_key_filedata = self._read_private_key_file('RSA', 文件名, 密码)文件/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/site-packages/paramiko/pkey.py",第 280 行,在 _read_private_key_file 中data = self._read_private_key(tag, f, password)文件/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/site-packages/paramiko/pkey.py",第323行,_read_private_keyraise PasswordRequiredException('私钥文件已加密')paramiko.PasswordRequiredException:私钥文件已加密如您所见,它失败了,因为我的私钥已加密.但是,密码存储在我的 OS X 登录钥匙串中,当我键入 ssh host 时,它不会要求它(相反,它只要求一次,然后记住它直到下次重新启动).有没有办法让 paramiko 使用密码/从钥匙串中获取它,就像 ssh 那样?
RSAKey.from_private_key_file() 继承自 PKey();此方法的一个可选参数是密码.引用:
如果私钥是加密的并且密码不是None,则给定的密码将用于解密密钥(否则抛出 PasswordRequiredException).
由于您没有传递密码并且您的密钥已加密,因此将始终抛出此异常.只有一种方法可以解决此问题,即实际为该方法提供密码.因此,您需要一种从 OSXKeychain 中获取密码的方法.
你可以使用跨平台的Keyring 模块来做这个.
I'm trying to use Paramiko to connect to an SSH server from Python. This is what I tried so far:
>>> import paramiko
>>> import os
>>> privatekeyfile = os.path.expanduser('~/.ssh/id_rsa')
>>> mykey = paramiko.RSAKey.from_private_key_file(privatekeyfile)
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/site-packages/paramiko/pkey.py", line 198, in from_private_key_file
key = cls(filename=filename, password=password)
File "/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/site-packages/paramiko/rsakey.py", line 51, in __init__
self._from_private_key_file(filename, password)
File "/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/site-packages/paramiko/rsakey.py", line 163, in _from_private_key_file
data = self._read_private_key_file('RSA', filename, password)
File "/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/site-packages/paramiko/pkey.py", line 280, in _read_private_key_file
data = self._read_private_key(tag, f, password)
File "/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/site-packages/paramiko/pkey.py", line 323, in _read_private_key
raise PasswordRequiredException('Private key file is encrypted')
paramiko.PasswordRequiredException: Private key file is encrypted
As you can see, it's failing because my private key is encrypted. However, the password is stored in my OS X login keychain, and when I type ssh host it won't ask for it (rather, it only asks once, then remembers it until the next reboot). Is there a way to make paramiko use the password / fetch it from the keychain, like ssh does?
The RSAKey.from_private_key_file() is inherited from PKey(); an optional parameter of this method is a password. To quote:
If the private key is encrypted and password is not None, the given password will be used to decrypt the key (otherwise PasswordRequiredException is thrown).
As you're not passing a password and your key is encrypted this exception will always be thrown. There's only one way round this problem, to actually give the method a password. You, therefore, need a way of getting the password out of the OSXKeychain.
You could use the cross-platform Keyring module to do this.
这篇关于Paramiko -- 在 OS X 上使用加密的私钥文件的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
