Paramiko SSH 失败,并显示“在 known_hosts 中未找到服务器‘...’";在 Web 服务器上运行时 [英] Paramiko SSH failing with "Server '...' not found in known_hosts" when run on web server
问题描述
我正在尝试使用 Paramiko 在专用网络上的 2 个服务器之间进行 SSH 通信.客户端服务器是一个 Web 服务器,而主机服务器将是一个工人"服务器.这个想法是不向 HTTP 连接开放工作服务器.唯一需要发生的通信是 Web 服务器需要将字符串传递给工作服务器上的脚本.为此,我希望使用 Paramiko 并通过 SSH 将信息传递给脚本.
I am trying to use Paramiko to make an SSH communication between 2 servers on a private network. The client server is a web server and the host server is going to be a "worker" server. The idea was to not open up the worker server to HTTP connections. The only communication that needs to happen, is the web server needs to pass strings to a script on the worker server. For this I was hoping to use Paramiko and pass the information to the script via SSH.
我设置了一个新用户并在 Python 3 中创建了一个测试脚本,当我从我自己用户的 SSH 会话中的命令行运行它时,它可以工作.我将相同的代码放入我的 Django Web 应用程序中,认为它应该可以工作,因为它从命令行测试正常,但出现以下错误:
I set up a new user and created a test script in Python 3, which works when I run it from the command line from my own user's SSH session. I put the same code into my Django web app, thinking that it should work, since it tests OK from the command line, and I get the following error:
在 known_hosts 中找不到服务器worker-server"
Server 'worker-server' not found in known_hosts
现在,我想我明白这个错误了.在执行测试脚本时,我使用某个用户访问服务器,并且已知主机信息保存到~/.ssh/known_hosts,即使该用户实际上是刚刚创建的第3方用户对于这一份工作.因此 Django 应用程序正在另一个用户下运行,该用户找不到已保存的已知主机信息,因为它无权访问该文件夹.据我所知,Apache 用来执行 Django 脚本的用户没有主目录.
Now, I think I understand this error. When performing the test script, I was using a certain user to access the server, and the known hosts information is saved to ~/.ssh/known_hosts even though the user is actually a 3rd party user created just for this one job. So the Django app is running under a different user who doesn't find the saved known hosts info because it doesn't have access to that folder. As far as I can tell the user which Apache uses to execute the Django scripts doesn't have a home directory.
有没有办法以Django进程可以看到的方式添加这个已知主机?
Is there a way I can add this known host in a way that the Django process can see it?
脚本:
import paramiko
client = paramiko.SSHClient()
client.load_system_host_keys()
client.connect('worker-server', 22, 'workeruser', 'workerpass')
code = "123wfdv"
survey_id = 111
stdin, stdout, stderr =
client.exec_command('python3 /path/to/test_script/test.py %s %s' % ( code, survey_id ))
print( "ssh succuessful. Closing connection" )
stdout = stdout.readlines()
client.close()
print ( "Connection closed" )
output = ""
for line in stdout:
output = output + line
if output!="":
print ( output )
else:
print ( "There was no output for this command" )
推荐答案
您可以在 Python 代码中硬编码主机密钥,使用 HostKeys.add:
You can hard-code the host key in your Python code, using HostKeys.add:
import paramiko
from base64 import decodebytes
keydata = b"""AAAAB3NzaC1yc2EAAAABIwAAAQEA0hV..."""
key = paramiko.RSAKey(data=decodebytes(keydata))
client = paramiko.SSHClient()
client.get_host_keys().add('example.com', 'ssh-rsa', key)
client.connect(...)
这是基于我对以下问题的回答:
Paramiko未知服务器".要了解如何获取代码中使用的指纹,请参阅我对以下问题的回答:
使用 pysftp 验证主机密钥.To see how to obtain the fingerprint for use in the code, see my answer to:
Verify host key with pysftp.如果使用pysftp,而不是直接使用Paramiko,见:
PySFTP 失败,找不到主机 X 的主机密钥"部署 Django/Heroku 时If using pysftp, instead of Paramiko directly, see:
PySFTP failing with "No hostkey for host X found" when deploying Django/Heroku或者,当您在专用网络中连接时,您可以完全放弃验证主机密钥,使用
AutoAddPolicy:Or, as you are connecting within a private network, you can give up on verifying host key altogether, using
AutoAddPolicy:client = paramiko.SSHClient() client.set_missing_host_key_policy(paramiko.AutoAddPolicy()) client.connect(...)(仅当您不需要安全连接时才可以这样做,例如在专用网络中连接时)
这篇关于Paramiko SSH 失败,并显示“在 known_hosts 中未找到服务器‘...’";在 Web 服务器上运行时的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
