paramiko 使用證書連線 h3c 裝置
阿新 • • 發佈:2020-12-27
paramiko 使用證書連線 h3c 裝置
環境:Windows 10,python 3.8,paramiko 2.7.2,HCL
裝置配置使用者
#
local-user admin class manage
password simple admin
service-type ftp
service-type ssh
authorization-attribute user-role network-admin
#
配置登入 vty 登入許可權
# line vty 0 63 authentication-mode scheme #
開啟 ssh 服務
ssh erver enable
開啟 ftp 服務
ftp server enable
在 windows 上生成 ssh key
PS C:\Users\xdai> ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (C:\Users\xdai/.ssh/id_rsa):
C:\Users\xdai/.ssh/id_rsa already exists.
Overwrite (y/n)? y
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in C:\Users\xdai/.ssh/id_rsa.
Your public key has been saved in C:\Users\xdai/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:Dfia7aLwhuSowN7iSsXlqkB0/ZJw2mMoMVi9Y4ez06E [email protected]
The key's randomart image is:
+---[RSA 2048]----+
| .. |
|.. o . |
|.+ o *. . |
|. = # =. o |
| o * # oS . |
|o + E ++ |
|o*.o .o . |
|*.=o. .. |
|*+.oo. .. |
+----[SHA256]-----+
PS C:\Users\xdai>
在 windows 上將公鑰通過 ftp 上傳到裝置
C:\Users\xdai\.ssh>ftp 192.168.56.20
連線到 192.168.56.20。
220 FTP service ready.
502 Command not implemented.
使用者(192.168.56.20:(none)): admin
331 Password required for admin.
密碼:
230 User logged in.
ftp> put id_rsa.pub
200 PORT command successful
150 Connecting to port 11865
226 File successfully transferred
ftp: 傳送 392 位元組,用時 0.00秒 392.00千位元組/秒。
ftp> quit
221-Goodbye. You uploaded 1 and downloaded 0 kbytes.
221 Logout.
可以在 R1 上看到已經接收到了公鑰
<R1>%Dec 26 15:05:41:190 2020 R1 FTP/6/AUTH: User N/[email protected] for connection.
%Dec 26 15:05:44:437 2020 R1 FTP/6/AUTH: User [email protected] login.
%Dec 26 15:05:53:983 2020 R1 FTP/5/OPER: User [email protected] uploaded flash:/id_rsa.pub.
%Dec 26 15:06:17:204 2020 R1 FTP/6/LOGOUT: User [email protected] logout.
<R1>dir
Directory of flash:
0 drw- - Dec 26 2020 14:56:17 diagfile
1 -rw- 735 Dec 26 2020 14:57:27 hostkey
2 -rw- 391 Dec 26 2020 15:05:53 id_rsa.pub
在 R1 上匯入遠端主機公鑰
public-key peer netdevops import sshkey flash:/id_rsa.pub
檢視已經匯入的公鑰
[R1] display public-key peer
=============================================
Key name: netdevops
Key type: RSA
Key modulus: 2048
Key code:
......
配置遠端主機公鑰的方式有兩種:
從公鑰檔案中匯入:使用者事先將遠端主機的公鑰檔案儲存到本地裝置(例如,通過FTP或TFTP,以二進位制方式將遠端主機的公鑰檔案儲存到本地裝置),本地裝置從該公鑰檔案中匯入遠端主機的公鑰。匯入公鑰時,系統會自動將遠端主機的公鑰檔案轉換為PKCS(Public Key Cryptography Standards,公共金鑰加密標準)編碼形式。
手工配置:使用者事先在遠端主機上檢視其公鑰資訊,並記錄遠端主機公鑰的內容。在本地裝置上採用手工輸入的方式將遠端主機的公鑰配置到本地。手工輸入遠端主機公鑰時,可以逐個字元輸入,也可以一次拷貝貼上多個字元。
因為當前版本裝置不支援直接輸入 rsa 公鑰,所以採用匯入檔案的方式。
R1 上為 ssh 使用者配置公鑰驗證方式,指定公鑰
ssh user admin service-type all authentication-type any assign publickey netdevops
authentication-type 可選項有 any、password、password-publickey、publickey
裝置配置已經完成
在 windows 中編寫程式碼
import paramiko
ssh = paramiko.SSHClient()
ssh.load_system_host_keys()
ssh.set_missing_host_key_policy(paramiko.client.AutoAddPolicy())
ssh.connect(
hostname='192.168.56.20',
username='admin',
)
stdin, stdout, stderr = ssh.exec_command('dis ip int brief')
interface = stdout.read().decode(encoding='utf-8')
print(interface)
ssh.close()
可以看到輸出:
PS C:\python\netdevops> & "C:/Program Files (x86)/Python38-32/python.exe" c:/python/netdevops/1.py
******************************************************************************
* Copyright (c) 2004-2017 New H3C Technologies Co., Ltd. All rights reserved.*
* Without the owner's prior written consent, *
* no decompiling or reverse-engineering shall be allowed. *
******************************************************************************
<R1>dis ip int brief
*down: administratively down
(s): spoofing (l): loopback
Interface Physical Protocol IP Address Description
GE0/0 up up 192.168.56.20 --
GE0/1 down down -- --
GE0/2 down down -- --
GE5/0 down down -- --
GE5/1 down down -- --
GE6/0 down down -- --
GE6/1 down down -- --
Ser1/0 down down -- --
Ser2/0 down down -- --
Ser3/0 down down -- --
Ser4/0 down down -- --
PS C:\python\netdevops>
在裝置上檢視 console log
<R1>
<R1>%Dec 26 16:50:50:033 2020 R1 SHELL/5/SHELL_LOGIN: Console logged in from con0.
%Dec 26 16:50:54:285 2020 R1 SSHS/6/SSHS_LOG: Accepted publickey for admin from 192.168.56.102 port 1313.
%Dec 26 16:50:56:061 2020 R1 SSHS/6/SSHS_LOG: User admin logged out from 192.168.56.102 port 1313.
%Dec 26 16:50:56:061 2020 R1 SSHS/6/SSHS_DISCONNECT: SSH user admin (IP: 192.168.56.102) disconnected from the server.
<R1>