使用密码远程执行命令
[root@localhost script]# cat daramiko_ssh.py #!/usr/bin/env python #_*_coding:utf-8 _*_ __author__ = 'gaogd' ''' 执行远程命令ssh 命令 如同 ssh -p22 [email protected] 'cmd' ''' import paramiko ssh = paramiko.SSHClient() ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy()) host = '192.168.10.12' port = 22 username = 'root' password = 'lvnian@lvnian' ssh.connect(host, port, username,password) flat = True while flat: cmd = raw_input(u'请输入你的命令:') if not cmd == 'exit' or cmd == 'quit': stdin, stdout, stderr = ssh.exec_command(cmd) ### stdin这个是输入的命令,stdout这个是命令的正确返回,stderr这个是命令的错误返回 print stdout.readlines() else: flat = False ssh.close()
使用key远程执行命令
[root@localhost script]# cat daramiko_ssh_key.py #!/usr/bin/env python #_*_coding:utf-8 _*_ __author__ = 'gaogd' import paramiko import sys,os host = sys.argv[1] user = 'lvnian' pkey_file = '/home/lvnian/.ssh/id_rsa' #指定用来解密的私钥的路径,这个需要手动生成 key = paramiko.RSAKey.from_private_key_file(pkey_file) #使用私钥解密 cmd = sys.argv[2] s = paramiko.SSHClient() s.load_system_host_keys() s.set_missing_host_key_policy(paramiko.AutoAddPolicy()) s.connect(host,22,user,pkey=key,timeout=5) stdin,stdout,stderr=s.exec_command(cmd) cmd_result = stdout.read(),stderr.read() for line in cmd_result: print line, s.close() [root@localhost script]#
上传下载文件
[root@localhost script]# cat daramiko_sftp.py
#!/usr/bin/python
import paramiko
import sys,os
host = '192.168.10.12'
port = 22
username = 'root'
password = 'lvnian@lvnian'
t = paramiko.Transport((host,22))
t.connect(username=username,password=password) #连接方式也可以用key,这里只需要将password=password改为pkey=key,其余的key代码与前面的一样
sftp = paramiko.SFTPClient.from_transport(t) #使用t的设置方式连接远程主机
sftp.get('/tmp/learning.py','F:\learning.py') #下载文件
sftp.put('F:\yum.py','/tmp/yum.py') #上传文件
[root@localhost script]#
2、安装
安装paramiko有两个先决条件,python和另外一个名为PyCrypto的模块。 通常安装标准的python模块,只需要在模块的根目录下运行: python setup.py build python setup.py install 备注:安装前先检查是否安装gcc(yum -y install gcc) 2.1 PyCrypto安装 wget http://ftp.dlitz.net/pub/dlitz/crypto/pycrypto/pycrypto-2.6.tar.gz tar -zxvf pycrypto-2.6.tar.gz cd pycrypto-2.6/ python setup.py build && python setup.py install 测试: python>> import Crypto (编译时报错:error: command 'gcc' failed with exit status 1;这是因为缺少python-dev的软件包,所yum -y install python-devel) 2.2 paramiko安装 wget http://www.lag.net/paramiko/download/paramiko-1.7.7.1.tar.gz tar xvzf paramiko-1.7.7.1.tar.gz cd paramiko-1.7.7.1/ python setup.py build && python setup.py install Crypto error: 'module' object has no attribute 'HAVE_DECL_MPZ_POWM_SEC' 测试: python>> import paramiko (Crypto error: 'module' object has no attribute 'HAVE_DECL_MPZ_POWM_SEC' 找到 /usr/lib/python2.7/site-packages/Crypto/Util/number.py 把if _fastmath is not None and not _fastmath.HAVE_DECL_MPZ_POWM_SEC: 注释了 #if _fastmath is not None and not _fastmath.HAVE_DECL_MPZ_POWM_SEC: )
多进程模型在台服务上批量执行ssh命令
#!/usr/bin/python
# -*- coding: utf-8 -*-
__author__ = 'gaogd'
import sys
import paramiko
from multiprocessing import Pool
def run_cmd(host,port,user,passwd,cmd):
print '-->run',host,cmd
s = paramiko.SSHClient()
s.load_system_host_keys()
s.set_missing_host_key_policy(paramiko.AutoAddPolicy())
s.connect(host,22,username=user,password=passwd,timeout=5)
stdin,stdout,stderr = s.exec_command(cmd)
cmd_result = stdout.read(),stderr.read()
print '--------%s---------' % host
for line in cmd_result:
print line,
s.close()
return 0
host_dic = {
'192.168.10.12':['root','wdzj@2015',22],
'192.168.10.11':['root','wdzj@2015',22],
}
if __name__ == '__main__':
pool = Pool(3)
res_list = []
while True:
cmd = raw_input(u'请输入你要执行的命令: ')
if cmd == 'exit':
break
for host, host_info in host_dic.items():
username, password, port = host_info
# run_cmd(host,port,username,password,cmd)
p = pool.apply_async(run_cmd, args=(host, 22, username, password, cmd))
res_list.append(p)
for res in res_list:
print res.get() ##取得每个多进程的放回结果
实现堡垒机模式下的远程命令执行 堡垒机环境在一定程度上提升了运营安全级别,但同时也提高了日常运营成本, 作为管理的中转设备,任何针对业务服务器的管理请求都会经过此节点,比如SSH协议, 首先运维人员在办公电脑通过SSH协议登录堡垒机,再通过堡垒机SSH跳转到所有的业务服务器进行 维护操作,堡垒机模式下的远程命令执行我们可以利用paramiko的invoke_shell机制来实现通过堡 垒机实现服务器操作,原理是SSHClient.connect到堡垒机后开启一个新的SSH会话(session),通过 新的会话运行“ssh user@IP”去实现远程执行命令的操作。 实现代码如下:
#!/usr/bin/env python
#_*_coding:utf-8 _*_
__author__ = 'gaogd'
import paramiko
import os,sys,time
blip="192.168.10.12" #定义堡垒机信息
bluser="root"
blpasswd="xxx@2015"
hostname="192.168.23.148" #定义业务服务器信息
username="root"
password="xxx@2016"
port=22
passinfo='password: ' #输入服务器密码的前标志串
paramiko.util.log_to_file('syslogin.log')
ssh=paramiko.SSHClient() #ssh登录堡垒机
ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())
ssh.connect(hostname=blip,username=bluser,password=blpasswd)
# stdin,stdout,stderr=ssh.exec_command('free -m') #调用远程执行命令方法exec_command()
# print stdout.read() #打印命令执行结果,得到Python列表形式,可以使用
channel=ssh.invoke_shell() #创建会话,开启命令调用
channel.settimeout(10) #会话命令执行超时时间,单位为秒
buff = ''
resp = ''
channel.send('ssh '+username+'@'+hostname+'\n') #执行ssh登录业务主机
while not buff.endswith(passinfo): #ssh登录的提示信息判断,输出串尾含有"\'spassword:"时
try: #退出while循环
resp = channel.recv(9999)
print 'resp1:',resp,'\n -------------'
except Exception as e:
print 'Error info:%s connection time.' % (str(e))
channel.close()
ssh.close()
sys.exit()
buff += resp
if not buff.find('yes/no')==-1: #输出串尾含有"yes/no"时发送"yes"并回车
channel.send('yes\n')
buff=''
channel.send(password+'\n') #发送业务主机密码
buff=''
while not buff.endswith('# '): #输出串尾为"# "时说明校验通过并退出while循环
resp = channel.recv(9999)
print 'resp2:',resp,'\n ================'
if not resp.find(passinfo)==-1: #输出串尾含有"\'s password: "时说明密码不正确,
#要求重新输入
print 'Error info: Authentication failed.'
channel.close() #关闭连接对象后退出
ssh.close()
sys.exit()
buff += resp
channel.send('ifconfig\n') #认证通过后发送ifconfig命令来查看结果
buff=''
try:
while buff.find('# ')==-1:
resp = channel.recv(9999)
buff += resp
except Exception as e:
print "error info:"+str(e)
print buff #打印输出串
channel.close()
ssh.close()
实现堡垒机模式下的远程文件上传
实现堡垒机模式下的文件上传,原理是通过paramiko的SFTPClient
将文件从办公设备上传至堡垒机指定的临时目录,如/tmp,
再通过SSHClient的invoke_shell方法开启ssh会话,
执行scp命令,将/tmp下的指定文件复制到目标业务服务器上, 堡垒机模式下的文件上传
本示例具体使用sftp.put()方法上传文件至堡垒机临时目录,
再通过send()方法执行scp命令,将堡垒机临时目录下的文件复制到目
标主机,详细的实现源码如下
#!/usr/bin/env python
#_*_coding:utf-8 _*_
__author__ = 'gaogd'
#!/usr/bin/env python
import paramiko
import os,sys,time
blip="192.168.10.12" #定义堡垒机信息
bluser="root"
blpasswd="zzz@2015"
hostname="192.168.23.148" #定义业务服务器信息
username="root"
password="zzz@2016"
port=22
tmpdir="/tmp"
remotedir="/tmp"
localpath="./PyparamkoSsFTP.py" #本地源文件路径
tmppath=tmpdir+"/PyparamkoSsFTP.py" #堡垒机临时路径
# remotepath=remotedir+"/PyparamkoSsFTP.py" #业务主机目标路径
remotepath=remotedir #业务主机目标路径
passinfo='password: '
paramiko.util.log_to_file('syslogin.log')
t = paramiko.Transport((blip, port))
t.connect(username=bluser, password=blpasswd)
sftp =paramiko.SFTPClient.from_transport(t)
sftp.put(localpath, tmppath) #上传本地源文件到堡垒机临时路径
sftp.close()
ssh=paramiko.SSHClient()
ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())
ssh.connect(hostname=blip,username=bluser,password=blpasswd)
channel=ssh.invoke_shell()
channel.settimeout(10)
buff = ''
resp = ''
#scp中转目录文件到目标主机
channel.send('/usr/bin/scp '+tmppath+' '+username+'@'+hostname+':'+remotepath+'\n')
print "#########",'scp '+tmppath+' '+username+'@'+hostname+':'+remotepath+'\n'
while not buff.endswith(passinfo):
try:
resp = channel.recv(99999)
print 'resp1',resp,'--------------'
except Exception,e:
print 'Error info:%s connection time.' % (str(e))
channel.close()
ssh.close()
sys.exit()
buff += resp
if not buff.find('yes/no')==-1:
channel.send('yes\n')
buff=''
print '22'
channel.send(password+'\n') #发送业务主机密码
buff=''
while not buff.endswith("# "):
resp = channel.recv(99999)
if not resp.find(passinfo)==-1:
print 'Error info: Authentication failed.'
channel.close()
ssh.close()
sys.exit()
else:
print 'ok'
buff += resp
print buff
channel.close()
ssh.close()
#!/usr/bin/python
#coding:utf-8
import paramiko
import sys
import datetime
import threading
import Queue
import getopt
def usage():
print """
-h,-H,--help 帮助页面
-C, --cmd 执行命令模式
-M, --command 执行具体命令
-S, --sendfile 传输文件模式
-L, --localpath 本地文件路径
-R, --remotepath 远程服务器路径
IP列表格式:
IP地址 用户名 密码 端口
192.168.1.1 root 123456 22
e.g.
批量执行命令格式: -C "IP列表" -M '执行的命令'
批量传送文件: -S "IP列表" -L "本地文件路径" -R "远程文件路径"
错误日志文件:$PWD/ssh_errors.log
"""
def ssh(queue_get,cmd):
try:
hostip=queue_get[0]
username=queue_get[1]
password=queue_get[2]
port=queue_get[3]
s=paramiko.SSHClient()
s.load_system_host_keys()
s.set_missing_host_key_policy(paramiko.AutoAddPolicy())
s.connect(hostname=hostip,port=port,username=username, password=password)
stdin,stdout,stderr=s.exec_command(cmd)
print "\033[42m---------------------------------%s---------------------------\033[0m \n %s" %(hostip,stdout.read())
s.close()
except Exception,ex:
print "\033[42m---------------------------------%s---------------------------\033[0m\n %s : \t%s" %(hostip,hostip,ex)
#print "\n",hostip,":\t",ex,"\n"
ssh_errors=open("ssh_errors.log","a")
ssh_errors.write("%s\t%s:\t%s\n"%(now,hostip,ex))
ssh_errors.close()
pass
def sftp(queue_get,localpath,remotepath):
try:
hostip=queue_get[0]
username=queue_get[1]
password=queue_get[2]
port=int(queue_get[3])
t=paramiko.Transport((hostip,port))
t.connect(username=username,password=password)
sftp=paramiko.SFTPClient.from_transport(t)
sftp.put(localpath,remotepath)
print "Upload file %s to %s : %s: %s" %(localpath,hostip,remotepath,now)
sftp.close()
t.close()
except Exception,ex:
print "\n",hostip,":\t",ex,"\n"
ssh_errors=open("ssh_errors.log","a")
ssh_errors.write("%s\t%s:\t%s\n"%(now,hostip,ex))
ssh_errors.close()
pass
if __name__ == '__main__':
try:
opts,args= opts, args = getopt.getopt(sys.argv[1:], "(hH)C:M:S:L:R:", ["help","cmd=","command=","sendfile=","localpath=","remotepath="])
now=datetime.datetime.now()
if len(sys.argv) == 1 :
usage()
sys.exit()
if sys.argv[1] in ("-h","-H","--help"):
usage()
sys.exit()
elif sys.argv[1] in ("-C","--cmd"):
for opt,arg in opts:
if opt in ("-C","--cmd"):
iplist=arg
if opt in ("-M","--command="):
cmd=arg
file=open(iplist)
print '-------3', opts, args
threads = []
myqueue = Queue.Queue(maxsize = 0)
for l in file.readlines():
if len(l)==1 or l.startswith('#'):
continue
f=l.split()
myqueue.put(f)
file.close()
for x in xrange(0,myqueue.qsize()):
if myqueue.empty():
break
mutex = threading.Lock()
mutex.acquire()
mutex.release()
threads.append(threading.Thread(target=ssh, args=(myqueue.get(),cmd)))
for t in threads:
t.start()
t.join()
elif sys.argv[1] in ("-S","--sendfile"):
for opt,arg in opts:
if opt in ("-S","--sendfile"):
iplist=arg
if opt in ("-L","--localpath="):
localpath=arg
if opt in ("-R","--remotepath="):
remotepath=arg
file=open(iplist)
threads = []
myqueue = Queue.Queue(maxsize = 0)
for l in file.readlines():
if len(l)==1 or l.startswith('#'):
continue
f=l.split()
myqueue.put(f)
file.close()
for x in xrange(0,myqueue.qsize()):
if myqueue.empty():
break
mutex = threading.Lock()
mutex.acquire()
mutex.release()
threads.append(threading.Thread(target=sftp, args=(myqueue.get(),localpath,remotepath)))
for t in threads:
t.start()
t.join()
else:
print "\033[31m非法参数,请重新输入!\033[0m"
#usage()
except Exception,ex:
usage()
print ex