Python中文网 - 问答频道, 解决您学习工作中的Python难题和Bug
Python常见问题
我有很多ntp设备,我正试图从某个跳转服务器访问这些设备,需要解析该设备提供的ssh横幅
对于使用OpenSSH5.5运行的服务器,横幅由client._transport.get_banner()返回,该横幅最终由auth_handlers.py中的_parse_userauth_banner方法设置
这里是paramiko调试日志
DEB [20201201-15:05:35.300] thr=1 paramiko.transport: starting thread (client mode): 0xd5fb5e10
DEB [20201201-15:05:35.300] thr=1 paramiko.transport: Local version/idstring: SSH-2.0-paramiko_2.7.2
DEB [20201201-15:05:35.366] thr=1 paramiko.transport: Remote version/idstring: SSH-2.0-OpenSSH_5.5
INF [20201201-15:05:35.366] thr=1 paramiko.transport: Connected (version 2.0, client OpenSSH_5.5)
DEB [20201201-15:05:35.420] thr=1 paramiko.transport: kex algos:['diffie-hellman-group-exchange-sha256', 'diffie-hellman-group-exchange-sha1', 'diffie-hellman-group14-sha1', 'diffie-hellman-group1-sha1'] server key:['ssh-rsa', 'ssh-dss'] client encrypt:['aes128-ctr', 'aes192-ctr', 'aes256-ctr', 'arcfour256', 'arcfour128', 'aes128-cbc', '3des-cbc', 'blowfish-cbc', 'cast128-cbc', 'aes192-cbc', 'aes256-cbc', 'arcfour', 'rijndael-cbc@lysator.liu.se'] server encrypt:['aes128-ctr', 'aes192-ctr', 'aes256-ctr', 'arcfour256', 'arcfour128', 'aes128-cbc', '3des-cbc', 'blowfish-cbc', 'cast128-cbc', 'aes192-cbc', 'aes256-cbc', 'arcfour', 'rijndael-cbc@lysator.liu.se'] client mac:['hmac-md5', 'hmac-sha1', 'umac-64@openssh.com', 'hmac-ripemd160', 'hmac-ripemd160@openssh.com', 'hmac-sha1-96', 'hmac-md5-96'] server mac:['hmac-md5', 'hmac-sha1', 'umac-64@openssh.com', 'hmac-ripemd160', 'hmac-ripemd160@openssh.com', 'hmac-sha1-96', 'hmac-md5-96'] client compress:['none', 'zlib@openssh.com'] server compress:['none', 'zlib@openssh.com'] client lang:[''] server lang:[''] kex follows?False
DEB [20201201-15:05:35.421] thr=1 paramiko.transport: Kex agreed: diffie-hellman-group-exchange-sha256
DEB [20201201-15:05:35.421] thr=1 paramiko.transport: HostKey agreed: ssh-rsa
DEB [20201201-15:05:35.421] thr=1 paramiko.transport: Cipher agreed: aes128-ctr
DEB [20201201-15:05:35.422] thr=1 paramiko.transport: MAC agreed: hmac-sha1
DEB [20201201-15:05:35.422] thr=1 paramiko.transport: Compression agreed: none
DEB [20201201-15:05:35.528] thr=1 paramiko.transport: Got server p (2048 bits)
DEB [20201201-15:05:35.782] thr=1 paramiko.transport: kex engine KexGexSHA256 specified hash_algo <built-in function openssl_sha256>
DEB [20201201-15:05:35.783] thr=1 paramiko.transport: Switch to new keys ...
DEB [20201201-15:05:35.785] thr=2 paramiko.transport: Trying discovered key b'f84e82ewewjhwhrvhgyghwe7636vdsv' in /myuser/.ssh/id_dsa
DEB [20201201-15:05:35.891] thr=1 paramiko.transport: userauth is OK
INF [20201201-15:05:35.966] thr=1 paramiko.transport: Auth banner: b'\n*******************************************************************************\n* Welcome to the Sonoma_D12 CDMA SSH console on: \n*******************************************************************************\n\n'
INF [20201201-15:05:35.967] thr=1 paramiko.transport: Authentication (publickey) successful!
DEB [20201201-15:05:35.967] thr=2 paramiko.transport: [chan 0] Max packet in: 32768 bytes
DEB [20201201-15:05:36.023] thr=1 paramiko.transport: [chan 0] Max packet out: 32768 bytes
DEB [20201201-15:05:36.023] thr=1 paramiko.transport: Secsh channel 0 opened.
DEB [20201201-15:05:36.079] thr=1 paramiko.transport: [chan 0] Sesch channel 0 request ok
DEB [20201201-15:05:36.090] thr=1 paramiko.transport: [chan 0] EOF received (0)
DEB [20201201-15:05:36.090] thr=1 paramiko.transport: EOF in transport thread
DEB [20201201-15:05:36.133] thr=2 paramiko.transport: [chan 0] EOF sent (0)
DEB [20201201-15:05:36.136] thr=2 paramiko.transport: Dropping user packet because connection is dead.
原始ssh握手日志
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.5
debug1: match: OpenSSH_5.5 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.3
debug2: fd 3 setting O_NONBLOCK
debug1: SSH2_MSG_KEXINIT sent
debug3: Wrote 552 bytes for a total of 573
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa-cert-v01@openssh.com,ssh-dss-cert-v01@openssh.com,ssh-rsa-cert-v00@openssh.com,ssh-dss-cert-v00@openssh.com,ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes256-ctr,aes192-ctr,aes128-ctr,blowfish-cbc,aes128-cbc,3des-cbc
debug2: kex_parse_kexinit: aes256-ctr,aes192-ctr,aes128-ctr,blowfish-cbc,aes128-cbc,3des-cbc
debug2: kex_parse_kexinit: hmac-sha1,hmac-md5
debug2: kex_parse_kexinit: hmac-sha1,hmac-md5
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_setup: found hmac-sha1
debug1: kex: server->client aes256-ctr hmac-sha1 none
debug2: mac_setup: found hmac-sha1
debug1: kex: client->server aes256-ctr hmac-sha1 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<4096<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug3: Wrote 24 bytes for a total of 597
debug2: dh_gen_key: priv key bits set: 270/512
debug2: bits set: 2021/4096
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Found key in /root/.ssh/known_hosts:10263
debug2: bits set: 2008/4096
debug1: ssh_rsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug2: cipher_init: set keylen (16 -> 32)
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug3: Wrote 16 bytes for a total of 1141
debug2: set_newkeys: mode 0
debug2: cipher_init: set keylen (16 -> 32)
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug3: Wrote 52 bytes for a total of 1193
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug3: Wrote 68 bytes for a total of 1261
debug3: input_userauth_banner
*******************************************************************************
* Welcome to the Sonoma_D12 CDMA SSH console on
*******************************************************************************
但是,对于运行OpenSSH4.3的服务器,对client._transport.get_banner()的调用将返回,因为在这种情况下,从不调用_parse_userauth_banner方法
DEB [20201201-15:07:04.474] thr=1 paramiko.transport: starting thread (client mode): 0x1e928f50
DEB [20201201-15:07:04.475] thr=1 paramiko.transport: Local version/idstring: SSH-2.0-paramiko_2.7.2
DEB [20201201-15:07:04.883] thr=1 paramiko.transport: Remote version/idstring: SSH-2.0-OpenSSH_4.3
INF [20201201-15:07:04.883] thr=1 paramiko.transport: Connected (version 2.0, client OpenSSH_4.3)
DEB [20201201-15:07:04.973] thr=1 paramiko.transport: kex algos:['diffie-hellman-group-exchange-sha1', 'diffie-hellman-group14-sha1', 'diffie-hellman-group1-sha1'] server key:['ssh-rsa', 'ssh-dss'] client encrypt:['aes128-cbc', '3des-cbc', 'blowfish-cbc', 'cast128-cbc', 'arcfour128', 'arcfour256', 'arcfour', 'aes192-cbc', 'aes256-cbc', 'rijndael-cbc@lysator.liu.se', 'aes128-ctr', 'aes192-ctr', 'aes256-ctr'] server encrypt:['aes128-cbc', '3des-cbc', 'blowfish-cbc', 'cast128-cbc', 'arcfour128', 'arcfour256', 'arcfour', 'aes192-cbc', 'aes256-cbc', 'rijndael-cbc@lysator.liu.se', 'aes128-ctr', 'aes192-ctr', 'aes256-ctr'] client mac:['hmac-md5', 'hmac-sha1', 'hmac-ripemd160', 'hmac-ripemd160@openssh.com', 'hmac-sha1-96', 'hmac-md5-96'] server mac:['hmac-md5', 'hmac-sha1', 'hmac-ripemd160', 'hmac-ripemd160@openssh.com', 'hmac-sha1-96', 'hmac-md5-96'] client compress:['none'] server compress:['none'] client lang:[''] server lang:[''] kex follows?False
DEB [20201201-15:07:04.974] thr=1 paramiko.transport: Kex agreed: diffie-hellman-group-exchange-sha1
DEB [20201201-15:07:04.974] thr=1 paramiko.transport: HostKey agreed: ssh-rsa
DEB [20201201-15:07:04.974] thr=1 paramiko.transport: Cipher agreed: aes128-ctr
DEB [20201201-15:07:04.974] thr=1 paramiko.transport: MAC agreed: hmac-sha1
DEB [20201201-15:07:04.974] thr=1 paramiko.transport: Compression agreed: none
DEB [20201201-15:07:05.362] thr=1 paramiko.transport: Got server p (2048 bits)
DEB [20201201-15:07:11.836] thr=1 paramiko.transport: kex engine KexGex specified hash_algo <built-in function openssl_sha1>
DEB [20201201-15:07:11.837] thr=1 paramiko.transport: Switch to new keys ...
DEB [20201201-15:07:11.839] thr=2 paramiko.transport: Trying discovered key b'f84e82ewewjhwhrvhgyghwe7636vdsv' in /myuser/.ssh/id_dsa
DEB [20201201-15:07:12.019] thr=1 paramiko.transport: userauth is OK
INF [20201201-15:07:12.545] thr=1 paramiko.transport: Authentication (publickey) successful!
DEB [20201201-15:07:12.546] thr=2 paramiko.transport: [chan 0] Max packet in: 32768 bytes
DEB [20201201-15:07:12.647] thr=1 paramiko.transport: [chan 0] Max packet out: 32768 bytes
DEB [20201201-15:07:12.647] thr=1 paramiko.transport: Secsh channel 0 opened.
DEB [20201201-15:07:12.748] thr=1 paramiko.transport: [chan 0] Sesch channel 0 request ok
DEB [20201201-15:07:13.387] thr=1 paramiko.transport: [chan 0] EOF received (0)
DEB [20201201-15:07:13.388] thr=1 paramiko.transport: [chan 0] EOF sent (0)
如上图所示,paramiko没有捕获到Auth横幅,但是如果我使用ssh命令直接从终端登录,则会显示登录横幅
原始ssh握手日志
debug1: Remote protocol version 2.0, remote software version OpenSSH_4.3
debug1: match: OpenSSH_4.3 pat OpenSSH_4*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.3
debug2: fd 3 setting O_NONBLOCK
debug1: SSH2_MSG_KEXINIT sent
debug3: Wrote 552 bytes for a total of 573
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa-cert-v01@openssh.com,ssh-dss-cert-v01@openssh.com,ssh-rsa-cert-v00@openssh.com,ssh-dss-cert-v00@openssh.com,ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes256-ctr,aes192-ctr,aes128-ctr,blowfish-cbc,aes128-cbc,3des-cbc
debug2: kex_parse_kexinit: aes256-ctr,aes192-ctr,aes128-ctr,blowfish-cbc,aes128-cbc,3des-cbc
debug2: kex_parse_kexinit: hmac-sha1,hmac-md5
debug2: kex_parse_kexinit: hmac-sha1,hmac-md5
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none
debug2: kex_parse_kexinit: none
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_setup: found hmac-sha1
debug1: kex: server->client aes256-ctr hmac-sha1 none
debug2: mac_setup: found hmac-sha1
debug1: kex: client->server aes256-ctr hmac-sha1 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<4096<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug3: Wrote 24 bytes for a total of 597
debug2: dh_gen_key: priv key bits set: 243/512
debug2: bits set: 2001/4096
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug3: Wrote 528 bytes for a total of 1125
debug2: bits set: 2099/4096
debug1: ssh_rsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug2: cipher_init: set keylen (16 -> 32)
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug3: Wrote 16 bytes for a total of 1141
debug2: set_newkeys: mode 0
debug2: cipher_init: set keylen (16 -> 32)
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug3: Wrote 52 bytes for a total of 1193
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug3: Wrote 68 bytes for a total of 1261
debug3: input_userauth_banner
*******************************************************************************
* Welcome to the Tempus LX CDMA SSH console on: Tempus LXCDMA.your.domain
*******************************************************************************
我已经仔细研究了一下,但这似乎已经达到了协议级别,并且与开放ssh版本有关
那么,有人能提出一些解决办法吗
Tags: paramikoparsedebhmacsha1sshtransportcbc
热门问题
- 如何提高Djang的410误差
- 如何提高doc2vec模型中两个文档(句子)的余弦相似度?
- 如何提高Docker的日志限制?|[输出已剪裁,达到日志限制100KiB/s]
- 如何提高DQN的性能?
- 如何提高EasyOCR的准确性/预测?
- 如何提高Euler#39项目解决方案的效率?
- 如何提高F1成绩进行分类
- 如何提高FaceNet的准确性
- 如何提高fft处理的精度?
- 如何提高Fibonacci实现对大n的精度?
- 如何提高Flask与psycopg2的连接时间
- 如何提高FosterCauer变换的scipy.signal.invres()的数值稳定性?
- 如何提高gae查询的性能?
- 如何提高GANs用于时间序列预测/异常检测的结果
- 如何提高gevent和tornado组合的性能?
- 如何提高googleappengin请求日志的吞吐量
- 如何提高googlevision文本识别的准确性
- 如何提高groupby/apply效率
- 如何提高Gunicorn中的请求率
- 如何提高G中的文件编码转换
热门文章
- Python覆盖写入文件
- 怎样创建一个 Python 列表?
- Python3 List append()方法使用
- 派森语言
- Python List pop()方法
- Python Django Web典型模块开发实战
- Python input() 函数
- Python3 列表(list) clear()方法
- Python游戏编程入门
- 如何创建一个空的set?
- python如何定义(创建)一个字符串
- Python标准库 [The Python Standard Library by Ex
- Python网络数据爬取及分析从入门到精通(分析篇)
- Python3 for 循环语句
- Python List insert() 方法
- Python 字典(Dictionary) update()方法
- Python编程无师自通 专业程序员的养成
- Python3 List count()方法
- Python 网络爬虫实战 [Web Crawler With Python]
- Python Cookbook(第2版)中文版
目前没有回答
相关问题 更多 >
编程相关推荐