Python 堡垒机与paramiko模块
堡垒机前戏
开发堡垒机之前,先来学习Python的paramiko模块,该模块基于SSH用于连接远程服务器并执行相关操作
SSHClient
用于连接远程服务器并执行基本命令
基于用户名密码连接:
1 import paramiko 2 3 # 创建SSH对象 4 ssh = paramiko.SSHClient() 5 # 允许连接不在know_hosts文件中的主机 6 ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy()) 7 # 连接服务器 8 ssh.connect(hostname='192.168.48.20', port=22, username='root', password='hadoop') 9 10 # 执行命令 11 stdin, stdout, stderr = ssh.exec_command('ls') 12 # 获取命令结果 13 result = stdout.read() 14 print(result.decode()) 15 16 # 关闭连接 17 ssh.close()
SSHClient 封装 Transport
1 import paramiko 2 3 transport = paramiko.Transport(('192.168.48.20', 22)) 4 transport.connect(username='root', password='hadoop') 5 6 ssh = paramiko.SSHClient() 7 ssh._transport = transport 8 9 stdin, stdout, stderr = ssh.exec_command('df') 10 print stdout.read() 11 12 transport.close()
基于公钥密钥连接:
1 import paramiko 2 3 private_key = paramiko.RSAKey.from_private_key_file('id_rsa') 4 5 # 创建SSH对象 6 ssh = paramiko.SSHClient() 7 # 允许连接不在know_hosts文件中的主机 8 ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy()) 9 # 连接服务器 10 ssh.connect(hostname='192.168.48.20', port=22, username='root', pkey=private_key) 11 12 # 执行命令 13 stdin, stdout, stderr = ssh.exec_command('df') 14 # 获取命令结果 15 result = stdout.read() 16 print(result.decode()) 17 18 # 关闭连接 19 ssh.close()
SSHClient 封装 Transport
1 import paramiko 2 3 private_key = paramiko.RSAKey.from_private_key_file('id_rsa') 4 5 transport = paramiko.Transport(('192.168.48.20', 22)) 6 transport.connect(username='root', pkey=private_key) 7 8 ssh = paramiko.SSHClient() 9 ssh._transport = transport 10 11 stdin, stdout, stderr = ssh.exec_command('df') 12 13 transport.close()
基于私钥字符串进行连接
1 import paramiko 2 from io import StringIO 3 4 key_str = """-----BEGIN RSA PRIVATE KEY----- 5 MIIEoQIBAAKCAQEAo4E82UucG+L7T2yZIRiPC0fVd/LIKPZ9qR66NyCQW0N21os2 6 30whHou2L4np3ASAVsTmf+mWctnCGcrWzn1QLuvV/joAWyJqK/L2IBZAZjZI2i+V 7 HKXZuQixX7D2vyntOPOSPi0gy1Tw5P6njcRcXNyokHboN61hZ6z8pzL3kn+hrJuG 8 By06g6zcn341ggmwxnQ9UaWI5ywxv6kMP9PBt6efD+J0QqLOKay4LShYZAsazdA7 9 ZyOIc0sCHLDIcKfsjved0wbM3NIxssbpgMlpqKom5kU4OMgpq253U6QoyxT8CU2b 10 d7DDFpJcmp5oIlavnlAEHK1TwlJqiR0580s8nwIBIwKCAQA8uvlYBiQKW58sIQWt 11 NQHuP0Co5SXGEmkwL/wF2OUpNlC2FnN3gq03OzUKV8vkAawC+K1itdjLkrXPENNx 12 RHzeOlbMJCwEl8EJAnis1RCa/jhRClv0sqFTWwANmYA4YAencGmEzu7scAG0JBJZ 13 Ok4xHsJESWwx7/D6n1aHPtD75atCtI0sHVr4LH1crXhswcSC01t5Acu25/rQPITH 14 PfWRchaUNp8LN2aBJK5iQYkoMsnHzy3v+q8sih5Rzqd/caIPvqWEz5pydZZ87nTR 15 BVl4/RirfNVoR5PKWgMrLgWe6QwiCoVE+iFyrBW99EzE97BOGtSRMeSRDjdhGfdp 16 yIn7AoGBANT6d0tvGboZLYzcVEVAMkPK0dW8MZCYmB6Wm9whsvUyoDv4ZYxEIZ7t 17 HIAge2Yvs3dqoaRaIJIQOGHi2qhWtko3AGvvhIwghoAVjvPEbK//i5yo3i8SyqSn 18 LpiqyRU0UMsFnVN16a/AKULsE7wXkXVEl5z7vhTYf0/0f6hxKcRZAoGBAMSIZYNw 19 Ezy6pRHxCCIwug0lQfsoR8AnD9Ja4GgtF4Yk1Dn+mxRqJxtDVNi1XvcW4pfTFH3V 20 rs/+2dhxR0l0Dnfezof0GD50cZKbokUTdbUUnILl295IUID3JiTl1VM5sze7u1db 21 wy9wcmj95T/RFq5zvu/BaOs75+fxpm2Mtsm3AoGAEkFarrHAYGiO4DAkevbfvKr8 22 CwGAl12JYbUjTWH5ZXleMQapnk77kUeGGZxiWTdJ5aoN2uMnXPoTdhrCSPF9VtGD 23 sXruGqOzwdX2T2ibmg6W8Cu7Rd0KDhz1XYr7SvXbChZskiAMt0r8OO+p64z91tn+ 24 XemxNPydMr0vg3dp+uMCgYBqsHGfH5VqHC25SFTfXEe9/khjxWjHZamA0j9OfuDi 25 a8OqdEWOvUht4rkH7W4RGw1LGtCcFOneoEpfjfN/pWbwnYYPSf6ITddA9Wa3yLw9 26 urtdAHAK9A5x5UCXr/d2UoXcbTnQVmKkuWKuBiv+EmtmBFG1Wl2HA0Ngp8C/IIB8 27 IQKBgQDGX4MO9ARZtLGnkPIfhejiSfl4Br4DFubKyGfwSf+afTv8wJ45vOKiSDnl 28 nk/H1GDelIaL+/TfXsK36OuzzVc1sxN3ZZMOBG2OYfnPei5i+AhY3JuZirkStCN0 29 AtnqAt5lzKHJinyg6kwW/FKa4pEik9Q/2ChW1DqGC2DmdW468g== 30 -----END RSA PRIVATE KEY-----""" 31 32 private_key = paramiko.RSAKey(file_obj=StringIO(key_str)) 33 transport = paramiko.Transport(('192.168.48.20', 22)) 34 transport.connect(username='root', pkey=private_key) 35 36 ssh = paramiko.SSHClient() 37 ssh._transport = transport 38 39 stdin, stdout, stderr = ssh.exec_command('df') 40 result = stdout.read() 41 42 transport.close() 43 44 print(result.decode())
SFTPClient
用于连接远程服务器并执行上传下载
基于用户名密码上传下载
1 import paramiko 2 3 transport = paramiko.Transport(('192.168.48.20', 22)) 4 transport.connect(username='root', password='hadoop') 5 6 sftp = paramiko.SFTPClient.from_transport(transport) 7 # 将location.py 上传至服务器 /tmp/test.py 8 sftp.put('C:\\Users\\Administrator\\Desktop\\module04.zip', '/tmp/module04.zip') 9 # 将remove_path 下载到本地 local_path 10 sftp.get('/root/Python-3.5.1.tgz', 'C:\\Users\\Administrator\\Desktop\\Python-3.5.1.tgz') 11 12 transport.close()
基于公钥密钥上传下载
1 import paramiko 2 3 private_key = paramiko.RSAKey.from_private_key_file('id_rsa') 4 5 transport = paramiko.Transport(('192.168.48.20', 22)) 6 transport.connect(username='root', pkey=private_key) 7 8 sftp = paramiko.SFTPClient.from_transport(transport) 9 # 将location.py 上传至服务器 /tmp/test.py 10 sftp.put('C:\\Users\\Administrator\\Desktop\\module04.zip', '/root/Public/module04.zip') 11 # 将remove_path 下载到本地 local_path 12 # sftp.get('remove_path', 'local_path') 13 14 transport.close()
Demo
