使用 SSH 在远程计算机上执行命令失败,并出现以下错误:
Traceback (most recent call last):
File "ssh.py", line 4, in <module>
ssh_client.connect(hostname='10.x.x.x', username='admin', password='password')
File "/usr/lib/python3.6/site-packages/paramiko/client.py", line 407, in connect
self, server_hostkey_name, server_key
File "/usr/lib/python3.6/site-packages/paramiko/client.py", line 790, in missing_host_key
key.get_name(), hostname, hexlify(key.get_fingerprint())
File "/usr/lib/python3.6/site-packages/paramiko/pkey.py", line 151, in get_fingerprint
return md5(self.asbytes()).digest()
ValueError: [digital envelope routines: EVP_DigestInit_ex] disabled for FIPS
我使用的代码片段如下:
import paramiko
ssh_client = paramiko.SSHClient()
ssh_client.set_missing_host_key_policy(paramiko.AutoAddPolicy())
ssh_client.connect(hostname='10.x.x.x', username='admin', password='password')
command = "sudo sh ~/script.sh"
ssh_client.exec_command(command)
最佳答案
我也遇到了这个错误。 这是因为Paramiko使用MD5加密,而你要连接的机器使用FIPS,FIPS不再允许MD5。
所以 the Paramiko project. 有公开 PR
在上面这个问题中,一个名叫 neutronscott 的人建议编辑 Pkey.py 文件。
相反
return md5(self.asbytes()).digest()
更改为
return md5(self.asbytes(), usedforsecurity=False).digest()
所以我们可以做一些叫做“猴子修补”的事情
Monkey patching is a technique to add, modify, or suppress the default behavior of a piece of code at runtime without changing its original source code.
这对我有用:
class _PkeyChild(paramiko.PKey):
def get_fingerprint_improved(self):
"""
Declare that the use of MD5 encryption is not for security purposes.
This declaration is to overcome connection to servers with FIPS security standards.
"""
return md5(self.asbytes(), usedforsecurity=False).digest()
...
paramiko.PKey.get_fingerprint = _PkeyChild.get_fingerprint_improved
connection = paramiko.SSHClient()
connection.set_missing_host_key_policy(paramiko.AutoAddPolicy())
connection.connect(hostname="host_name", username="username", password="password")
关于python - Paramiko SSH 命令执行失败,错误代码为 `ValueError: [digital envelope routines: EVP_DigestInit_ex] disabled for FIPS`,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/67559170/