2007-02-18 16:22:28 -05:00
|
|
|
paramiko 1.7
|
|
|
|
"zubat" release, 18 feb 2007
|
2003-11-04 03:34:24 -05:00
|
|
|
|
2007-02-13 14:17:06 -05:00
|
|
|
Copyright (c) 2003-2007 Robey Pointer <robey@lag.net>
|
2003-11-04 03:34:24 -05:00
|
|
|
|
2004-12-12 04:58:40 -05:00
|
|
|
http://www.lag.net/paramiko/
|
2003-11-04 03:34:24 -05:00
|
|
|
|
|
|
|
|
|
|
|
*** WHAT
|
|
|
|
|
2004-12-10 02:55:33 -05:00
|
|
|
"paramiko" is a combination of the esperanto words for "paranoid" and
|
|
|
|
"friend". it's a module for python 2.2+ that implements the SSH2 protocol
|
|
|
|
for secure (encrypted and authenticated) connections to remote machines.
|
|
|
|
unlike SSL (aka TLS), SSH2 protocol does not require heirarchical
|
|
|
|
certificates signed by a powerful central authority. you may know SSH2 as
|
|
|
|
the protocol that replaced telnet and rsh for secure access to remote
|
|
|
|
shells, but the protocol also includes the ability to open arbitrary
|
|
|
|
channels to remote services across the encrypted tunnel (this is how sftp
|
|
|
|
works, for example).
|
2003-11-04 03:34:24 -05:00
|
|
|
|
|
|
|
it is written entirely in python (no C or platform-dependent code) and is
|
|
|
|
released under the GNU LGPL (lesser GPL).
|
|
|
|
|
2004-12-10 02:55:33 -05:00
|
|
|
the package and its API is fairly well documented in the "doc/" folder
|
|
|
|
that should have come with this archive.
|
2004-01-04 04:29:13 -05:00
|
|
|
|
2003-11-04 03:34:24 -05:00
|
|
|
|
|
|
|
*** REQUIREMENTS
|
|
|
|
|
|
|
|
python 2.3 <http://www.python.org/>
|
2004-09-05 03:44:03 -04:00
|
|
|
(python 2.2 is also supported, but not recommended)
|
2004-09-07 02:45:53 -04:00
|
|
|
pycrypto 1.9+ <http://www.amk.ca/python/code/crypto.html>
|
|
|
|
(2.0 works too)
|
2004-01-04 04:29:13 -05:00
|
|
|
|
2004-09-07 02:45:53 -04:00
|
|
|
pycrypto compiled for Win32 can be downloaded from the HashTar homepage:
|
2004-01-04 04:29:13 -05:00
|
|
|
http://nitace.bsd.uchicago.edu:8080/hashtar
|
2004-04-08 01:48:16 -04:00
|
|
|
you can also build it yourself using the free MinGW tools and this command
|
|
|
|
line (thanks to Roger Binns for the info):
|
|
|
|
python setup.py build --compiler=mingw32 bdist_wininst
|
2003-11-04 03:34:24 -05:00
|
|
|
|
2005-12-16 12:59:05 -05:00
|
|
|
If you have setuptools, you can build and install paramiko and all its
|
|
|
|
dependencies with this command (as root):
|
|
|
|
easy_install ./
|
|
|
|
|
2003-11-04 03:34:24 -05:00
|
|
|
|
|
|
|
*** PORTABILITY
|
|
|
|
|
|
|
|
i code and test this library on Linux and MacOS X. for that reason, i'm
|
2004-12-10 02:55:33 -05:00
|
|
|
pretty sure that it works for all posix platforms, including MacOS. i
|
|
|
|
also think it will work on Windows, though i've never tested it there. if
|
|
|
|
you run into Windows problems, send me a patch: portability is important
|
|
|
|
to me.
|
|
|
|
|
|
|
|
python 2.2 may work, thanks to some patches from Roger Binns. things to
|
|
|
|
watch out for:
|
|
|
|
* sockets in 2.2 don't support timeouts, so the 'select' module is
|
2005-03-26 00:53:00 -05:00
|
|
|
imported to do polling.
|
2004-12-10 02:55:33 -05:00
|
|
|
* logging is mostly stubbed out. it works just enough to let paramiko
|
|
|
|
create log files for debugging, if you want them. to get real logging,
|
|
|
|
you can backport python 2.3's logging package. Roger has done that
|
|
|
|
already:
|
2004-04-07 12:05:48 -04:00
|
|
|
http://sourceforge.net/project/showfiles.php?group_id=75211&package_id=113804
|
|
|
|
|
|
|
|
you really should upgrade to python 2.3. laziness is no excuse! :)
|
2004-04-06 04:16:02 -04:00
|
|
|
|
2004-12-10 02:55:33 -05:00
|
|
|
some python distributions don't include the utf-8 string encodings, for
|
|
|
|
reasons of space (misdirected as that is). if your distribution is
|
|
|
|
missing encodings, you'll see an error like this:
|
2004-05-29 14:48:23 -04:00
|
|
|
|
|
|
|
LookupError: no codec search functions registered: can't find encoding
|
|
|
|
|
|
|
|
this means you need to copy string encodings over from a working system.
|
2004-12-10 02:55:33 -05:00
|
|
|
(it probably only happens on embedded systems, not normal python
|
|
|
|
installls.)
|
2004-05-29 14:48:23 -04:00
|
|
|
Valeriy Pogrebitskiy says the best place to look is
|
|
|
|
'.../lib/python*/encodings/__init__.py'.
|
|
|
|
|
2003-11-04 03:34:24 -05:00
|
|
|
|
2006-07-31 02:56:04 -04:00
|
|
|
*** BUGS & SUPPORT
|
|
|
|
|
|
|
|
there's a launchpage page for paramiko, with a bug tracker:
|
|
|
|
|
|
|
|
http://www.launchpad.net/products/paramiko/
|
|
|
|
|
|
|
|
this is the primary place to file and browse bug reports.
|
|
|
|
|
|
|
|
there's also a low-traffic mailing list for support and discussions:
|
|
|
|
|
|
|
|
http://www.lag.net/mailman/listinfo/paramiko
|
|
|
|
|
|
|
|
|
2003-11-04 03:34:24 -05:00
|
|
|
*** DEMO
|
|
|
|
|
2004-12-10 02:55:33 -05:00
|
|
|
several demo scripts come with paramiko to demonstrate how to use it.
|
|
|
|
probably the simplest demo of all is this:
|
2004-11-06 15:32:08 -05:00
|
|
|
|
|
|
|
import paramiko, base64
|
|
|
|
key = paramiko.RSAKey(data=base64.decodestring('AAA...'))
|
2006-05-10 21:33:13 -04:00
|
|
|
client = paramiko.SSHClient()
|
|
|
|
client.get_host_keys().add('ssh.example.com', 'ssh-rsa', key)
|
|
|
|
client.connect('ssh.example.com', username='strongbad', password='thecheat')
|
|
|
|
stdin, stdout, stderr = client.exec_command('ls')
|
|
|
|
for line in stdout:
|
2004-11-06 15:32:08 -05:00
|
|
|
print '... ' + line.strip('\n')
|
2006-05-10 21:33:13 -04:00
|
|
|
client.close()
|
2004-11-06 15:32:08 -05:00
|
|
|
|
2004-12-10 02:55:33 -05:00
|
|
|
...which prints out the results of executing 'ls' on a remote server.
|
|
|
|
(the host key 'AAA...' should of course be replaced by the actual base64
|
|
|
|
encoding of the host key. if you skip host key verification, the
|
|
|
|
connection is not secure!)
|
2004-11-06 15:32:08 -05:00
|
|
|
|
2006-05-10 21:33:13 -04:00
|
|
|
the following example scripts (in demos/) get progressively more detailed:
|
2004-11-06 15:32:08 -05:00
|
|
|
|
|
|
|
demo_simple.py
|
|
|
|
calls invoke_shell() and emulates a terminal/tty through which you can
|
2004-12-10 02:55:33 -05:00
|
|
|
execute commands interactively on a remote server. think of it as a
|
2005-03-26 00:53:00 -05:00
|
|
|
poor man's ssh command-line client.
|
2004-11-06 15:32:08 -05:00
|
|
|
|
|
|
|
demo.py
|
2004-12-10 02:55:33 -05:00
|
|
|
same as demo_simple.py, but allows you to authenticiate using a
|
2005-07-18 02:40:30 -04:00
|
|
|
private key, attempts to use an SSH-agent if present, and uses the long
|
|
|
|
form of some of the API calls.
|
2004-11-06 15:32:08 -05:00
|
|
|
|
|
|
|
forward.py
|
|
|
|
command-line script to set up port-forwarding across an ssh transport.
|
2005-03-26 00:53:00 -05:00
|
|
|
(requires python 2.3.)
|
2004-11-06 15:32:08 -05:00
|
|
|
|
2006-02-20 02:23:03 -05:00
|
|
|
demo_sftp.py
|
|
|
|
opens an sftp session and does a few simple file operations.
|
|
|
|
|
2004-11-06 15:32:08 -05:00
|
|
|
demo_server.py
|
2004-12-10 02:55:33 -05:00
|
|
|
an ssh server that listens on port 2200 and accepts a login for
|
|
|
|
'robey' (password 'foo'), and pretends to be a BBS. meant to be a
|
2005-03-26 00:53:00 -05:00
|
|
|
very simple demo of writing an ssh server.
|
2003-11-10 01:52:35 -05:00
|
|
|
|
2003-11-04 03:34:24 -05:00
|
|
|
|
|
|
|
*** USE
|
|
|
|
|
2004-11-06 15:32:08 -05:00
|
|
|
the demo scripts are probably the best example of how to use this package.
|
|
|
|
there is also a lot of documentation, generated with epydoc, in the doc/
|
2004-12-10 02:55:33 -05:00
|
|
|
folder. point your browser there. seriously, do it. mad props to
|
|
|
|
epydoc, which actually motivated me to write more documentation than i
|
|
|
|
ever would have before.
|
2003-11-10 01:52:35 -05:00
|
|
|
|
2004-03-08 12:52:25 -05:00
|
|
|
there are also unit tests here:
|
2004-04-06 04:16:02 -04:00
|
|
|
$ python ./test.py
|
2006-05-10 21:33:13 -04:00
|
|
|
which will verify that most of the core components are working correctly.
|
2004-03-08 12:52:25 -05:00
|
|
|
|
2003-11-04 03:34:24 -05:00
|
|
|
|
2004-04-07 12:05:48 -04:00
|
|
|
*** WHAT'S NEW
|
|
|
|
|
|
|
|
highlights of what's new in each release:
|
|
|
|
|
2007-02-18 16:22:28 -05:00
|
|
|
v1.7 ZUBAT
|
|
|
|
* added x11 channel support (patch from david guerizec)
|
|
|
|
* added reverse port forwarding support
|
|
|
|
* (bug 75370) raise an exception when contacting a broken SFTP server
|
|
|
|
* (bug 80295) SSHClient shouldn't expand the user directory twice when reading
|
|
|
|
RSA/DSS keys
|
|
|
|
* (bug 82383) typo in DSS key in SSHClient
|
|
|
|
* (bug 83523) python 2.5 warning when encoding a file's modification time
|
|
|
|
* if connecting to an SSH agent fails, silently fallback instead of raising
|
|
|
|
an exception
|
|
|
|
|
2006-11-19 15:55:58 -05:00
|
|
|
v1.6.4 YANMA
|
|
|
|
* fix setup.py on osx (oops!)
|
|
|
|
* (bug 69330) check for the existence of RSA/DSA keys before trying to open
|
|
|
|
them in SFTPClient
|
|
|
|
* (bug 69222) catch EAGAIN in socket code to workaround a bug in recent
|
|
|
|
Linux 2.6 kernels
|
|
|
|
* (bug 70398) improve dict emulation in HostKeys objects
|
|
|
|
* try harder to make sure all worker threads are joined on Transport.close()
|
|
|
|
|
2006-10-14 21:56:28 -04:00
|
|
|
v1.6.3 XATU
|
|
|
|
* fixed bug where HostKeys.__setitem__ wouldn't always do the right thing
|
|
|
|
* fixed bug in SFTPClient.chdir and SFTPAttributes.__str__ [patch from
|
|
|
|
mike barber]
|
|
|
|
* try harder not to raise EOFError from within SFTPClient
|
|
|
|
* fixed bug where a thread waiting in accept() could block forever if the
|
|
|
|
transport dies [patch from mike looijmans]
|
|
|
|
|
2006-08-16 17:31:32 -04:00
|
|
|
v1.6.2 WEEDLE
|
|
|
|
* added support for "old" group-exchange server mode, for compatibility
|
|
|
|
with the windows putty client
|
|
|
|
* fixed some more interactions with SFTP file readv() and prefetch()
|
|
|
|
* when saving the known_hosts file, preserve the original order [patch from
|
|
|
|
warren young]
|
|
|
|
* fix a couple of broken lines when exporting classes (bug 55946)
|
|
|
|
|
2006-07-13 15:46:17 -04:00
|
|
|
v1.6.1 VULPIX
|
|
|
|
* more unit tests fixed for windows/cygwin (thanks to alexander belchenko)
|
|
|
|
* a couple of fixes related to exceptions leaking out of SFTPClient
|
|
|
|
* added ability to set items in HostKeys via __setitem__
|
|
|
|
* HostKeys now retains order and has a save() method
|
|
|
|
* added PKey.write_private_key and PKey.from_private_key
|
|
|
|
|
2006-05-10 21:33:13 -04:00
|
|
|
v1.6 UMBREON
|
|
|
|
* pageant support on Windows thanks to john arbash meinel and todd whiteman
|
|
|
|
* fixed unit tests to work under windows and cygwin (thanks to alexander
|
|
|
|
belchenko for debugging)
|
|
|
|
* various bugfixes/tweaks to SFTP file prefetch
|
|
|
|
* added SSHClient for a higher-level API
|
|
|
|
* SFTP readv() now yields results as it gets them
|
|
|
|
* several APIs changed to throw an exception instead of "False" on failure
|
|
|
|
|
2004-04-07 12:05:48 -04:00
|
|
|
|
2003-11-04 03:34:24 -05:00
|
|
|
*** MISSING LINKS
|
|
|
|
|
2006-08-29 14:18:36 -04:00
|
|
|
* allow setting chmod bits on SFTPClient.open() for create
|
2006-04-23 21:11:41 -04:00
|
|
|
* host-based auth (yuck!)
|
2003-11-04 03:34:24 -05:00
|
|
|
* ctr forms of ciphers are missing (blowfish-ctr, aes128-ctr, aes256-ctr)
|
2005-07-18 01:43:44 -04:00
|
|
|
* sftp protocol 6 support (ugh....) -- once it settles down more
|
2005-09-25 05:11:23 -04:00
|
|
|
* make a simple example demonstrating use of SocketServer (besides forward.py?)
|
2006-04-23 21:11:41 -04:00
|
|
|
* should SSHClient try to use openssh config files?
|
|
|
|
* figure out how to parse ssh.com encrypted key files?
|
2006-05-07 20:23:20 -04:00
|
|
|
* is it possible to poll on a set of events at once?
|
2006-05-10 21:33:13 -04:00
|
|
|
* potentially create only one thread shared by all Transports
|