| 
									
										
										
										
											2004-11-06 22:10:53 -05:00
										 |  |  | paramiko 1.0 | 
					
						
							|  |  |  | "jigglypuff" release, 6 nov 2004 | 
					
						
							| 
									
										
										
										
											2003-11-04 03:34:24 -05:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2004-01-04 05:26:00 -05:00
										 |  |  | Copyright (c) 2003-2004 Robey Pointer <robey@lag.net> | 
					
						
							| 
									
										
										
										
											2003-11-04 03:34:24 -05:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2003-11-10 03:49:50 -05:00
										 |  |  | http://www.lag.net/~robey/paramiko/ | 
					
						
							| 
									
										
										
										
											2003-11-04 03:34:24 -05:00
										 |  |  | 
 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | ***  WHAT | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2003-11-10 03:49:50 -05:00
										 |  |  | "paramiko" is a combination of the esperanto words for "paranoid" and "friend". | 
					
						
							| 
									
										
										
										
											2004-04-06 04:16:02 -04:00
										 |  |  | it's a module for python 2.2+ that implements the SSH2 protocol for secure | 
					
						
							| 
									
										
										
										
											2003-11-04 03:34:24 -05:00
										 |  |  | (encrypted and authenticated) connections to remote machines. unlike SSL (aka | 
					
						
							|  |  |  | TLS), SSH2 protocol does not require heirarchical certificates signed by a | 
					
						
							|  |  |  | powerful central authority. you may know SSH2 as the protocol that replaced | 
					
						
							|  |  |  | telnet and rsh for secure access to remote shells, but the protocol also | 
					
						
							|  |  |  | includes the ability to open arbitrary channels to remote services across the | 
					
						
							|  |  |  | encrypted tunnel (this is how sftp works, for example). | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | it is written entirely in python (no C or platform-dependent code) and is | 
					
						
							|  |  |  | released under the GNU LGPL (lesser GPL).  | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2004-01-04 04:29:13 -05:00
										 |  |  | the package and its API is fairly well documented in the "doc/" folder that | 
					
						
							|  |  |  | should have come with this archive. | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2003-11-04 03:34:24 -05:00
										 |  |  | 
 | 
					
						
							|  |  |  | ***  REQUIREMENTS | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | python 2.3	<http://www.python.org/> | 
					
						
							| 
									
										
										
										
											2004-09-05 03:44:03 -04:00
										 |  |  |     (python 2.2 is also supported, but not recommended) | 
					
						
							| 
									
										
										
										
											2004-09-07 02:45:53 -04:00
										 |  |  | pycrypto 1.9+	<http://www.amk.ca/python/code/crypto.html> | 
					
						
							|  |  |  |     (2.0 works too) | 
					
						
							| 
									
										
										
										
											2004-01-04 04:29:13 -05:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2004-09-07 02:45:53 -04:00
										 |  |  | pycrypto compiled for Win32 can be downloaded from the HashTar homepage: | 
					
						
							| 
									
										
										
										
											2004-01-04 04:29:13 -05:00
										 |  |  |     http://nitace.bsd.uchicago.edu:8080/hashtar | 
					
						
							| 
									
										
										
										
											2004-04-08 01:48:16 -04:00
										 |  |  | you can also build it yourself using the free MinGW tools and this command | 
					
						
							|  |  |  | line (thanks to Roger Binns for the info): | 
					
						
							|  |  |  |     python setup.py build --compiler=mingw32 bdist_wininst | 
					
						
							| 
									
										
										
										
											2003-11-04 03:34:24 -05:00
										 |  |  | 
 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | ***  PORTABILITY | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | i code and test this library on Linux and MacOS X.  for that reason, i'm | 
					
						
							|  |  |  | pretty sure that it works for all posix platforms, including MacOS.  i also | 
					
						
							|  |  |  | think it will work on Windows, though i've never tested it there.  if you | 
					
						
							|  |  |  | run into Windows problems, send me a patch: portability is important to me. | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | the Channel object supports a "fileno()" call so that it can be passed into | 
					
						
							|  |  |  | select or poll, for polling on posix.  once you call "fileno()" on a Channel, | 
					
						
							|  |  |  | it changes behavior in some fundamental ways, and these ways require posix. | 
					
						
							| 
									
										
										
										
											2004-01-04 04:29:13 -05:00
										 |  |  | so don't call "fileno()" on a Channel on Windows.  this is detailed in the | 
					
						
							|  |  |  | documentation for the "fileno" method. | 
					
						
							| 
									
										
										
										
											2003-11-04 03:34:24 -05:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2004-04-06 04:16:02 -04:00
										 |  |  | python 2.2 may work, thanks to some patches from Roger Binns.  things to watch | 
					
						
							|  |  |  | out for: | 
					
						
							|  |  |  | * sockets in 2.2 don't support timeouts, so the 'select' module is imported | 
					
						
							|  |  |  |   to do polling.  this may not work on windows.  (works fine on osx.) | 
					
						
							| 
									
										
										
										
											2004-04-07 12:05:48 -04:00
										 |  |  | * logging is mostly stubbed out.  it works just enough to let paramiko create | 
					
						
							|  |  |  |   log files for debugging, if you want them.  to get real logging, you can | 
					
						
							|  |  |  |   backport python 2.3's logging package.  Roger has done that already: | 
					
						
							|  |  |  |   http://sourceforge.net/project/showfiles.php?group_id=75211&package_id=113804 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | you really should upgrade to python 2.3.  laziness is no excuse! :) | 
					
						
							| 
									
										
										
										
											2004-04-06 04:16:02 -04:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2004-05-29 14:48:23 -04:00
										 |  |  | some python distributions don't include the utf-8 string encodings, for reasons | 
					
						
							|  |  |  | of space (misdirected as that is).  if your distribution is missing encodings, | 
					
						
							|  |  |  | you'll see an error like this: | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | LookupError: no codec search functions registered: can't find encoding | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | this means you need to copy string encodings over from a working system. | 
					
						
							|  |  |  | (it probably only happens on embedded systems, not normal python installls.) | 
					
						
							|  |  |  | Valeriy Pogrebitskiy says the best place to look is | 
					
						
							|  |  |  | '.../lib/python*/encodings/__init__.py'. | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2003-11-04 03:34:24 -05:00
										 |  |  | 
 | 
					
						
							|  |  |  | ***  DEMO | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2004-11-06 15:32:08 -05:00
										 |  |  | several demo scripts come with paramiko to demonstrate how to use it.  probably | 
					
						
							|  |  |  | the simplest demo of all is this: | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     import paramiko, base64 | 
					
						
							|  |  |  |     key = paramiko.RSAKey(data=base64.decodestring('AAA...')) | 
					
						
							|  |  |  |     t = paramiko.Transport('ssh.example.com') | 
					
						
							|  |  |  |     t.connect(username='strongbad', password='thecheat', hostkey=key) | 
					
						
							|  |  |  |     chan = t.open_session() | 
					
						
							|  |  |  |     chan.exec_command('ls') | 
					
						
							|  |  |  |     for line in chan.makefile('r+'): | 
					
						
							|  |  |  |         print '... ' + line.strip('\n') | 
					
						
							|  |  |  |     chan.close() | 
					
						
							|  |  |  |     t.close() | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | ...which prints out the results of executing 'ls' on a remote server.  (the | 
					
						
							|  |  |  | host key 'AAA...' should of course be replaced by the actual base64 encoding | 
					
						
							|  |  |  | of the host key.  if you skip host key verification, the connection is not | 
					
						
							|  |  |  | secure!) | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | the following example scripts get progressively more detailed: | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | demo_windows.py | 
					
						
							|  |  |  |     executes 'ls' on any remote server, loading the host key from your openssh | 
					
						
							|  |  |  |     key file.  (this script works on windows because it avoids using terminal | 
					
						
							|  |  |  |     i/o or the 'select' module.)  it also creates a logfile 'demo_windows.log'. | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | demo_simple.py | 
					
						
							|  |  |  |     calls invoke_shell() and emulates a terminal/tty through which you can | 
					
						
							|  |  |  |     execute commands interactively on a remote server.  think of it as a poor | 
					
						
							|  |  |  |     man's ssh command-line client.  (works only on posix [unix or macosx].) | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | demo.py | 
					
						
							|  |  |  |     same as demo_simple.py, but allows you to authenticiate using a private | 
					
						
							|  |  |  |     key, and uses the long form of some of the API calls.  (posix only.) | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | forward.py | 
					
						
							|  |  |  |     command-line script to set up port-forwarding across an ssh transport. | 
					
						
							|  |  |  |     (requires python 2.3 and posix.) | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | demo_server.py | 
					
						
							|  |  |  |     an ssh server that listens on port 2200 and accepts a login for 'robey' | 
					
						
							|  |  |  |     (password 'foo'), and pretends to be a BBS.  meant to be a very simple | 
					
						
							|  |  |  |     demo of writing an ssh server.  (should work on all platforms.) | 
					
						
							| 
									
										
										
										
											2003-11-10 01:52:35 -05:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2003-11-04 03:34:24 -05:00
										 |  |  | 
 | 
					
						
							|  |  |  | ***  USE | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2004-11-06 15:32:08 -05:00
										 |  |  | the demo scripts are probably the best example of how to use this package. | 
					
						
							|  |  |  | there is also a lot of documentation, generated with epydoc, in the doc/ | 
					
						
							|  |  |  | folder.  point your browser there.  seriously, do it.  mad props to epydoc, | 
					
						
							|  |  |  | which actually motivated me to write more documentation than i ever would have | 
					
						
							|  |  |  | before. | 
					
						
							| 
									
										
										
										
											2003-11-10 01:52:35 -05:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2004-03-08 12:52:25 -05:00
										 |  |  | there are also unit tests here: | 
					
						
							| 
									
										
										
										
											2004-04-06 04:16:02 -04:00
										 |  |  |     $ python ./test.py | 
					
						
							| 
									
										
										
										
											2004-03-08 12:52:25 -05:00
										 |  |  | which will verify that some of the core components are working correctly. | 
					
						
							|  |  |  | not much is tested yet, but it's a start.  the tests for SFTP are probably | 
					
						
							|  |  |  | the best and easiest examples of how to use the SFTP class. | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2003-11-04 03:34:24 -05:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2004-04-07 12:05:48 -04:00
										 |  |  | ***  WHAT'S NEW | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | highlights of what's new in each release: | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2004-11-06 22:10:53 -05:00
										 |  |  | v1.0 JIGGLYPUFF | 
					
						
							|  |  |  | * fixed bug that broke server-mode authentication by private key | 
					
						
							|  |  |  | * fixed bug where closing a Channel could end up killing the entire Transport | 
					
						
							|  |  |  | * actually include demo_windows.py this time (oops!) | 
					
						
							|  |  |  | * fixed recently-introduced bug in group-exchange key negotiation that would | 
					
						
							|  |  |  |   generate the wrong hash (and therefore fail the initial handshake) | 
					
						
							|  |  |  | * server-mode subsystem handler is a bit more flexible | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2004-10-20 12:52:51 -04:00
										 |  |  | v0.9 IVYSAUR | 
					
						
							|  |  |  | * new ServerInterface class for implementing server policy, so it's no longer | 
					
						
							| 
									
										
										
										
											2004-10-23 03:36:23 -04:00
										 |  |  |   necessary to subclass Transport or Channel -- server code will need to be | 
					
						
							|  |  |  |   updated to follow this new API!  (see demo_server.py) | 
					
						
							| 
									
										
										
										
											2004-10-20 12:52:51 -04:00
										 |  |  | * some bugfixes for re-keying an active session | 
					
						
							|  |  |  | * Transport.get_security_options() allows fine-tuned control over the crypto | 
					
						
							|  |  |  |   negotiation on a new session | 
					
						
							| 
									
										
										
										
											2004-10-23 03:36:23 -04:00
										 |  |  | * Transport.connect() takes a single hostkey object now instead of two string | 
					
						
							|  |  |  |   parameters | 
					
						
							|  |  |  | * the Channel request methods (like 'exec_command') now return True on success | 
					
						
							|  |  |  |   or False on failure | 
					
						
							|  |  |  | * added a mechanism for providing subsystems in server mode (and a new class | 
					
						
							|  |  |  |   to be subclassed: SubsystemHandler) | 
					
						
							|  |  |  | * renamed SFTP -> SFTPClient (but left an alias for existing code) | 
					
						
							|  |  |  | * added SFTPClient.normalize() to resolve paths on the server | 
					
						
							|  |  |  | * fleshed out the API a bit more for SFTPClient and private keys | 
					
						
							|  |  |  | * a bunch of new unit tests! | 
					
						
							| 
									
										
										
										
											2004-10-20 12:52:51 -04:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2004-06-27 16:14:15 -04:00
										 |  |  | v0.9 HORSEA | 
					
						
							|  |  |  | * fixed a lockup that could happen if the channel was closed while the send | 
					
						
							|  |  |  |   window was full | 
					
						
							|  |  |  | * better checking of maximum packet sizes | 
					
						
							|  |  |  | * better line buffering for file objects | 
					
						
							|  |  |  | * now chops sftp requests into smaller packets for some older servers | 
					
						
							|  |  |  | * more sftp unit tests | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2004-05-31 19:48:10 -04:00
										 |  |  | v0.9 GYARADOS | 
					
						
							|  |  |  | * Transport.open_channel() -- supports local & remote port forwarding now | 
					
						
							|  |  |  | * now imports UTF-8 encodings explicitly as a hint to "freeze" utilities | 
					
						
							|  |  |  | * no longer rejects older SFTP servers | 
					
						
							|  |  |  | * default packet size bumped to 8kB | 
					
						
							|  |  |  | * fixed deadlock in closing a channel | 
					
						
							|  |  |  | * Transport.connect() -- fixed bug where it would always fail when given a | 
					
						
							|  |  |  |   host key to verify | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2004-04-07 12:05:48 -04:00
										 |  |  | v0.9 FEAROW | 
					
						
							|  |  |  | * Transport.send_ignore() -- send random ignored bytes | 
					
						
							|  |  |  | * RSAKey/DSSKey added from_private_key_file() as a factory constructor; | 
					
						
							|  |  |  |   write_private_key_file() & generate() to create and save ssh2 keys; | 
					
						
							|  |  |  |   get_base64() to retrieve the exported public key | 
					
						
							|  |  |  | * Transport added global_request() [client] and check_global_request() [server] | 
					
						
							|  |  |  | * Transport.get_remove_server_key() now returns a PKey object instead of a | 
					
						
							|  |  |  |   tuple of strings | 
					
						
							|  |  |  | * Transport.get_username() -- return the username you auth'd as [client] | 
					
						
							|  |  |  | * Transport.set_keepalive() -- makes paramiko send periodic junk packets to the | 
					
						
							|  |  |  |   remote host, to keep the session active | 
					
						
							|  |  |  | * python 2.2 support (thanks to Roger Binns) | 
					
						
							|  |  |  | * misc. bug fixes | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2003-11-04 03:34:24 -05:00
										 |  |  | ***  MISSING LINKS | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | * ctr forms of ciphers are missing (blowfish-ctr, aes128-ctr, aes256-ctr) | 
					
						
							|  |  |  | * multi-part auth not supported (ie, need username AND pk) | 
					
						
							| 
									
										
										
										
											2004-01-04 04:29:13 -05:00
										 |  |  | * server mode needs better documentation | 
					
						
							| 
									
										
										
										
											2004-03-08 12:52:25 -05:00
										 |  |  | * sftp server mode | 
					
						
							| 
									
										
										
										
											2004-11-22 02:27:21 -05:00
										 |  |  | * figure out if there's a way to put stdout/stderr on different channels? | 
					
						
							| 
									
										
										
										
											2004-11-26 17:07:31 -05:00
										 |  |  | * add method to block until a channel's "exit-status" is set | 
					
						
							| 
									
										
										
										
											2004-12-08 21:42:36 -05:00
										 |  |  | * if password auth is forbidden (only key auth allowed), error isn't very | 
					
						
							|  |  |  |   informative -- improve that. |