=OXc@sdZddlmZddlZddlZddlZddlZddlmZm Z ddl m Z ddl m Z ddlmZddlmZdd lmZdd lmZdd lmZdd lmZdd lmZddlmZmZmZddl m!Z!ddl"m#Z#m$Z$de$fdYZ%de&fdYZ'de'fdYZ(de'fdYZ)de'fdYZ*dS(s SSH client & key policies i(thexlifyN(t ECONNREFUSEDt EHOSTUNREACH(tAgent(tDEBUG(tSSH_PORT(tDSSKey(tECDSAKey(tHostKeys(t string_types(tResourceManager(tRSAKey(t SSHExceptiontBadHostKeyExceptiontNoValidConnectionsError(t Transport(tretry_on_signaltClosingContextManagert SSHClientcBseZdZdZddZdZdZdZdZ dZ dZ e ddddde e edeee ddd Zd Zd dedd Zd ddddddZdZdZdZdZRS(s A high-level representation of a session with an SSH server. This class wraps `.Transport`, `.Channel`, and `.SFTPClient` to take care of most aspects of authenticating and opening channels. A typical use case is:: client = SSHClient() client.load_system_host_keys() client.connect('ssh.example.com') stdin, stdout, stderr = client.exec_command('ls -l') You may pass in explicit overrides for authentication and server host key checking. The default mechanism is to try to use local key files or an SSH agent (if one is running). Instances of this class may be used as context managers. .. versionadded:: 1.6 cCsLt|_t|_d|_d|_t|_d|_d|_ dS(s) Create a new SSHClient. N( Rt_system_host_keyst _host_keystNonet_host_keys_filenamet _log_channelt RejectPolicyt_policyt _transportt_agent(tself((s3/usr/lib/python2.7/site-packages/paramiko/client.pyt__init__Bs      cCs^|dkrJtjjd}y|jj|Wntk rEnXdS|jj|dS(s Load host keys from a system (read-only) file. Host keys read with this method will not be saved back by `save_host_keys`. This method can be called multiple times. Each new set of host keys will be merged with the existing set (new replacing old if there are conflicts). If ``filename`` is left as ``None``, an attempt will be made to read keys from the user's local "known hosts" file, as used by OpenSSH, and no exception will be raised if the file can't be read. This is probably only useful on posix. :param str filename: the filename to read, or ``None`` :raises IOError: if a filename was provided and the file could not be read s~/.ssh/known_hostsN(Rtostpatht expanduserRtloadtIOError(Rtfilename((s3/usr/lib/python2.7/site-packages/paramiko/client.pytload_system_host_keysNs  cCs||_|jj|dS(s Load host keys from a local host-key file. Host keys read with this method will be checked after keys loaded via `load_system_host_keys`, but will be saved back by `save_host_keys` (so they can be modified). The missing host key policy `.AutoAddPolicy` adds keys to this set and saves them, when connecting to a previously-unknown server. This method can be called multiple times. Each new set of host keys will be merged with the existing set (new replacing old if there are conflicts). When automatically saving, the last hostname is used. :param str filename: the filename to read :raises IOError: if the filename could not be read N(RRR!(RR#((s3/usr/lib/python2.7/site-packages/paramiko/client.pytload_host_keysks c Cs|jdk r"|j|jnt|dd}xZ|jjD]I\}}x:|jD],\}}|jd|||jfq]WqDWWdQXdS(sH Save the host keys back to a file. Only the host keys loaded with `load_host_keys` (plus any added directly) will be saved -- not any host keys loaded with `load_system_host_keys`. :param str filename: the filename to save to :raises IOError: if the file could not be written tws %s %s %s N(RRR%topenRtitemstwritet get_base64(RR#tfthostnametkeystkeytypetkey((s3/usr/lib/python2.7/site-packages/paramiko/client.pytsave_host_keys~s cCs|jS(s Get the local `.HostKeys` object. This can be used to examine the local host keys or change them. :return: the local host keys as a `.HostKeys` object. (R(R((s3/usr/lib/python2.7/site-packages/paramiko/client.pyt get_host_keysscCs ||_dS(s Set the channel for logging. The default is ``"paramiko.transport"`` but it can be set to anything you want. :param str name: new channel name for logging N(R(Rtname((s3/usr/lib/python2.7/site-packages/paramiko/client.pytset_log_channelscCs ||_dS(s Set policy to use when connecting to servers without a known host key. Specifically: * A **policy** is an instance of a "policy class", namely some subclass of `.MissingHostKeyPolicy` such as `.RejectPolicy` (the default), `.AutoAddPolicy`, `.WarningPolicy`, or a user-created subclass. .. note:: This method takes class **instances**, not **classes** themselves. Thus it must be called as e.g. ``.set_missing_host_key_policy(WarningPolicy())`` and *not* ``.set_missing_host_key_policy(WarningPolicy)``. * A host key is **known** when it appears in the client object's cached host keys structures (those manipulated by `load_system_host_keys` and/or `load_host_keys`). :param .MissingHostKeyPolicy policy: the policy to use when receiving a host key from a previously-unknown server N(R(Rtpolicy((s3/usr/lib/python2.7/site-packages/paramiko/client.pytset_missing_host_key_policysc cst}tj||tjtj}x@|D]8\}}}}} |tjkr+|| fVt}q+q+W|rx+|D] \}} } } } || fVqtWndS(s  Yield pairs of address families and addresses to try for connecting. :param str hostname: the server to connect to :param int port: the server port to connect to :returns: Yields an iterable of ``(family, address)`` tuples N(tTruetsockett getaddrinfot AF_UNSPECt SOCK_STREAMtFalse( RR,tporttguesst addrinfostfamilytsocktypetprotot canonnametsockaddrt_((s3/usr/lib/python2.7/site-packages/paramiko/client.pyt_families_and_addressess  c sEsi}t|j||}x|D]\}yZtj|tj|dk ryyj|WqyqyXntfdPWq+tjk r}|jt t fkrn||1stgss_kextgss_deleg_credstcompressttimeouts[%s]:%dN(&tlistRER7R:Rt settimeoutRterrorterrnoRRtlenRRRtuse_compressiont set_gss_hostRR3tbanner_timeoutt start_clientR tregistertget_remote_server_keytget_nameRt use_gss_kexRtgetRRtmissing_host_keyR tgetpasstgetusert isinstanceR t_auth(RR,R<tusernametpasswordtpkeyt key_filenameRMt allow_agentt look_for_keysRLRHtgss_authRJRKtgss_hostRUterrorstto_trytaftettt server_keyR.tserver_hostkey_nametour_server_keyt key_filenames((RGRHs3/usr/lib/python2.7/site-packages/paramiko/client.pyRFsvQ                    cCsU|jdkrdS|jjd|_|jdk rQ|jjd|_ndS(s Close this SSHClient and its underlying `.Transport`. .. warning:: Failure to do this may, in some situations, cause your Python interpreter to hang at shutdown (often due to race conditions). It's good practice to `close` your client objects anytime you're done using them, instead of relying on garbage collection. N(RRtcloseR(R((s3/usr/lib/python2.7/site-packages/paramiko/client.pyRr~s    ic Cs|jjd|}|r(|jn|j||rK|j|n|j||jd|}|jd|}|jd|} ||| fS(sM Execute a command on the SSH server. A new `.Channel` is opened and the requested command is executed. The command's input and output streams are returned as Python ``file``-like objects representing stdin, stdout, and stderr. :param str command: the command to execute :param int bufsize: interpreted the same way as by the built-in ``file()`` function in Python :param int timeout: set command's channel timeout. See `Channel.settimeout`.settimeout :param dict environment: a dict of shell environment variables, to be merged into the default environment that the remote command executes within. .. warning:: Servers may silently reject some environment variables; see the warning in `.Channel.set_environment_variable` for details. :return: the stdin, stdout, and stderr of the executing command, as a 3-tuple :raises SSHException: if the server fails to execute the command RMtwbtr(Rt open_sessiontget_ptyROtupdate_environmentt exec_commandtmakefiletmakefile_stderr( RtcommandtbufsizeRMRvt environmenttchantstdintstdouttstderr((s3/usr/lib/python2.7/site-packages/paramiko/client.pyRxs"   tvt100iPiicCs6|jj}|j||||||j|S(s Start an interactive shell session on the SSH server. A new `.Channel` is opened and connected to a pseudo-terminal using the requested terminal type and size. :param str term: the terminal type to emulate (for example, ``"vt100"``) :param int width: the width (in characters) of the terminal window :param int height: the height (in characters) of the terminal window :param int width_pixels: the width (in pixels) of the terminal window :param int height_pixels: the height (in pixels) of the terminal window :param dict environment: the command's environment :return: a new `.Channel` connected to the remote shell :raises SSHException: if the server fails to invoke a shell (RRuRvt invoke_shell(Rttermtwidththeightt width_pixelst height_pixelsR}R~((s3/usr/lib/python2.7/site-packages/paramiko/client.pyRs cCs |jjS(sn Open an SFTP session on the SSH server. :return: a new `.SFTPClient` session object (Rtopen_sftp_client(R((s3/usr/lib/python2.7/site-packages/paramiko/client.pyt open_sftpscCs|jS(s Return the underlying `.Transport` object for this SSH connection. This can be used to perform lower-level tasks, like opening specific kinds of channels. :return: the `.Transport` for this connection (R(R((s3/usr/lib/python2.7/site-packages/paramiko/client.pyt get_transportsc  Csld} t} t} tddg}|rp|jjrpy|jj|dSWqptk rl}|} qpXn|ry|jj|| | dSWqtk r}|} qXn|dk r1yS|jt dt |j t|jj ||} | |@} | sdSWq1t k r-}|} q1Xn| sx|D]}xtttfD]}yl|j||}|jt dt |j |ft|jj ||} | |@} | sdSPWqTt k r}|} qTXqTWq>Wn| r|r|jdkrt|_nx|jjD]v}yT|jt dt |j t|jj ||} | |@} | sdSPWq(t k r}|} q(Xq(Wn| sg}tjjd}tjjd}tjjd }tjj|r|jt|fntjj|r7|jt|fntjj|r_|jt|fntjjd }tjjd }tjjd }tjj|r|jt|fntjj|r|jt|fntjj|r |jt|fn|sg}nx|D]\}}yl|j||}|jt d t |j |ft|jj ||} | |@} | sdSPWq#t tfk r}|} q#Xq#Wn|dk r y|jj||dSWqGt k r}|} qGXn=| rGy|jj|dSWqGt k rC}|} qGXn| dk r\| nt ddS(s Try, in order: - The key passed in, if one was passed in. - Any key we can find through an SSH agent (if allowed). - Any "id_rsa", "id_dsa" or "id_ecdsa" key discoverable in ~/.ssh/ (if allowed). - Plain username/password auth, if a password was given. (The password might be needed to unlock a private key, or for two-factor authentication [for which it is required].) skeyboard-interactiveRbNsTrying SSH key %ssTrying key %s from %ssTrying SSH agent key %ss ~/.ssh/id_rsas ~/.ssh/id_dsas~/.ssh/id_ecdsas ~/ssh/id_rsas ~/ssh/id_dsas~/ssh/id_ecdsasTrying discovered key %s in %ss#No authentication methods available(RR;tsetRt gss_kex_usedtauth_gssapi_keyext Exceptiontauth_gssapi_with_mict_logRRtget_fingerprinttauth_publickeyR R RRtfrom_private_key_fileRRtget_keysRRR tisfiletappendR"t auth_passwordtauth_interactive_dumb(RRaRbRcRqReRfRgRJRKRhtsaved_exceptiont two_factort allowed_typesttwo_factor_typesRlRdt pkey_classR/tkeyfilestrsa_keytdsa_keyt ecdsa_keyR#((s3/usr/lib/python2.7/site-packages/paramiko/client.pyR`s        &     &      cCs|jj||dS(N(RR(Rtleveltmsg((s3/usr/lib/python2.7/site-packages/paramiko/client.pyRpsN(t__name__t __module__t__doc__RRR$R%R0R1R3R5RERR6R;RFRrRxRRRR`R(((s3/usr/lib/python2.7/site-packages/paramiko/client.pyR.sF       (   tMissingHostKeyPolicycBseZdZdZRS(s Interface for defining the policy that `.SSHClient` should use when the SSH server's hostname is not in either the system host keys or the application's keys. Pre-made classes implement policies for automatically adding the key to the application's `.HostKeys` object (`.AutoAddPolicy`), and for automatically rejecting the key (`.RejectPolicy`). This function may be used to ask the user to verify the key, for example. cCsdS(s Called when an `.SSHClient` receives a server key for a server that isn't in either the system or local `.HostKeys` object. To accept the key, simply return. To reject, raised an exception (which will be passed to the calling application). N((RtclientR,R/((s3/usr/lib/python2.7/site-packages/paramiko/client.pyR\s(RRRR\(((s3/usr/lib/python2.7/site-packages/paramiko/client.pyRts t AutoAddPolicycBseZdZdZRS(s Policy for automatically adding the hostname and new host key to the local `.HostKeys` object, and saving it. This is used by `.SSHClient`. cCsq|jj||j||jdk r>|j|jn|jtd|j|t|j fdS(NsAdding %s host key for %s: %s( RtaddRYRRR0RRRR(RRR,R/((s3/usr/lib/python2.7/site-packages/paramiko/client.pyR\s  (RRRR\(((s3/usr/lib/python2.7/site-packages/paramiko/client.pyRsRcBseZdZdZRS(sk Policy for automatically rejecting the unknown hostname & key. This is used by `.SSHClient`. cCsC|jtd|j|t|jftd|dS(Ns Rejecting %s host key for %s: %ss"Server %r not found in known_hosts(RRRYRRR (RRR,R/((s3/usr/lib/python2.7/site-packages/paramiko/client.pyR\s #(RRRR\(((s3/usr/lib/python2.7/site-packages/paramiko/client.pyRst WarningPolicycBseZdZdZRS(s Policy for logging a Python-style warning for an unknown host key, but accepting it. This is used by `.SSHClient`. cCs0tjd|j|t|jfdS(NsUnknown %s host key for %s: %s(twarningstwarnRYRR(RRR,R/((s3/usr/lib/python2.7/site-packages/paramiko/client.pyR\s (RRRR\(((s3/usr/lib/python2.7/site-packages/paramiko/client.pyRs(+RtbinasciiRR]RR7RRQRRtparamiko.agentRtparamiko.commonRtparamiko.configRtparamiko.dsskeyRtparamiko.ecdsakeyRtparamiko.hostkeysRtparamiko.py3compatR tparamiko.resourceR tparamiko.rsakeyR tparamiko.ssh_exceptionR R Rtparamiko.transportRt paramiko.utilRRRtobjectRRRR(((s3/usr/lib/python2.7/site-packages/paramiko/client.pyts2    H