Python Paramiko module

Introduction:

Figure [1] Raspberry Pi

A computer by definition is a digital electronic machine that can be programmed to carry out sequences of arithmetic or logical operations (computation) automatically & looks like the image above. As we can see, its not possible to input commands and receive output from the physical device itself so we need some form of input and output device attachments.

This is where a 'computer terminal' comes in, its a device that can be used for entering data into, & transcribing data from a computer. Early computer terminals looked like the image below. You can see some familiar elements from modern day computers such as a keyboard in the image.

Figure [2] Early computer terminal VT100

A later improvement to the computing world was the concept of 'time-sharing' which is the sharing of a computing resource among many users at the same time by means of multiprogramming and multi-tasking.

Main Section:

A typical modern day data center looks like this:

Figure [3] Data center

It has rows and rows of servers with networking gear and power supply units all in a highly redundant configuration to optimize uptime. Each server has the capability of running one or more operating systems on it. It is not feasible to provide a terminal to each of these servers. This is where 'terminal emulator' software comes in.

Terminal emulator (TTY) emulates a terminal, providing input and output allowing users to provide input and receive output without having to directly attach a terminal to the server.

Pseudo-terminals (PTY) - A pair of pseudo-device endpoints (files) establish asynchronous, bidirectional communication (IPC - Inter-process communication) channel (with two ports) between two or more processes. The master provides means by which a terminal emulator process controls the slave. The slave, emulates a hardware text terminal device. PTY are similar to bidirectional pipes.

PTYs are used for implementing remote-login programs such as SSHD, in which data read from the pseudo terminal master is sent across the network to a client program that is connected to a terminal or terminal emulator.

SSH:

SSH (Secure Shell Protocol) is a cryptographic network protocol for operating network services securely over an unsecured network. An SSH client program is typically used for establishing connections to an SSH daemon accepting remote connections.

Figure [4] SSH key based authentication

The command to 'SSH' into a server remotely looks like the follows:
ssh <username>@<ip_addr or hostname>

Once we have logged into a remote machine, we can then execute commands on them. We can even transfer files using SFTP or SCIP protocols.


Working with Paramiko to SSH into devices remotely:

Paramiko is a pure-Python implementation of the SSHv2 protocol, providing both client and server functionality. It provides the foundation for the high-level SSH library Fabric, which is what we recommend you use for common client use-cases such as running remote shell commands or transferring files.

To install Paramiko on a machine with Python (3.4+) and Pip (PyPy) installed with all dependencies:

pip install paramiko[all]

Here's an example from linode documentation of how to connect and run commands on a remote system:

import paramiko

# Update the next three lines with your

# server's information

host = "YOUR_IP_ADDRESS"

username = "YOUR_LIMITED_USER_ACCOUNT"

password = "YOUR_PASSWORD"


client = paramiko.client.SSHClient()

client.set_missing_host_key_policy(paramiko.AutoAddPolicy())

client.connect(host, username=username, password=password)

_stdin, _stdout,_stderr = client.exec_command("df")

print(stdout.read().decode())

client.close()

One of the issues that I came across recently was to configure a FortiMail Virtual Machine on which the operation looks like the following:

config system interface

  edit <port>

  set ip <ip_address> <netmask>

  set allowaccess (http https ping ssh telnet)

end

The problem with running this as separate 'stdin, stdout, stderr = client.exec_command(command)' is that every time there is a new session setup and thus the ip address & allowaccess lines which are actually a sub-menu of the port setting are lost. So the command ended up looking like this:

stdin, stdout, stderr = client.exec_command("config system interface\n edit <port>\n set ip <ip_address> <netmask>\n set allowaccess http https ping ssh telnet")

---

References:

[1] https://en.wikipedia.org/wiki/Computer_terminal

[2] https://en.wikipedia.org/wiki/Time-sharing

[3] https://en.wikipedia.org/wiki/Terminal_emulator

[4] Recommended read -> TTY Demystified - http://www.linusakesson.net/programming/tty/

[5] https://en.wikipedia.org/wiki/Pseudoterminal

[6] https://en.wikipedia.org/wiki/Secure_Shell

[7] https://docs.paramiko.org/en/stable/

[8] https://www.linode.com/docs/guides/use-paramiko-python-to-ssh-into-a-server/

Comments

Post a Comment

Popular posts from this blog

Playing around with Dell R520 server

Image
After I got my first major tech job, I learned that a major part of the job would be working with Dell servers, setting up ESXi hosts, vCenter installation, etc. so I thought it would be a good idea to practice this at home in my own lab environment so I went and bought a Dell R520 server from the Facebook marketplace for around 300 CAD$. Let me explain how I set up the server. We'll go over the installation of ESXi in detail in another post. For now, let's assume that our server comes with ESXi pre-installed. Let's start by ensuring that the server is plugged in. Most servers come with 2 different PSUs (Power Supply Units). These are meant to go on different Power Strips for power outage redundancy. Once the server is plugged in, try to get your hands on an old monitor with a VGA cable, should cost about 20 CAD$ used. We also need a keyboard. In my case, ESXi was pre-installed so all I had to do was set up the hostname and IP address. Since the internal IP address in my ne
Read more

Experience Interviewing for an Infrastructure Engineer - Continuous Delivery position

Been a while since I got to write to this blog. Recently, I had the pleasure of interviewing for an Infrastructure Engineer - Continuous Delivery position for a company based in Dallas, Texas. I wanted to pen down my experience while the memory is fresh and possibly help others in the same pursuits. The first round was the typical HR round where the interviewer requested to know more about my experience in the DevOps / Infrastructure engineering field and gauge my interest in the position / learn about my background. It included a lot of open-ended questions such as can you please explain your role in your current position. The next round was considerably more interesting and included more pointed questions about my experience in particular tools and working platforms. The interviewer also took the time to explain the role and the need for this position.  After passing this round, I received a take-home exam, the exam question is as follows: Hi Srikar, We're excited to continue our
Read more

Plan for July 1st long weekend.

 AH, finally a good long weekend coming up to focus on some learning. Plan for the three days: The first and most important is that I want to get back to working with Kubernetes and AWS so will be working on finishing up the EKS workshop (www.eksworkshop.com). I will summarize each of the sections and post a review here. The next thing that I really want to get done over this weekend is to watch 3 of the CS50 lectures, the Algorithms, the Memory, & the Data Structures ones. Again, I will post a summary of each of the lectures here. July 1st: Algorithms lecture All of the EKS Beginner modules July 2nd: Memory lecture All of the EKS Intermediate modules July 3rd: Data structures lecture All of the EKS Advanced modules
Read more