11

I'm trying to write a small Python program to check whether an SSH server allows a password authentication. Here is the current plan:

import base64
import paramiko
client = paramiko.SSHClient()
client.set_missing_host_key_policy(paramiko.AutoAddPolicy())
client.connect('ssh.example.com', username='strongbad', password='thecheat')
stdin, stdout, stderr = client.exec_command('ls')
for line in stdout:
    print('... ' + line.strip('\n'))
client.close()

The idea is to grep the output or to later put a try catch block around the connect statement.

My problem however is that some of the systems that I run the program on have access via a RSA key that is stored under ~/.ssh. And in these cases, the connect will simply succeed (which I want to avoid).

So, here is the question: Does anybody know any way to force Paramiko (or another SSH client) to use passwords?

Thanks

Improve this question

1 Answer 1

Reset to default
14

The SSHClient.connect method has look_for_keys argument. Set it to False:

client.connect(
    'ssh.example.com', username='strongbad', password='thecheat',
    look_for_keys=False)

Similarly you may want to set allow_agent to False as well.

Obligatory warning: Do not use AutoAddPolicy, unless you do not care about security. You are losing a protection against MITM attacks this way.
For a correct solution, see Paramiko "Unknown Server".

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.