Python package – “paramiko”

Module “Paramiko” is a python implementation of SSH v2 i.e. if we have any requirement of accessing a host via SSH; This module must be used.

We primarily use “paramiko” for login into the devices and run some commands.

Connecting to a Remote Host

Refer to below code snippet

import paramiko
DEVICE_IP = '10.120.235.166'
USERNAME = 'admin'
PASSWORD = 'Nvidia@557'

# Lets create an Object SSH
SSH = paramiko.SSHClient()

try:
SSH.connect(DEVICE_IP,port=22,username=USERNAME,password=PASSWORD)
except paramiko.SSHException:
print('SSH ERROR', paramiko.SSHException)
else:
print('SSH is successful to device ', + DEVICE_IP)

If we execute this; we will get an error as below

Traceback (most recent call last):
  File "C:\ProgramData\Anaconda3\lib\site-packages\IPython\core\interactiveshell.py", line 3296, in run_code
    exec(code_obj, self.user_global_ns, self.user_ns)
  File "<ipython-input-5-27d441bf6606>", line 1, in <module>
    SSH.connect(DEVICE_IP,port=22,username=USERNAME,password=PASSWORD)
  File "C:\ProgramData\Anaconda3\lib\site-packages\paramiko\client.py", line 416, in connect
    self, server_hostkey_name, server_key
  File "C:\ProgramData\Anaconda3\lib\site-packages\paramiko\client.py", line 824, in missing_host_key
    "Server {!r} not found in known_hosts".format(hostname)
paramiko.ssh_exception.SSHException: Server '10.120.235.166' not found in known_hosts

We get an error; It is basically an exception that says that “server_key” is not found in known_hosts because it is missing in missing_host_key. There may be the instances where we might not want to trust the host and python default behavior is to Reject.
In “paramiko” there are actually two policies
1. paramiko “Reject” policy – Default one as shown above
2. paramiko “Auto-add” policy – Automatically accepting all and added them to the Host file.

Lets override the default policy behavior with “Auto-add” policy as shown below

import paramiko
DEVICE_IP = '10.120.235.166'
USERNAME = 'admin'
PASSWORD = 'Nvidia@557'

# Lets create an Object SSH
SSH = paramiko.SSHClient()

# Lets override the default policy behavior
SSH.set_missing_host_key_policy(paramiko.AutoAddPolicy())

try:
SSH.connect(DEVICE_IP,port=22,username=USERNAME,password=PASSWORD)
except paramiko.SSHException:
print('SSH ERROR', paramiko.SSHException)
else:
print('SSH is successful to device ' + DEVICE_IP)

Refer for output

$ python demo_paramiko.py
SSH is successful to device 10.120.235.166

You can observe that our connection is successful which can also be seen from device terminal

sw1-server.ban-in#show user
    Line       User       Host(s)              Idle       Location
*  2 vty 0     gaagrawal  idle                 00:00:00 10.24.71.57

Let’s add more complexity i.e. we want to track following scenario in SSH connection.

  1. Authentication failed due to wrong Username/Password
  2. Network Connectivity issue
  3. SSH timeout

Refer to this snipped to track above real-time issues

import paramiko
import socket
DEVICE_IP = '10.10.10.10'
USERNAME = 'gaagrawal'
PASSWORD = 'Kanika!88'

# Lets create an Object SSH
SSH = paramiko.SSHClient()

# Lets override the default policy behavior
SSH.set_missing_host_key_policy(paramiko.AutoAddPolicy())

try:
SSH.connect(DEVICE_IP,port=22,username=USERNAME,password=PASSWORD)
except paramiko.AuthenticationException:
print("Authentication failed, please verify your credential")
except paramiko.SSHException:
print("Could not establish SSH connection: %s" % paramiko.SSHException)
except Exception as TimeoutError:
print("Unable to connect, please verify network connectivity")
except socket.timeout as e:
print("Connection got timed out")
else:
print('SSH is successful to device ' + DEVICE_IP)

Executing some commands on Remote Host

Now, we are connected to the remote server. The next step is to execute commands on the SSH server. To run a command on the server the exec_command() function is called on the SSHClient with the command passed as input. When you execute commands using exec_command a new Channel is opened and the requested command is executed. The response is returned as Python file-like objects representing stdin, stdout, and stderr(as a 3-tuple)

  • The stdin is a write-only file which can be used for input commands.
  • The stdout file give the output of the command.
  • The stderr gives the errors returned on executing the command. Will be empty if there is no error.
import paramiko
import socket
DEVICE_IP = '10.24.3.4'
USERNAME = 'gaagrawal'
PASSWORD = 'Kanika!88'
COMMAND = 'show etherchannel summary'
# Lets create an Object SSH
SSH = paramiko.SSHClient()

# Lets override the default policy behavior
SSH.set_missing_host_key_policy(paramiko.AutoAddPolicy())

try:
SSH.connect(DEVICE_IP,port=22,username=USERNAME,password=PASSWORD)
except paramiko.AuthenticationException:
print("Authentication failed, please verify your credential")
except paramiko.SSHException:
print("Could not establish SSH connection: %s" % paramiko.SSHException)
except Exception as TimeoutError:
print("Unable to connect, please verify network connectivity")
except socket.timeout as e:
print("Connection got timed out")
else:
print('SSH is successful to device ' + DEVICE_IP)
stdin, stdout, stderr = SSH.exec_command(COMMAND, timeout=10)
SSH.ssh_output = stdout.readlines()
SSH.ssh_error = stderr.readlines()
if SSH.ssh_error:
print("Problem occurred while running command:" + COMMAND + " The error is " + SSH.ssh_error)
else:
print("Command execution completed successfully")
print('\n'.join(SSH.ssh_output))

Closing SSH connection

As a best practice; once our Job is done with SSH connection – It is advised to close the connection. This can be achieved using “SSH.close()”

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.