Using PuTTY command line, I connect with unix host which is under PAM context.
The connection string is
domain/[email protected]@[email protected]:4422
in PuTTY command line I have used the below
putty.exe -ssh domain/[email protected]@[email protected] 4422 -pw xxx
This will open the PuTTY SSH Session to an host and logins. In PuTTY console it shows the username as
domain/[email protected]@unix-host
I want to perform the same through SSH library Paramiko. I have kept pam-load-balancer-address as my host and 4422 as port and domain/[email protected]@unix-host as my username. In Paramiko it gives an error message
AuthenticationException: Authentication failed.
In PuTTY ssh it was successful and in Paramiko or robotframework-sshlibrary I can’t login the host. Please advice on how to login the host where the username has many @. Thanks
PuTTY session
PuTTY Event log:
Paramiko log:
DEB [20210330-17:27:49.113] thr=1 paramiko.transport: starting thread (client mode): 0x3d82d30 DEB [20210330-17:27:49.113] thr=1 paramiko.transport: Local version/idstring: SSH-2.0-paramiko_2.7.2 DEB [20210330-17:27:49.113] thr=1 paramiko.transport: Remote version/idstring: SSH-2.0-PBPS-SM-1.0.0 INF [20210330-17:27:49.113] thr=1 paramiko.transport: Connected (version 2.0, client PBPS-SM-1.0.0) DEB [20210330-17:27:49.217] thr=1 paramiko.transport: kex algos:['curve25519-sha256', 'ecdh-sha2-nistp256', 'ecdh-sha2-nistp384', 'ecdh-sha2-nistp521', 'diffie-hellman-group-exchange-sha256', 'diffie-hellman-group14-sha1'] server key:['ecdsa-sha2-nistp256', 'ecdsa-sha2-nistp384', 'ecdsa-sha2-nistp521', 'ssh-ed25519', 'rsa-sha2-512', 'rsa-sha2-256', 'ssh-rsa'] client encrypt:['aes256-ctr', 'aes192-ctr', 'aes128-ctr'] server encrypt:['aes256-ctr', 'aes192-ctr', 'aes128-ctr'] client mac:['hmac-sha2-256', 'hmac-sha2-512', 'hmac-sha1'] server mac:['hmac-sha2-256', 'hmac-sha2-512', 'hmac-sha1'] client compress:['none'] server compress:['none'] client lang:[''] server lang:[''] kex follows?False DEB [20210330-17:27:49.218] thr=1 paramiko.transport: Kex agreed: ecdh-sha2-nistp256 DEB [20210330-17:27:49.218] thr=1 paramiko.transport: HostKey agreed: ssh-ed25519 DEB [20210330-17:27:49.218] thr=1 paramiko.transport: Cipher agreed: aes128-ctr DEB [20210330-17:27:49.218] thr=1 paramiko.transport: MAC agreed: hmac-sha2-256 DEB [20210330-17:27:49.218] thr=1 paramiko.transport: Compression agreed: none DEB [20210330-17:27:49.225] thr=1 paramiko.transport: kex engine KexNistp256 specified hash_algo <built-in function openssl_sha256> DEB [20210330-17:27:49.225] thr=1 paramiko.transport: Switch to new keys ... DEB [20210330-17:27:49.226] thr=2 paramiko.transport: Adding ssh-ed25519 host key for [xxx-pam2.xxx.co.uk]:4422: b'3f537ba214609f1911ba04226de23df7' DEB [20210330-17:27:49.246] thr=1 paramiko.transport: userauth is OK INF [20210330-17:27:49.246] thr=1 paramiko.transport: Authentication (password) failed. DEB [20210330-17:27:49.253] thr=1 paramiko.transport: EOF in transport thread
PuTTY Event Log without -pw:
2021-03-30 17:39:43 Looking up host "xxx-pam1.xxx.co.uk" for SSH connection 2021-03-30 17:39:43 Connecting to 10.34.37.244 port 4422 2021-03-30 17:39:43 We claim version: SSH-2.0-PuTTY_Release_0.74 2021-03-30 17:39:43 Remote version: SSH-2.0-PBPS-SM-1.0.0 2021-03-30 17:39:43 Using SSH protocol version 2 2021-03-30 17:39:43 No GSSAPI security context available 2021-03-30 17:39:43 Doing ECDH key exchange with curve nistp256 and hash SHA-256 (unaccelerated) 2021-03-30 17:39:43 Server also has ecdsa-sha2-nistp256/ecdsa-sha2-nistp384/ecdsa-sha2-nistp521/ssh-rsa host keys, but we don't know any of them 2021-03-30 17:39:43 Host key fingerprint is: 2021-03-30 17:39:43 ssh-ed25519 255 32:2f:d2:0b:ba:f4:50:7f:01:42:59:bd:47:17:d3:91 2021-03-30 17:39:43 Initialised AES-256 SDCTR (AES-NI accelerated) outbound encryption 2021-03-30 17:39:43 Initialised HMAC-SHA-256 (unaccelerated) outbound MAC algorithm 2021-03-30 17:39:43 Initialised AES-256 SDCTR (AES-NI accelerated) inbound encryption 2021-03-30 17:39:43 Initialised HMAC-SHA-256 (unaccelerated) inbound MAC algorithm 2021-03-30 17:39:43 Attempting keyboard-interactive authentication 2021-03-30 17:40:01 Access granted 2021-03-30 17:40:01 Opening main session channel 2021-03-30 17:40:02 Opened main channel 2021-03-30 17:40:02 Allocated pty 2021-03-30 17:40:02 Started a shell/command
Source code
import paramiko
import logging
import Interactive
def connect_pam_host():
logging.basicConfig();
# logging.getLogger('Paramiko').setLevel(logging.INFO);
paramiko.util.log_to_file('paramiko.log', logging.WARNING);
ssh = paramiko.SSHClient();
ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy());
ssh.connect(hostname='xxx-pam2.xxx.co.uk', port=4422, username='netdom\[email protected]@utvweccn03',
password='[email protected]');
print('Success');
# This is a sample Python script.
# Press Shift+F10 to execute it or replace it with your code.
# Press Double Shift to search everywhere for classes, files, tool windows, actions, and settings.
def print_hi(name):
# Use a breakpoint in the code line below to debug your script.
print(f'Hi, {name}') # Press Ctrl+F8 to toggle the breakpoint.
# Press the green button in the gutter to run the script.
if __name__ == '__main__':
print_hi('PyCharm')
connect_pam_host()
Answer
Your server seems to issue two keyboard-interactive authentication challenges
- First a prompt for a password
- Second a banner with no prompts.
So you will have to do something like this:
def handler(title, instructions, fields):
if len(fields) == 1:
return [password]
else:
return []
transport = paramiko.Transport('example.com')
transport.connect(username='myuser')
transport.auth_password(username, password):
transport.auth_interactive(username, handler)
Some references:
- Paramiko/Python: Keyboard interactive authentication
- SSH with 2FA in Python Using Paramiko
- Multi-factor authentication (password and key) with Paramiko
Further, as you have find out, you need to escape the in the username.