5

I'm trying to spawn an ssh child process using subprocess.

I'm working on Python 2.7.6 on Windows 7

here is my code:

from subprocess import *
r=Popen("ssh sshserver@localhost", stdout=PIPE)
stdout, stderr=r.communicate()
print(stdout)
print(stderr)

The outputs:

None

stdout should contain: sshserver@localhost's password:

WannaBeGenius
  • 128
  • 1
  • 2
  • 12
  • On Linux at least (and prob windows) the `stdin` of your tty is not the same as the one ssh asks for the password. Hold on, got code for this (linux tho). – Torxed Jan 29 '14 at 14:17
  • 1
    If you're going to need to automate `ssh` you probably want to investigate something like [pexpect](http://pexpect.sourceforge.net/pexpect.html) or similar. You may also want to consider just using key-based authentication so that you don't need to muck about with passwords. – larsks Jan 29 '14 at 14:18
  • I already worked on pexpect but it doesn't work perfectly on windows that's why i want to use standard python modules @larsks – WannaBeGenius Jan 29 '14 at 14:25
  • @user3249194 You can't use standard modules for this. Windows doesn't let you hook up to the subprocess ID. I've read about someone fiddling with the `win32` library tho who managed to change process-permissions for the main loop in order to attach to the subprocess ID and read the stdout. But in short, it's not possible. I've posted all your 3 options below that's known to work. The first is a Linux solution so you're probably not interested in that unless you want to take a grip on life and use a proper OS, heh :) – Torxed Jan 29 '14 at 14:28
  • @Torxed I had already installed debian and worked with pexpect, but i want to find a solution for windows :D – WannaBeGenius Jan 29 '14 at 14:36
  • Is there a reason for not using [paramiko](https://pypi.python.org/pypi/paramiko) – Abhijit Jan 29 '14 at 14:38
  • Then you need to use key-based authentication i'm afraid. I've fiddled around with this A LOT too because our workstations at work used to use Windows before we switched over to the dark side. All in all, pexpect is the only "default" Python library that can handle this sort of thing. I think i spent days with `Popen()` in order to get this up and working.. but you can't. At least not with a 3:d party SSH client. – Torxed Jan 29 '14 at 14:39
  • You could use [`fabric`](http://fabfile.org) or [`paramiko`](http://docs.paramiko.org/) directly to run commands via `ssh` in Python. – jfs Jan 30 '14 at 04:37

1 Answers1

12

Here's an example of working SSH code that handles the promt for yes/no on the certificate part and also when asked for a password.

#!/usr/bin/python

import pty, sys
from subprocess import Popen, PIPE, STDOUT
from time import sleep
from os import fork, waitpid, execv, read, write

class ssh():
    def __init__(self, host, execute='echo "done" > /root/testing.txt', askpass=False, user='root', password=b'SuperSecurePassword'):
        self.exec = execute
        self.host = host
        self.user = user
        self.password = password
        self.askpass = askpass
        self.run()

    def run(self):
        command = [
                '/usr/bin/ssh',
                self.user+'@'+self.host,
                '-o', 'NumberOfPasswordPrompts=1',
                self.exec,
        ]

        # PID = 0 for child, and the PID of the child for the parent    
        pid, child_fd = pty.fork()

        if not pid: # Child process
            # Replace child process with our SSH process
            execv(command[0], command)

        ## if we havn't setup pub-key authentication
        ## we can loop for a password promt and "insert" the password.
        while self.askpass:
            try:
                output = read(child_fd, 1024).strip()
            except:
                break
            lower = output.lower()
            # Write the password
            if b'password:' in lower:
                write(child_fd, self.password + b'\n')
                break
            elif b'are you sure you want to continue connecting' in lower:
                # Adding key to known_hosts
                write(child_fd, b'yes\n')
            elif b'company privacy warning' in lower:
                pass # This is an understood message
            else:
                print('Error:',output)

        waitpid(pid, 0)

The reason (and correct me if i'm wrong here) for you not being able to read the stdin straight away is because SSH runs as a subprocess under a different process ID which you need to read/attach to.

Since you're using windows, pty will not work. there's two solutions that would work better and that's pexpect and as someone pointed out key-based authentication.

In order to achieve a key-based authentication you only need to do the following: On your client, run: ssh-keygen Copy your id_rsa.pub content (one line) into /home/user/.ssh/authorized_keys on the server.

And you're done. If not, go with pexpect.

import pexpect
child = pexpect.spawn('ssh user@host.com')
child.expect('Password:')
child.sendline('SuperSecretPassword')
Torxed
  • 22,866
  • 14
  • 82
  • 131
  • the pty module requires termios wich is working only on Unix platform – WannaBeGenius Jan 29 '14 at 14:39
  • Which i mentioned in my answer didn't i? :/ – Torxed Jan 29 '14 at 14:41
  • yes you did, and i did mention that i'm working on windows ;) – WannaBeGenius Jan 29 '14 at 14:45
  • And that's why i posted two other solutions that work in Windows ;) Note: Linux fix is for anyone else reading this (cause there will be a TON other people coming here because it's a common issue), also you have a linux machine now so this would help you as well :P – Torxed Jan 29 '14 at 14:46
  • You saved the time of fighting with windows to get this works, because it seems there is no solution already done. ;) – WannaBeGenius Jan 29 '14 at 14:54
  • 3
    Solutions from your answer do not work on Windows. `pexpect` needs `pty` that expects a POSIX system (`pty` is written for Linux). – jfs Jan 30 '14 at 04:38