Paramiko SSH. No authentication methods available

Question

I am having trouble establishing a SSH connection using paramiko. In the client I am running linux and so is the server. At this time we are not concerned with the security aspect. We just want the script to be able to connect so we can do some other things. We will worry about the security aspect later.

I am able to use ssh -oStrictHostKeyChecking=no root@192.168.240.99 to connect through a bash terminal. When I use paramiko I get a No authentication available error. If I look at my known_hosts file I can see the server is using ecdsa-sha2-nistp256. If I delete this line it gets added the next time I log into the server from the terminal.

If I use this python program I get the No authentication error.

def main():
    try:
        paramiko.common.logging.basicConfig(level=paramiko.common.DEBUG)
        client = paramiko.SSHClient()
        client.set_missing_host_key_policy(paramiko.AutoAddPolicy())
        #client.set_missing_host_key_policy(paramiko.MissingHostKeyPolicy()) # also tried this. 
        client.load_system_host_keys()
        client.connect('myipaddr', username='myUsername')
    except Exception as e:
        print("Exception:")
        print(e)

The output of the python program with paramiko set to output debug information is as follows:

 DEBUG:paramiko.transport:starting thread (client mode): 0x71da87f0
DEBUG:paramiko.transport:Local version/idstring: SSH-2.0-paramiko_3.3.1
DEBUG:paramiko.transport:Remote version/idstring: SSH-2.0-OpenSSH_8.0
INFO:paramiko.transport:Connected (version 2.0, client OpenSSH_8.0)
DEBUG:paramiko.transport:=== Key exchange possibilities ===
DEBUG:paramiko.transport:kex algos: curve25519-sha256, curve25519-sha256@libssh.org, ecdh-sha2-nistp256, ecdh-sha2-nistp384, ecdh-sha2-nistp521, diffie-hellman-group-exchange-sha256, diffie-hellman-group16-sha512, diffie-hellman-group18-sha512, diffie-hellman-group14-sha256, diffie-hellman-group14-sha1
DEBUG:paramiko.transport:server key: rsa-sha2-512, rsa-sha2-256, ssh-rsa, ecdsa-sha2-nistp256, ssh-ed25519
DEBUG:paramiko.transport:client encrypt: chacha20-poly1305@openssh.com, aes128-ctr, aes192-ctr, aes256-ctr, aes128-gcm@openssh.com, aes256-gcm@openssh.com
DEBUG:paramiko.transport:server encrypt: chacha20-poly1305@openssh.com, aes128-ctr, aes192-ctr, aes256-ctr, aes128-gcm@openssh.com, aes256-gcm@openssh.com
DEBUG:paramiko.transport:client mac: umac-64-etm@openssh.com, umac-128-etm@openssh.com, hmac-sha2-256-etm@openssh.com, hmac-sha2-512-etm@openssh.com, hmac-sha1-etm@openssh.com, umac-64@openssh.com, umac-128@openssh.com, hmac-sha2-256, hmac-sha2-512, hmac-sha1
DEBUG:paramiko.transport:server mac: umac-64-etm@openssh.com, umac-128-etm@openssh.com, hmac-sha2-256-etm@openssh.com, hmac-sha2-512-etm@openssh.com, hmac-sha1-etm@openssh.com, umac-64@openssh.com, umac-128@openssh.com, hmac-sha2-256, hmac-sha2-512, hmac-sha1
DEBUG:paramiko.transport:client compress: none
DEBUG:paramiko.transport:server compress: none
DEBUG:paramiko.transport:client lang: <none>
DEBUG:paramiko.transport:server lang: <none>
DEBUG:paramiko.transport:kex follows: False
DEBUG:paramiko.transport:=== Key exchange agreements ===
DEBUG:paramiko.transport:Kex: curve25519-sha256@libssh.org
DEBUG:paramiko.transport:HostKey: ssh-ed25519
DEBUG:paramiko.transport:Cipher: aes128-ctr
DEBUG:paramiko.transport:MAC: hmac-sha2-256
DEBUG:paramiko.transport:Compression: none
DEBUG:paramiko.transport:=== End of kex handshake ===
DEBUG:paramiko.transport:kex engine KexCurve25519 specified hash_algo <built-in function openssl_sha256>
DEBUG:paramiko.transport:Switch to new keys ...
DEBUG:paramiko.transport:Adding ssh-ed25519 host key for 192.168.0.10: b'298961f1238371220340a12365ebb395'
DEBUG:paramiko.transport:Got EXT_INFO: {'server-sig-algs': b'ssh-ed25519,ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521'}
Exception:
No authentication methods available

Edit: Even if I add client.load_system_host_keys() I get the same error. Does it not load the key and see what type of key it is to use that as the authentication method?

Edit3: Adding verbose output from sshing in from command line.

(venv) [user.name@8715sv3]$ ssh -vvv -oStrictHostKeyChecking=no root@192.168.0.10
OpenSSH_8.0p1, OpenSSL 1.1.1k  FIPS 25 Mar 2021
debug1: Reading configuration data /home/user.name/.ssh/config
debug1: Reading configuration data /etc/ssh/ssh_config
debug2: resolve_canonicalize: hostname 192.168.0.10 is address
debug2: ssh_connect_direct
debug1: Connecting to 192.168.0.10 [192.168.0.10] port 22.
debug1: Connection established.
debug1: identity file /home/user.name/.ssh/id_rsa type -1
debug1: identity file /home/user.name/.ssh/id_rsa-cert type -1
debug1: identity file /home/user.name/.ssh/id_dsa type -1
debug1: identity file /home/user.name/.ssh/id_dsa-cert type -1
debug1: identity file /home/user.name/.ssh/id_ecdsa type -1
debug1: identity file /home/user.name/.ssh/id_ecdsa-cert type -1
debug1: identity file /home/user.name/.ssh/id_ed25519 type -1
debug1: identity file /home/user.name/.ssh/id_ed25519-cert type -1
debug1: identity file /home/user.name/.ssh/id_xmss type -1
debug1: identity file /home/user.name/.ssh/id_xmss-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_8.0
debug1: Remote protocol version 2.0, remote software version OpenSSH_8.0
debug1: match: OpenSSH_8.0 pat OpenSSH* compat 0x04000000
debug2: fd 5 setting O_NONBLOCK
debug1: Authenticating to 192.168.0.10:22 as 'root'
debug3: hostkeys_foreach: reading file "/home/user.name/.ssh/known_hosts"
debug3: record_hostkey: found key type ECDSA in file /home/user.name/.ssh/known_hosts:11
debug3: load_hostkeys: loaded 1 keys from 192.168.0.10
debug3: order_hostkeyalgs: have matching best-preference key type ecdsa-sha2-nistp256-cert-v01@openssh.com, using HostkeyAlgorithms verbatim
debug3: send packet: type 20
debug1: SSH2_MSG_KEXINIT sent
debug3: receive packet: type 20
debug1: SSH2_MSG_KEXINIT received
debug2: local client KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c
debug2: host key algorithms: ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519-cert-v01@openssh.com,rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa
debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none,zlib@openssh.com,zlib
debug2: compression stoc: none,zlib@openssh.com,zlib
debug2: languages ctos: 
debug2: languages stoc: 
debug2: first_kex_follows 0 
debug2: reserved 0 
debug2: peer server KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1
debug2: host key algorithms: rsa-sha2-512,rsa-sha2-256,ssh-rsa,ecdsa-sha2-nistp256,ssh-ed25519
debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none
debug2: compression stoc: none
debug2: languages ctos: 
debug2: languages stoc: 
debug2: first_kex_follows 0 
debug2: reserved 0 
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: kex: curve25519-sha256 need=64 dh_need=64
debug1: kex: curve25519-sha256 need=64 dh_need=64
debug3: send packet: type 30
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug3: receive packet: type 31
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:hk4HrBMfUjR2NmaW+8SkFwMfWRXi8mYoAMudp3pE7uk
debug3: hostkeys_foreach: reading file "/home/user.name/.ssh/known_hosts"
debug3: record_hostkey: found key type ECDSA in file /home/user.name/.ssh/known_hosts:11
debug3: load_hostkeys: loaded 1 keys from 192.168.0.10
debug1: Host '192.168.0.10' is known and matches the ECDSA host key.
debug1: Found key in /home/user.name/.ssh/known_hosts:11
debug3: send packet: type 21
debug2: set_newkeys: mode 1
debug1: rekey out after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug3: receive packet: type 21
debug1: SSH2_MSG_NEWKEYS received
debug2: set_newkeys: mode 0
debug1: rekey in after 134217728 blocks
debug1: Will attempt key: /home/user.name/.ssh/id_rsa 
debug1: Will attempt key: /home/user.name/.ssh/id_dsa 
debug1: Will attempt key: /home/user.name/.ssh/id_ecdsa 
debug1: Will attempt key: /home/user.name/.ssh/id_ed25519 
debug1: Will attempt key: /home/user.name/.ssh/id_xmss 
debug2: pubkey_prepare: done
debug3: send packet: type 5
debug3: receive packet: type 7
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521>
debug3: receive packet: type 6
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug3: send packet: type 50
debug3: receive packet: type 52
debug1: Authentication succeeded (none).
Authenticated to 192.168.0.10 ([192.168.0.10]:22).
debug1: channel 0: new [client-session]
debug3: ssh_session2_open: channel_new: 0
debug2: channel 0: send open
debug3: send packet: type 90
debug1: Requesting no-more-sessions@openssh.com
debug3: send packet: type 80
debug1: Entering interactive session.
debug1: pledge: network
debug3: receive packet: type 80
debug1: client_input_global_request: rtype hostkeys-00@openssh.com want_reply 0
debug3: receive packet: type 91
debug2: channel_input_open_confirmation: channel 0: callback start
debug2: fd 5 setting TCP_NODELAY
debug3: ssh_packet_set_tos: set IP_TOS 0x48
debug2: client_session2_setup: id 0
debug2: channel 0: request pty-req confirm 1
debug3: send packet: type 98
debug2: channel 0: request shell confirm 1
debug3: send packet: type 98
debug2: channel_input_open_confirmation: channel 0: callback done
debug2: channel 0: open confirm rwindow 0 rmax 32768
debug3: receive packet: type 99
debug2: channel_input_status_confirm: type 99 id 0
debug2: PTY allocation request accepted on channel 0
debug2: channel 0: rcvd adjust 2097152
debug3: receive packet: type 99
debug2: channel_input_status_confirm: type 99 id 0
debug2: shell request accepted on channel 0

*"No authentication methods available"* has nothing to do with host key verification (so nothing to do with `StrictHostKeyChecking` or `known_hosts`). Your code does not contain any authentication at all. That's the problem. How do you want to authenticate? Using a key? — Martin Prikryl, Aug 14 '23 at 15:15
And a suggested solution or place to gain knowledge on this would be? — NDEthos, Aug 14 '23 at 15:31
To give you a suggestion, we first need an answer to my question: *How do you want to authenticate? Using a key?* — Martin Prikryl, Aug 14 '23 at 16:07
I don't care how it authenticates. It could use magic for all I care. I just need it to connect so I can move forward. This has already taken to much time and am not looking for much of a learning lesson. I just need it to work and can look back on it at some other time for the security aspect. — NDEthos, Aug 14 '23 at 16:13
With such lame response, I can only wildly guess that you might be having a problem like this: https://stackoverflow.com/q/51299834/850848 – Do not expect any further help, unless you become more cooperative. — Martin Prikryl, Aug 14 '23 at 16:39
You *should* care how it authenticates. Are you using an `rsa` key? `pem`? How would you normally `ssh` into this machine? — C.Nivs, Aug 14 '23 at 17:01
@C.Nivs `ssh -oStrictHostKeyChecking=no root@192.168.0.10` The reason I don't care is b/c this is not the main issue that needs worked on. The connection really does not matter. It will be the commands that are sent after the connection is made that matter. — NDEthos, Aug 14 '23 at 17:04
[This](https://stackoverflow.com/q/60827896/7867968) is probably what you're looking for. In the future, please provide all necessary information to help solve your problem and you'll avoid the long exchanges where we effectively have to extract key pieces of info from you — C.Nivs, Aug 14 '23 at 17:06
When you ssh by hand, do you type a password? That's what they mean by "authentication". — Tim Roberts, Aug 14 '23 at 17:19
So, you have a machine where you login as root with no password?? Really? Try adding `look_for_keys=False` to your `connect` call. https://stackoverflow.com/questions/52632693/force-password-authentication-ignore-keys-in-ssh-folder-in-paramiko-in-python — Tim Roberts, Aug 14 '23 at 17:36
@TimRoberts Yes, we log in as root with no password. When I add in `look_for_keys=False` I get the same error as before. No change. — NDEthos, Aug 14 '23 at 17:42
@MartinPrikryl I think you may be right. Let me check if I can run a command and get a response from the server. — NDEthos, Aug 14 '23 at 17:57
@MartinPrikryl This was the problem. Have to go to the lower level api for paramiko to get it to allow "authentication" with nothing. No password, no public/private key. Maybe put it in as an answer and I can accept it? — NDEthos, Aug 14 '23 at 18:22
No need to post a duplicate answer here. Please upvote the linked question and its answer. — Martin Prikryl, Aug 15 '23 at 06:54
@MartinPrikryl No thanks. My question had a different set of circumstance and line of query to get at the answer. Just b/c you can see it from the other answer does not mean all will. — NDEthos, Aug 15 '23 at 06:58
Yes you had. That's what makes your question a useful duplicate to the other one. The answer is still the same though. — Martin Prikryl, Aug 15 '23 at 08:51

Paramiko SSH. No authentication methods available

0 Answers0