Re: python3 subprocess run sudo cmd in remote failed
In comp.lang.python, lampahome wrote: > what I tried many times like enter password, but it failed. > I just want to use ps.stdin.write(password) to send password, but it always > jump password prompt immediately. Passwords are frequently read from stderr, not stdin, so that tools can get a human answered password from inside a pipleline providing stdin to something downstream. > How to solve this Use some sort of out-of-band authentication. Jenkins (when I looked at it) used ssh-agent. Ansible used sshpass. And you've already had key-pairs suggested in a different reply. Elijah -- likes ssh-agent and key-pairs -- https://mail.python.org/mailman/listinfo/python-list
Re: python3 subprocess run sudo cmd in remote failed
On Tue, Sep 17, 2019 at 3:25 PM Cameron Simpson wrote: > However, I repeat my recommendation to use a keypair for the > authentication, as it avoids needing interactive passwords (and having > your programme know the password has its own suite of problems to do > with where that password comes from). Agreed; using a password that's embedded into the script is worse than useless. The same goes for sudo passwords, if that's a thing; arrange it so the user that you SSH in as has the power to run that command without a password (you can do that in the sudoers file, even if it needs a password for all other usage). If necessary, create a dedicated SSH keypair *just* for this script. It's still easier to protect an SSH private key than a password. ChrisA -- https://mail.python.org/mailman/listinfo/python-list
Re: python3 subprocess run sudo cmd in remote failed
On 17Sep2019 13:02, lampahome wrote: Note also that since stdin and stdout are pipes and not the terminal then ssh will not be interactive, and will not allocate a tty at the far end either. You can get ssh to open a remote tty with the -t option. But I suspect you don't want stdin=PIPE or stdout=PIPE at all. Why are they there? I thought I can use ps.stdin.write(password), so I make stdin and stdout be pipe as input and output. The trouble here is that ssh will only accept a password from a terminal. As soon as you connect a pipe it refuses to prompt. This is partly security (having a terminal is a proxy for "talking to a human"), and partly because ssh normally passes stdin to the remote process once authentication is complete, so things get fiddly. You can give it a terminal by obtaining a pty and associating the subprocess with that. You could install the pexpect module with "pip install pexpect" and use that to manage this interaction. See the docs: https://pexpect.readthedocs.io/en/stable/ for further info. However, I repeat my recommendation to use a keypair for the authentication, as it avoids needing interactive passwords (and having your programme know the password has its own suite of problems to do with where that password comes from). Here are I tried: from subprocess import Popen, PIPE ps = Popen('ssh -o \'StrictHostKeyChecking no\' hello@192.168.80.11 \'sudo sysctl -w vm.drop_caches=3\', shell=True) hello@192.168.80.11's password: from subprocess import Popen, PIPE ps = Popen(['ssh', '-o \'StrictHostKeyChecking no\'', ' hello@192.168.80.11', '\'sudo sysctl -w vm.drop_caches=3\'']) hello@192.168.80.11's password: It always prompt immediately, that make me hard to enter password. Well ssh will be connected to your terminal. Do things work if you hand type the password at that point? Maybe I should try paramiko... Or pexpect. But use a keypair - it will simplify your life, and generally be far more secure anyway. Cheers, Cameron Simpson -- https://mail.python.org/mailman/listinfo/python-list
Re: python3 subprocess run sudo cmd in remote failed
> > Well, there's a Python library called "paramiko" which implements ssh. > That might help. > > Later I will try lol. > Note also that since stdin and stdout are pipes and not the terminal > then ssh will not be interactive, and will not allocate a tty at the far > end either. You can get ssh to open a remote tty with the -t option. > > But I suspect you don't want stdin=PIPE or stdout=PIPE at all. Why are > they there? > > I thought I can use ps.stdin.write(password), so I make stdin and stdout be pipe as input and output. Here are I tried: >from subprocess import Popen, PIPE >ps = Popen('ssh -o \'StrictHostKeyChecking no\' hello@192.168.80.11 \'sudo sysctl -w vm.drop_caches=3\', shell=True) > hello@192.168.80.11's password: >from subprocess import Popen, PIPE >ps = Popen(['ssh', '-o \'StrictHostKeyChecking no\'', ' hello@192.168.80.11', '\'sudo sysctl -w vm.drop_caches=3\'']) > hello@192.168.80.11's password: It always prompt immediately, that make me hard to enter password. Maybe I should try paramiko... -- https://mail.python.org/mailman/listinfo/python-list
Re: python3 subprocess run sudo cmd in remote failed
On 17Sep2019 12:13, lampahome wrote: Hello, I use python3.5 and found no way to solve this problem from subprocess import Popen, PIPE ps = Popen('ssh -o \'StrictHostKeyChecking no\' hello@192.168.80.11 \'sudo sysctl -w vm.drop_caches=3\', stdin=PIPE, stdout=PIPE, stderr=PIPE, bufsize=0, shell=True) hello@192.168.80.11's password: what I tried many times like enter password, but it failed. I just want to use ps.stdin.write(password) to send password, but it always jump password prompt immediately. Well, there's a Python library called "paramiko" which implements ssh. That might help. But really you should avoid using password authentication altogether. Generate a public/private keypair using ssh-keygen and install the public half on the target machine. Then all you need to do is to deal with sudo's password. Note also that since stdin and stdout are pipes and not the terminal then ssh will not be interactive, and will not allocate a tty at the far end either. You can get ssh to open a remote tty with the -t option. But I suspect you don't want stdin=PIPE or stdout=PIPE at all. Why are they there? Also, try doing this without shell=True - it is an invitation for mistakes and shell injection (depending on your uses). Cheers, Cameron Simpson -- https://mail.python.org/mailman/listinfo/python-list
python3 subprocess run sudo cmd in remote failed
Hello, I use python3.5 and found no way to solve this problem >from subprocess import Popen, PIPE >ps = Popen('ssh -o \'StrictHostKeyChecking no\' hello@192.168.80.11 \'sudo sysctl -w vm.drop_caches=3\', stdin=PIPE, stdout=PIPE, stderr=PIPE, bufsize=0, shell=True) > hello@192.168.80.11's password: what I tried many times like enter password, but it failed. I just want to use ps.stdin.write(password) to send password, but it always jump password prompt immediately. How to solve this -- https://mail.python.org/mailman/listinfo/python-list