From jhcook at gmail.com Tue Feb 12 00:42:28 2008 From: jhcook at gmail.com (Justin Cook) Date: Tue, 12 Feb 2008 08:42:28 +0000 Subject: [paramiko] _def_urandom is not defined Message-ID: When using paramiko-1.7.2 I receive the following error when attempting to connect to hosts: *** Caught exception: exceptions.NameError: global name '_def_urandom' is not defined Traceback (most recent call last): File "./demo_simple.py", line 83, in ? t.connect(username=username, password=password, hostkey=hostkey) File "/usr/lib/python2.3/site-packages/paramiko/transport.py", line 931, in connect self.start_client() File "/usr/lib/python2.3/site-packages/paramiko/transport.py", line 398, in start_client raise e NameError: global name '_def_urandom' is not defined Apparently, line 47 in 'site-packages/paramiko/osrandom.py' has a typographical error and should read 'return _dev_urandom.read(bytes)' versus 'return _def_urandom.read(bytes)'. A quick search did not reveal any pointers to this problem, so I thought I'd pass it along. I am running on RHEL4 Update6 (Nahant). Cheers, -- Justin Cook http://www.linkedin.com/in/jhcook From jhcook at gmail.com Tue Feb 12 07:16:31 2008 From: jhcook at gmail.com (Justin Cook) Date: Tue, 12 Feb 2008 15:16:31 +0000 Subject: [paramiko] _def_urandom is not defined In-Reply-To: References: Message-ID: When using paramiko-1.7.2 I receive the following error when attempting to connect to hosts: *** Caught exception: exceptions.NameError: global name '_def_urandom' is not defined Traceback (most recent call last): File "./demo_simple.py", line 83, in ? t.connect(username=username, password=password, hostkey=hostkey) File "/usr/lib/python2.3/site-packages/paramiko/transport.py", line 931, in connect self.start_client() File "/usr/lib/python2.3/site-packages/paramiko/transport.py", line 398, in start_client raise e NameError: global name '_def_urandom' is not defined Apparently, line 47 in 'site-packages/paramiko/osrandom.py' has a typographical error and should read 'return _dev_urandom.read(bytes)' versus 'return _def_urandom.read(bytes)'. A quick search did not reveal any pointers to this problem, so I thought I'd pass it along. I am running on RHEL4 Update6 (Nahant). Cheers, -- Justin Cook From dwayne at oscl.ca Tue Feb 12 07:33:25 2008 From: dwayne at oscl.ca (Dwayne Litzenberger) Date: Tue, 12 Feb 2008 09:33:25 -0600 Subject: [paramiko] Compatibility with Python 2.2 and 2.3 (was: _def_urandom is not defined) In-Reply-To: References: Message-ID: <200802120933.26168.dwayne@oscl.ca> On February 12, 2008 02:42:28 am Justin Cook wrote: > Apparently, line 47 in 'site-packages/paramiko/osrandom.py' has a > typographical error and should read 'return _dev_urandom.read(bytes)' > versus 'return _def_urandom.read(bytes)'. Hmm. It looks like neither Robey nor I have tested our changes with Python 2.2 or Python 2.3. ********** PYTHON 2.2 When I do "setup.py install" using Python 2.2.3, I get this: byte-compiling /home/dwon/python2.2/lib/python2.2/site-packages/paramiko/sftp_file.py to sftp_file.pyc :428: Warning: 'yield' will become a reserved keyword in the future File "/home/dwon/python2.2/lib/python2.2/site-packages/paramiko/sftp_file.py", line 428 yield self.read(x[1]) ^ SyntaxError: invalid syntax Running test.py returns this: $ ~/python2.2/bin/python test.py test.py:58: Warning: 'yield' will become a reserved keyword in the future File "test.py", line 58 yield item ^ SyntaxError: invalid syntax Adding "from __future__ import generators" to those files isn't sufficient (at least not for the test suite) because the test suite uses several features from Python 2.3's standard library. ********** PYTHON 2.3 With Python 2.3.6, the situation is somewhat better, though the following tests still fail: ====================================================================== ERROR: test_4_or_pipe (test_buffered_pipe.BufferedPipeTest) ---------------------------------------------------------------------- Traceback (most recent call last): File "tests/test_buffered_pipe.py", line 83, in test_4_or_pipe self.assertFalse(p._set) AttributeError: 'BufferedPipeTest' object has no attribute 'assertFalse' ====================================================================== ERROR: test_1_import (test_util.UtilTest) ---------------------------------------------------------------------- Traceback (most recent call last): File "tests/test_util.py", line 73, in test_1_import self.assertTrue('Transport' in symbols) AttributeError: 'UtilTest' object has no attribute 'assertTrue' ====================================================================== ERROR: test_E_reverse_port_forwarding (test_transport.TransportTest) ---------------------------------------------------------------------- Traceback (most recent call last): File "tests/test_transport.py", line 463, in test_E_reverse_port_forwarding self.assertTrue(self.server._listen is None) AttributeError: 'TransportTest' object has no attribute 'assertTrue' ---------------------------------------------------------------------- Ran 102 tests in 102.095s FAILED (errors=3) ********** FIXES Robey: I've attached a bundle that fixes both the typo and the tests for Python 2.3.6, but Python 2.2 support (at least in the test suite) is still pretty broken. Do you want to have a look at it? -- Dwayne Litzenberger, B.A.Sc. Information Technology Analyst Open Systems Canada Limited #210 - 2332 11th Ave Regina, SK S4P0K1 Office: (306) 359-OSCL (6725) http://www.oscl.ca/ -------------- next part -------------- A non-text attachment was scrubbed... Name: paramiko-python2.3-fixes.bundle Type: text/x-diff Size: 4490 bytes Desc: not available Url : http://www.lag.net/pipermail/paramiko/attachments/20080212/4fb0089f/attachment.diff From jbardin at bu.edu Wed Feb 13 06:48:06 2008 From: jbardin at bu.edu (James Bardin) Date: Wed, 13 Feb 2008 09:48:06 -0500 Subject: [paramiko] HPN-SSH Message-ID: <47B30326.8030603@bu.edu> The following looks pretty interesting: http://www.psc.edu/networking/projects/hpn-ssh/ I wonder if any of these patches could apply to paramiko (not directly of course)? I don't know if we could multithread using pycrypto, but the more important improvement would be dynamic windows and possibly the None cipher. It looks like the main patch isn't up yet. -jim From jdsw2002 at yahoo.com Wed Feb 13 10:44:14 2008 From: jdsw2002 at yahoo.com (jd) Date: Wed, 13 Feb 2008 10:44:14 -0800 (PST) Subject: [paramiko] ConVirt 0.8.1 released Message-ID: <771489.22069.qm@web35807.mail.mud.yahoo.com> Hi Here is a new release of the product using paramiko. Check out the announcement at http://www.convirt.net. Also, head over to the Gallery for a quick overview video of some of the new features. /Jd p.s. I had to suspend the tunneling over xml-rpc from the product because of a pending paramiko issue. ____________________________________________________________________________________ Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try it now. http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ From jbardin at bu.edu Thu Feb 14 12:32:33 2008 From: jbardin at bu.edu (James Bardin) Date: Thu, 14 Feb 2008 15:32:33 -0500 Subject: [paramiko] scp [ again :) ] Message-ID: <47B4A561.5030504@bu.edu> Hi Robey, I know there's been numerous questions about scp, so here's a module that can plug right in paramiko if you like it. The SCPClient takes an open transport, and gives you an object that can send files an directories. The only scp feature I didn't implement was the bandwidth limit. This has only been tested with openssh scp (scp1). Scp2 is just a wrapper for sftp, which we already have. If sftp didn't run at 30% the speed of scp (at least with openssh), I wouldn't have a need for this. For those progressbar lovers, get_progress() gives you an object with a tuple of (bytes sent, file size) that's updated during file transfers. Though, you need to run the client in a separate thread if you want be able to do something with the progress during a transfer. Quick examples: ##### from paramiko import SSHClient, SCPClient, MissingHostKeyPolicy client = SSHClient() ... trans = client.get_transport() # this is all it takes to send a file! scp = SCPClient(trans) scp.send_file('aFile.txt') # renaming on the receiving side scp.send_file('/path/to/testfile', 'renamed.testfile') scp.close() # with recursive, you must to specify the local path, # and the filename scp = SCPClient(trans, recursive=1, preserve_times=1) scp.push_dir('paramiko', 'paramiko') scp.push_dir('paramiko/dirname', 'dirname') scp.send_file('paramiko/dirname/testfile', 'testfile') scp.pop_dir() scp.send_file('paramiko/__init__.py', '__init__.py') scp.close() client.close() #### Thanks, -jim -------------- next part -------------- A non-text attachment was scrubbed... Name: scp.py Type: text/x-python Size: 4994 bytes Desc: not available Url : http://www.lag.net/pipermail/paramiko/attachments/20080214/22aeda8c/attachment.py From ramercer at gmail.com Thu Feb 14 13:13:51 2008 From: ramercer at gmail.com (Adam Mercer) Date: Thu, 14 Feb 2008 16:13:51 -0500 Subject: [paramiko] www.lag.net server issue? Message-ID: <799406d60802141313g334d17d3ia7f87762ff34c831@mail.gmail.com> Hi Is there a problem with the lag.net server, as trying to connect to the paramiko webpage (http://www.lag.net/paramiko) I'm getting the following error: Bad Request Your browser sent a request that this server could not understand. Reason: You're speaking plain HTTP to an SSL-enabled server port. Instead use the HTTPS scheme to access this URL, please. Hint: https://green.lag.net/ Is this a permanent change? Cheers Adam From ramercer at gmail.com Thu Feb 14 13:39:54 2008 From: ramercer at gmail.com (Adam Mercer) Date: Thu, 14 Feb 2008 16:39:54 -0500 Subject: [paramiko] www.lag.net server issue? In-Reply-To: <799406d60802141313g334d17d3ia7f87762ff34c831@mail.gmail.com> References: <799406d60802141313g334d17d3ia7f87762ff34c831@mail.gmail.com> Message-ID: <799406d60802141339t5b6d18d2y6d5fc714dc0dc098@mail.gmail.com> On Thu, Feb 14, 2008 at 4:13 PM, Adam Mercer wrote: > Is this a permanent change? As a followup to this I should add that there's going to be a problem if this is a permanent change as the certificate used on green.lag.net is self issued and its authenticity can't be determined, for example the following error is return when trying to fetch from https://green.lag.net using MacPorts: Fetching failed:: peer certificate cannot be authenticated with known CA certificates Cheers Adam From d.mills at guesny.net Fri Feb 15 04:57:17 2008 From: d.mills at guesny.net (David Mills) Date: Fri, 15 Feb 2008 13:57:17 +0100 Subject: [paramiko] Paramiko reverse proxy Message-ID: <47B58C2D.8050109@guesny.net> Hi, I'm currently writing a small firewall busting script to use for technical support for some of my friends. The idea is that They launch a script which connects to one of my servers via ssh and opens a port-forward back to their own machine, then I connect to the forwarded port on my server, and gain ssh access to their machine that way. The only problem, is that I can't seem to get my script to detect when the paramiko channel has data to send. I've included my script FYI. David P.S: Sorry for the double post, but I sent the first one with the wrong SMTP -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.lag.net/pipermail/paramiko/attachments/20080215/9c865ff6/attachment.htm -------------- next part -------------- A non-text attachment was scrubbed... Name: test_reverse.py Type: text/x-python Size: 1666 bytes Desc: not available Url : http://www.lag.net/pipermail/paramiko/attachments/20080215/9c865ff6/attachment.py From smartpawn at gmail.com Fri Feb 15 06:24:53 2008 From: smartpawn at gmail.com (Deepak Rokade) Date: Fri, 15 Feb 2008 19:54:53 +0530 Subject: [paramiko] How to improve paramiko performance Message-ID: <48224a820802150624t2bde597aq44169e8103f3e34@mail.gmail.com> Hi All, With this mail I want to know "how to improve performance of paramiko for transferring files over the internet through VPN" *Brief about what we are doing.* I want to transfer files of size 5MB which are compressed with gzip format over the VPN. This experiment is being carried out between two cities located 1000km apart () I am using sun soalris 10 sparc machine. I have developed SFTP client with paramiko 1.7.1 version. The speed I am getting is 25 seconds per file (of size 5 MB) *My experiments * I compared paramiko performance with standard unix SFTP command and the speed I got with standard SFTP is no more different. I tried using openssh 4.7 along with HPN patches available at http://www.psc.edu/networking/projects/hpn-ssh/ still performance was no better. Setting TCP tuning parameters such as below (on Linux) also gave no better improvement for SFTP with HPN. /proc/sys/net/core/wmem_max; /proc/sys/net/core/rmem_max; /proc/sys/net/ipv4/tcp_rmem; /proc/sys/net/ipv4/tcp_wmem; Does anybody know how the performance can be improved in such case ? Thanx & Regards, Deepak Rokade -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.lag.net/pipermail/paramiko/attachments/20080215/4efc5afe/attachment.htm From david at guerizec.net Sat Feb 16 02:24:41 2008 From: david at guerizec.net (David Guerizec) Date: Sat, 16 Feb 2008 11:24:41 +0100 Subject: [paramiko] Paramiko reverse proxy In-Reply-To: <47B58C2D.8050109@guesny.net> References: <47B58C2D.8050109@guesny.net> Message-ID: <200802161124.41987.david@guerizec.net> Hello David, Le Friday 15 February 2008 13:57:17 David Mills, vous avez ?crit?: > Hi, > > I'm currently writing a small firewall busting script to use for > technical support for some of my friends. > > The idea is that They launch a script which connects to one of my > servers via ssh and opens a port-forward back to their own machine, then > I connect to the forwarded port on my server, and gain ssh access to > their machine that way. > > The only problem, is that I can't seem to get my script to detect when > the paramiko channel has data to send. I didn't try your script, but you may want to call channel.setblocking(0) at the beginning of ForwardHandler(), so that if there is less than 1024 bytes in the recieve buffer, it won't block on channel.recv(). Hope that helps. Best regards, David -- David Guerizec http://sshproxy-project.org/ irc://irc.freenode.net/#sshproxy-project From jbardin at bu.edu Sat Feb 16 12:54:22 2008 From: jbardin at bu.edu (james bardin) Date: Sat, 16 Feb 2008 15:54:22 -0500 Subject: [paramiko] scp [ again :) ] In-Reply-To: <47B4A561.5030504@bu.edu> References: <47B4A561.5030504@bu.edu> Message-ID: Ok, before anyone calls me an @$$clown, I completely forgot about the download side of scp. I'll make a new SCPClient class, and send it along. -jim -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.lag.net/pipermail/paramiko/attachments/20080216/a03ef4f4/attachment.htm From d.mills at guesny.net Sun Feb 17 09:39:22 2008 From: d.mills at guesny.net (David Mills) Date: Sun, 17 Feb 2008 18:39:22 +0100 Subject: [paramiko] Paramiko reverse proxy In-Reply-To: <200802161124.41987.david@guerizec.net> References: <47B58C2D.8050109@guesny.net> <200802161124.41987.david@guerizec.net> Message-ID: <47B8714A.9070309@guesny.net> David Than you for the idea, but the blockage happens in the select.select statement. Here's the text output of my script when I try to connect through it (All the statements are in the code). 'Into While Loop' is printed just before the select.select and 'Got something' is printed just after. David Handler called Into while loop Got something Local: Recieving data Recieved data: 40 SSH-2.0-OpenSSH_4.6p1 Debian-5ubuntu0.1 Sending Recieved data Sent Recieved data Checking for errors Looping Into while loop David Guerizec wrote: > Hello David, > > Le Friday 15 February 2008 13:57:17 David Mills, vous avez ?crit : > >> Hi, >> >> I'm currently writing a small firewall busting script to use for >> technical support for some of my friends. >> >> The idea is that They launch a script which connects to one of my >> servers via ssh and opens a port-forward back to their own machine, then >> I connect to the forwarded port on my server, and gain ssh access to >> their machine that way. >> >> The only problem, is that I can't seem to get my script to detect when >> the paramiko channel has data to send. >> > > I didn't try your script, but you may want to call channel.setblocking(0) at > the beginning of ForwardHandler(), so that if there is less than 1024 bytes > in the recieve buffer, it won't block on channel.recv(). > > Hope that helps. > > Best regards, > David > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.lag.net/pipermail/paramiko/attachments/20080217/2150245a/attachment.htm From robey at lag.net Sun Feb 17 16:21:38 2008 From: robey at lag.net (Robey Pointer) Date: Sun, 17 Feb 2008 16:21:38 -0800 Subject: [paramiko] www.lag.net server issue? In-Reply-To: <799406d60802141339t5b6d18d2y6d5fc714dc0dc098@mail.gmail.com> References: <799406d60802141313g334d17d3ia7f87762ff34c831@mail.gmail.com> <799406d60802141339t5b6d18d2y6d5fc714dc0dc098@mail.gmail.com> Message-ID: <148F1BEC-1219-40B8-852C-249AE5909E6F@lag.net> On 14 Feb 2008, at 13:39, Adam Mercer wrote: > On Thu, Feb 14, 2008 at 4:13 PM, Adam Mercer > wrote: > >> Is this a permanent change? Sorry, I'd messed with setting up an SSL site, and ended up breaking the main site's configuration. The non-SSL site should be back up and running now. > As a followup to this I should add that there's going to be a problem > if this is a permanent change as the certificate used on green.lag.net > is self issued and its authenticity can't be determined, for example > the following error is return when trying to fetch from > https://green.lag.net using MacPorts: > > Fetching failed:: peer certificate cannot be authenticated with known > CA certificates Another good example of why SSH is a superior protocol to SSL. I'm not going to pay thousands of dollars to a financial corporation just to have the "right kind" of cert. Therefore self-signed certs are a fact of life, and all these SSL clients complaining about them just make SSL look confusing to end users. robey From robey at lag.net Sun Feb 17 18:21:37 2008 From: robey at lag.net (Robey Pointer) Date: Sun, 17 Feb 2008 18:21:37 -0800 Subject: [paramiko] Exit status on shells In-Reply-To: <90622e530801281257i3d71b7eds17227880fe5443b9@mail.gmail.com> References: <90622e530801281257i3d71b7eds17227880fe5443b9@mail.gmail.com> Message-ID: On 28 Jan 2008, at 12:57, Christian Vest Hansen wrote: > If I create a channel with SSHClient.invoke_shell(), will it then ever > make sense to read the exit_status or inspect the status_event? > > I'm trying to simulate shell access to a server and would like to know > when I can print the input prompt to the users console. You won't get an exit status until the shell exits, which generally means the user logged out. When using invoke_shell, the remote shell will believe it's talking to a terminal, so it will take care of displaying the input prompt itself. robey From robey at lag.net Sun Feb 17 21:12:48 2008 From: robey at lag.net (Robey Pointer) Date: Sun, 17 Feb 2008 21:12:48 -0800 Subject: [paramiko] Compatibility with Python 2.2 and 2.3 (was: _def_urandom is not defined) In-Reply-To: <200802120933.26168.dwayne@oscl.ca> References: <200802120933.26168.dwayne@oscl.ca> Message-ID: On 12 Feb 2008, at 7:33, Dwayne Litzenberger wrote: > On February 12, 2008 02:42:28 am Justin Cook wrote: >> Apparently, line 47 in 'site-packages/paramiko/osrandom.py' has a >> typographical error and should read 'return _dev_urandom.read(bytes)' >> versus 'return _def_urandom.read(bytes)'. > > Hmm. It looks like neither Robey nor I have tested our changes with > Python 2.2 > or Python 2.3. In fact, I no longer have a copy of anything older than 2.4! :) [...] > Robey: I've attached a bundle that fixes both the typo and the tests > for > Python 2.3.6, but Python 2.2 support (at least in the test suite) is > still > pretty broken. Do you want to have a look at it? The patch looks straightforward, and works find under python 2.5, so I'll merge it. Would anyone scream if I removed support for python 2.2? Google says python 2.3 was released five years ago, so I'm thinking it's fair to ask python 2.2 users to upgrade at this point. robey From robey at lag.net Sun Feb 17 21:43:19 2008 From: robey at lag.net (Robey Pointer) Date: Sun, 17 Feb 2008 21:43:19 -0800 Subject: [paramiko] HPN-SSH In-Reply-To: <47B30326.8030603@bu.edu> References: <47B30326.8030603@bu.edu> Message-ID: On 13 Feb 2008, at 6:48, James Bardin wrote: > The following looks pretty interesting: > > http://www.psc.edu/networking/projects/hpn-ssh/ > > I wonder if any of these patches could apply to paramiko (not directly > of course)? I don't know if we could multithread using pycrypto, but > the more important improvement would be dynamic windows and possibly > the > None cipher. Adding a None cipher to paramiko would be easy, but of dubious usefulness. Multithreading AES-CTR is pretty clever. If pycrypto supported CTR, paramiko could do the same trick as the HPN patches, because they're taking advantage of a feature of the CTR block chaining method: CTR chains just encipher a stream of incrementing numbers, and XOR the result against the actual data. They're just offloading the AES encryption to a worker thread, then XORing that stream against the data stream in the main thread (XOR is very fast). Very nice. Dynamic windows should be equally possible (and hopefully easier in python than in C). The tricky part there would be checking the OS's TCP buffer size, etc. robey From robey at lag.net Sun Feb 17 22:05:36 2008 From: robey at lag.net (Robey Pointer) Date: Sun, 17 Feb 2008 22:05:36 -0800 Subject: [paramiko] How to improve paramiko performance In-Reply-To: <48224a820802150624t2bde597aq44169e8103f3e34@mail.gmail.com> References: <48224a820802150624t2bde597aq44169e8103f3e34@mail.gmail.com> Message-ID: <915C185E-EB26-45F5-B8E9-0CD8348ED18C@lag.net> On 15 Feb 2008, at 6:24, Deepak Rokade wrote: > Hi All, > With this mail I want to know "how to improve performance of > paramiko for transferring files over the internet through VPN" > This sounds really similar to the HPN thread, so you might check the HPN patches. > Brief about what we are doing. > > I want to transfer files of size 5MB which are compressed with gzip > format over the VPN. This experiment is being carried out between > two cities located 1000km apart () > For fast, latent pipes, you'll want large window sizes, but also note that SFTP is *terrible* over high latency links. The folks at the bazaar project found this out the hard way. The problem is that SFTP requires you to send a block of data, then wait for an ack. The stop-and-wait wastes a lot of time if you have long round-trip times. Paramiko can "cheat" a little if you use 'set_pipelined' (for sending files) or 'prefetch' (for receiving files). Also note that I think the HPN window improvements require each side (client & server) to be running with the HPN patches. (Someone correct me if I'm wrong?) robey From smartpawn at gmail.com Sun Feb 17 22:21:28 2008 From: smartpawn at gmail.com (Deepak Rokade) Date: Mon, 18 Feb 2008 11:51:28 +0530 Subject: [paramiko] How to improve paramiko performance In-Reply-To: <915C185E-EB26-45F5-B8E9-0CD8348ED18C@lag.net> References: <48224a820802150624t2bde597aq44169e8103f3e34@mail.gmail.com> <915C185E-EB26-45F5-B8E9-0CD8348ED18C@lag.net> Message-ID: <48224a820802172221r241def29rdc3c188640759999@mail.gmail.com> Thanks for your suggestions. I had already used prefetch for 'receiving files' and 'set_pipelined' for sending files. Robey, You are correct HPN patches needs to be applied on both the sides. and I compared HPN performance using HPN client and HPN server. To the surprise FTP takes only 0.4 seconds to transfer a file whereas SFTP takes 25 seconds. I understand the difference between two protocols but it's a huge gap between transfer rates. On Feb 18, 2008 11:35 AM, Robey Pointer wrote: > On 15 Feb 2008, at 6:24, Deepak Rokade wrote: > > > Hi All, > > With this mail I want to know "how to improve performance of > > paramiko for transferring files over the internet through VPN" > > > > This sounds really similar to the HPN thread, so you might check the > HPN patches. > > > Brief about what we are doing. > > > > I want to transfer files of size 5MB which are compressed with gzip > > format over the VPN. This experiment is being carried out between > > two cities located 1000km apart () > > > > For fast, latent pipes, you'll want large window sizes, but also note > that SFTP is *terrible* over high latency links. The folks at the > bazaar project found this out the hard way. > > The problem is that SFTP requires you to send a block of data, then > wait for an ack. The stop-and-wait wastes a lot of time if you have > long round-trip times. > > Paramiko can "cheat" a little if you use 'set_pipelined' (for sending > files) or 'prefetch' (for receiving files). > > Also note that I think the HPN window improvements require each side > (client & server) to be running with the HPN patches. (Someone correct > me if I'm wrong?) > > robey > > -- Thanx & Regards, Deepak Rokade Do what u Enjoy & Enjoy what u Do........... -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.lag.net/pipermail/paramiko/attachments/20080218/28f9418e/attachment.htm From jbardin at bu.edu Mon Feb 18 08:42:25 2008 From: jbardin at bu.edu (james bardin) Date: Mon, 18 Feb 2008 11:42:25 -0500 Subject: [paramiko] HPN-SSH In-Reply-To: References: <47B30326.8030603@bu.edu> Message-ID: On Feb 18, 2008 12:43 AM, Robey Pointer wrote: > On 13 Feb 2008, at 6:48, James Bardin wrote: > > > Adding a None cipher to paramiko would be easy, but of dubious > usefulness. > I think the usefulness would be in high speed data transfer (not sftp) over an arbitrary channel. Theres a number of cluster people on the beowulf list that would love to have this. In many instances one may want secure authentication, but not care about encrypting the data stream. This could make a big difference in paramiko, as my workstation keeps one cpu at 70% to run a channel at 100Mb. This of course depends on both sides allowing a None cipher, which would limit usefulness right now. -jim -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.lag.net/pipermail/paramiko/attachments/20080218/4bff27db/attachment.htm From dlitz at dlitz.net Mon Feb 18 22:02:39 2008 From: dlitz at dlitz.net (Dwayne C. Litzenberger) Date: Tue, 19 Feb 2008 00:02:39 -0600 Subject: [paramiko] www.lag.net server issue? In-Reply-To: <148F1BEC-1219-40B8-852C-249AE5909E6F@lag.net> References: <799406d60802141313g334d17d3ia7f87762ff34c831@mail.gmail.com> <799406d60802141339t5b6d18d2y6d5fc714dc0dc098@mail.gmail.com> <148F1BEC-1219-40B8-852C-249AE5909E6F@lag.net> Message-ID: <20080219060239.GA7263@rivest.dlitz.net> On Sun, Feb 17, 2008 at 04:21:38PM -0800, Robey Pointer wrote: >> Fetching failed:: peer certificate cannot be authenticated with known >> CA certificates > >Another good example of why SSH is a superior protocol to SSL. I'm not >going to pay thousands of dollars to a financial corporation just to >have the "right kind" of cert. Therefore self-signed certs are a fact >of life, and all these SSL clients complaining about them just make >SSL look confusing to end users. Robey, For somebody browsing on an open wi-fi network---particularly someone who has never visited www.lag.net before---the "right kind" of SSL certs provide a useful service: They make it much more difficult for an attacker on the local wireless LAN to substitute your software with a modified version, and they would make it possible to bootstrap trust for your public GPG key. In this use case, self-signed certificates are just as useful as the practice of _not_ checking SSH host keys: They provide a false sense of security, and completely fail to address the bootstrapping problem. If you shop around, you can get an annual SSL cert for less than US$100 (http://www.rapidssl.com/ currently advertises US$69/year). As the maintainer of an important cryptography library, you should be providing _some_ means for end-users and distributors to verify that the software they download is the same software you release. -- Dwayne C. Litzenberger From dlitz at dlitz.net Mon Feb 18 22:25:15 2008 From: dlitz at dlitz.net (Dwayne C. Litzenberger) Date: Tue, 19 Feb 2008 00:25:15 -0600 Subject: [paramiko] HPN-SSH In-Reply-To: References: <47B30326.8030603@bu.edu> Message-ID: <20080219062515.GA7450@rivest.dlitz.net> On Sun, Feb 17, 2008 at 09:43:19PM -0800, Robey Pointer wrote: >Multithreading AES-CTR is pretty clever. If pycrypto supported CTR, If? from Crypto.Cipher import AES class Counter(str): def __init__(self, initial_ctr): if not isinstance(initial_ctr, str): raise TypeError("nonce must be str") self.c = int(initial_ctr.encode('hex'), 16) def __call__(self): # This might be slow, but it works as a demonstration ctr = ("%032x" % (self.c,)).decode('hex') self.c += 1 return ctr # NIST SP 800-38A, 2001 ed. - F.5.1 test vector (page 62) # http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf key = "2b7e151628aed2a6abf7158809cf4f3c".decode('hex') initial_ctr = "f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff".decode('hex') blocks = [ '6bc1bee22e409f96e93d7e117393172a'.decode('hex'), 'ae2d8a571e03ac9c9eb76fac45af8e51'.decode('hex'), '30c81c46a35ce411e5fbc1191a0a52ef'.decode('hex'), ] cipher = AES.new(key, AES.MODE_CTR, "\0" * 16, Counter(initial_ctr)) for b in blocks: print cipher.encrypt(b).encode('hex') Outputs (as it should): 874d6191b620e3261bef6864990db6ce 9806f66b7970fdff8617187bb9fffdff 5ae4df3edbd5d35e5b4f09020db03eab -- Dwayne C. Litzenberger From jbardin at bu.edu Tue Feb 19 13:24:23 2008 From: jbardin at bu.edu (James Bardin) Date: Tue, 19 Feb 2008 16:24:23 -0500 Subject: [paramiko] scp [ again :) ] In-Reply-To: References: <47B4A561.5030504@bu.edu> Message-ID: <47BB4907.2080704@bu.edu> Hello Robey et al., Sorry about the half attempt at the scp client, I just wasn't thinking. Here's a real one to look over, but there have been some changes... The SCPClient class simply has public methods put and get. All filesystem stuff, including recursion, is handled internally. This may be convenient, but the progress object I had won't work. If anyone thinks they need a way to track transfer progress, I would welcome suggestions. My only idea was to write the progress to a buffered file, and let the user pipe it to the real stdout, or read it in another thread - I haven't tested this idea yet though. Thanks -jim -------------- next part -------------- A non-text attachment was scrubbed... Name: scp.py.gz Type: application/x-gzip Size: 3105 bytes Desc: not available Url : http://www.lag.net/pipermail/paramiko/attachments/20080219/0b1795c1/attachment.bin From mastriani at dmi.unict.it Fri Feb 22 01:40:11 2008 From: mastriani at dmi.unict.it (Emilio Mastriani) Date: Fri, 22 Feb 2008 09:40:11 +0000 Subject: [paramiko] nokia e61 Message-ID: <200802220940.11251.mastriani@dmi.unict.it> Dear all, I'm looking for installation of paramiko on my Nokia E61, but I don't know howto do it. Is there a guide, documentations? Thanks for all. Cheers, Emilio. -- Dr. Emilio Mastriani University of Catania Department of Mathematics and Computer Science V.le A. Doria, 6 95125 - Catania, Italy voice phone: (+39) 0957383095 fax: (+39) 095330094 Attn.: Dr. Emilio Mastriani work e-mail: mastriani at dmi.unict.it private e-mail: mastriani at tim.it URL: http://www.immunomics.eu URL: http://www.pi2s2.it/pb/pi2s2public.php URL: http://www.immunogrid.eu URL: http://www.dmi.unict.it/emastriani From jbardin at bu.edu Fri Feb 22 07:40:58 2008 From: jbardin at bu.edu (James Bardin) Date: Fri, 22 Feb 2008 10:40:58 -0500 Subject: [paramiko] nokia e61 In-Reply-To: <200802220940.11251.mastriani@dmi.unict.it> References: <200802220940.11251.mastriani@dmi.unict.it> Message-ID: <47BEED0A.50602@bu.edu> Emilio Mastriani wrote: > Dear all, > I'm looking for installation of paramiko on my Nokia E61, but I don't know > howto do it. > > Is there a guide, documentations? I haven't heard of it being done, but I would guess that the first hurdle would be to get pycrypto running. -jim From robey at lag.net Sat Feb 23 19:37:11 2008 From: robey at lag.net (Robey Pointer) Date: Sat, 23 Feb 2008 19:37:11 -0800 Subject: [paramiko] ssh -r , dynamic set up In-Reply-To: References: Message-ID: On 27 Jan 2008, at 2:03, John wrote: > Hello, I'm trying to write a script which will allow me to initiate > (spawn?) a reverse tunnel from a remote machine (outside a firewall) > to an internal machine using SSH -R > > I posted to another list and was pointed in the direction of > paramiko. I've read the tutorials, but cannot seem to figure out > exactly how I can do this... I'm hoping someone can look at what I'm > trying to do below and provide an example...' This is becoming a pretty common request, so I checked in an "rforward.py" script (in demos/) in the paramiko dev branch. I also cleaned up "forward.py" so both scripts use SSHClient now, hopefully making them smaller and easier to follow. robey From bulkan at gmail.com Sun Feb 24 21:24:24 2008 From: bulkan at gmail.com (Bulkan) Date: Mon, 25 Feb 2008 16:24:24 +1100 Subject: [paramiko] SSHException: Unknown server on Windows XP Message-ID: <33e6bf00802242124g7f35650cre996b155fb2013d8@mail.gmail.com> Hi all, Im getting the exception SSHException: Unknown server when i run the following code on Windows, but i can ssh into the using PuTTY. Any ideas ? import paramiko import getpass client = SSHClient() client.load_system_host_keys() pw = None usr = None if not usr: usr = raw_input('User: ') if not pw: pw = getpass.getpass('Password: ' ) client.connect('',username=usr,password=pw) stdin, stdout, stderr = client.exec_command('ls -la') client.close() This script works on my Mac (10.4) and i can. -- http://www.bulkan-evcimen.com http://blog.bulkan-evcimen.com -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.lag.net/pipermail/paramiko/attachments/20080225/588e3bdc/attachment.htm From jbardin at bu.edu Mon Feb 25 06:32:54 2008 From: jbardin at bu.edu (James Bardin) Date: Mon, 25 Feb 2008 09:32:54 -0500 Subject: [paramiko] SSHException: Unknown server on Windows XP In-Reply-To: <33e6bf00802242124g7f35650cre996b155fb2013d8@mail.gmail.com> References: <33e6bf00802242124g7f35650cre996b155fb2013d8@mail.gmail.com> Message-ID: <47C2D196.1090206@bu.edu> Bulkan wrote: > Hi all, > > Im getting the exception SSHException: Unknown server when i run > the following code on Windows, but i can ssh into the using PuTTY. > Any ideas ? > > import paramiko > import getpass > > client = SSHClient() > client.load_system_host_keys() Try specifying the hostkeys explicitly with client.load_system_host_keys('path/to/known_hosts') The default path of '~/.ssh/known_hosts' doesn't work on windows. -jim From bulkan at gmail.com Mon Feb 25 14:49:55 2008 From: bulkan at gmail.com (Bulkan) Date: Tue, 26 Feb 2008 09:49:55 +1100 Subject: [paramiko] SSHException: Unknown server on Windows XP In-Reply-To: <47C2D196.1090206@bu.edu> References: <33e6bf00802242124g7f35650cre996b155fb2013d8@mail.gmail.com> <47C2D196.1090206@bu.edu> Message-ID: <33e6bf00802251449o67b536b4s5ac6282991ef9dc0@mail.gmail.com> On Tue, Feb 26, 2008 at 1:32 AM, James Bardin wrote: > > > Bulkan wrote: > > Hi all, > > > > Im getting the exception SSHException: Unknown server when i > run > > the following code on Windows, but i can ssh into the using > PuTTY. > > Any ideas ? > > > > import paramiko > > import getpass > > > > client = SSHClient() > > client.load_system_host_keys() > > Try specifying the hostkeys explicitly with > client.load_system_host_keys('path/to/known_hosts') I've tried running the above script in Ubuntu but it also fails with the same Exception. I forgot to mention that i've been testing this script on Windows/Ubuntu that is inside a Virtual Machine (Parallels) can this be the problem ? Cheers -- http://www.bulkan-evcimen.com http://blog.bulkan-evcimen.com -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.lag.net/pipermail/paramiko/attachments/20080226/67243421/attachment.htm From jbardin at bu.edu Mon Feb 25 19:37:59 2008 From: jbardin at bu.edu (james bardin) Date: Mon, 25 Feb 2008 22:37:59 -0500 Subject: [paramiko] SSHException: Unknown server on Windows XP In-Reply-To: <33e6bf00802251449o67b536b4s5ac6282991ef9dc0@mail.gmail.com> References: <33e6bf00802242124g7f35650cre996b155fb2013d8@mail.gmail.com> <47C2D196.1090206@bu.edu> <33e6bf00802251449o67b536b4s5ac6282991ef9dc0@mail.gmail.com> Message-ID: On Mon, Feb 25, 2008 at 5:49 PM, Bulkan wrote: > > > I've tried running the above script in Ubuntu but it also fails with the > same Exception. I forgot to mention that i've been testing this script on > Windows/Ubuntu that is inside a Virtual Machine (Parallels) can this be the > problem ? > > > Being in a VM shouldn't matter. Are you certain that is listed in your known_hosts file? You should be able to get the key using 'ssh-keygen -F ' You can also try to connect with ssh and strict keychecking: ssh -o'StrictHostKeyChecking=yes" -jim -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.lag.net/pipermail/paramiko/attachments/20080225/b78a6ab7/attachment.htm From jhcook at gmail.com Tue Feb 26 03:16:32 2008 From: jhcook at gmail.com (Justin Cook) Date: Tue, 26 Feb 2008 11:16:32 +0000 Subject: [paramiko] Handling sudo Message-ID: Has anyone developed any code to handle sudo or any advice on best implementation? We need to connect to various servers and execute commands using sudo, but what would be the best way to handle the password and caching mechanisms of sudo? -- Justin Cook From karmazilla at gmail.com Tue Feb 26 05:45:48 2008 From: karmazilla at gmail.com (Christian Vest Hansen) Date: Tue, 26 Feb 2008 14:45:48 +0100 Subject: [paramiko] Handling sudo In-Reply-To: References: Message-ID: <90622e530802260545j164f8783qe131b2557b0e8aad@mail.gmail.com> I've written a tool that does something like that. It might be a bit dense, but the interesting part of the code is here: http://git.savannah.nongnu.org/gitweb/?p=fab.git;a=blob;f=fabric.py;h=1e28fecfa514714dfc3864fd17491da0f2f04e40;hb=da84c94a8955a4a9bdeb467d689bbee432ff8f6d#l258 The 'client' parameter is a paramiko.SSHClient. And don't pay attention to how it handles printing of sudo's output - that part is broken. On 2/26/08, Justin Cook wrote: > Has anyone developed any code to handle sudo or any advice on best > implementation? We need to connect to various servers and execute > commands using sudo, but what would be the best way to handle the > password and caching mechanisms of sudo? > > > -- > Justin Cook > > _______________________________________________ > paramiko mailing list > paramiko at lag.net > http://www.lag.net/cgi-bin/mailman/listinfo/paramiko > -- Venlig hilsen / Kind regards, Christian Vest Hansen. From jhcook at gmail.com Tue Feb 26 05:55:39 2008 From: jhcook at gmail.com (Justin Cook) Date: Tue, 26 Feb 2008 13:55:39 +0000 Subject: [paramiko] Handling sudo In-Reply-To: References: Message-ID: There are a couple ways I can see to do it readily offhand. One, I haven't figured out how to receive the sudo password prompt yet. Apparently, it writes the password prompt to a terminal device. So, you should be able to set an alarm and send the password down the channel in event there is no response from the command. This is dirty IMO. Secondly, and perhaps more clean to use in conjunction with the first option, is to use the -k or -K option to invalidate the sudo timestamp and thus requiring to send the password on every invocation and not worry about whether or not you've been prompted. However, this isn't very clean either in case no password is required. Not a good solution in either respect in my opinion. If this can be done easily with SSHClient someone shoot me in the foot! On Tue, Feb 26, 2008 at 12:10 PM, Jon Sabo wrote: > Justin, > > If you make this work please let me know. I need to be able to do the > same thing. Usually people will just say use sudo with the no passwd > option or use pexpect or something... -- Justin Cook From jhcook at gmail.com Tue Feb 26 06:25:16 2008 From: jhcook at gmail.com (Justin Cook) Date: Tue, 26 Feb 2008 14:25:16 +0000 Subject: [paramiko] Handling sudo In-Reply-To: References: Message-ID: Ok, I'm an idiot. Password prompt goes to stderr... On Tue, Feb 26, 2008 at 1:55 PM, Justin Cook wrote: > There are a couple ways I can see to do it readily offhand. One, I > haven't figured out how to receive the sudo password prompt yet. > Apparently, it writes the password prompt to a terminal device. So, > you should be able to set an alarm and send the password down the > channel in event there is no response from the command. This is dirty > IMO. > > Secondly, and perhaps more clean to use in conjunction with the first > option, is to use the -k or -K option to invalidate the sudo timestamp > and thus requiring to send the password on every invocation and not > worry about whether or not you've been prompted. However, this isn't > very clean either in case no password is required. > > Not a good solution in either respect in my opinion. If this can be > done easily with SSHClient someone shoot me in the foot! -- Justin Cook From smartpawn at gmail.com Wed Feb 27 04:15:54 2008 From: smartpawn at gmail.com (Deepak Rokade) Date: Wed, 27 Feb 2008 17:45:54 +0530 Subject: [paramiko] basic paramiko based SFTP server Message-ID: <48224a820802270415p6c969798i1a82b8e56831a1be@mail.gmail.com> Hi I am in search of paramiko based basic SFTP server which will be able to handle basic file transfer commands. Since I need it just for testing purpose I am avoiding writing the comeplete server. Is such SFTP server readily available ? -- Thanx & Regards, Deepak Rokade -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.lag.net/pipermail/paramiko/attachments/20080227/8fed3a8c/attachment.htm From dwayne at oscl.ca Wed Feb 27 06:34:20 2008 From: dwayne at oscl.ca (Dwayne Litzenberger) Date: Wed, 27 Feb 2008 08:34:20 -0600 Subject: [paramiko] basic paramiko based SFTP server In-Reply-To: <48224a820802270415p6c969798i1a82b8e56831a1be@mail.gmail.com> References: <48224a820802270415p6c969798i1a82b8e56831a1be@mail.gmail.com> Message-ID: <200802270834.20742.dwayne@oscl.ca> On February 27, 2008 06:15:54 am Deepak Rokade wrote: > Hi > I am in search of paramiko based basic SFTP server which will be able to > handle basic file transfer commands. > Since I need it just for testing purpose I am avoiding writing the > comeplete server. > Is such SFTP server readily available ? Not that I've found. I have one that's mostly-written, but I probably won't have time to release it for a week or two. -- Dwayne Litzenberger, B.A.Sc. Information Technology Analyst Open Systems Canada Limited #210 - 2332 11th Ave Regina, SK S4P0K1 Office: (306) 359-OSCL (6725) http://www.oscl.ca/