问题描述
我正在尝试使用Python和Paramiko连接到SFTP服务器,但出现此错误(当我使用pysftp时会发生相同的错误):
starting thread (client mode): 0x17ccde50L
Local version/idstring: SSH-2.0-paramiko_2.7.2
Remote version/idstring: SSH-2.0-OpenSSH_7.2
Connected (version 2.0,client OpenSSH_7.2)
kex algos:[u'curve25519-sha256@libssh.org',u'ecdh-sha2-nistp256',u'ecdh-sha2-nistp384',u'ecdh-sha2-nistp521',u'diffie-hellman-group-exchange-sha256',u'diffie-hellman-group14-sha1'] server key:[u'ssh-rsa',u'rsa-sha2-512',u'rsa-sha2-256',u'ssh-dss',u'ecdsa-sha2-nistp256',u'ssh-ed25519'] client encrypt:[u'chacha20-poly1305@openssh.com',u'aes128-ctr',u'aes192-ctr',u'aes256-ctr',u'aes128-gcm@openssh.com',u'aes256-gcm@openssh.com'] server encrypt:[u'chacha20-poly1305@openssh.com',u'aes256-gcm@openssh.com'] client mac:[u'umac-64-etm@openssh.com',u'umac-128-etm@openssh.com',u'hmac-sha2-256-etm@openssh.com',u'hmac-sha2-512-etm@openssh.com',u'hmac-sha1-etm@openssh.com',u'umac-64@openssh.com',u'umac-128@openssh.com',u'hmac-sha2-256',u'hmac-sha2-512',u'hmac-sha1'] server mac:[u'umac-64-etm@openssh.com',u'hmac-sha1'] client compress:[u'none',u'zlib@openssh.com'] server compress:[u'none',u'zlib@openssh.com'] client lang:[u''] server lang:[u''] kex follows?False
Kex agreed: curve25519-sha256@libssh.org
HostKey agreed: ssh-ed25519
Cipher agreed: aes128-ctr
MAC agreed: hmac-sha2-256
Compression agreed: none
kex engine KexCurve25519 specified hash_algo <built-in function openssl_sha256>
UnkNown exception: from_buffer() cannot return the address of the raw string within a str or unicode or bytearray object
Traceback (most recent call last):
File "/usr/lib/python2.7/site-packages/paramiko/transport.py",line 2075,in run
self.kex_engine.parse_next(ptype,m)
File "/usr/lib/python2.7/site-packages/paramiko/kex_curve25519.py",line 64,in parse_next
return self._parse_kexecdh_reply(m)
File "/usr/lib/python2.7/site-packages/paramiko/kex_curve25519.py",line 129,in _parse_kexecdh_reply
self.transport._activate_outbound()
File "/usr/lib/python2.7/site-packages/paramiko/transport.py",line 2553,in _activate_outbound
self.local_cipher,key_out,IV_out,self._ENCRYPT
File "/usr/lib/python2.7/site-packages/paramiko/transport.py",line 1934,in _get_cipher
return cipher.encryptor()
File "/usr/lib64/python2.7/site-packages/cryptography/hazmat/primitives/ciphers/base.py",line 126,in encryptor
self.algorithm,self.mode
File "/usr/lib64/python2.7/site-packages/cryptography/hazmat/backends/openssl/backend.py",line 487,in create_symmetric_encryption_ctx
return _CipherContext(self,cipher,mode,_CipherContext._ENCRYPT)
File "/usr/lib64/python2.7/site-packages/cryptography/hazmat/backends/openssl/ciphers.py",line 69,in __init__
iv_nonce = self._backend._ffi.from_buffer(mode.nonce)
TypeError: from_buffer() cannot return the address of the raw string within a str or unicode or bytearray object
我能够使用以下方法成功连接到SFTP服务器:
sftp -oPort=22 xxxxx@10.132.x.x:/home
所以我知道服务器存在并且可以访问。
我在Python中的代码就是这样:
paramiko.util.log_to_file("filename.log")
ssh = paramiko.SSHClient()
ssh.set_missing_host_key_policy(
paramiko.AutoAddPolicy())
ssh.connect(ftp_host,username=ftp_username,password=ftp_password,timeout=None)
还有一些依赖项。
asn1crypto @ file:///home/folder/app/utils/asn1crypto-1.2.0-py2.py3-none-any.whl
bcrypt @ file:///home/folder/app/utils/bcrypt-3.1.6-cp27-cp27mu-manylinux1_x86_64.whl
cffi==1.5.2
cryptography @ file:///home/folder/app/utils/cryptography-3.1-cp27-cp27mu-manylinux2010_x86_64.whl
netmiko==2.3.2
paramiko @ file:///home/folder/app/utils/vendor/paramiko-2.7.2-py2.py3-none-any.whl
ply==3.4
pyasn1==0.1.9
pycparser==2.19
pynacl @ file:///home/folder/app/utils/pynacl-1.3.0-cp27-cp27mu-manylinux1_x86_64.whl
pyOpenSSL==16.0.0
six==1.9.0
我的问题是,该错误的确切含义是什么,解决该错误的最佳方法是什么?我需要将图像复制到SFTP,但无法完全连接。
顺便说一句,我正在运行Python的服务器卡在2.7上,并且我不允许对其进行升级。另外,它无法访问互联网,所以我不能使用apt-get之类的东西。我通过拖放压缩文件夹或.whl文件来安装东西。我只需要找到依赖关系的正确组合即可。
解决方法
本主题建议您可能具有过时的依赖项:
https://github.com/paramiko/paramiko/issues/1027
The solution by @bieli似乎可以帮助许多面临问题的人:
sudo pip uninstall cryptography -y && sudo apt-get purge python3-cryptography && sudo apt-get autoremove && sudo pip3 install --upgrade cryptography
如果无法升级依赖项,则可以尝试使用其他KEX。但总的来说,这可能是死路一条。
强制性警告:请勿使用AutoAddPolicy –这样做会失去对MITM attacks的保护。有关正确的解决方案,请参见Paramiko "Unknown Server" 。
在下面的示例中,您可能会看到一些依赖项的绝对路径,因为我正在没有Internet的远程服务器上运行Python脚本。因此,.whl文件必须从我的PC复制到远程服务器。在这些依赖项中,“ cffi ”已升级到1.11.2版,并最终解决了该问题。
如果发现自己遇到类似的问题,请尝试找到类似的最佳依赖项组合:
asn1crypto @ file:///home/badge_bridge/utils/asn1crypto-1.2.0-py2.py3-none-any.whl
bcrypt @ file:///home/badge_bridge/utils/bcrypt-3.1.6-cp27-cp27mu-manylinux1_x86_64.whl
cffi @ file:///home/badge_bridge/utils/vendor/cffi-1.11.2-cp27-cp27mu-manylinux1_x86_64.whl
chrome-gnome-shell==0.0.0
cryptography @ file:///home/badge_bridge/utils/vendor/cryptography-2.1-cp27-cp27mu-manylinux1_x86_64.whl
cupshelpers==1.0
ecdsa==0.6
enum34 @ file:///home/badge_bridge/utils/vendor/enum34-1.1.6-py2-none-any.whl
idna==2.0
ipaddress==1.0.14
isc==2.0
netmiko==2.3.2
paramiko @ file:///home/badge_bridge/utils/vendor/paramiko-2.3.3-py2.py3-none-any.whl
ply==3.4
pyasn1==0.1.9
pycparser==2.19
pycryptodome @ file:///home/badge_bridge/utils/vendor/pycryptodome-3.6.5-cp27-cp27mu-manylinux1_x86_64.whl
pycups==1.9.66
pycurl==7.19.0
pygobject==3.20.1
PyNaCl @ file:///home/badge_bridge/utils/PyNaCl-1.3.0-cp27-cp27mu-manylinux1_x86_64.whl
pyOpenSSL==16.0.0
pysftp==0.2.9
pysmbc==1.0.13
requests==2.11.1
six==1.13.0