SSH Programming with Paramiko

SSH Programming with Paramiko - Completely Different, by jesse
Paramiko on github
Installing Paramiko

Paramiko is a pure-Python module and can be easy_install'ed as other typical python modules can. However, PyCrypto is written largely in C, so you may need a compiler to install both depending on your platform.

Possibly switch to your virtual environment, otherwise you'll get a system-wide installation.
You should obviously adapt the paths that are used here to your local situation
This operation will install the LATEST version of paramiko:

> source /var/python/virtenvs/myvirtspace/bin/activate
> pip install paramiko 

When initiating an ssh connection through Paramiko, the “usual” known host check will be performed. You known that, in a shell, when you initiate an ssh connection for the first time you'll get a message of type:

The authenticity of host ' (' can't be established.
ECDSA key fingerprint is 9a:3c:cd:82:27:3e:6d:6d:1f:c5:d5:d7:bb:be:77:1c.
Are you sure you want to continue connecting (yes/no)?

Typing “y” will add this (here ECDSA) key to the current user's ~/.ssh/known_hosts file, and you won't get asked anymore unless the target's fingerprint is changed. This security feature is also implemented into Paramiko.

To initiate an ssh client connection, you could tell Paramiko to use your know_hosts file using a command like:

> python
>>> import parmiko
>>> import os
>>> ssh_client = paramiko.SSHClient()
>>> ssh_client.load_system_host_keys()

Unfortunately at least Debian and Ubuntu are using ECDSA key encryption, and, as of Paramiko version 1.15, the ECDSA key format isn't recognized by Paramiko (see: thus any connection attempt fails with error: SSHException: Server '' not found in known_hosts.

To circumvent this problem we could:

Deactivate hosts keys verification

> python
>>> import paramiko
>>> ssh_client = paramiko.SSHClient()
>>> ssh_client.set_missing_host_key_policy(paramiko.AutoAddPolicy())
>>> ssh_client.connect('',user='username',password='myPassword')

Of course this is highly unsecure and not recommended at although, in some specific situations, this might come handy, like in a highly changing environment (lab or school), where machines you need to connect to just come and go all the time.

Manually generate the rsa key on the remote host and copy it to a known_hosts file