Posts Tagged ssh

paramiko: ssh scripting the ez way

The other day I wanted to jack around some goofy script and run it on a bunch of hosts, but… without keys, it was drag to do in a simple script… So… a buddy of mine had used paramiko to do some ssh action in python.

After reading Jesse‘s article, I used paramiko to copy a script around, run it and collect the output on the local filesystem

Here is some crap example:

import os
import paramiko
import socket
import sys

# yeh... my script really doesn't look like this...

host = ''
username = 'root'
password = 'passwords_are_for_cowards'

tmp  = '/tmp/'

# copy our cool_script over to the host in /tmp
transport = paramiko.Transport( ( host, 22 ) )
transport.connect( username = username, password = password )
sftp = paramiko.SFTPClient.from_transport( transport )
sftp.put( '', tmp )

# seems like ssh.connect sometimes fails due to some
# weird dns issue, so hack around it...
ip = socket.gethostbyname( host )

# chmod and run the script
ssh = paramiko.SSHClient()
ssh.set_missing_host_key_policy( paramiko.AutoAddPolicy() )
ssh.connect( ip, username = username, password = password )
stdin, stdout, stderr = ssh.exec_command( 'chmod 755 ' + tmp + ';' + tmp )
data =

# save the output as json on the local filesystem
filename = host + '.json'
output = open( filename, 'w' )
output.write( data )


Leave a Comment

slow ssh under ubuntu fix

Oh, the grinding and gnashing of teeth! My ssh to various boxes was redonkulously slow… I finally realized… it was just me… or rather just my ubuntu… or actually… just the ssh_config for my ubuntu…

Thanks to ssh -v, I saw:

debug1: Authentications that can continue: publickey,gssapi-with-mic,password
debug1: Next authentication method: gssapi-with-mic
debug1: Unspecified GSS failure.  Minor code may provide more information
No credentials cache found

debug1: Unspecified GSS failure.  Minor code may provide more information
No credentials cache found

which made me say: wtf is gssapi-with-mic? After some digging, I found this crap in /etc/ssh/ssh_config:

GSSAPIAuthentication yes

I changed it to

GSSAPIAuthentication no

check the difference:

% time ssh some_host echo GSSAPIAuthentication yes
GSSAPIAuthentication yes
real    0m15.398s
user    0m0.028s
sys     0m0.004s
% time ssh some_host echo GSSAPIAuthentication no
GSSAPIAuthentication no
real    0m0.364s
user    0m0.028s
sys     0m0.008s

The math sez it’s about 42x faster with that dumb junk turned off!


Comments (10)