It can be frustrating to diagnose issues when using Paramiko to connect to various hosts over SSH. Different settings and versions of Paramiko can have different behavior and issues that need to be circumvented. This is a simple script to make testing and getting debug output easier.
It is recommended to create a virtual environment so that you can test different versions of Paramiko and other libraries like cryptography without affecting anything else on your host.
Once that is created, install the requirements in requirements.txt:
pip install -r requirements.txt
Then create a json config file (e.g. config.json) and enter the proper values. **If you specify a keypath that will be used, otherwise it will try to use a password.
{
"host": "localhost",
"port": 22,
"username": "",
"password": "",
"key_path": "",
"key_passphrase": "",
"disable_rsa2": false
}
Run the connection test with:
py connection_test.py <config_file>
Results will be logged to paramiko-debug.log as well as printed to the console.
If you are still getting connection issues you can refer to the exceptions as well as the debug output that was logged. You may need to search for these specifics online to see if certain versions of any modules used or configurations may fix your issue.
You can use pip commands to install specific versions of any modules (such as paramiko itself or cryptography). Optionally, you can update the values in requirements.txt and re-run the install command to load those specific versions.
(venv) C:\tools\paramiko-debugger>py connection_test.py
C:\tools\paramiko-debugger\venv\lib\site-packages\paramiko\transport.py:236: CryptographyDeprecationWarning: Blowfish has been deprecated
"class": algorithms.Blowfish,
Using config file: config.json
Trying to connect with key.
starting thread (client mode): 0x7f767df0
Local version/idstring: SSH-2.0-paramiko_2.9.2
Remote version/idstring: SSH-2.0-OpenSSH_8.9p1 Ubuntu-3
Connected (version 2.0, client OpenSSH_8.9p1)
=== Key exchange possibilities ===
kex algos: curve25519-sha256, [email protected], ecdh-sha2-nistp256, ecdh-sha2-nistp384, ecdh-sha2-nistp521, [email protected], diffie-hellman-group-exchange-sha256, diffie-hellman-group16-sha512, diffie-hellman-group18-sha512, diffie-hellman-group14-sha256
server key: rsa-sha2-512, rsa-sha2-256, ecdsa-sha2-nistp256, ssh-ed25519
client encrypt: [email protected], aes128-ctr, aes192-ctr, aes256-ctr, [email protected], [email protected]
server encrypt: [email protected], aes128-ctr, aes192-ctr, aes256-ctr, [email protected], [email protected]
client mac: [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], hmac-sha2-256, hmac-sha2-512, hmac-sha1
server mac: [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], hmac-sha2-256, hmac-sha2-512, hmac-sha1
client compress: none, [email protected]
server compress: none, [email protected]
client lang: <none>
server lang: <none>
kex follows: False
=== Key exchange agreements ===
Kex: [email protected]
HostKey: ssh-ed25519
Cipher: aes128-ctr
MAC: hmac-sha2-256
Compression: none
=== End of kex handshake ===
kex engine KexCurve25519 specified hash_algo <built-in function openssl_sha256>
Switch to new keys ...
Adding ssh-ed25519 host key for 172.19.71.206: b'e5377f5da435dbda6e50976e8028c598'
Got EXT_INFO: {'server-sig-algs': b'ssh-ed25519,[email protected],ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,[email protected],[email protected]', '[email protected]': b'0'}
Trying discovered key b'622404b4ee73d5eaff915d44b79ece20' in newkey
userauth is OK
Finalizing pubkey algorithm for key of type 'ssh-rsa'
Our pubkey algorithm list: ['rsa-sha2-512', 'rsa-sha2-256', 'ssh-rsa']
Server-side algorithm list: ['ssh-ed25519', '[email protected]', 'ssh-rsa', 'rsa-sha2-256', 'rsa-sha2-512', 'ssh-dss', 'ecdsa-sha2-nistp256', 'ecdsa-sha2-nistp384', 'ecdsa-sha2-nistp521', '[email protected]', '[email protected]']
Agreed upon 'rsa-sha2-512' pubkey algorithm
Authentication (publickey) successful!
Connected using key.
Closing client.
EOF in transport thread