netmiko使用案例9 免密码登陆思科设备

Linux/Unix的SSHkeygen示例
完成以下步骤设置您)连接的Linux/UNIX工作站(或服务器对ESA，不用密码。 在本例中，我们不会指定作为密码短语。

1. 在您的工作站(或服务器上)使用unix命令SSHkeygen，请生成专用密钥：

$ ssh-keygen -b 2048 -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/[USERID]/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/[USERID]/.ssh/id_rsa.
Your public key has been saved in /home/[USERID]/.ssh/id_rsa.pub.
The key fingerprint is:
00:11:22:77:f6:a9:1e:19:f0:ca:28:9c:ff:00:11:22 [USERID]@hostname.com
The key's randomart image is:
+--[ RSA 2048]----+
| +... +|
| o= o+|
| o o ..|
| . ..o . + |
| . ES. o + |
| o + . . |
| o . . |
| o o |
| . . |
+-----------------+
(以上的*the从Ubuntu 14.04.1)生成

2)打开在#1 (id_rsa.pub)创建的公共密钥关键文件并且复制输出：

$ cat .ssh/id_rsa.pub
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDJg9W3DeGf83m+E/PLGzUFPalSoJz5F
t54Wl2wUS36NLxm4IO4Xfrrb5bA97I+ZA4YcB1l/HsFLZcoljAK4uBbmpY5kXg96A6Wf
mIYMnl+nV2vrhrODgbcicEAdMcQN3wWHXiEWacV+6u+FlHlonkSAIDEug6vfnd+bsbcP
Zz2uYnx1llxbVtGftbWVssBK3LkFp9f0GwDiYs7LsXvQbTkixrECXqeSrr+NLzhU5hf6
eb9Kn8xjytf+eFbYAslam/NEfl9i4rjide1ebWN+LnkdcE5eQ0ZsecBidXv0KNf45RJa
KgzF7joke9niLfpf2sgCTiFxg+qZ0rQludntknw [USERID]@hostname.com

3. 登陆到您的设备并且配置您的ESA认可您的工作站(或服务器)使用您在#1创建的公共SSH密钥，并且确认更改。 在登录期间，注意密码提示：

$ ssh admin@192.168.0.199

---

CONNECTING to myesa.local
Please stand by...

---

Password:[PASSWORD]
Last login: Mon Aug 18 14:11:40 2014 from 192.168.0.200
Copyright (c) 2001-2013, Cisco Systems, Inc.

AsyncOS 8.5.6 for Cisco C100V build 074

Welcome to the Cisco C100V Email Security Virtual Appliance

myesa.local> sshconfig

Currently installed keys for admin:

Choose the operation you want to perform:

• NEW - Add a new key.
• USER - Switch to a different user to edit.
  []> new

Please enter the public SSH key for authorization.
Press enter on a blank line to finish.
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDJg9W3DeGf83m+E/PLGzUFPalSoJz5F
t54Wl2wUS36NLxm4IO4Xfrrb5bA97I+ZA4YcB1l/HsFLZcoljAK4uBbmpY5kXg96A6Wf
mIYMnl+nV2vrhrODgbcicEAdMcQN3wWHXiEWacV+6u+FlHlonkSAIDEug6vfnd+bsbcP
Zz2uYnx1llxbVtGftbWVssBK3LkFp9f0GwDiYs7LsXvQbTkixrECXqeSrr+NLzhU5hf6
eb9Kn8xjytf+eFbYAslam/NEfl9i4rjide1ebWN+LnkdcE5eQ0ZsecBidXv0KNf45RJa
KgzF7joke9niLfpf2sgCTiFxg+qZ0rQludntknw [USERID]@hostname.com

Currently installed keys for admin:

1. ssh-rsa AAAAB3NzaC1yc2EAA...rQludntknw ([USERID]@hostname.com)

Choose the operation you want to perform:

• NEW - Add a new key.
• DELETE - Remove a key.
• PRINT - Display a key.
• USER - Switch to a different user to edit.
  []>

myesa.local> commit

4. 退出在设备和重新登录外面。 注意密码提示删除，并且访问直接地授权：

myesa.local> exit

Connection to 192.168.0.199 closed.
robert@ubuntu:~$ ssh admin@192.168.0.199

---

CONNECTING to myesa.local
Please stand by...

---

Last login: Mon Aug 18 14:14:50 2014 from 192.168.0.200
Copyright (c) 2001-2013, Cisco Systems, Inc.

AsyncOS 8.5.6 for Cisco C100V build 074

Welcome to the Cisco C100V Email Security Virtual Appliance
myesa.local>

完成上面操作后，我们可以编写脚本自动登陆思科设备了。
脚本如下：

conn_ssh_keys.py

#!/usr/bin/env python
from netmiko import Netmiko
from getpass import getpass

key_file = "/home/gituser/.ssh/test_rsa"

cisco1 = {
    'device_type': 'cisco_ios',
    'host': 'cisco1.twb-tech.com', 
    'username': 'testuser',
    'use_keys': True,
    'key_file': key_file,
}

net_connect = Netmiko(**cisco1)
print(net_connect.find_prompt())
output = net_connect.send_command("show ip arp")
print(output)