Execute Shell Commands Over SSH Using Python and Paramiko

By | April 24, 2016

This post shows how to use the Python library Paramiko to implement a SSH client, programmatically connect to another computer over SSH and execute a shell command on that computer. Authentication is performed using either username and password or username and a cryptographic key.
Paramiko have many more features than the ones I use in the example in this article, such as being able to function as a SSH server, SFTP client etc. Please refer to the Paramiko documentation for further details!

Preparations

You need a computer that you can connect to using SSH. To determine whether you have SSH access, either use ssh in a terminal window (Linux and OS X users) or use PuTTY (Windows).
If you want to run the example program in an IDE and don’t already have one, I recommend JetBrains PyCharm – there is a free community edition available.
Finally, you need to have Paramiko installed, which I will describe how to in the next section.

Installing Paramiko from a Terminal Window

To install Paramiko from a terminal window, use:

If you are on Windows, there may be an error telling you that you need to install a library from Microsoft that is required by Paramiko.
Go to the URL shown in the error message and follow the instructions, the retry the installation using pip.

Installing Paramiko from within PyCharm

If you are developing in JetBrain’s PyCharm and assuming that you already have created a new project (File -> New Project), use the following procedure:

  • Open the Preferences.
  • In the Preferences, locate the Project node and the Project Interpreter node below the Project node.
    In my case it looks like this (yes, I have already installed Paramiko and yes, my project is named “test”):
Project preferences in PyCharm where new packages are installed.

Project preferences in PyCharm where new packages are installed.

  • Click the + button in the lower left of the packages list to install a new package.
  • Type “paramiko” without quotes in the new dialog window that appears.
    The result should look like this:
Locating the Paramiko package to be installed.

Locating the Paramiko package to be installed.

  • Click the Install Package button.
    If you are on Windows, there may be an error message telling you that you need to install a library from Microsoft required by Paramiko.
    Go to the URL shown in the error message and follow the instructions. After having installed the library, repeat the process of installing the Paramiko package in PyCharm.

Private Key File

If you do not have a private keyfile and only use a regular login and password when establishing a SSH connection, just skip this part.
If you do intend to authenticate using a private key, you need to create keyfile named “private_key_file” with the key in it and add it to your Python project.
I had a lot of problems obtaining a file in the proper format. My private key is a DSA private key and the keyfile I successfully used with Paramiko looks like this:

Show Me the Code!

I have written a function that connects to a SSH host and executes a command. The function returns a tuple consisting of two lists of strings. The first list of strings is the output to standard out as produced when the command executed on the remote computer. The second list of strings is the output to standard err produced at the same occasion.

The code above connects to a computer at the address 192.168.1.2 on port 22 over SSH using the user-name “ivan” and the password “secretpassword” and then execute the command “ls -al”.
If you want to use a private key, change the invocation of the execute_ssh_command function to:

Note that the ‘DSA’ value should be replaced with ‘RSA’ if your private key is a RSA key and you should ensure that the path to the keyfile is correct.

If you now run the program, a directory listing of your remote computer should be printed to the console.

Happy coding!

4 thoughts on “Execute Shell Commands Over SSH Using Python and Paramiko

  1. maryam

    Thank you for your post, it’s useful. I would like to know how it would change the program if I want to send result after ssh to my local, I have added these two lines after finally part:
    finally:
    with SCPClient(ssh.get_transport()) as scp:
    scp.get(remote_file, local_path)
    I am not sure if I have to write these two lines in try: part or in finally: part? and second question is about checking channel, I see that you have checked the channel for case of ssh, should I do the same with scp too? if yes, how?

    Reply
      1. maryam

        Than you for your answer, using SCP is different from SFTP, what will be happened if I want to use SCPClient rather than SFTP., then my description in above, make sense?

        Reply
  2. Ivan Krizsan Post author

    Hi!
    The SCPClient that I have had a look at works much the same way that SFTP do in that it allows for getting and putting files from/to a remote host. It does not seem to allow for copying directly from one remote host to another remote host. Thus I see little gain in using SCPClient over using SFTP.
    Regarding your original questions; the two lines should be placed in the try-block and you do not have to check any channel since there is nothing returned from the SCPClient methods get and put.
    Happy coding!

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *