Paramiko connect without asking ssh key

Question

This is my python script to connect to server. But when I run the script, it is asking me to keying my ssh passphrase. How could I avoid to asking my ssh passphrase key?

host   = '192.168.43.3'
user   = 'root'
passwd = 'ppawd'
ssh    = paramiko.SSHClient()

ssh.load_system_host_keys()
ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())
ssh.connect(host, username=user, password=passwd)
transport = ssh.get_transport()
channel = transport.open_session()
channel.setblocking(1)
channel.settimeout(30)
command = "ls -a"
ssh.exec_command(command)

Answer 1

I ran into the same issue. I don't think the other answers here realized what the question was actually for. This is an old question but I wanted to help anyone else like me who ended up here after googling.

You need to disable the ssh agent feature allow_agent=False and then it will no longer prompt you for a passphrase. Paramiko is trying to connect to the ssh agent and I assume trying to read the key. I also added look_for_keys=False, as it will disable checking for private keys to use.

Example:

client.connect(server, port=port, username=username, password=password, look_for_keys=False, allow_agent=False)

Answer 2

My advice would be generating a key without a passphrase - just press enter when asked for a password while creating the key.

This key should be used specifically for your script - avoid re-using keys you use for other purposes (such as your user's interactive login), since it makes key revocation and access control harder.

A passphrase-less key has some advantages compared to hardcoding the password in your script:

• The presence of a passphrase-less key makes it clear to anyone that the key is compromised as soon as anyone has access to it. Separating the password from the key hides this fact without providing any additional security.
• It avoids you publishing your password to source-control accidentally (separation of source code and access control credentials)
• Possibly, it'll make it less tempting to re-use any existing user's ssh key with a proper passphrase.

---

A few security considerations:

Remember that anyone with access to that key will get access to the remote system. You may consider putting restrictive permissions on the key file, and create a separate user for your script to login into in the remote system, if it's possible at all.

If your script is single purpose, you may also consider limiting the list of shell commands available to the user on the remote system

If you have no physical security on the system that stores the key (i.e.: a laptop or desktop in a untrusted location), you may also want to use full disk encryption, block device encryption (LUKS) or file-level encryption (encfs).