[英]Remote tcp connection in python with zeromq
I have a python client that needs to talk to a remote server I manage. 我有一个python客户端需要与我管理的远程服务器通信。 They communicate using zeromq. 他们使用zeromq进行通信。 When I tested the client/server locally everything worked. 当我在本地测试客户端/服务器时,一切正常。 But now I have the client and server deployed on the cloud, each using a different provider. 但现在我在云上部署了客户端和服务器,每个客户端都使用不同的提供商。 My question is, what's the simplest way (that is safe) to make the connection? 我的问题是,建立连接的最简单方法是什么(安全)? I'm assuming I can't pass the password over, and even if I could I'm guessing there are safer alternatives. 我假设我无法通过密码,即使我可以猜测有更安全的替代方案。
I know how to set an ssh connection without a password using ssh-keygen. 我知道如何使用ssh-keygen设置没有密码的ssh连接。 Would that work? 那会有用吗? Would the client need to make an ssh connection with the server before sending the tcp req? 在发送tcp req之前,客户端是否需要与服务器建立ssh连接? If there's a python library that helps with this it'd be a big help. 如果有一个python库可以帮助解决这个问题,那将是一个很大的帮助。
Thanks! 谢谢!
Update : So more than 24 hours passed and no one replied/answered. 更新 :超过24小时过去了,没有人回复/回答。 I think I'm getting closer to solve this, but not quite there yet. 我想我已经越来越接近解决这个问题了,但还没有完全解决这个问题。 I added my client's key to .ssh/authorized_key on the server, and now I can ssh from the client to the server without a password. 我将客户端的密钥添加到服务器上的.ssh / authorized_key,现在我可以在没有密码的情况下从客户端ssh到服务器。 Next, I followed this post about "Tunneling PyZMQ Connections with SSH". 接下来,我关注了“使用SSH隧道化PyZMQ连接”这篇文章 。 Here's what I have in my client code: 这是我在客户端代码中的内容:
1 context = zmq.Context()
2 socket = context.socket(zmq.REQ)
3 socket.connect("tcp://localhost:5555")
4 ssh.tunnel_connection(socket, "tcp://locahost:5555", "myuser@remote-server-ip:5555")
5 socket.send_string(some_string)
6 reply = socket.recv()
This doesn't work. 这不起作用。 I don't really understand lines 3 & 4 and I assume I do something wrong there. 我真的不明白第3和第4行,我认为我做错了。 Also, my server (hosted on linode) has a "Default Gateway" IP and a "Public IP" -- in the tunnel connection I only specify the public ip, which is also the ip I use to ssh to the machine. 此外,我的服务器(托管在linode上)有一个“默认网关”IP和一个“公共IP” - 在隧道连接中我只指定了公共IP,这也是我用来ssh到机器的ip。
Indeed, ZMQ way is - tunnelling connection with the SSH. 的确,ZMQ方式是 - 与SSH的隧道连接。 Your example is exactly what needs to be done, except that one should either use connect
or tunnel_connection
, not both. 您的示例正是需要完成的任务,除了应该使用connect
或tunnel_connection
,而不是两者。
Also, when specifying server to connect to, make sure to define the SSH port, not the ZMQ REP socket port. 此外,在指定要连接的服务器时,请确保定义SSH端口,而不是ZMQ REP套接字端口。 That is, instead of myuser@remote-server-ip:5555
you might try myuser@remote-server-ip
or myuser@remote-server-ip:22
. 也就是说,您可以尝试myuser@remote-server-ip
或myuser@remote-server-ip:22
而不是myuser@remote-server-ip:5555
。
import zmq
import zmq.ssh
context = zmq.Context()
socket = context.socket(zmq.REQ)
zmq.ssh.tunnel_connection(socket, "tcp://locahost:5555", "myuser@remote-server-ip")
socket.send(b"Hello")
reply = socket.recv()
Finally, make sure you've installed either pexpect or paramiko - they will do the tunnelling actually. 最后,确保你已经安装了pexpect或paramiko - 它们实际上会进行隧道连接。 Note that if you're using Windows, paramiko is the only solution which will work - pexpect openssh tunnelling won't work on Windows. 请注意,如果您使用的是Windows,那么paramiko是唯一可行的解决方案 - pexpect openssh隧道将无法在Windows上运行。
If you use paramiko instead of pexpect, make sure to set paramiko=True
in the tunnel_connection
arguments. 如果你使用paramiko而不是pexpect,请确保在tunnel_connection
参数中设置paramiko=True
。
I have found ssh in Python to be iffy at best, even with paramiko
and fabric
libraries, so to debug, you might try setting up a tunnel separately, just to see if that's the issue with the broken connection. 我发现Python中的ssh最好是paramiko
,即使使用paramiko
和fabric
库,所以要进行调试,你可以尝试单独设置一个隧道,只是为了看看这是否是连接断开的问题。
For example: 例如:
ssh myuser@remote-server-ip -L 5050:localhost:5555 -N
This says: connect to myuser@remote-server-ip
, and whenever I request a connection to localhost:5050
on my machine, forward it across the ssh connection so that the server at remote-server-ip
thinks it's receiving a connection from localhost:5555
. 这说:连接到myuser@remote-server-ip
,每当我在我的机器上请求连接到localhost:5050
时,通过ssh连接转发它,以便remote-server-ip
认为它正在从localhost:5555
接收连接localhost:5555
。
-L
constructs the tunnel, and -N
means don't do anything else on the connection. -L
构造隧道, -N
表示在连接上不做任何其他操作。
With that running in another shell, eg, a different Terminal window, on your local development machine, try to connect to a zeromq server at localhost:5050
, which will actually be the zeromq running on the remote server. 在本地开发机器上运行另一个shell(例如,不同的终端窗口)时,尝试连接到localhost:5050
处的zeromq服务器,该服务器实际上是在远程服务器上运行的zeromq。
You could use 5555:localhost:5555
in the ssh command above, but I find that can be confusing and often conflicts with a local copy of the same service. 您可以在上面的ssh命令中使用5555:localhost:5555
,但我发现这可能会造成混淆并且经常与同一服务的本地副本冲突。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.