[英]DSA key forwarding using Paramiko?
我正在使用Paramiko在遠程服務器上執行bash腳本。 在其中一些腳本中,有與其他服務器的ssh連接。 如果我只使用bash,沒有Python,我的DSA密鑰將被第一個遠程服務器上的bash腳本轉發和使用,以連接到第二個遠程服務器。 當我使用Paramiko時並非如此。
Bash示例:
Jean@mydesktop:~ & ssh root@firstserver
root@firstserver:~ # ssh root@secondserver hostname
secondserver.mydomain.org
使用Paramiko:
#!/usr/bin/python3
# -*- coding: utf-8 -*-
import paramiko
class SSHSession:
def __init__(self, server_address, user='root', port=22):
self.connected = False
self.server_address = server_address
self.user = user
self.port = port
def connect(self, clear_channel=True):
try:
if self.server_address == None:
raise ValueError('No hostname')
except:
raise ValueError('No hostname')
else:
try:
self.ssh_client = paramiko.SSHClient()
self.ssh_client.set_missing_host_key_policy(paramiko.AutoAddPolicy())
self.ssh_client.connect(self.server_address, username=self.user)
#self.transport = self.ssh_client.get_transport()
#self.channel = self.transport.open_forward_agent_channel()
self.channel = self.ssh_client.invoke_shell()
except:
self.connected = False
return False
else:
self.connected = True
return True
def exec_command(self, command, newline='\r'):
if not self.connected:
raise Exception('Not connected')
else:
timeout = 31536000 # 365 days in seconds
self.channel.settimeout(timeout)
line_buffer = ''
channel_buffer = ''
end_string = 'CLIENT_EXPECT_CMD_OK'
print('[SEND ] >>', command)
self.channel.send(command + ' ; echo ' + end_string + newline)
while True:
channel_buffer = self.channel.recv(1).decode('UTF-8')
if len(channel_buffer) == 0:
raise Exception('connection lost with server: ' + self.server_address)
break
channel_buffer = channel_buffer.replace('\r', '')
if channel_buffer != '\n':
line_buffer += channel_buffer
else:
if line_buffer == end_string:
break
print('[RECEIVE] <<', line_buffer)
line_buffer = ''
def disconnect(self):
self.ssh_client.close()
def __enter__(self):
self.connect()
return self
def __exit__(self, _type, value, traceback):
self.disconnect()
if __name__ == "__main__":
server_address = 'firstserver'
ssh_user = 'root'
with SSHSession(server_address) as ssh_session:
ssh_session.exec_command('hostname')
ssh_session.exec_command('ssh root@secondserver hostname')
輸出是:
[SEND ] >> hostname
[RECEIVE] << [root@firstserver ~]# hostname ; echo CLIENT_EXPECT_CMD_OK
[RECEIVE] << firstserver.mydomain.fr
[SEND ] >> ssh root@secondserver hostname
[RECEIVE] << [root@firstserver ~]# ssh root@secondserver hostname ; echo CLIENT_EXPECT_CMD_OK
[RECEIVE] << Permission denied (publickey,gssapi-keyex,gssapi-with-mic).
我試過了:
self.transport = self.ssh_client.get_transport()
self.channel = self.transport.open_forward_agent_channel()
代替 :
self.channel = self.ssh_client.invoke_shell()
但后來我收到一個錯誤:
paramiko.ssh_exception.ChannelException: Administratively prohibited
有人知道這是否可能? 我找到了一些建議,就是這樣,但我卻找不到如何做到這一點。
好吧現在有效。 我找到了這些有用的帖子:
添加paramiko ssh代理轉發(可選)#4100
open_forward_agent_channel與open_session#89
最終的代碼是:
#!/usr/bin/python3
# -*- coding: utf-8 -*-
import paramiko
class SSHSession:
def __init__(self, server_address, user='root', port=22):
self.connected = False
self.server_address = server_address
self.user = user
self.port = port
def connect(self):
try:
self.ssh_client = paramiko.SSHClient()
self.ssh_client.set_missing_host_key_policy(paramiko.AutoAddPolicy())
self.ssh_client.connect(self.server_address, username=self.user)
self.transport = self.ssh_client.get_transport()
self.agent_channel = self.transport.open_session()
self.agent_handler = paramiko.agent.AgentRequestHandler(self.agent_channel)
self.channel = self.ssh_client.invoke_shell()
except:
self.connected = False
else:
self.connected = True
return self.connected
def exec_command(self, command, newline='\r'):
if not self.connected:
raise Exception('Not connected')
else:
timeout = 31536000 # 365 days in seconds
self.channel.settimeout(timeout)
line_buffer = ''
channel_buffer = ''
end_string = 'CLIENT_EXPECT_CMD_OK'
print('[SEND ] >>', command)
self.channel.send(command + ' ; echo ' + end_string + newline)
while True:
channel_buffer = self.channel.recv(1).decode('UTF-8')
if len(channel_buffer) == 0:
raise Exception('connection lost with server: ' + self.server_address)
break
channel_buffer = channel_buffer.replace('\r', '')
if channel_buffer != '\n':
line_buffer += channel_buffer
else:
if line_buffer == end_string:
break
print('[RECEIVE] <<', line_buffer)
line_buffer = ''
def disconnect(self):
self.ssh_client.close()
def __enter__(self):
self.connect()
return self
def __exit__(self, _type, value, traceback):
self.disconnect()
if __name__ == "__main__":
server_address = 'firstserver'
ssh_user = 'root'
with SSHSession(server_address) as ssh_session:
ssh_session.exec_command('hostname')
ssh_session.exec_command('ssh root@secondserver hostname')
輸出是:
[SEND ] >> hostname
[RECEIVE] << [root@firstserver ~]# hostname ; echo CLIENT_EXPECT_CMD_OK
[RECEIVE] << firstserver.mydomain.fr
[SEND ] >> ssh root@secondserver hostname
[RECEIVE] << [root@firstserver ~]# ssh root@secondserver hostname ; echo CLIENT_EXPECT_CMD_OK
[RECEIVE] << secondserver.mydomain.fr
啟用代理轉發的代碼的重要部分是:
self.agent_channel = self.transport.open_session()
self.agent_handler = paramiko.agent.AgentRequestHandler(self.agent_channel)
您應該在連接時設置key_filename
:
key_filename(str或list(str)) - 要嘗試進行身份驗證的可選私鑰的文件名或文件名列表
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.