-
-
Save dovideh/e0aebf203f9280ead466 to your computer and use it in GitHub Desktop.
#!/usr/bin/env python | |
#-*- coding:utf8 -*- | |
# sources | |
# 1. https://gist.github.com/tell-k/4943359#file-paramiko_proxycommand_sample-py-L11 | |
# 2. https://github.com/paramiko/paramiko/pull/97 | |
# info: http://bitprophet.org/blog/2012/11/05/gateway-solutions/ | |
# local -> proxy-server -> dest-server | |
# ~/.ssh/config | |
# | |
# Host proxy-server | |
# User hoge | |
# HostName proxy.example.com | |
# IdentityFile ~/.ssh/id_rsa_proxy | |
# | |
# Host dest-server | |
# User fuga | |
# HostName proxy.example.com | |
# IdentityFile ~/.ssh/id_rsa_dest | |
# ProxyCommand ssh proxy-server nc %h %p | |
# | |
import os | |
import sys | |
import paramiko | |
def test_client(host_name): | |
conf = paramiko.SSHConfig() | |
conf.parse(open(os.path.expanduser('~/.ssh/config'))) | |
host = conf.lookup(host_name) | |
client = paramiko.SSHClient() | |
client.load_system_host_keys() | |
client.set_missing_host_key_policy(paramiko.AutoAddPolicy()) | |
client.connect( | |
host['hostname'], username=host['user'], | |
# if you have a key file | |
# key_filename=host['identityfile'], | |
password='yourpassword', | |
sock=paramiko.ProxyCommand(host.get('proxycommand')) | |
) | |
stdin, stdout, stderr = client.exec_command('command to run on dest-host') | |
print stdout.read() | |
if __name__ == '__main__': | |
test_client(sys.argv[1]) |
What argument do we need to give in expanduser() in the paramiko-proxy.py code?
I can't get ssh working through a bastion: I always get the error paramiko.ssh_exception.SSHException: Error reading SSH protocol banner
.
Did some of you encountered the same issue ?
Ty Ty Ty
Live saver!
Any ideas on passing CertificateFile and identityfile in the proxy commands?
This is what the working ssh config looks like
TCPKeepAlive yes
ServerAliveCountMax 20
ServerAliveInterval 15
Host <vm name>
Hostname <vm ip>
IdentityFile /c/Users/<my ntid>/.ssh/autobahn_rsa
CertificateFile /c/Users/<my ntid>/.ssh/autobahn_rsa-cert.pub
ProxyCommand ssh -qx -i /c/Users/<my ntid>/.ssh/autobahn_rsa -o "CertificateFile /c/Users/<my ntid>/.ssh/autobahn_rsa-cert.pub" -o "TCPKeepAlive yes" -o "ServerAliveCountMax 20" -o "ServerAliveInterval 15" <proxy user>@<proxy host> -W %h:%p
I use this from git bash with a command like this ssh my_ntid@vm_host
I tried the above but getting
Traceback (most recent call last):
File "C:\Users\sfager001\AppData\Local\Programs\Python\Python39\lib\site-packages\paramiko\proxy.py", line 107, in recv
r, w, x = select([self.process.stdout], [], [], select_timeout)
OSError: [WinError 10038] An operation was attempted on something that is not a socket
I don't know how this works, but it worked for me for access a host via a jumphost. I tried the proxycommand and got "paramiko.ssh_exception.SSHException: Error reading SSH protocol banner" error,
This just works...ask long as the workstation has propert ssh config file!
thank you a lot
one more thing, here I needed to set the port in my "dest-server".
Hope this helps you