Skip to content

Instantly share code, notes, and snippets.

@dovideh
Last active July 16, 2024 15:42
Show Gist options
  • Save dovideh/e0aebf203f9280ead466 to your computer and use it in GitHub Desktop.
Save dovideh/e0aebf203f9280ead466 to your computer and use it in GitHub Desktop.
Paramiko Connect via proxy
#!/usr/bin/env python
#-*- coding:utf8 -*-
# sources
# 1. https://gist.github.com/tell-k/4943359#file-paramiko_proxycommand_sample-py-L11
# 2. https://github.com/paramiko/paramiko/pull/97
# info: http://bitprophet.org/blog/2012/11/05/gateway-solutions/
# local -> proxy-server -> dest-server
# ~/.ssh/config
#
# Host proxy-server
# User hoge
# HostName proxy.example.com
# IdentityFile ~/.ssh/id_rsa_proxy
#
# Host dest-server
# User fuga
# HostName proxy.example.com
# IdentityFile ~/.ssh/id_rsa_dest
# ProxyCommand ssh proxy-server nc %h %p
#
import os
import sys
import paramiko
def test_client(host_name):
conf = paramiko.SSHConfig()
conf.parse(open(os.path.expanduser('~/.ssh/config')))
host = conf.lookup(host_name)
client = paramiko.SSHClient()
client.load_system_host_keys()
client.set_missing_host_key_policy(paramiko.AutoAddPolicy())
client.connect(
host['hostname'], username=host['user'],
# if you have a key file
# key_filename=host['identityfile'],
password='yourpassword',
sock=paramiko.ProxyCommand(host.get('proxycommand'))
)
stdin, stdout, stderr = client.exec_command('command to run on dest-host')
print stdout.read()
if __name__ == '__main__':
test_client(sys.argv[1])
@andrejesusdasilva
Copy link

Any help is appreciated here.

Try this @JaldhiPandya:
ProxyCommand ssh -q -W %h:%p proxy-server

one more thing, here I needed to set the port in my "dest-server".

Hope this helps you

@nikita01021998
Copy link

What argument do we need to give in expanduser() in the paramiko-proxy.py code?

@GaetanLepage
Copy link

I can't get ssh working through a bastion: I always get the error paramiko.ssh_exception.SSHException: Error reading SSH protocol banner.
Did some of you encountered the same issue ?

@hqqns
Copy link

hqqns commented May 20, 2021

Ty Ty Ty

Live saver!

@Runekeon
Copy link

Any ideas on passing CertificateFile and identityfile in the proxy commands?
This is what the working ssh config looks like

TCPKeepAlive yes
ServerAliveCountMax 20
ServerAliveInterval 15

Host <vm name>
    Hostname <vm ip>
    IdentityFile /c/Users/<my ntid>/.ssh/autobahn_rsa
    CertificateFile /c/Users/<my ntid>/.ssh/autobahn_rsa-cert.pub
    ProxyCommand ssh -qx -i /c/Users/<my ntid>/.ssh/autobahn_rsa -o "CertificateFile /c/Users/<my ntid>/.ssh/autobahn_rsa-cert.pub" -o "TCPKeepAlive yes" -o "ServerAliveCountMax 20" -o "ServerAliveInterval 15" <proxy user>@<proxy host> -W %h:%p

I use this from git bash with a command like this ssh my_ntid@vm_host

I tried the above but getting

Traceback (most recent call last):
  File "C:\Users\sfager001\AppData\Local\Programs\Python\Python39\lib\site-packages\paramiko\proxy.py", line 107, in recv
    r, w, x = select([self.process.stdout], [], [], select_timeout)
OSError: [WinError 10038] An operation was attempted on something that is not a socket

@sourcecodemage
Copy link

I don't know how this works, but it worked for me for access a host via a jumphost. I tried the proxycommand and got "paramiko.ssh_exception.SSHException: Error reading SSH protocol banner" error,

This just works...ask long as the workstation has propert ssh config file!

@doomedraven
Copy link

thank you a lot

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment