Last active
July 16, 2024 15:42
-
-
Save dovideh/e0aebf203f9280ead466 to your computer and use it in GitHub Desktop.
Paramiko Connect via proxy
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env python | |
#-*- coding:utf8 -*- | |
# sources | |
# 1. https://gist.github.com/tell-k/4943359#file-paramiko_proxycommand_sample-py-L11 | |
# 2. https://github.com/paramiko/paramiko/pull/97 | |
# info: http://bitprophet.org/blog/2012/11/05/gateway-solutions/ | |
# local -> proxy-server -> dest-server | |
# ~/.ssh/config | |
# | |
# Host proxy-server | |
# User hoge | |
# HostName proxy.example.com | |
# IdentityFile ~/.ssh/id_rsa_proxy | |
# | |
# Host dest-server | |
# User fuga | |
# HostName proxy.example.com | |
# IdentityFile ~/.ssh/id_rsa_dest | |
# ProxyCommand ssh proxy-server nc %h %p | |
# | |
import os | |
import sys | |
import paramiko | |
def test_client(host_name): | |
conf = paramiko.SSHConfig() | |
conf.parse(open(os.path.expanduser('~/.ssh/config'))) | |
host = conf.lookup(host_name) | |
client = paramiko.SSHClient() | |
client.load_system_host_keys() | |
client.set_missing_host_key_policy(paramiko.AutoAddPolicy()) | |
client.connect( | |
host['hostname'], username=host['user'], | |
# if you have a key file | |
# key_filename=host['identityfile'], | |
password='yourpassword', | |
sock=paramiko.ProxyCommand(host.get('proxycommand')) | |
) | |
stdin, stdout, stderr = client.exec_command('command to run on dest-host') | |
print stdout.read() | |
if __name__ == '__main__': | |
test_client(sys.argv[1]) |
Ty Ty Ty
Live saver!
Any ideas on passing CertificateFile and identityfile in the proxy commands?
This is what the working ssh config looks like
TCPKeepAlive yes
ServerAliveCountMax 20
ServerAliveInterval 15
Host <vm name>
Hostname <vm ip>
IdentityFile /c/Users/<my ntid>/.ssh/autobahn_rsa
CertificateFile /c/Users/<my ntid>/.ssh/autobahn_rsa-cert.pub
ProxyCommand ssh -qx -i /c/Users/<my ntid>/.ssh/autobahn_rsa -o "CertificateFile /c/Users/<my ntid>/.ssh/autobahn_rsa-cert.pub" -o "TCPKeepAlive yes" -o "ServerAliveCountMax 20" -o "ServerAliveInterval 15" <proxy user>@<proxy host> -W %h:%p
I use this from git bash with a command like this ssh my_ntid@vm_host
I tried the above but getting
Traceback (most recent call last):
File "C:\Users\sfager001\AppData\Local\Programs\Python\Python39\lib\site-packages\paramiko\proxy.py", line 107, in recv
r, w, x = select([self.process.stdout], [], [], select_timeout)
OSError: [WinError 10038] An operation was attempted on something that is not a socket
I don't know how this works, but it worked for me for access a host via a jumphost. I tried the proxycommand and got "paramiko.ssh_exception.SSHException: Error reading SSH protocol banner" error,
This just works...ask long as the workstation has propert ssh config file!
thank you a lot
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I can't get ssh working through a bastion: I always get the error
paramiko.ssh_exception.SSHException: Error reading SSH protocol banner
.Did some of you encountered the same issue ?