使用 Python 进行代理跳转
Posted
技术标签:
【中文标题】使用 Python 进行代理跳转【英文标题】:ProxyJump with Python 【发布时间】:2020-12-26 03:49:36 【问题描述】:我想实现类似ssh -J user@host1 user@host2
host1 和 host2 都只接受通过键盘交互的身份验证,而不接受公钥或常规密码身份验证。两台主机的密码相同。这些是我无法更改的限制,因此请不要“使用 ssh 密钥”答案:)
我已经在 paramiko 中尝试过这样做(见下文),但是我愿意使用其他 python 模块来实现这一点。
import paramiko
...
client1 = paramiko.SSHClient()
client1.set_missing_host_key_policy(paramiko.AutoAddPolicy())
client1.connect(host1, 22, username, password=password)
transport = client1.get_transport()
dest_addr = (host2, 22)
local_addr = ('127.0.0.1', 22)
channel = transport.open_channel("direct-tcpip", dest_addr, local_addr)
client2 = paramiko.SSHClient()
client2.set_missing_host_key_policy(paramiko.AutoAddPolicy())
client2.connect(host2, username, password=password, sock=channel)
但我收到以下错误:
Traceback (most recent call last):
File "/usr/local/lib/python3.7/site-packages/paramiko/transport.py", line 1528, in auth_password
return self.auth_interactive(username, handler)
File "/usr/local/lib/python3.7/site-packages/paramiko/transport.py", line 1633, in auth_interactive
return self.auth_handler.wait_for_response(my_event)
File "/usr/local/lib/python3.7/site-packages/paramiko/auth_handler.py", line 250, in wait_for_response
raise e
paramiko.ssh_exception.AuthenticationException: Authentication failed.
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File “./myscript”, line 50, in <module>
client2(host2, username, password=password, sock=channel)
File "/usr/local/lib/python3.7/site-packages/paramiko/client.py", line 446, in connect
passphrase,
File "/usr/local/lib/python3.7/site-packages/paramiko/client.py", line 764, in _auth
raise saved_exception
File "/usr/local/lib/python3.7/site-packages/paramiko/client.py", line 751, in _auth
self._transport.auth_password(username, password)
File "/usr/local/lib/python3.7/site-packages/paramiko/transport.py", line 1531, in auth_password
raise e
File "/usr/local/lib/python3.7/site-packages/paramiko/transport.py", line 1509, in auth_password
return self.auth_handler.wait_for_response(my_event)
File "/usr/local/lib/python3.7/site-packages/paramiko/auth_handler.py", line 250, in wait_for_response
raise e
paramiko.ssh_exception.BadAuthenticationType: Bad authentication type; allowed types: ['publickey', 'keyboard-interactive']
当 host1 和 host2 都使用 publickey 身份验证时,这一切都可以正常工作,但是在这个特定的示例中,我需要使用键盘交互。
编辑:
连接host2失败,paramiko日志文件内容如下:
INF [20200907-20:39:41.318] thr=1 paramiko.transport: Connected (version 2.0, client X)
INF [20200907-20:39:41.803] thr=1 paramiko.transport: Authentication (publickey) failed.
INF [20200907-20:39:41.960] thr=1 paramiko.transport: Authentication (publickey) failed.
INF [20200907-20:39:42.685] thr=1 paramiko.transport: Authentication (keyboard-interactive) successful!
INF [20200907-20:39:42.877] thr=2 paramiko.transport: Connected (version 2.0, client X)
INF [20200907-20:39:43.283] thr=2 paramiko.transport: Authentication (publickey) failed.
INF [20200907-20:39:43.444] thr=2 paramiko.transport: Authentication (publickey) failed.
INF [20200907-20:39:43.795] thr=2 paramiko.transport: Authentication (keyboard-interactive) failed.
【问题讨论】:
嗨@MartinPrikryl 我已将 paramiko 日志文件添加到问题中。我确实尝试过明确的auth_interactive
,但是我不确定如何通过我打开的direct-tcpip
传输通道来做到这一点。
【参考方案1】:
没关系,原来我的第二条连接线是错误的:
client2.connect(host2, username, password=password, sock=channel)
我没有指定第二个参数是什么:
client2.connect(host2, username=username, password=password, sock=channel)
或
client2.connect(host2, 22, username, password=password, sock=channel)
两者都按预期工作。
【讨论】:
以上是关于使用 Python 进行代理跳转的主要内容,如果未能解决你的问题,请参考以下文章
访问dubbo没有权限,通过ip进行跳转服务器,并通过有权限服务器代理访问