使用 Python 进行代理跳转

Posted

技术标签:

【中文标题】使用 Python 进行代理跳转【英文标题】:ProxyJump with Python 【发布时间】:2020-12-26 03:49:36 【问题描述】:

我想实现类似ssh -J user@host1 user@host2

host1 和 host2 都只接受通过键盘交互的身份验证,而不接受公钥或常规密码身份验证。两台主机的密码相同。这些是我无法更改的限制,因此请不要“使用 ssh 密钥”答案:)

我已经在 paramiko 中尝试过这样做(见下文),但是我愿意使用其他 python 模块来实现这一点。

import paramiko

...

client1 = paramiko.SSHClient()
client1.set_missing_host_key_policy(paramiko.AutoAddPolicy())
client1.connect(host1, 22, username, password=password)

transport = client1.get_transport()

dest_addr = (host2, 22)
local_addr = ('127.0.0.1', 22)
channel = transport.open_channel("direct-tcpip", dest_addr, local_addr)

client2 = paramiko.SSHClient()
client2.set_missing_host_key_policy(paramiko.AutoAddPolicy())
client2.connect(host2, username, password=password, sock=channel)

但我收到以下错误:

Traceback (most recent call last):
  File "/usr/local/lib/python3.7/site-packages/paramiko/transport.py", line 1528, in auth_password
    return self.auth_interactive(username, handler)
  File "/usr/local/lib/python3.7/site-packages/paramiko/transport.py", line 1633, in auth_interactive
    return self.auth_handler.wait_for_response(my_event)
  File "/usr/local/lib/python3.7/site-packages/paramiko/auth_handler.py", line 250, in wait_for_response
    raise e
paramiko.ssh_exception.AuthenticationException: Authentication failed.

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File “./myscript”, line 50, in <module>
    client2(host2, username, password=password, sock=channel)
  File "/usr/local/lib/python3.7/site-packages/paramiko/client.py", line 446, in connect
    passphrase,
  File "/usr/local/lib/python3.7/site-packages/paramiko/client.py", line 764, in _auth
    raise saved_exception
  File "/usr/local/lib/python3.7/site-packages/paramiko/client.py", line 751, in _auth
    self._transport.auth_password(username, password)
  File "/usr/local/lib/python3.7/site-packages/paramiko/transport.py", line 1531, in auth_password
    raise e
  File "/usr/local/lib/python3.7/site-packages/paramiko/transport.py", line 1509, in auth_password
    return self.auth_handler.wait_for_response(my_event)
  File "/usr/local/lib/python3.7/site-packages/paramiko/auth_handler.py", line 250, in wait_for_response
    raise e
paramiko.ssh_exception.BadAuthenticationType: Bad authentication type; allowed types: ['publickey', 'keyboard-interactive']

当 host1 和 host2 都使用 publickey 身份验证时,这一切都可以正常工作,但是在这个特定的示例中,我需要使用键盘交互。

编辑:

连接host2失败,paramiko日志文件内容如下:

INF [20200907-20:39:41.318] thr=1   paramiko.transport: Connected (version 2.0, client X)
INF [20200907-20:39:41.803] thr=1   paramiko.transport: Authentication (publickey) failed.
INF [20200907-20:39:41.960] thr=1   paramiko.transport: Authentication (publickey) failed.
INF [20200907-20:39:42.685] thr=1   paramiko.transport: Authentication (keyboard-interactive) successful!
INF [20200907-20:39:42.877] thr=2   paramiko.transport: Connected (version 2.0, client X)
INF [20200907-20:39:43.283] thr=2   paramiko.transport: Authentication (publickey) failed.
INF [20200907-20:39:43.444] thr=2   paramiko.transport: Authentication (publickey) failed.
INF [20200907-20:39:43.795] thr=2   paramiko.transport: Authentication (keyboard-interactive) failed.

【问题讨论】:

嗨@MartinPrikryl 我已将 paramiko 日志文件添加到问题中。我确实尝试过明确的auth_interactive,但是我不确定如何通过我打开的direct-tcpip 传输通道来做到这一点。 【参考方案1】:

没关系,原来我的第二条连接线是错误的:

client2.connect(host2, username, password=password, sock=channel)

我没有指定第二个参数是什么:

client2.connect(host2, username=username, password=password, sock=channel)

client2.connect(host2, 22, username, password=password, sock=channel)

两者都按预期工作。

【讨论】:

以上是关于使用 Python 进行代理跳转的主要内容,如果未能解决你的问题,请参考以下文章

使用RestSharp通过代理进行Web请求

访问dubbo没有权限,通过ip进行跳转服务器,并通过有权限服务器代理访问

powershell自动提示、快速跳转、代理设置

如何使用代理跳转(堡垒主机)通过 ssh 隧道连接到 mongodb 服务器

Cento7+Nginx反向代理实现多域名跳转

反向代理情况下配置nginx错误页面跳转