sshtunnel键盘交互式[重复]

Posted 2023-03-23

【中文标题】sshtunnel键盘交互式[重复]

【英文标题】：sshtunnel keyboard-interactive [duplicate]

【发布时间】：2020-11-06 09:35:27

【问题描述】：

对于docs 中给出的第二个示例（图 2），我想使用未经身份验证的 sshtunnel 来获取密码或私钥。

来自文档（针对私有服务器部分稍作修改）：

----------------------------------------------------------------------

                            |
-------------+              |    +----------+               +---------
    LOCAL    |              |    |  REMOTE  |               | PRIVATE
    CLIENT   | <== SSH ========> |  SERVER  | <== SSH ==>   | SERVER
-------------+              |    +----------+               +---------
                            |
                         FIREWALL

----------------------------------------------------------------------

允许的身份验证方法是“键盘交互”（多步身份验证），如Erick's post 中所述

所以我从上面已经有了一个 paramiko 传输和一个 paramiko 通道对象。我的问题： 如何将这两个对象插入 sshtunnel Forwarder 类以在 unix shell 中实现类似的功能（本地端口转发）：ssh -L localhost:port-local-client:PRIVATE_SERVER:port-private-server user@REMOTE_SERVER

以下是 Erick 帖子中的一些示例代码： 我想要实现的是将传输用于进一步的 cmd，见下文...

import forward # the forward.py script, referenced by Kirk

#Create a socket and connect it to PORT on the REMOTE_SERVER
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
sock.connect(("REMOTE_SERVER", PORT))

#Make a Paramiko Transport object using the socket
transport = paramiko.Transport(sock)

#Tell Paramiko that the Transport is going to be used as a client
transport.start_client(timeout=10)

#Begin authentication with "my_handler" being a callable which returns the server prompt-list
transport.auth_interactive(USERNAME, my_handler)

# this doesn't come back, since class "ForwardServer" ... serve_forever() ...
forward.forward_tunnel(PORT, "PRIVATE_SERVER", PORT, transport)

# However, what I'd like to accomplish is to "surf" the transport /channel and
# operate cmds on it as such:

#Opening a session creates a channel along the socket to the server
channel = transport.open_session(timeout=10)

#Now the channel can be used to execute commands
stdout = channel.exec_command("touch Hello_Private_Server!")

【问题讨论】：

***.com/a/12106387/2430857 似乎是你所追求的

谢谢！ Transport class 看起来很有希望：request_port_forward(address, port, handler=None)

所以最后我不需要 sshtunnel，只需要 paramiko。有关使用 paramiko 完成 ssh -L 选项的方法，请参见下文...非常感谢 Martin，指向正确的链接！

【参考方案1】：

基本上我是在这两行之后......

# span the local port forwarding (ssh -L)
REMOTE_SERVER_Channel = transport.open_channel("direct-tcpip", (PRIVATE_SERVER, PORT), (LOCAL_CLIENT, PORT))

# create a new paramiko-client (with corresponding policy)
...
# and crack it open with the distant channel
tunnelClient.connect(PRIVATE_SERVER, username=ssh-USERNAME, password=ssh-PASSWORD, sock=REMOTE_SERVER_Channel)

那么，您认为这种尝试是否过于“罗嗦”，还是我有效地使用了 paramiko 类（Channel、Client、Transport）？