DSA密钥转发使用Paramiko?

2024-10-02 00:21:58 发布

您现在位置:Python中文网/ 问答频道 /正文
8238 3

我使用Paramiko在远程服务器上执行bash脚本。在其中一些脚本中,存在到其他服务器的ssh连接。如果只使用bash而不使用Python,则DSA密钥将被第一个远程服务器上的bash脚本转发并使用,以连接到第二个远程服务器。当我使用Paramiko时,情况并非如此。在

Bash示例:

Jean@mydesktop:~ & ssh root@firstserver
root@firstserver:~ # ssh root@secondserver hostname
secondserver.mydomain.org

使用Paramiko:

^{pr2}$

输出为:

[SEND   ] >> hostname
[RECEIVE] << [root@firstserver ~]# hostname ; echo CLIENT_EXPECT_CMD_OK
[RECEIVE] << firstserver.mydomain.fr
[SEND   ] >> ssh root@secondserver hostname
[RECEIVE] << [root@firstserver ~]# ssh root@secondserver hostname ; echo CLIENT_EXPECT_CMD_OK
[RECEIVE] << Permission denied (publickey,gssapi-keyex,gssapi-with-mic).

我试过了:

self.transport = self.ssh_client.get_transport()
self.channel   = self.transport.open_forward_agent_channel()

而不是:

self.channel   = self.ssh_client.invoke_shell()

但是我得到一个错误:

paramiko.ssh_exception.ChannelException: Administratively prohibited

有人知道这是否可能吗?我发现一些说明就是这样,但我不知道怎么做。在


Tags: self服务器脚本bashparamiko远程channelroot
2条回答
网友
1楼 · 编辑于 2024-10-02 00:21:58

{cd1>连接时设置:

key_filename (str or list(str)) - the filename, or list of filenames, of optional private key(s) to try for authentication

网友
2楼 · 编辑于 2024-10-02 00:21:58

好的,现在可以了。我找到了这些有用的帖子:

Add paramiko ssh agent forwarding (optional) #4100
open_forward_agent_channel vs. open_session #89

最终代码是:

#!/usr/bin/python3
# -*- coding: utf-8 -*-

import paramiko

class SSHSession:


    def __init__(self, server_address, user='root', port=22):
        self.connected      = False
        self.server_address = server_address
        self.user           = user
        self.port           = port


    def connect(self):
        try:
            self.ssh_client = paramiko.SSHClient()
            self.ssh_client.set_missing_host_key_policy(paramiko.AutoAddPolicy())
            self.ssh_client.connect(self.server_address, username=self.user)
            self.transport     = self.ssh_client.get_transport()
            self.agent_channel = self.transport.open_session()
            self.agent_handler = paramiko.agent.AgentRequestHandler(self.agent_channel)
            self.channel       = self.ssh_client.invoke_shell()
        except:
            self.connected = False
        else:
            self.connected = True
        return self.connected

    def exec_command(self, command, newline='\r'):
        if not self.connected:
            raise Exception('Not connected')
        else:
            timeout = 31536000 # 365 days in seconds
            self.channel.settimeout(timeout)
            line_buffer    = ''
            channel_buffer = ''
            end_string     = 'CLIENT_EXPECT_CMD_OK'
            print('[SEND   ] >>', command)
            self.channel.send(command + ' ; echo ' + end_string + newline)
            while True:
                channel_buffer = self.channel.recv(1).decode('UTF-8')
                if len(channel_buffer) == 0:
                    raise Exception('connection lost with server: ' +     self.server_address)
                    break 
                channel_buffer  = channel_buffer.replace('\r', '')
                if channel_buffer != '\n':
                    line_buffer += channel_buffer
                else:
                    if line_buffer == end_string:
                        break
                    print('[RECEIVE] <<', line_buffer)
                    line_buffer   = ''


    def disconnect(self):
        self.ssh_client.close()


    def __enter__(self):
        self.connect()
        return self


    def __exit__(self, _type, value, traceback):
        self.disconnect()


if __name__ == "__main__":
    server_address = 'firstserver'
    ssh_user       = 'root'
    with SSHSession(server_address) as ssh_session:
        ssh_session.exec_command('hostname')
        ssh_session.exec_command('ssh root@secondserver hostname')

输出为:

^{pr2}$

启用代理转发的代码的重要部分是:

self.agent_channel = self.transport.open_session()
self.agent_handler = paramiko.agent.AgentRequestHandler(self.agent_channel)

相关问题 更多 >

    编程相关推荐

    热门问题