为了访问远程主机,我们需要先登录到 jumphost1,然后再登录到 jumphost2。为此,我们正在尝试创建一个隧道,如下面的 python 脚本所示。
我这个连接的主要目的是执行一个脚本脚本并将输出重定向到脚本所在的相同位置 脚本位置是本地机器,pyc 文件将从那里创建隧道并连接远程机器。
添加信息:两个跳转主机都是使用密码启用的 sshkeygen。所以它会询问密码。
[root@centseven ~]# cat pyc
import paramiko
from sshtunnel import SSHTunnelForwarder
with SSHTunnelForwarder(
('1.5.18.1', 22),
ssh_username='user',
ssh_pkey="/root/.ssh/id_rsa",
ssh_private_key_password="userpass",
remote_bind_address=("1.15.18.1", 22),
local_bind_address=('127.0.0.1', 1111)
) as tunnel:
client = paramiko.SSHClient()
client.load_system_host_keys()
client.set_missing_host_key_policy(paramiko.AutoAddPolicy())
client.connect(hostname=127.0.0.1, port=1111, username=root, password=remotepass)
# do some operations with client session
stdin, stdout, stderr = client.exec_command("./script >> output.txt")
print stdout.channel.recv_exit_status() # status is 0
client.close()
print('FINISH!')
当前建议的更改错误,它现在要求我输入密码并且在输入密码时出现以下错误
# python pyc
Enter passphrase for key '/root/.ssh/id_rsa':
2017-05-14 23:44:34,322| ERROR | Secsh channel 0 open FAILED: open failed: Administratively prohibited
2017-05-14 23:44:34,337| ERROR | Could not establish connection from ('127.0.0.1', 1111) to remote side of the tunnel
2017-05-14 23:44:34,338| ERROR | Exception: Error reading SSH protocol banner
2017-05-14 23:44:34,339| ERROR | Traceback (most recent call last):
2017-05-14 23:44:34,339| ERROR | File "/root/.pyenv/versions/ansible2/lib/python2.7/site-packages/paramiko/transport.py", line 1740, in run
2017-05-14 23:44:34,339| ERROR | self._check_banner()
2017-05-14 23:44:34,339| ERROR | File "/root/.pyenv/versions/ansible2/lib/python2.7/site-packages/paramiko/transport.py", line 1888, in _check_banner
2017-05-14 23:44:34,340| ERROR | raise SSHException('Error reading SSH protocol banner' + str(e))
2017-05-14 23:44:34,340| ERROR | SSHException: Error reading SSH protocol banner
2017-05-14 23:44:34,340| ERROR |
Traceback (most recent call last):
File "pyc", line 16, in <module>
client.connect(hostname="127.0.0.1",port=1111,username="root",password="nasadmin")
File "/root/.pyenv/versions/ansible2/lib/python2.7/site-packages/paramiko/client.py", line 338, in connect
t.start_client()
File "/root/.pyenv/versions/ansible2/lib/python2.7/site-packages/paramiko/transport.py", line 493, in start_client
raise e
paramiko.ssh_exception.SSHException: Error reading SSH protocol banner
编辑1
python stack.py
Enter passphrase for key '/root/.ssh/id_rsa': 2017-05-15 00:14:24,437| ERROR | Exception: Error reading SSH protocol banner
2017-05-15 00:14:24,439| ERROR | Traceback (most recent call last):
2017-05-15 00:14:24,439| ERROR | File "/root/.pyenv/versions/ansible2/lib/python2.7/site-packages/paramiko/transport.py", line 1740, in run
2017-05-15 00:14:24,440| ERROR | self._check_banner()
2017-05-15 00:14:24,440| ERROR | File "/root/.pyenv/versions/ansible2/lib/python2.7/site-packages/paramiko/transport.py", line 1888, in _check_banner
2017-05-15 00:14:24,440| ERROR | raise SSHException('Error reading SSH protocol banner' + str(e))
2017-05-15 00:14:24,440| ERROR | SSHException: Error reading SSH protocol banner
2017-05-15 00:14:24,440| ERROR |
2017-05-15 00:14:24,442| ERROR | Could not connect to gateway remotehost:22 : Error reading SSH protocol banner
Traceback (most recent call last):
File "stack.py", line 9, in <module>
remote_bind_address=("remotehost", 22)
File "/root/.pyenv/versions/ansible2/lib/python2.7/site-packages/sshtunnel.py", line 1482, in __enter__
self.start()
File "/root/.pyenv/versions/ansible2/lib/python2.7/site-packages/sshtunnel.py", line 1224, in start
reason='Could not establish session to SSH gateway')
File "/root/.pyenv/versions/ansible2/lib/python2.7/site-packages/sshtunnel.py", line 1036, in _raise
raise exception(reason)
sshtunnel.BaseSSHTunnelForwarderError: Could not establish session to SSH gateway
.ssh/config
## lo8
Host jump1-*
User user
IdentityFile ~/.ssh/id_rsa
ForwardAgent yes
ServerAliveInterval 60
ServerAliveCountMax 12
Host jump01-temporary
Hostname HostIP
Port 2222
Host jump02
Hostname HostIP
Port 2222
Host jump01
Hostname HostIP
Port 22
ProxyCommand ssh -W %h:%p jump01
Host jump02
Hostname HostIP
Port 22
ProxyCommand ssh -W %h:%p jump02
Host Remote host
Hotname HostIP
有2个我们需要连接本地机器的跳转服务器 --> JUMP1 --> Jump2 --> Remte Host
最佳答案
对于异常:
改变
client.connect(主机名=127.0.0.1,端口=1111,用户名=root,密码=nasadmin)
到
client.connect(hostname="127.0.0.1",port=1111,username="root",password="nasadmin")
它们是字符串,不是变量。
更新
在使用 centos6.9 中的默认 ssh 设置修复后,您的代码测试正常,然后我认为这是系统的 ssh 错误 administratively prohibited 的问题:当我设置 AllowTcpForwarding ,重启sshd,报错就来了remote_bind_address的/etc/ssh/sshd_config中没有
2017-05-17 16:11:09,475| ERROR | Secsh channel 0 open FAILED: open failed: Administratively prohibited
2017-05-17 16:11:09,478| ERROR | Could not establish connection from ('127.0.0.1', 3333) to remote side of the tunnel
2017-05-17 16:11:09,479| ERROR | Exception: Error reading SSH protocol banner
2017-05-17 16:11:09,481| ERROR | Traceback (most recent call last):
2017-05-17 16:11:09,481| ERROR | File "/usr/lib/python2.7/dist-packages/paramiko/transport.py", line 1723, in run
2017-05-17 16:11:09,481| ERROR | self._check_banner()
2017-05-17 16:11:09,481| ERROR | File "/usr/lib/python2.7/dist-packages/paramiko/transport.py", line 1871, in _check_banner
2017-05-17 16:11:09,482| ERROR | raise SSHException('Error reading SSH protocol banner' + str(e))
2017-05-17 16:11:09,482| ERROR | SSHException: Error reading SSH protocol banner
2017-05-17 16:11:09,482| ERROR |
更多细节见ssh-tunneling-error-channel-1-open-failed-administratively-prohibited-open
祝你好运!
关于python - 通过 Python paramiko 的 SSH 隧道,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/43891181/