我正在尝试与Paramiko设置跳转主机连接。
这是~/.ssh/config
中的设置
Host jump.csail.mit.edu
GSSAPIAuthentication yes
GSSAPIKeyExchange yes
VerifyHostKeyDNS yes
Host *.csail.mit.edu !jump.csail.mit.edu 128.52.* 128.30.* 128.31.*
ProxyCommand ssh -W %h:%p jump.csail.mit.edu
GSSAPIAuthentication yes
GSSAPIDelegateCredentials yes
GSSAPIKeyExchange yes
如果我从终端连接,它就可以工作。
我还找到了用于Paramiko跳转主机连接的this code,我想知道应该根据上述ssh配置设置来设置
jumpbox_public_addr
和jumpbox_private_addr
吗?import os
import paramiko
ssh_key_filename = os.getenv('HOME') + '/.ssh/id_rsa'
jumpbox_public_addr = '168.128.52.199'
jumpbox_private_addr = '10.0.5.10'
target_addr = '10.0.5.20'
jumpbox=paramiko.SSHClient()
jumpbox.set_missing_host_key_policy(paramiko.AutoAddPolicy())
jumpbox.connect(jumpbox_public_addr, username='root', key_filename=ssh_key_filename)
jumpbox_transport = jumpbox.get_transport()
src_addr = (jumpbox_private_addr, 22)
dest_addr = (target_addr, 22)
jumpbox_channel = jumpbox_transport.open_channel("direct-tcpip", dest_addr, src_addr)
target=paramiko.SSHClient()
target.set_missing_host_key_policy(paramiko.AutoAddPolicy())
target.connect(target_addr, username='root', key_filename=ssh_key_filename, sock=jumpbox_channel)
stdin, stdout, stderr = target.exec_command("ifconfig")
for line in stdout.read().split(b'\n'):
print(str(line))
target.close()
jumpbox.close()
谢谢!
最佳答案
jumpbox_public_addr
是跳转服务器的地址,应该是jump.csail.mit.edu
。jumpbox_private_addr
( src_addr
的Transport.open_channel
参数)是从jump.csail.mit.edu
到目标服务器的连接的源地址。通常,您无需担心(因为您无需考虑大多数TCP连接的源地址和端口)。并且它绝对不应该是端口22。以下应该告诉服务器使用默认值:
src_addr = ("0.0.0.0", 0)
关于python - 使用Paramiko实现跳转主机(端口转发)时涉及的主机/IP地址和端口的说明,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/61162049/