用Paramiko实现跳转主机(端口转发)涉及的hosts/IP个地址和端口的解释
Explanation of hosts/IP addresses and ports involved in implementation of jump host (port forwarding) with Paramiko
我正在尝试设置与 Paramiko 的跳转主机连接。
这是我在 ~/.ssh/config
中的设置
Host jump.csail.mit.edu
GSSAPIAuthentication yes
GSSAPIKeyExchange yes
VerifyHostKeyDNS yes
Host *.csail.mit.edu !jump.csail.mit.edu 128.52.* 128.30.* 128.31.*
ProxyCommand ssh -W %h:%p jump.csail.mit.edu
GSSAPIAuthentication yes
GSSAPIDelegateCredentials yes
GSSAPIKeyExchange yes
如果我从终端连接,它就可以工作。
我也找到了this code for Paramiko jump host connection 我不知道我应该根据上面的ssh配置设置jumpbox_public_addr和jumpbox_private_addr什么?
import os
import paramiko
ssh_key_filename = os.getenv('HOME') + '/.ssh/id_rsa'
jumpbox_public_addr = '168.128.52.199'
jumpbox_private_addr = '10.0.5.10'
target_addr = '10.0.5.20'
jumpbox=paramiko.SSHClient()
jumpbox.set_missing_host_key_policy(paramiko.AutoAddPolicy())
jumpbox.connect(jumpbox_public_addr, username='root', key_filename=ssh_key_filename)
jumpbox_transport = jumpbox.get_transport()
src_addr = (jumpbox_private_addr, 22)
dest_addr = (target_addr, 22)
jumpbox_channel = jumpbox_transport.open_channel("direct-tcpip", dest_addr, src_addr)
target=paramiko.SSHClient()
target.set_missing_host_key_policy(paramiko.AutoAddPolicy())
target.connect(target_addr, username='root', key_filename=ssh_key_filename, sock=jumpbox_channel)
stdin, stdout, stderr = target.exec_command("ifconfig")
for line in stdout.read().split(b'\n'):
print(str(line))
target.close()
jumpbox.close()
谢谢!
jumpbox_public_addr是你的跳转服务器地址,jump.csail.mit.edu.
应该是什么
jumpbox_private_addr(Transport.open_channel 的src_addr 参数)是从jump.csail.mit.edu 到目标服务器的连接源地址。通常你不关心那个(因为你不关心大多数 TCP 连接的源地址和端口)。它绝对不应该是端口 22。以下应该告诉服务器使用默认值:
src_addr = ("0.0.0.0", 0)
我正在尝试设置与 Paramiko 的跳转主机连接。
这是我在 ~/.ssh/config
Host jump.csail.mit.edu
GSSAPIAuthentication yes
GSSAPIKeyExchange yes
VerifyHostKeyDNS yes
Host *.csail.mit.edu !jump.csail.mit.edu 128.52.* 128.30.* 128.31.*
ProxyCommand ssh -W %h:%p jump.csail.mit.edu
GSSAPIAuthentication yes
GSSAPIDelegateCredentials yes
GSSAPIKeyExchange yes
如果我从终端连接,它就可以工作。
我也找到了this code for Paramiko jump host connection 我不知道我应该根据上面的ssh配置设置jumpbox_public_addr和jumpbox_private_addr什么?
import os
import paramiko
ssh_key_filename = os.getenv('HOME') + '/.ssh/id_rsa'
jumpbox_public_addr = '168.128.52.199'
jumpbox_private_addr = '10.0.5.10'
target_addr = '10.0.5.20'
jumpbox=paramiko.SSHClient()
jumpbox.set_missing_host_key_policy(paramiko.AutoAddPolicy())
jumpbox.connect(jumpbox_public_addr, username='root', key_filename=ssh_key_filename)
jumpbox_transport = jumpbox.get_transport()
src_addr = (jumpbox_private_addr, 22)
dest_addr = (target_addr, 22)
jumpbox_channel = jumpbox_transport.open_channel("direct-tcpip", dest_addr, src_addr)
target=paramiko.SSHClient()
target.set_missing_host_key_policy(paramiko.AutoAddPolicy())
target.connect(target_addr, username='root', key_filename=ssh_key_filename, sock=jumpbox_channel)
stdin, stdout, stderr = target.exec_command("ifconfig")
for line in stdout.read().split(b'\n'):
print(str(line))
target.close()
jumpbox.close()
谢谢!
jumpbox_public_addr是你的跳转服务器地址,jump.csail.mit.edu.
jumpbox_private_addr(Transport.open_channel 的src_addr 参数)是从jump.csail.mit.edu 到目标服务器的连接源地址。通常你不关心那个(因为你不关心大多数 TCP 连接的源地址和端口)。它绝对不应该是端口 22。以下应该告诉服务器使用默认值:
src_addr = ("0.0.0.0", 0)