sshtunnel 键盘交互
sshtunnel keyboard-interactive
对于 docs.
中给出的第二个示例(图 2),我想使用无需身份验证的 sshtunnel 作为密码或私钥
来自文档(针对私有服务器部分稍作修改):
----------------------------------------------------------------------
|
-------------+ | +----------+ +---------
LOCAL | | | REMOTE | | PRIVATE
CLIENT | <== SSH ========> | SERVER | <== SSH ==> | SERVER
-------------+ | +----------+ +---------
|
FIREWALL
----------------------------------------------------------------------
允许的身份验证方法是 Erick's post
中所述的“键盘交互”(多步身份验证)
所以我已经从上面得到的是一个 paramiko 传输对象和一个 paramiko 通道对象。我的问题:
如何将这两个对象插入 sshtunnel 转发器 class 以在 unix shell(本地端口转发)中实现类似的功能:
ssh -L localhost:port-local-client:PRIVATE_SERVER:port-private-server user@REMOTE_SERVER
以下是 Erick post 的一些示例代码:
我想要实现的是将传输用于进一步的 cmd,见下文 ...
import forward # the forward.py script, referenced by Kirk
#Create a socket and connect it to PORT on the REMOTE_SERVER
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
sock.connect(("REMOTE_SERVER", PORT))
#Make a Paramiko Transport object using the socket
transport = paramiko.Transport(sock)
#Tell Paramiko that the Transport is going to be used as a client
transport.start_client(timeout=10)
#Begin authentication with "my_handler" being a callable which returns the server prompt-list
transport.auth_interactive(USERNAME, my_handler)
# this doesn't come back, since class "ForwardServer" ... serve_forever() ...
forward.forward_tunnel(PORT, "PRIVATE_SERVER", PORT, transport)
# However, what I'd like to accomplish is to "surf" the transport /channel and
# operate cmds on it as such:
#Opening a session creates a channel along the socket to the server
channel = transport.open_session(timeout=10)
#Now the channel can be used to execute commands
stdout = channel.exec_command("touch Hello_Private_Server!")
基本上我是在这两行之后...
# span the local port forwarding (ssh -L)
REMOTE_SERVER_Channel = transport.open_channel("direct-tcpip", (PRIVATE_SERVER, PORT), (LOCAL_CLIENT, PORT))
# create a new paramiko-client (with corresponding policy)
...
# and crack it open with the distant channel
tunnelClient.connect(PRIVATE_SERVER, username=ssh-USERNAME, password=ssh-PASSWORD, sock=REMOTE_SERVER_Channel)
那么,您怎么看,这种尝试是否太过'wordy',或者我是否有效地使用了 paramiko 类(通道、客户端、传输)?
对于 docs.
中给出的第二个示例(图 2),我想使用无需身份验证的 sshtunnel 作为密码或私钥来自文档(针对私有服务器部分稍作修改):
----------------------------------------------------------------------
|
-------------+ | +----------+ +---------
LOCAL | | | REMOTE | | PRIVATE
CLIENT | <== SSH ========> | SERVER | <== SSH ==> | SERVER
-------------+ | +----------+ +---------
|
FIREWALL
----------------------------------------------------------------------
允许的身份验证方法是 Erick's post
中所述的“键盘交互”(多步身份验证)所以我已经从上面得到的是一个 paramiko 传输对象和一个 paramiko 通道对象。我的问题:
如何将这两个对象插入 sshtunnel 转发器 class 以在 unix shell(本地端口转发)中实现类似的功能:
ssh -L localhost:port-local-client:PRIVATE_SERVER:port-private-server user@REMOTE_SERVER
以下是 Erick post 的一些示例代码: 我想要实现的是将传输用于进一步的 cmd,见下文 ...
import forward # the forward.py script, referenced by Kirk
#Create a socket and connect it to PORT on the REMOTE_SERVER
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
sock.connect(("REMOTE_SERVER", PORT))
#Make a Paramiko Transport object using the socket
transport = paramiko.Transport(sock)
#Tell Paramiko that the Transport is going to be used as a client
transport.start_client(timeout=10)
#Begin authentication with "my_handler" being a callable which returns the server prompt-list
transport.auth_interactive(USERNAME, my_handler)
# this doesn't come back, since class "ForwardServer" ... serve_forever() ...
forward.forward_tunnel(PORT, "PRIVATE_SERVER", PORT, transport)
# However, what I'd like to accomplish is to "surf" the transport /channel and
# operate cmds on it as such:
#Opening a session creates a channel along the socket to the server
channel = transport.open_session(timeout=10)
#Now the channel can be used to execute commands
stdout = channel.exec_command("touch Hello_Private_Server!")
基本上我是在这两行之后...
# span the local port forwarding (ssh -L)
REMOTE_SERVER_Channel = transport.open_channel("direct-tcpip", (PRIVATE_SERVER, PORT), (LOCAL_CLIENT, PORT))
# create a new paramiko-client (with corresponding policy)
...
# and crack it open with the distant channel
tunnelClient.connect(PRIVATE_SERVER, username=ssh-USERNAME, password=ssh-PASSWORD, sock=REMOTE_SERVER_Channel)
那么,您怎么看,这种尝试是否太过'wordy',或者我是否有效地使用了 paramiko 类(通道、客户端、传输)?