Skip to content

Instantly share code, notes, and snippets.

@ovidiucs
Last active January 24, 2023 08:15
Embed
What would you like to do?
Paramiko Connect via proxy
#!/usr/bin/env python
#-*- coding:utf8 -*-
# sources
# 1. https://gist.github.com/tell-k/4943359#file-paramiko_proxycommand_sample-py-L11
# 2. https://github.com/paramiko/paramiko/pull/97
# info: http://bitprophet.org/blog/2012/11/05/gateway-solutions/
# local -> proxy-server -> dest-server
# ~/.ssh/config
#
# Host proxy-server
# User hoge
# HostName proxy.example.com
# IdentityFile ~/.ssh/id_rsa_proxy
#
# Host dest-server
# User fuga
# HostName proxy.example.com
# IdentityFile ~/.ssh/id_rsa_dest
# ProxyCommand ssh proxy-server nc %h %p
#
import os
import sys
import paramiko
def test_client(host_name):
conf = paramiko.SSHConfig()
conf.parse(open(os.path.expanduser('~/.ssh/config')))
host = conf.lookup(host_name)
client = paramiko.SSHClient()
client.load_system_host_keys()
client.set_missing_host_key_policy(paramiko.AutoAddPolicy())
client.connect(
host['hostname'], username=host['user'],
# if you have a key file
# key_filename=host['identityfile'],
password='yourpassword',
sock=paramiko.ProxyCommand(host.get('proxycommand'))
)
stdin, stdout, stderr = client.exec_command('command to run on dest-host')
print stdout.read()
if __name__ == '__main__':
test_client(sys.argv[1])
@nikita01021998
Copy link

What argument do we need to give in expanduser() in the paramiko-proxy.py code?

@GaetanLepage
Copy link

I can't get ssh working through a bastion: I always get the error paramiko.ssh_exception.SSHException: Error reading SSH protocol banner.
Did some of you encountered the same issue ?

@hqqns
Copy link

hqqns commented May 20, 2021

Ty Ty Ty

Live saver!

@Runekeon
Copy link

Any ideas on passing CertificateFile and identityfile in the proxy commands?
This is what the working ssh config looks like

TCPKeepAlive yes
ServerAliveCountMax 20
ServerAliveInterval 15

Host <vm name>
    Hostname <vm ip>
    IdentityFile /c/Users/<my ntid>/.ssh/autobahn_rsa
    CertificateFile /c/Users/<my ntid>/.ssh/autobahn_rsa-cert.pub
    ProxyCommand ssh -qx -i /c/Users/<my ntid>/.ssh/autobahn_rsa -o "CertificateFile /c/Users/<my ntid>/.ssh/autobahn_rsa-cert.pub" -o "TCPKeepAlive yes" -o "ServerAliveCountMax 20" -o "ServerAliveInterval 15" <proxy user>@<proxy host> -W %h:%p

I use this from git bash with a command like this ssh my_ntid@vm_host

I tried the above but getting

Traceback (most recent call last):
  File "C:\Users\sfager001\AppData\Local\Programs\Python\Python39\lib\site-packages\paramiko\proxy.py", line 107, in recv
    r, w, x = select([self.process.stdout], [], [], select_timeout)
OSError: [WinError 10038] An operation was attempted on something that is not a socket

@majorgear
Copy link

I don't know how this works, but it worked for me for access a host via a jumphost. I tried the proxycommand and got "paramiko.ssh_exception.SSHException: Error reading SSH protocol banner" error,

This just works...ask long as the workstation has propert ssh config file!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment