-
-
Save tintoy/443c42ea3865680cd624039c4bb46219 to your computer and use it in GitHub Desktop.
| #!/usr/bin/env python3 | |
| import os | |
| import paramiko | |
| ssh_key_filename = os.getenv('HOME') + '/.ssh/id_rsa' | |
| jumpbox_public_addr = '168.128.52.199' | |
| jumpbox_private_addr = '10.0.5.10' | |
| target_addr = '10.0.5.20' | |
| jumpbox=paramiko.SSHClient() | |
| jumpbox.set_missing_host_key_policy(paramiko.AutoAddPolicy()) | |
| jumpbox.connect(jumpbox_public_addr, username='root', key_filename=ssh_key_filename) | |
| jumpbox_transport = jumpbox.get_transport() | |
| src_addr = (jumpbox_private_addr, 22) | |
| dest_addr = (target_addr, 22) | |
| jumpbox_channel = jumpbox_transport.open_channel("direct-tcpip", dest_addr, src_addr) | |
| target=paramiko.SSHClient() | |
| target.set_missing_host_key_policy(paramiko.AutoAddPolicy()) | |
| target.connect(target_addr, username='root', key_filename=ssh_key_filename, sock=jumpbox_channel) | |
| stdin, stdout, stderr = target.exec_command("ifconfig") | |
| for line in stdout.read().split(b'\n'): | |
| print(str(line)) | |
| target.close() | |
| jumpbox.close() |
This is awesome!
Thank you.
You’re welcome 🙂
Thank you 😀
I use the windows machine as jump box from where to fetch the jump box private address?
@tintoy Please help
that is your jump box ip, how you connect to that jump box server?
I launch it as VM inside Citrix and give jump box IP and key in the IP, username and password. Inside the machine, then I Putty to connect with the actual unix host
@doomedraven please help
Thank you 🙏
Alternative method paramiko/paramiko#1018 (comment)
Thanks 🙏🏻
Thanks a lot @tintoy this work like a charm !
Glad it’s useful! 🙂
@tintoy I'm getting an exception while execution of the command
line 1226, in _wait_for_event
paramiko.ssh_exception.SSHException: Channel closed
add on top for more details on your problem
import logging
logging.getLogger("paramiko.transport").setLevel(logging.DEBUG)
@doomedraven , I see that the connection is established successfully, but then it is closed for some reason. The default ssh session timeout of the target machine is 30 mins though. Please help to solve. The code is exactly as above with just the command replaced with command for the node where it is executed. Requested paramiko log is below
DEBUG:paramiko.transport:starting thread (client mode): 0x52a8e5e0
DEBUG:paramiko.transport:Local version/idstring: SSH-2.0-paramiko_3.1.0
DEBUG:paramiko.transport:Remote version/idstring: SSH-2.0-OpenSSH_7.4
INFO:paramiko.transport:Connected (version 2.0, client OpenSSH_7.4)
DEBUG:paramiko.transport:=== Key exchange possibilities ===
DEBUG:paramiko.transport:kex algos: curve25519-sha256, curve25519-sha256@libssh.org, ecdh-sha2-nistp256, ecdh-sha2-nistp384, ecdh-sha2-nistp521, diffie-hellman-group-exchange-sha256, diffie-hellman-group16-sha512, diffie-hellman-group18-sha512, diffie-hellman-group-exchange-sha1, diffie-hellman-group14-sha256, diffie-hellman-group14-sha1, diffie-hellman-group1-sha1
DEBUG:paramiko.transport:server key: ssh-rsa, rsa-sha2-512, rsa-sha2-256, ssh-dss
DEBUG:paramiko.transport:client encrypt: aes128-ctr, aes192-ctr, aes256-ctr, arcfour256, arcfour128, arcfour
DEBUG:paramiko.transport:server encrypt: aes128-ctr, aes192-ctr, aes256-ctr, arcfour256, arcfour128, arcfour
DEBUG:paramiko.transport:client mac: hmac-sha1, umac-64@openssh.com, hmac-ripemd160, hmac-sha2-256, hmac-sha2-512, hmac-ripemd160@openssh.com
DEBUG:paramiko.transport:server mac: hmac-sha1, umac-64@openssh.com, hmac-ripemd160, hmac-sha2-256, hmac-sha2-512, hmac-ripemd160@openssh.com
DEBUG:paramiko.transport:client compress: none, zlib@openssh.com
DEBUG:paramiko.transport:server compress: none, zlib@openssh.com
DEBUG:paramiko.transport:client lang:
DEBUG:paramiko.transport:server lang:
DEBUG:paramiko.transport:kex follows: False
DEBUG:paramiko.transport:=== Key exchange agreements ===
DEBUG:paramiko.transport:Kex: curve25519-sha256@libssh.org
DEBUG:paramiko.transport:HostKey: ssh-rsa
DEBUG:paramiko.transport:Cipher: aes128-ctr
DEBUG:paramiko.transport:MAC: hmac-sha2-256
DEBUG:paramiko.transport:Compression: none
DEBUG:paramiko.transport:=== End of kex handshake ===
DEBUG:paramiko.transport:kex engine KexCurve25519 specified hash_algo
DEBUG:paramiko.transport:Switch to new keys ...
DEBUG:paramiko.transport:Got EXT_INFO: {'server-sig-algs': b'rsa-sha2-256,rsa-sha2-512'}
DEBUG:paramiko.transport:userauth is OK
INFO:paramiko.transport:Auth banner: b'\S\nKernel \r on an \m\n\n'
INFO:paramiko.transport:Authentication (password) successful!
DEBUG:paramiko.transport:[chan 0] Max packet in: 32768 bytes
DEBUG:paramiko.transport:Received global request "hostkeys-00@openssh.com"
DEBUG:paramiko.transport:Rejecting "hostkeys-00@openssh.com" global request from server.
DEBUG:paramiko.transport:[chan 0] Max packet out: 32768 bytes
DEBUG:paramiko.transport:Secsh channel 0 opened.
DEBUG:paramiko.transport:starting thread (client mode): 0x52aca640
DEBUG:paramiko.transport:Local version/idstring: SSH-2.0-paramiko_3.1.0
DEBUG:paramiko.transport:Remote version/idstring: SSH-2.0-IPSSH-1.12.0
INFO:paramiko.transport:Connected (version 2.0, client IPSSH-1.12.0)
DEBUG:paramiko.transport:=== Key exchange possibilities ===
DEBUG:paramiko.transport:kex algos: ecdh-sha2-nistp256, diffie-hellman-group14-sha1, diffie-hellman-group1-sha1
DEBUG:paramiko.transport:server key: ssh-rsa
DEBUG:paramiko.transport:client encrypt: aes128-ctr, aes192-ctr, aes256-ctr, aes128-cbc, aes192-cbc, aes256-cbc, 3des-cbc, cast128-cbc, blowfish-cbc, arcfour, des-cbc
DEBUG:paramiko.transport:server encrypt: aes128-ctr, aes192-ctr, aes256-ctr, aes128-cbc, aes192-cbc, aes256-cbc, 3des-cbc, cast128-cbc, blowfish-cbc, arcfour, des-cbc
DEBUG:paramiko.transport:client mac: hmac-sha2-256, hmac-sha2-512, hmac-sha1-96, hmac-sha1, hmac-md5-96, hmac-md5
DEBUG:paramiko.transport:server mac: hmac-sha2-256, hmac-sha2-512, hmac-sha1-96, hmac-sha1, hmac-md5-96, hmac-md5
DEBUG:paramiko.transport:client compress: none
DEBUG:paramiko.transport:server compress: none
DEBUG:paramiko.transport:client lang:
DEBUG:paramiko.transport:server lang:
DEBUG:paramiko.transport:kex follows: False
DEBUG:paramiko.transport:=== Key exchange agreements ===
DEBUG:paramiko.transport:Kex: ecdh-sha2-nistp256
DEBUG:paramiko.transport:HostKey: ssh-rsa
DEBUG:paramiko.transport:Cipher: aes128-ctr
DEBUG:paramiko.transport:MAC: hmac-sha2-256
DEBUG:paramiko.transport:Compression: none
DEBUG:paramiko.transport:=== End of kex handshake ===
DEBUG:paramiko.transport:kex engine KexNistp256 specified hash_algo
DEBUG:paramiko.transport:Switch to new keys ...
DEBUG:paramiko.transport:Adding ssh-rsa host key for 10.136.94.57: b'81ab09258dda7e6f1a5f277d54f1e122'
DEBUG:paramiko.transport:userauth is OK
INFO:paramiko.transport:Auth banner: b'\r\nThis system is for use of authorized users only. Unauthorized access to this system is prohibited and may lead to legal or disciplinary action. All authorized and unauthorized activity on this system can be monitored and recorded for analysis and monitoring purposes. Evidences of such monitoring can be provided to law enforcement or other officials.\r\n\n\n'
INFO:paramiko.transport:Authentication (password) successful!
DEBUG:paramiko.transport:[chan 0] Max packet in: 32768 bytes
DEBUG:paramiko.transport:[chan 0] Max packet out: 4096 bytes
DEBUG:paramiko.transport:Secsh channel 0 opened.
DEBUG:paramiko.transport:[chan 0] EOF sent (0)
DEBUG:paramiko.transport:EOF in transport thread
DEBUG:paramiko.transport:[chan 0] EOF sent (0)
DEBUG:paramiko.transport:Dropping user packet because connection is dead.
DEBUG:paramiko.transport:Dropping user packet because connection is dead.
probably this helps https://stackoverflow.com/a/55796683 if no try to google that last error msg or dig into your server logs
@doomedraven I get this error:
Traceback (most recent call last):
File "/Users/cg/PyCharmProjects/ShalomNetSolution/FirewallBackUpTool/sns-backup.py", line 749, in
jbxConnect()
File "/Users/cg/PyCharmProjects/ShalomNetSolution/FirewallBackUpTool/sns-backup.py", line 686, in jbxConnect
jbxConnTransport = jbxConn.get_transport(timeout=10)
TypeError: get_transport() got an unexpected keyword argument 'timeout'
Any ideas guys?
@doomedraven, I'm sorry. I posted the wrong error. Below was the intended:
Traceback (most recent call last):
File "/Users/cg/PyCharmProjects/ShalomNetSolution/FirewallBackUpTool/sns-backup.py", line 759, in
jbxConnect()
File "/Users/cg/PyCharmProjects/ShalomNetSolution/FirewallBackUpTool/sns-backup.py", line 701, in jbxConnect
targetConn.exec_command("sh nameif")
File "/usr/local/lib/python3.9/site-packages/paramiko/client.py", line 525, in exec_command
chan = self._transport.open_session(timeout=timeout)
File "/usr/local/lib/python3.9/site-packages/paramiko/transport.py", line 920, in open_session
return self.open_channel(
File "/usr/local/lib/python3.9/site-packages/paramiko/transport.py", line 1062, in open_channel
raise e
paramiko.ssh_exception.ChannelException: ChannelException(4, 'Resource shortage')
Thank you for a prompt response.
@doomedraven found this link https://www.mail-archive.com/paramiko@lag.net/msg00415.html that has assisted me with remediating the issue of paramiko.ssh_exception.ChannelException: ChannelException(4, 'Resource shortage')
Issue now is the terminal just hangs and no output is displayed. Here's an excerpt of the code:
stdin, stdout, stderr = targetConn.exec_command("sh nameif")
# print the output
for line in stdout.read().split(b'\n'):
print(str(line))
idk why you tag me all the time, im not paramiko expert
@doomedraven no issues, I'll not tag you any further.
@tintoy any assistance will be greatly appreciated.
Sorry, I have no idea, either; I haven’t used Paramiko in years.
@tintoy thank you
I have the same problem with a Nokia OLT and ZTE LTE I do not know what happened this is my logging
DEBUG:invoke:Collection-driven: {}
DEBUG:invoke:System-wide config file has not been loaded yet, skipping
DEBUG:invoke:Per-user config file (C:\Users\Erik/.fabric.py): {}
DEBUG:invoke:Per-project config file has not been loaded yet, skipping
DEBUG:invoke:Environment variable config: {}
DEBUG:invoke:Runtime config file has not been loaded yet, skipping
DEBUG:invoke:Overrides: {}
DEBUG:invoke:Modifications: {'inline_ssh_env': True}
DEBUG:invoke:Deletions: {}
DEBUG:paramiko.transport:[chan 5] Max packet in: 32768 bytes
DEBUG:paramiko.transport:[chan 5] Max packet out: 32768 bytes
DEBUG:paramiko.transport:Secsh channel 5 opened.
DEBUG:paramiko.transport:starting thread (client mode): 0x3ff0c9a0
DEBUG:paramiko.transport:Local version/idstring: SSH-2.0-paramiko_3.0.0
DEBUG:paramiko.transport:Remote version/idstring: SSH-2.0-IPSSH-1.12.0
INFO:paramiko.transport:Connected (version 2.0, client IPSSH-1.12.0)
DEBUG:paramiko.transport:=== Key exchange possibilities ===
DEBUG:paramiko.transport:kex algos: ecdh-sha2-nistp256, diffie-hellman-group14-sha1, diffie-hellman-group1-sha1
DEBUG:paramiko.transport:server key: ssh-rsa
DEBUG:paramiko.transport:client encrypt: aes128-ctr, aes192-ctr, aes256-ctr, aes128-cbc, aes192-cbc, aes256-cbc, 3des-cbc, cast128-cbc, blowfish-cbc, arcfour, des-cbc
DEBUG:paramiko.transport:server encrypt: aes128-ctr, aes192-ctr, aes256-ctr, aes128-cbc, aes192-cbc, aes256-cbc, 3des-cbc, cast128-cbc, blowfish-cbc, arcfour, des-cbc
DEBUG:paramiko.transport:client mac: hmac-sha2-256, hmac-sha2-512, hmac-sha1-96, hmac-sha1, hmac-md5-96, hmac-md5
DEBUG:paramiko.transport:server mac: hmac-sha2-256, hmac-sha2-512, hmac-sha1-96, hmac-sha1, hmac-md5-96, hmac-md5
DEBUG:paramiko.transport:client compress: none
DEBUG:paramiko.transport:server compress: none
DEBUG:paramiko.transport:client lang:
DEBUG:paramiko.transport:server lang:
DEBUG:paramiko.transport:kex follows: False
DEBUG:paramiko.transport:=== Key exchange agreements ===
DEBUG:paramiko.transport:Kex: ecdh-sha2-nistp256
DEBUG:paramiko.transport:HostKey: ssh-rsa
DEBUG:paramiko.transport:Cipher: aes128-ctr
DEBUG:paramiko.transport:MAC: hmac-sha2-256
DEBUG:paramiko.transport:Compression: none
DEBUG:paramiko.transport:=== End of kex handshake ===
DEBUG:paramiko.transport:kex engine KexNistp256 specified hash_algo
DEBUG:paramiko.transport:Switch to new keys ...
DEBUG:paramiko.transport:Adding ssh-rsa host key for 172.30.61.25: b'8851ea3fddfa8ad6e2b0b202d7234016'
DEBUG:paramiko.transport:userauth is OK
INFO:paramiko.transport:Auth banner: b'NOKIA iSAM 7360FX NAC-BOY.CHIQUIN2-B1-7360\n\n'
INFO:paramiko.transport:Authentication (password) successful!
DEBUG:paramiko.transport:[chan 0] Max packet in: 32768 bytes
DEBUG:paramiko.transport:[chan 0] Max packet out: 4096 bytes
DEBUG:paramiko.transport:Secsh channel 0 opened.
DEBUG:paramiko.transport:[chan 0] Sesch channel 0 request ok
DEBUG:paramiko.transport:[chan 0] EOF sent (0)
Error al ejecutar comando en equipo 172.30.61.25: Channel closed.
(False, 'Error al ejecutar comando en equipo 172.30.61.25: Channel closed.', '172.30.61.25')
DEBUG:paramiko.transport:EOF in transport thread
DEBUG:paramiko.transport:[chan 5] EOF sent (5)
DEBUG:paramiko.transport:Dropping user packet because connection is dead.
DEBUG:paramiko.transport:EOF in transport thread
DEBUG:paramiko.transport:Dropping user packet because connection is dead.
When I tried to run multiple commands, the ssh session close at the second command:
I only add this code:
command_list = ["show ver", "show run"]
for command in command_list:
stdin, stdout, stderr = target.exec_command(command)
for line in stdout.read().split(b'\n'):
print(str(line))
I got the error:
raise SSHException("SSH session not active")
paramiko.ssh_exception.SSHException: SSH session not active
Any ideas guys?
I am trying jumpssh library:
https://pypi.org/project/jumpssh/
Thank you for your response : )
Is it possible to do the jump host without authentication on the first host?
Glad you found it helpful! 🙂