Paramiko服务器端口转发openssh客户端-N选项

时间:2017-10-05 14:39:24

标签: python paramiko openssh

我正在尝试构建一个只转发端口的Paramiko服务器。我调整了demo server代码

中的代码
#!/usr/bin/env python
import base64
from binascii import hexlify
import os
import socket
import sys
import threading
import traceback
import paramiko
from paramiko.py3compat import b, u, decodebytes
import logging

logging.basicConfig(level=logging.INFO)
logger = logging.getLogger(__name__)

host_key = paramiko.RSAKey(filename="test_rsa.key")
logger.info("Read key: " + u(hexlify(host_key.get_fingerprint())))


class Server(paramiko.ServerInterface):
    def __init__(self):
        self.event = threading.Event()

    def check_auth_publickey(self, username, key):
        logger.info("Auth attempt with key: " + u(hexlify(key.get_fingerprint())))
        try:
            with open("client_rsa.pub.stripped", "rb") as f:
                good_key = f.read()
            good_pub_key = paramiko.RSAKey(data=decodebytes(good_key))
        except:
            logger.exception("failed to read public key")
            return paramiko.AUTH_FAILED
        if (username == "robey") and (key == good_pub_key):
            return paramiko.AUTH_SUCCESSFUL
        return paramiko.AUTH_FAILED

    def get_allowed_auths(self, username):
        return "publickey"

    def check_channel_request(self, kind, chanid):
        logger.info("inside channel request")
        return paramiko.OPEN_SUCCEEDED

    def check_channel_direct_tcpip_request(self, chanid, origin, destination):
        return paramiko.OPEN_SUCCEEDED

    def check_channel_shell_request(self, channel):
        self.event.set()
        return True

if __name__ == "__main__":
    sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
    sock.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
    sock.bind(("", 2200))
    sock.listen(100)
    logger.info("Listening for connection ...")
    client, addr = sock.accept()
    logger.info("Got a connection!")

    with paramiko.Transport(client) as t:
        t.load_server_moduli()
        t.add_server_key(host_key)
        server = Server()
        t.start_server(server=server)

        # wait for auth
        chan = t.accept(20)
        if chan is None:
            logger.info("*** No channel.")
            sys.exit(1)
        logger.info("Authenticated!")

        # prompt for more information
        chan.send("Username: ")
        f = chan.makefile("rU")
        username = f.readline().strip("\r\n")
        logger.info("received username: " + username)
        chan.close()

我正在使用此命令成功连接:

ssh -i client_rsa.key -p 2200 -L 9999:localhost:4000 -T robey@localhost

但是,当我尝试为ssh客户端使用-N选项时,即:

ssh -i client_rsa.key -p 2200 -L 9999:localhost:4000 -T -N robey@localhost

Paramiko服务器在验证客户端后挂起,从未到达check_channel_request功能。以下是运行中的日志:

INFO:__main__:Read key: 689f8799e649f931b116b19227dbb2a3
INFO:__main__:Listening for connection ...
INFO:__main__:Got a connection!
INFO:paramiko.transport:Connected (version 2.0, client OpenSSH_7.2p2)
INFO:paramiko.transport:Auth rejected (none).
INFO:__main__:Auth attempt with key: cdbb2439816b22a59ee036be3a953e51
INFO:paramiko.transport:Auth rejected (publickey).
INFO:__main__:Auth attempt with key: 11c470c88233719a2499f03336589618
INFO:paramiko.transport:Auth granted (publickey).

有没有让Paramiko服务器能够处理这种情况?

1 个答案:

答案 0 :(得分:0)

想出来了。没有发生任何事情的原因是在您尝试使用它之前不会打开隧道转发。事实证明,即使没有-N选项,我的隧道也没有被创建。所以答案是确保在创建SSH连接后使用本地端口。