我正在尝试构建一个只转发端口的Paramiko服务器。我调整了demo server代码
中的代码#!/usr/bin/env python
import base64
from binascii import hexlify
import os
import socket
import sys
import threading
import traceback
import paramiko
from paramiko.py3compat import b, u, decodebytes
import logging
logging.basicConfig(level=logging.INFO)
logger = logging.getLogger(__name__)
host_key = paramiko.RSAKey(filename="test_rsa.key")
logger.info("Read key: " + u(hexlify(host_key.get_fingerprint())))
class Server(paramiko.ServerInterface):
def __init__(self):
self.event = threading.Event()
def check_auth_publickey(self, username, key):
logger.info("Auth attempt with key: " + u(hexlify(key.get_fingerprint())))
try:
with open("client_rsa.pub.stripped", "rb") as f:
good_key = f.read()
good_pub_key = paramiko.RSAKey(data=decodebytes(good_key))
except:
logger.exception("failed to read public key")
return paramiko.AUTH_FAILED
if (username == "robey") and (key == good_pub_key):
return paramiko.AUTH_SUCCESSFUL
return paramiko.AUTH_FAILED
def get_allowed_auths(self, username):
return "publickey"
def check_channel_request(self, kind, chanid):
logger.info("inside channel request")
return paramiko.OPEN_SUCCEEDED
def check_channel_direct_tcpip_request(self, chanid, origin, destination):
return paramiko.OPEN_SUCCEEDED
def check_channel_shell_request(self, channel):
self.event.set()
return True
if __name__ == "__main__":
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
sock.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
sock.bind(("", 2200))
sock.listen(100)
logger.info("Listening for connection ...")
client, addr = sock.accept()
logger.info("Got a connection!")
with paramiko.Transport(client) as t:
t.load_server_moduli()
t.add_server_key(host_key)
server = Server()
t.start_server(server=server)
# wait for auth
chan = t.accept(20)
if chan is None:
logger.info("*** No channel.")
sys.exit(1)
logger.info("Authenticated!")
# prompt for more information
chan.send("Username: ")
f = chan.makefile("rU")
username = f.readline().strip("\r\n")
logger.info("received username: " + username)
chan.close()
我正在使用此命令成功连接:
ssh -i client_rsa.key -p 2200 -L 9999:localhost:4000 -T robey@localhost
但是,当我尝试为ssh客户端使用-N选项时,即:
ssh -i client_rsa.key -p 2200 -L 9999:localhost:4000 -T -N robey@localhost
Paramiko服务器在验证客户端后挂起,从未到达check_channel_request功能。以下是运行中的日志:
INFO:__main__:Read key: 689f8799e649f931b116b19227dbb2a3
INFO:__main__:Listening for connection ...
INFO:__main__:Got a connection!
INFO:paramiko.transport:Connected (version 2.0, client OpenSSH_7.2p2)
INFO:paramiko.transport:Auth rejected (none).
INFO:__main__:Auth attempt with key: cdbb2439816b22a59ee036be3a953e51
INFO:paramiko.transport:Auth rejected (publickey).
INFO:__main__:Auth attempt with key: 11c470c88233719a2499f03336589618
INFO:paramiko.transport:Auth granted (publickey).
有没有让Paramiko服务器能够处理这种情况?
答案 0 :(得分:0)
想出来了。没有发生任何事情的原因是在您尝试使用它之前不会打开隧道转发。事实证明,即使没有-N选项,我的隧道也没有被创建。所以答案是确保在创建SSH连接后使用本地端口。