带有 Paramiko 和 RSA 密钥文件的嵌套 SSH [英] Nested SSH with Paramiko and RSA key file

问题描述

我正在尝试使用 Paramiko 嵌套 SSH，我将从本地计算机连接到服务器 X，然后从那里连接到服务器 Y.这里连接到服务器 XI 使用用户名、密码身份验证并连接到服务器 Y使用用户名和 RSA 密钥.问题是 RSA 密钥托管在用于连接服务器 Y 的 System X 中.如果我将密钥文件托管在本地 PC 中并将本地 pc 目录路径提供给 Paramiko SSH 客户端，我就能够成功运行脚本.但我想直接从服务器 X 读取密钥文件.我该怎么做，请帮帮我.

I am trying to nested SSH using Paramiko where I will connect to Server X from my local machine and from there I will connect to Server Y. Here to connect to Server X I am using username, password authentication and to connect to Server Y using username and RSA key. The thing is that the RSA key is hosted in System X which is used to connect Server Y. I was able to run the script successfully if I hosted the keyfile in my local PC and gave the local pc directory path to Paramiko SSH client. But I want to read key file from Server X directly. How can I do that please help me.

服务器 X 密钥文件 =/home/test/keys/id_rsa"

Server X key file = "/home/test/keys/id_rsa"

import time
import paramiko,io
import csv
import sys
import subprocess

ssh = paramiko.SSHClient()
ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())

ssh.connect('X',22, username='subhash', password='mit@12345')

vmtransport = ssh.get_transport()
dest_addr = ('Y', 22)
local_addr = ('X', 22)
vmchannel = vmtransport.open_channel("direct-tcpip", dest_addr, local_addr)

client = paramiko.SSHClient()
client.set_missing_host_key_policy(paramiko.AutoAddPolicy())

remote_file = paramiko.RSAKey.from_private_key_file('C:/Users/test/Documents/hindi/id_rsa')
client.connect('Y', username='root',pkey=remote_file,sock=vmchannel)

client_stdin ,client_stdout, client_stderr = client.exec_command("pwd")

推荐答案

如果需要使用存储在跳转服务器上的私钥，则不能使用端口转发来实现跳转.

You cannot use port forwarding to implement the jump, if you need to use a private key stored on the jump server.

• 要么下载密钥到本地机器.如果您不想将密钥物理存储在本地计算机上，则可以仅在 Python 代码中将其下载到内存中.请参阅使用 Paramiko 从 SSH 跳转主机加载密钥.

否则，您必须通过在跳转服务器上运行 ssh 客户端来实现跳转，这将获取存储在那里的私钥(这通常是一个蹩脚的解决方案):

Otherwise you would have to implement the jump by running ssh client on the jump server, which will pick up the private key stored there (what is normally a lame solution):

ssh.exec_command("ssh root@Y pwd")

这篇关于带有 Paramiko 和 RSA 密钥文件的嵌套 SSH的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！