使用 Paramiko 从 SSH jumphost 加载密钥 [英] Loading key from an SSH jumphost using Paramiko

问题描述

我正在使用中间主机 2 从主机 1 连接到主机 3.

I am connecting from host1 to host3 using a middle host2.

host1 -->主机 2 -->主机3

host1 --> host2 --> host3

这是我运行良好的代码:

Here is my code that is working fine:

# SSH to host2
ssh = paramiko.SSHClient()
ssh.load_system_host_keys()
ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())
ssh.connect(host2, username=host2_username)

# SSH to host3
vmtransport = ssh.get_transport()
dest_addr = (host3, 22)
local_addr = (host2, 22)
vmchannel = vmtransport.open_channel("direct-tcpip", dest_addr=dest_addr, src_addr=local_addr)
ssh3 = paramiko.SSHClient()
ssh3.set_missing_host_key_policy(paramiko.AutoAddPolicy())
ssh3.connect(host3, username=host3_username, sock=vmchannel)

现在从 host3 我想通过 SSH 连接到第四台主机:

Now from host3 I want to SSH to the fourth host:

# SSH to host4
vmtransport = ssh3.get_transport()
dest_addr = (host4, 22)
local_addr = (host3, 22)
vmchannel = vmtransport.open_channel("direct-tcpip", dest_addr=dest_addr, src_addr=local_addr)

ssh4 = paramiko.SSHClient()
ssh4.set_missing_host_key_policy(paramiko.AutoAddPolicy())
ssh4.connect(host4, username=host4_username, sock=vmchannel)

由于身份验证错误，最后一次 SSH 失败.当我从主机 4 手动 SSH 到主机 3 时，它工作正常.我注意到 host3 的公钥存储在 .ssh 文件夹下.我如何让 paramiko 知道使用 host3 上的公钥通过 SSH 连接到 host4.

The last SSH fails because of authentication error. When I manually SSH to host3 from host4, it is working fine. I noticed that host3 has public key stored under .ssh folder. How can I let paramiko know to use the public key on host3 to SSH to host4.

换句话说，paramiko 是否依赖host1 下的公钥执行嵌套SSH 一直到host4?如果答案是肯定的，我是否需要将 host4 的公钥也存储在 host1 上?

In other words, does paramiko relies on the public keys under host1 to perform the nested SSH all the way to host4? If the answer is yes, do I need to store the public key of host4 on host1 too?

推荐答案

是的.您必须在本地拥有所有凭据.端口转发本身并不能使存储在中间主机上的凭据可用于身份验证.

Yes. You have to have all credentials locally. The port forwarding alone does not make credentials stored on the intermediate hosts available for authentication.

当然，您可以使用 SFTP 访问/下载文件/密钥，例如:

Of course, you can use SFTP to access/download the files/keys, like:

sftp3 = ssh3.open_sftp()

with sftp3.open(".ssh/id_rsa") as key_file:
    pkey = RSAKey.from_private_key(key_file)

ssh4.connect(host4, username=host4_username, sock=vmchannel, pkey=pkey)

这篇关于使用 Paramiko 从 SSH jumphost 加载密钥的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！