作者cc0827 (唬烂)
看板Python
标题[问题]
时间Thu Sep 27 17:45:41 2018
小弟是学习python半年的菜鸟,想请教ptt各位先进,如何利用python 建立ssh连线,经由跳板机到远端的设备下指令呢?
路径: my pc -> jump host -> target machine
有参考网路上的写法
import paramiko
import sys
import subprocess
vm=paramiko.SSHClient()
vm.set_missing_host_key_policy(paramiko.AutoAddPolicy())
vm.connect('jump_host_ip', username='jump_host_username', password='jump_host_password')
#
vmtransport = vm.get_transport()
dest_addr = ('target_machine_ip', 22)
local_addr = ('my_pc_ip', 22)
vmchannel = vmtransport.open_channel("direct-tcpip", dest_addr, local_addr)
#
jhost=paramiko.SSHClient()
jhost.set_missing_host_key_policy(paramiko.AutoAddPolicy())
jhost.connect('target_machine_ip',username='target_machine_username',password='target_machine_password', sock=vmchannel)
#
stdin, stdout, stderr = jhost.exec_command("sh clock")
#
data = stdout.read()
print(data.decode("utf-8"))
#
jhost.close()
vm.close()
# End
但会出现错误
Secsh channel 0 open FAILED: User does not have permission: Administratively prohibited
Traceback (most recent call last):
File "C:\Users\omc\Desktop\try_jump_host.py", line 16, in <module>
vmchannel = vmtransport.open_channel("direct-tcpip", dest_addr, local_addr)
File”C:\Users\omc\AppData\Local\Programs\Python\Python36-32\lib\site-packages\paramiko-2.4.1-py3.6.egg\paramiko\transport.py", line 902, in open_channel
raise e
paramiko.ssh_exception.ChannelException: (1, 'Administratively prohibited')
请问这样是程式码有问题,还是说目前的网路环境不允许这样连线呢? 恳请各位先进指点一二
-----
Sent from JPTT on my Asus ASUS_Z017DA.
--
※ 发信站: 批踢踢实业坊(ptt.cc), 来自: 42.76.172.211
※ 文章网址: https://webptt.com/cn.aspx?n=bbs/Python/M.1538041543.A.625.html
1F:→ s860134: 因为你搞错目标了 09/29 03:31
2F:→ s860134: ("direct-tcpip",(jump_host_ip,22),('127.0.0.1',22)) 09/29 03:33
3F:→ s860134: 你的 vm channel 是建立在 my pc -> jump host 09/29 03:34
好的,十分感谢s大,没想到真的有人回覆
4F:→ s860134: 而不是你上面写的直接建在 jump_host -> target_mechine 09/29 03:35
5F:→ s860134: 就我所知你要做第二种操作 jump_host 的 sshd config要开 09/29 03:35
6F:→ s860134: AllowTcpForwarding yes 09/29 03:38
7F:→ s860134: 好像是叫做 reverse proxy 09/29 03:38
8F:→ s860134: 忽略我上面所说,你把 jhost.commect 的 target_machine_ 09/29 03:48
9F:→ s860134: 换成 local_addr 就可以了 09/29 03:49
10F:→ s860134: 刚试了一下,你有权限看到跳板的 /etc/ssh/sshd_config 09/29 11:41
11F:→ s860134: 拉到最下面 是否有 Match User jump_host_username 09/29 11:42
12F:→ s860134: AllowTcpForwarding yes 09/29 11:43
13F:→ s860134: 应该是要打开这个设定才能做TCP forwording 09/29 11:43
※ 编辑: cc0827 (42.76.172.211), 09/30/2018 00:06:30