andrewschenck / paramiko-jump Goto Github PK
View Code? Open in Web Editor NEWEnables MFA/2FA and SSH proxying on top of Paramiko SSH.
License: Other
Enables MFA/2FA and SSH proxying on top of Paramiko SSH.
License: Other
i am trying this to login to switch and get some show version. there is a jump host in between. that is 2 factor. first it takes a password then i have to type 1 then some authentication comes in cell phone i have to approve then i can login to jump host.
i am getting this modulerror.
ModuleNotFoundError: No module named 'paramiko_jump'
any idea how to resolve this?
In the client.py
file, there is a variable _Host
:
_Host = Union[AnyStr, Tuple[AnyStr, int]]
_Prompt = Tuple[AnyStr, bool]
It's used like its friend, _Prompt
, as a representation of a complex type, in this case a Union between either an AnyStr
or a tuple of AnyStr
and a bool
.
I understand, implicitly, what it is:
It represents either a hostname/IP, OR a hostname/IP combined with the SSH_PORT
you expect to connect over on that particular host.
Obviously it's not used anywhere right now;
I'd be happy to write up an implementation for it, but I'm curious where it was intended to be used, or if it is a deprecated variable.
So I have this setup
PC [192.168.0.0/24] --- jumphost [10.10.10.0/24] --- router [10.20.30.0/24]
In summary Iam able to successfully connect to the jumphost but when I connect to the router I am getting Administratively prohibited error.
The router is configured to only allow ssh connection from the jumphost ip subnet which is 10.10.10.0/24 and everything else is denied.
Now I am getting denied access to the router, is it possible that the source ip of ssh connection towards the router is the 192.168.0.0/24 (PC) instead of the jumphost subnet (10.10.10.0/24)?
Below is my code
import paramiko
from getpass import getpass
from paramiko_jump import SSHJumpClient, MultiFactorAuthHandler
jumphost = input ("Bastion Server host/ip : ")
bastion_username = input ("Bastion Username: ")
bastion_password = getpass ("Bastion Password : ")
passcode = getpass ("RSA Passcode : ")
handler = MultiFactorAuthHandler()
handler.add(bastion_password)
handler.add(passcode)
with SSHJumpClient(auth_handler = handler) as jumper:
jumper.set_missing_host_key_policy(paramiko.AutoAddPolicy())
jumper.connect(
hostname = jumphost,
username = bastion_username,
look_for_keys = False,)
stdin, stdout, stderr = jumper.exec_command('uptime')
output = stdout.readlines()
print ("Successfully authenticated with the",jumphost, "server!")
print(output)
node = input ("Enter Router hostname/ip : ")
node_username = input("Node Username : ")
node_password = getpass ("Enter Node Password : ")
with SSHJumpClient(jump_session = jumper) as target:
target.set_missing_host_key_policy(paramiko.AutoAddPolicy())
target.connect(
hostname = node,
username = node_username,
password = node_password,
look_for_keys = False,
allow_agent = False,)
terminal = target.invoke_shell()
terminal.send("show chassis\n")
Output
Bastion Server host/ip : sample.local
Bastion Username: domain\username
Bastion Password : ········
RSA Passcode : ········
Successfully authenticated with the sample.local server!
[' 15:25:34 up 26 days, 20:17, 143 users, load average: 0.08, 0.21, 0.27\n']
Enter Router hostname/ip : sample.local
Node Username : username
Enter Node Password : ········
Error
Secsh channel 1 open FAILED: open failed: Administratively prohibited
---------------------------------------------------------------------------
ChannelException Traceback (most recent call last)
Cell In[3], line 28
26 with SSHJumpClient(jump_session=jumper) as target:
27 target.set_missing_host_key_policy(paramiko.AutoAddPolicy())
---> 28 target.connect(
29 hostname = node,
30 username = node_username,
31 password = node_password,
32 look_for_keys = False,
33 allow_agent = False,)
35 terminal = target.invoke_shell()
36 terminal.send("show chassis\n")
File ~\OneDrive\root\Documents\002_vdi_env\vdi\Lib\site-packages\paramiko_jump\client.py:133, in SSHJumpClient.connect(self, hostname, port, username, password, pkey, key_filename, timeout, allow_agent, look_for_keys, compress, sock, gss_auth, gss_kex, gss_deleg_creds, gss_host, banner_timeout, auth_timeout, channel_timeout, gss_trust_dns, passphrase, disabled_algorithms, transport_factory, auth_strategy)
130 raise ValueError('jump_session= and sock= are mutually '
131 'exclusive')
132 transport = self._jump_session._transport
--> 133 sock = transport.open_channel(
134 kind='direct-tcpip',
135 dest_addr=(hostname, port),
136 src_addr=transport.getpeername(),
137 timeout=timeout,
138 )
140 return super().connect(
141 hostname=hostname,
142 port=port,
(...)
162 auth_strategy=auth_strategy,
163 )
File ~\OneDrive\root\Documents\002_vdi_env\vdi\Lib\site-packages\paramiko\transport.py:1115, in Transport.open_channel(self, kind, dest_addr, src_addr, window_size, max_packet_size, timeout)
1113 if e is None:
1114 e = SSHException("Unable to open channel.")
-> 1115 raise e
ChannelException: ChannelException(1, 'Administratively prohibited')
Apologies I do not know how to contact you but I only have a question rather than an issue.
So I followed your example 1 and got the following error
paramiko.ssh_exception.ChannelException: ChannelException(1, 'Administratively prohibited')
on the router only the subnet of the jumphost server is allowed to SSH into the router, could my source IP be the IP of my laptop and not the jumphost server when I logged into the router?
Hey all;
Just a small nit-pick, but when using packages like mypy
, pylance
, and pyright
, the SSH_PORT
variable grabbed from paramiko.client
throws an error.
Line in question is here:
from paramiko.client import SSH_PORT, SSHClient
The resolution is basically just to throw in another import line from the original source within paramiko.config
:
from paramiko.client import SSHClient
from paramiko.config import SSH_PORT
Will attach a PR to this for the resolution.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.