0
我正在嘗試構建一個只是轉發端口的Paramiko服務器。我改編自demo server代碼paramiko服務器端口轉發與openssh客戶端-N選項
#!/usr/bin/env python
import base64
from binascii import hexlify
import os
import socket
import sys
import threading
import traceback
import paramiko
from paramiko.py3compat import b, u, decodebytes
import logging
logging.basicConfig(level=logging.INFO)
logger = logging.getLogger(__name__)
host_key = paramiko.RSAKey(filename="test_rsa.key")
logger.info("Read key: " + u(hexlify(host_key.get_fingerprint())))
class Server(paramiko.ServerInterface):
def __init__(self):
self.event = threading.Event()
def check_auth_publickey(self, username, key):
logger.info("Auth attempt with key: " + u(hexlify(key.get_fingerprint())))
try:
with open("client_rsa.pub.stripped", "rb") as f:
good_key = f.read()
good_pub_key = paramiko.RSAKey(data=decodebytes(good_key))
except:
logger.exception("failed to read public key")
return paramiko.AUTH_FAILED
if (username == "robey") and (key == good_pub_key):
return paramiko.AUTH_SUCCESSFUL
return paramiko.AUTH_FAILED
def get_allowed_auths(self, username):
return "publickey"
def check_channel_request(self, kind, chanid):
logger.info("inside channel request")
return paramiko.OPEN_SUCCEEDED
def check_channel_direct_tcpip_request(self, chanid, origin, destination):
return paramiko.OPEN_SUCCEEDED
def check_channel_shell_request(self, channel):
self.event.set()
return True
if __name__ == "__main__":
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
sock.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
sock.bind(("", 2200))
sock.listen(100)
logger.info("Listening for connection ...")
client, addr = sock.accept()
logger.info("Got a connection!")
with paramiko.Transport(client) as t:
t.load_server_moduli()
t.add_server_key(host_key)
server = Server()
t.start_server(server=server)
# wait for auth
chan = t.accept(20)
if chan is None:
logger.info("*** No channel.")
sys.exit(1)
logger.info("Authenticated!")
# prompt for more information
chan.send("Username: ")
f = chan.makefile("rU")
username = f.readline().strip("\r\n")
logger.info("received username: " + username)
chan.close()
的代碼,我使用這個命令連接成功:但是
ssh -i client_rsa.key -p 2200 -L 9999:localhost:4000 -T [email protected]
,當我嘗試使用SSH客戶端,即-N選項:
ssh -i client_rsa.key -p 2200 -L 9999:localhost:4000 -T -N [email protected]
的服務器的paramiko驗證客戶端,從來沒有達到check_channel_request功能後掛機。這裏是從運行日誌:
INFO:__main__:Read key: 689f8799e649f931b116b19227dbb2a3
INFO:__main__:Listening for connection ...
INFO:__main__:Got a connection!
INFO:paramiko.transport:Connected (version 2.0, client OpenSSH_7.2p2)
INFO:paramiko.transport:Auth rejected (none).
INFO:__main__:Auth attempt with key: cdbb2439816b22a59ee036be3a953e51
INFO:paramiko.transport:Auth rejected (publickey).
INFO:__main__:Auth attempt with key: 11c470c88233719a2499f03336589618
INFO:paramiko.transport:Auth granted (publickey).
是否有無論如何讓Paramiko服務器能夠處理這種情況?