4

For getting access to the remote host we need to login to the jumphost1 and then jumphost2. for that we are trying to create a tunnel like shown in the below python script.

My main purpose of this connection is to execute a script script and redirect the output at the same location where the script resides Script location is local machine from where the pyc file will create a tunnel and connect the remote machine.

Added info: both the jumphost are sshkeygen enables with passphrase. So it will ask password. 

[root@centseven ~]# cat pyc
import paramiko
from sshtunnel import SSHTunnelForwarder

with SSHTunnelForwarder(
    ('1.5.18.1', 22),
    ssh_username='user',
    ssh_pkey="/root/.ssh/id_rsa",
    ssh_private_key_password="userpass",
    remote_bind_address=("1.15.18.1", 22),
    local_bind_address=('127.0.0.1', 1111)
) as tunnel:
    client = paramiko.SSHClient()
    client.load_system_host_keys()
    client.set_missing_host_key_policy(paramiko.AutoAddPolicy())
    client.connect(hostname=127.0.0.1, port=1111, username=root, password=remotepass)
    # do some operations with client session
    stdin, stdout, stderr = client.exec_command("./script >> output.txt")
    print stdout.channel.recv_exit_status()    # status is 0
    client.close()
print('FINISH!')

Current error with the change suggested, it now asking me for the password and when entering the password its giving the below error

       # python pyc
Enter passphrase for key '/root/.ssh/id_rsa':
2017-05-14 23:44:34,322| ERROR   | Secsh channel 0 open FAILED: open failed: Administratively prohibited
2017-05-14 23:44:34,337| ERROR   | Could not establish connection from ('127.0.0.1', 1111) to remote side of the tunnel
2017-05-14 23:44:34,338| ERROR   | Exception: Error reading SSH protocol banner
2017-05-14 23:44:34,339| ERROR   | Traceback (most recent call last):
2017-05-14 23:44:34,339| ERROR   |   File "/root/.pyenv/versions/ansible2/lib/python2.7/site-packages/paramiko/transport.py", line 1740, in run
2017-05-14 23:44:34,339| ERROR   |     self._check_banner()
2017-05-14 23:44:34,339| ERROR   |   File "/root/.pyenv/versions/ansible2/lib/python2.7/site-packages/paramiko/transport.py", line 1888, in _check_banner
2017-05-14 23:44:34,340| ERROR   |     raise SSHException('Error reading SSH protocol banner' + str(e))
2017-05-14 23:44:34,340| ERROR   | SSHException: Error reading SSH protocol banner
2017-05-14 23:44:34,340| ERROR   |
Traceback (most recent call last):
  File "pyc", line 16, in <module>
    client.connect(hostname="127.0.0.1",port=1111,username="root",password="nasadmin")
  File "/root/.pyenv/versions/ansible2/lib/python2.7/site-packages/paramiko/client.py", line 338, in connect
    t.start_client()
  File "/root/.pyenv/versions/ansible2/lib/python2.7/site-packages/paramiko/transport.py", line 493, in start_client
    raise e
paramiko.ssh_exception.SSHException: Error reading SSH protocol banner

Edit1

python stack.py
Enter passphrase for key '/root/.ssh/id_rsa': 2017-05-15 00:14:24,437| ERROR   | Exception: Error reading SSH protocol banner
2017-05-15 00:14:24,439| ERROR   | Traceback (most recent call last):
2017-05-15 00:14:24,439| ERROR   |   File "/root/.pyenv/versions/ansible2/lib/python2.7/site-packages/paramiko/transport.py", line 1740, in run
2017-05-15 00:14:24,440| ERROR   |     self._check_banner()
2017-05-15 00:14:24,440| ERROR   |   File "/root/.pyenv/versions/ansible2/lib/python2.7/site-packages/paramiko/transport.py", line 1888, in _check_banner
2017-05-15 00:14:24,440| ERROR   |     raise SSHException('Error reading SSH protocol banner' + str(e))
2017-05-15 00:14:24,440| ERROR   | SSHException: Error reading SSH protocol banner
2017-05-15 00:14:24,440| ERROR   |

2017-05-15 00:14:24,442| ERROR   | Could not connect to gateway remotehost:22 : Error reading SSH protocol banner
Traceback (most recent call last):
  File "stack.py", line 9, in <module>
    remote_bind_address=("remotehost", 22)
  File "/root/.pyenv/versions/ansible2/lib/python2.7/site-packages/sshtunnel.py", line 1482, in __enter__
    self.start()
  File "/root/.pyenv/versions/ansible2/lib/python2.7/site-packages/sshtunnel.py", line 1224, in start
    reason='Could not establish session to SSH gateway')
  File "/root/.pyenv/versions/ansible2/lib/python2.7/site-packages/sshtunnel.py", line 1036, in _raise
    raise exception(reason)
sshtunnel.BaseSSHTunnelForwarderError: Could not establish session to SSH gateway

.ssh/config

## lo8
Host jump1-*
    User user
    IdentityFile ~/.ssh/id_rsa
    ForwardAgent yes
    ServerAliveInterval 60
    ServerAliveCountMax 12


Host jump01-temporary 
    Hostname HostIP
    Port 2222

    Host jump02
    Hostname HostIP
    Port 2222

Host jump01           
    Hostname HostIP
    Port 22
    ProxyCommand ssh -W %h:%p jump01
Host jump02           
    Hostname HostIP
    Port 22
    ProxyCommand ssh -W %h:%p jump02

Host Remote host 
    Hotname HostIP

There are 2 jump server which we need to connect local machine --> JUMP1 --> Jump2 --> Remte Host

Poo
  • 213
  • 1
  • 6
  • 18
  • `NoValidConnectionsError` only raise when `ECONNREFUSED`, `EHOSTUNREACH` . Check whether the port `1111` in `centseven` is not occupied by other process, or blocked by your`firewall`. – Cheney May 11 '17 at 08:52
  • remove comment from set_missing_host_key_policy, this address isn't known to the ssh client. – Fruch May 16 '17 at 05:12
  • @Fruch changed as suggested, please see the new edit. Its asking me for passphrase too which we don't want. – Poo May 16 '17 at 05:19
  • Sorry Mata there is a typo the IP is different. – Poo May 16 '17 at 07:29
  • @Poo if you have passphrase on your keep, it would always ask for it, tey creating a key with no passphrase. – Fruch May 16 '17 at 18:53
  • Possible duplicate: http://stackoverflow.com/questions/8169739/how-to-create-a-ssh-tunnel-using-python-and-paramiko – stovfl May 16 '17 at 20:33

2 Answers2

6

For the Exception: change
client.connect(hostname=127.0.0.1, port=1111, username=root, password=nasadmin)
to
client.connect(hostname="127.0.0.1",port=1111,username="root",password="nasadmin")

They are string, not a variable

Update
your code test OK after fixed with default ssh setting in centos6.9, Then I think that is the problem with system's ssh error administratively prohibited: when I set AllowTcpForwarding no in /etc/ssh/sshd_config of remote_bind_address and restart sshd , the error come

2017-05-17 16:11:09,475| ERROR   | Secsh channel 0 open FAILED: open failed: Administratively prohibited
2017-05-17 16:11:09,478| ERROR   | Could not establish connection from ('127.0.0.1', 3333) to remote side of the tunnel
2017-05-17 16:11:09,479| ERROR   | Exception: Error reading SSH protocol banner
2017-05-17 16:11:09,481| ERROR   | Traceback (most recent call last):
2017-05-17 16:11:09,481| ERROR   |   File "/usr/lib/python2.7/dist-packages/paramiko/transport.py", line 1723, in run
2017-05-17 16:11:09,481| ERROR   |     self._check_banner()
2017-05-17 16:11:09,481| ERROR   |   File "/usr/lib/python2.7/dist-packages/paramiko/transport.py", line 1871, in _check_banner
2017-05-17 16:11:09,482| ERROR   |     raise SSHException('Error reading SSH protocol banner' + str(e))
2017-05-17 16:11:09,482| ERROR   | SSHException: Error reading SSH protocol banner
2017-05-17 16:11:09,482| ERROR   |

more detail see ssh-tunneling-error-channel-1-open-failed-administratively-prohibited-open
Good luck!

Cheney
  • 960
  • 8
  • 23
  • I made the specified changes as suggested, but this time its getting hanged. and when I do `ctrl c` it gives the which is mentioned in the question. – Poo May 11 '17 at 03:01
5

try this :

import paramiko
from sshtunnel import SSHTunnelForwarder

with SSHTunnelForwarder(
    ('1.5.18.1', 22),
    ssh_username='user',
    ssh_pkey="/root/.ssh/id_rsa",
    ssh_private_key_password="userpass",
    remote_bind_address=("1.15.18.1", 22)
) as tunnel:
    client = paramiko.SSHClient()
    client.load_system_host_keys()
    client.set_missing_host_key_policy(paramiko.AutoAddPolicy())
    client.connect(hostname=tunnel.local_bind_host, port=tunnel.local_bind_port, username="root", password="remotepass")
    # do some operations with client session
    stdin, stdout, stderr = client.exec_command("./script >> output.txt")
    print stdout.channel.recv_exit_status()    # status is 0
    client.close()
print('FINISH!')
Manu Singhal
  • 309
  • 1
  • 8