0

I'm writing a script that will ssh into a raspberry pi, and then from the raspberry pi, will ssh into another system to verify that it can connect.

From the windows terminal, I can do this just fine. I can log into my pi with ssh pi@raspberry, and then while logged in, I can run ssh [SYSNAME] (I have a config set for this system in my ~/.ssh/config file on my pi) and log into the other system.

I'm using paramiko with python 3.9.7, and I can log into the pi just fine, but then when I try to ssh into the [SYSNAME], it gives me [USER]@[IP]: Permission denied (publickey). I did have to add a special ssh key to access this other system on the pi using ssh-add ~/.ssh/other_key, but I'm not experienced enough to know if this key isn't being used whiled using paramiko.

This is my code

Thanks in advance!

EDIT: I found my issue. While I did add the special_key, it was not being used for some reason. Once I manually added the key using ssh -i ~/.ssh/special_key [USER]@[IP] -p 22, it worked. Now my issue is getting that working without manually specifying the key, but I'm sure I can figure that out. Thanks all!

Alex Kolstad
  • 1
  • 1
  • Not familiar with Paramiko but the ordinary ssh calls this approach "jump host" - `ssh -J pi@raspberry [SERVER]` does exactly what you do manually with `ssh`. Maybe there would be an option for that? – Quimby Nov 02 '21 at 16:30
  • Thanks for the suggestion! When I switch the command to `ssh -J pi@raspberry [SERVER]`, I'm now getting `pi@raspberry: Permission denied (publickey,password). ssh_exchange_identification: Connection closed by remote host` – Alex Kolstad Nov 02 '21 at 16:36
  • Using `ssh -J` doesn't honor your remote `~/.ssh/config`, only your local one. You're thus expected to have everything you need to authenticate to the remote system (the final hop) on your local box, not on your first hop. – Charles Duffy Nov 02 '21 at 16:39
  • Oh, I did not know that about the config, sorry about misleading you @AlexKolstad – Quimby Nov 02 '21 at 16:39
  • To be clear, that doesn't mean using it is the wrong thing. It's better to keep those credentials tightly held; hopefully the system you're starting from is better secured than your Raspberry Pi (though if it's Windows, maybe that's not a safe hope). – Charles Duffy Nov 02 '21 at 16:41
  • I think I'm getting closer, I get the same publickey error when I try to ssh from my desktop to the other system, so I'm guessing I need to add the same special ssh key to my desktop as well. – Alex Kolstad Nov 02 '21 at 16:47

0 Answers0