I'm trying to forward a Kerberos ticket over SSH connection to keep using an authenticated session in Hive/Beeline.
I already do this by PuTTy, but I couldn't with Paramiko.
Someone knows if is possible to forward a Kerberos ticket over SSH using Paramiko? And how can I do that?
PS: Windows 10 client connected to a Linux Server.
Related
I am trying to connect to remote machine by python script. Both the machines can be linux/windows.
I have to connect to various remote machines and it's not feasible for me to install or write some code on the remote side. I know the ip, username and password of the machine and i tried various options but was unsuccessful.
How shall I proceed.
Maybe you can use SSH to connect to a remote server.
paramiko will be good idea, it can use to connect linux/windows.
http://pxnet2768.pixnet.net/blog/post/157228756-%E7%B3%BB%E7%B5%B1%E9%81%8B%E7%B6%AD%E5%B7%A5%E7%A8%8B%E5%B8%AB%E7%9A%84%E6%B3%95%E5%AF%B6%EF%BC%9Apython-paramiko
I'm trying for the last couple of hours to find a solution of tunneling a SSH connection and create a Socks5 server on that SSH tunnel, so I can browse a webpage with Selenium.
For connecting to remote SSH, I've been using sshtunnel. I managed to connect to the remote SSH server. Now I'm trying to create a SOCKS5 server on that connection so I can use it with FireFox.
I'm exhausted, have been searching for at least 4 hours and no result.
What should I look for? Did anyone create a Socks5 server from a SSH Tunnel?
Anyone who knows the port and host of a HBase Thrift server, and who has access to the network, can access HBase. This is a security risk. How can the client access to the HBase Thrift server be made secure?
You could secure HBase Thrift server setting up authentication via kerberos and then setting this property in hbase-site.xml
<name>hbase.thrift.security.qop</name>
<value>auth</value>
http://www.cloudera.com/documentation/enterprise/latest/topics/cdh_sg_hbase_authentication.html
My sysadmin told me that in theory he could install an HBase Thrift Server on one of the Hadoop edge nodes that are blocked off, and only open the port to my server via ACLs. He however has no intention of doing this (and I do not either). As this is not a suitable answer I'll leave the question open.
I'm being trying to
Log into a server using SHH (with Paramiko)
Use that connection like a proxy and route network traffic through it and out to the internet. So say I could set it as my proxy in Urllib2, Mechanize, Firefox, etc.).
Is the second part possible or will I have to have some sort of proxy server running on the server to get this to work?
You could implement a SOCKS proxy in the paramiko client that routes connections across the SSH tunnel via paramiko's open_channel method. Unfortunately, I don't know of any out-of-the-box solution that does this, so you'd have to roll your own. Alternatively, run a SOCKS server on the server, and just forward that single port via paramiko.
There have been a few questions like this around the place but none have really answered my question specifically.(for example Connecting to device behind firewall )
What I want is a central server, that receives a heartbeat from multiple ( say 100's) embedded devices behind personal firewalls. These devices need to be able to do two things.
Grab new config from the server. I
suspect I can just do this via a
http get from the device to the
server and pull down some XML, then
reload its own config.
Open an ssh connection to the server
to allow an admin to login to the
command line of the device and do
maintenance and troubleshooting
remotely.ie device => server <= admin and admin can get to bash command line or equivalent.
the device is a low powered embedded device that will be running linux. A solution in python would be preferable (im thinking something with paramiko for the ssh) but im open to other solutions. The main thing is there is there will be no technical users in the private network, so it should be able to plug into a consumer grade ADSL modem, get a DHCP address and all this should work. I can preload the device with anything before hand, for example ssh certificates for passwordless ssh etc.
anybody got any idea's?
Cheers
Mark
You can setup ssh tunnel (from python script or from console):
ssh -NR10022:localhost:22 foo#mainserver.com
Then you can simply login to main server and then ssh bar#localhost -p 10022
You should have ssh keys, so you don't have to put password (google about "ssh without password").
A more elaborate method might be some type of firewall hole punching.
On second though, maybe this is not necessary, since there is only one firewall involved. The trick is to get your embedded device to initiate an outbound connection first.