I'm being trying to
Log into a server using SHH (with Paramiko)
Use that connection like a proxy and route network traffic through it and out to the internet. So say I could set it as my proxy in Urllib2, Mechanize, Firefox, etc.).
Is the second part possible or will I have to have some sort of proxy server running on the server to get this to work?
You could implement a SOCKS proxy in the paramiko client that routes connections across the SSH tunnel via paramiko's open_channel method. Unfortunately, I don't know of any out-of-the-box solution that does this, so you'd have to roll your own. Alternatively, run a SOCKS server on the server, and just forward that single port via paramiko.
Related
I'm trying for the last couple of hours to find a solution of tunneling a SSH connection and create a Socks5 server on that SSH tunnel, so I can browse a webpage with Selenium.
For connecting to remote SSH, I've been using sshtunnel. I managed to connect to the remote SSH server. Now I'm trying to create a SOCKS5 server on that connection so I can use it with FireFox.
I'm exhausted, have been searching for at least 4 hours and no result.
What should I look for? Did anyone create a Socks5 server from a SSH Tunnel?
I am now facing the problem with using python to connect to one port which requires username/password.
The web URL is xxx.xxx.xxx.xxx:9200/_plugin/head/, which is for elasticsearch. I think the administrator has set firewall for the port, when I want to log in with web browser, the web browser will require username/password, if wrong, the web page will show "authentication failed". And when I use another Linux server to use query port directly with command like
curl -XPOST 'xx.xx.xxx.x:9200/iqas_week/_search?pretty=true' -d ...
The server will also return "Authentication Required"
My plan is to use python to connect to this port and write some query for elasticsearch just like the code above. Now with encrypted port, how can I connect to that port in python? I have tried with paramiko, it works for port 22 but not for port 9200, is there any other way to connect to this port using python?
You should be able to use urllib2 to connect to the elasticsearch listener as I believe it's just an HTTP(s?) listener. Why not use the elasticsearch though?
https://elasticsearch-py.readthedocs.io/en/master/
Are there any examples of initiating an SSH session to a remote machine with port forwarding options from within Twisted using Conch such that one can pipe normal TCP traffic through the tunnel?
Scenario:
I have a server running a custom Twisted-based Protobuf RPC service and a machine with a Twisted-based RPC client installed. The server is also running SSH. Rather than talking to the RPC service on the server directly, I would like to connect to the server using SSH from the RPC client, setup port forwarding on the server, and communicate with the RPC service using Protobuf through the SSH tunnel.
I'm already able to setup port forwarding manually and have the RPC client talk to the RPC service by pointing the RPC client to a local port on the client box, I'm just curious as to how I can do this within the client directly.
It would be awesome if there were improved documentation in Twisted for doing neat things with Conch (after all, how many other programmable SSH libraries are there?). Until that happy day comes, reading the implementation of the conch command line tool can be a big help.
Here we can see where port forwarding options from the command line are turned into some action over the SSH connection:
https://github.com/twisted/twisted/blob/4ffbe9f6851dbe7e9172f55905f264ecf50da3a6/src/twisted/conch/scripts/conch.py#L226-L238
I think you're asking about a local forwarding rule, so the localForwards loop is doing roughly what you want to do.
Implementing a tunneling Twisted SSH client that does local port forwarding can be surprisingly simple.
Just create a basic Twisted Conch SSH client, and implement the port forwarding part in the serviceStarted method of the SSH connection class of your client:
from twisted.conch.ssh import forwarding
LOCALPORT = 8888
REMOTEHOST = "127.0.0.1"
REMOTEPORT = 9999
class Connection(connection.SSHConnection):
def serviceStarted(self):
Channel = forwarding.SSHListenClientForwardingChannel
Factory = forwarding.SSHListenForwardingFactory
factory = Factory(self, (REMOTEHOST, REMOTEPORT), Channel)
s = reactor.listenTCP(LOCALPORT, factory)
That's all there's to it (REMOTEHOST is set to point to ssh server itself since that's what you said you're connecting to).
I used to create a SOCKS connection between a windows client and linux server using SSH server and putty. However, the firewall between the client and server is now able to identify SSH packets and drop them.
I was wondering if I can emulate such behavior of SSH tunnels using python? Any recommendations on libraries or readings?
Thanks in advance.
Yes, yes you can. Pick your poison.
http://socksipy.sourceforge.net/
http://sourceforge.net/projects/pysocks/
http://code.google.com/p/socksipy-branch/
How can I use a SOCKS 4/5 proxy with urllib2?
http://google-api-python-client.googlecode.com/hg/docs/httplib2.socks.html
You can consider using paramiko for your SSH. Here is a nice link ssh-programming-with-paramiko
You can also try this ssh module which uses paramiko.
I have a SOCKS proxy setup to a gateway server which is created by setting up a host definition in my ssh_config to use DynamicForward localhost:9876. To connect with SSH to the remote server I've setup another host definition to use ProxyCommand /usr/bin/nc -x localhost:9876 %h %p which is all working fine.
However my fabric script needs to connect to that remote server. How can I tell it to use the SOCKS proxy when it connects?
Tunnelling is now (March 2013) supported by Fabric natively: see the discussion leading to the changes in code and the commit message with a bit of rationale.
Fabric's SSH layer does not support gateways or proxies at the moment but they "may end up patching/forking it sometime to add that functionality." (from here).
There's also an outstanding issue on Fabric to implement tunneling.
This blog post suggests overriding the run function.
You can use tsocks and the OpenSSH client's built-in support for creating SOCKS tunnels. It requires a bit of configuration but it works fine. Below is how I got started on Ubuntu 10.04.
# Install the tsocks library and shell script.
sudo apt-get install tsocks
# Configure the range of IP addresses you need access to.
sudo nano /etc/tsocks.conf
# Use the OpenSSH client to create a socks proxy (stepping
# stones are hosts used to gain access to private subnets).
ssh -D 1080 stepping.stone
# Now connect to any given address in your configured range.
# tsocks will intercept the connection and route it using
# the SOCKS proxy we created with the previous command.
tsocks ssh 1.2.3.4
The fact that Fabric doesn't work without a VPN connection was a deal breaker for me, so this is a great solution; all it requires is SSH access to one host.
on Fabric (1.12.0)(doc):
env.use_ssh_config = True