Paramiko equivalent of OpenSSH ssh -J switch
Question:
I am trying to translate this ssh this command to Python using the paramiko library.
sshpass -p SomePassword ssh -J specificSshHost [email protected]
-oHostKeyAlgorithms=+ssh-rsa
-oKexAlgorithms=+diffie-hellman-group1-sha1
-o "StrictHostKeyChecking no"
Where specificSshHost points to this file in .ssh/config as follows
Host specificSshHost
User admin
IdentityFile ~/.ssh/mySpecificRsaKey
What I have so far
import paramiko
import os
client = paramiko.SSHClient()
client.load_host_keys("/home/name/.ssh/mySpecificRsaKey")
user = 'admin'
pswd = 'SomePassword'
ssh_keypath = ".ssh/mySpecificSshHost"
REMOTE_SERVER_IP = "11.0.0.0"
client.set_missing_host_key_policy(paramiko.AutoAddPolicy())
client.connect(hostname=str(REMOTE_SERVER_IP), username=user,
key_filename=ssh_keypath)
This is what I find in the paramiko log file
INFO:paramiko.hostkeys:Not enough fields found in known_hosts in line 26 ('xPuIyxnS2aQoUvDVyCtJEJ47P6nH8su/bDGj6hrS1GBOFYLrCu4LBQ==')
INFO:paramiko.hostkeys:Unable to handle key of type RSA
I have read that paramiko supports the rsa and also those algorithms, so I do not understand why the connect command is just hanging there. The error trace triggered by a keyboardInterrupt is
File "/tmp/ipykernel_202149/1488139442.py", line 36, in <module>
client.connect(hostname=str(REMOTE_SERVER_IP), username =str(user),
File "/home/david/miniconda3/lib/python3.9/site-packages/paramiko/client.py", line 358, in connect
retry_on_signal(lambda: sock.connect(addr))
File "/home/david/miniconda3/lib/python3.9/site-packages/paramiko/util.py", line 279, in retry_on_signal
return function()
File "/home/david/miniconda3/lib/python3.9/site-packages/paramiko/client.py", line 358, in <lambda>
retry_on_signal(lambda: sock.connect(addr))
Answers:
The -J switch of OpenSSH ssh is for jump host. It has nothing to do with any key.
For implementing a jump host in Paramiko, see:
Nested SSH using Python Paramiko
Obligatory warning: Do not use AutoAddPolicy this way – You are losing a protection against MITM attacks by doing so. For a correct solution, see Paramiko "Unknown Server".
I am trying to translate this ssh this command to Python using the paramiko library.
sshpass -p SomePassword ssh -J specificSshHost [email protected]
-oHostKeyAlgorithms=+ssh-rsa
-oKexAlgorithms=+diffie-hellman-group1-sha1
-o "StrictHostKeyChecking no"
Where specificSshHost points to this file in .ssh/config as follows
Host specificSshHost
User admin
IdentityFile ~/.ssh/mySpecificRsaKey
What I have so far
import paramiko
import os
client = paramiko.SSHClient()
client.load_host_keys("/home/name/.ssh/mySpecificRsaKey")
user = 'admin'
pswd = 'SomePassword'
ssh_keypath = ".ssh/mySpecificSshHost"
REMOTE_SERVER_IP = "11.0.0.0"
client.set_missing_host_key_policy(paramiko.AutoAddPolicy())
client.connect(hostname=str(REMOTE_SERVER_IP), username=user,
key_filename=ssh_keypath)
This is what I find in the paramiko log file
INFO:paramiko.hostkeys:Not enough fields found in known_hosts in line 26 ('xPuIyxnS2aQoUvDVyCtJEJ47P6nH8su/bDGj6hrS1GBOFYLrCu4LBQ==')
INFO:paramiko.hostkeys:Unable to handle key of type RSA
I have read that paramiko supports the rsa and also those algorithms, so I do not understand why the connect command is just hanging there. The error trace triggered by a keyboardInterrupt is
File "/tmp/ipykernel_202149/1488139442.py", line 36, in <module>
client.connect(hostname=str(REMOTE_SERVER_IP), username =str(user),
File "/home/david/miniconda3/lib/python3.9/site-packages/paramiko/client.py", line 358, in connect
retry_on_signal(lambda: sock.connect(addr))
File "/home/david/miniconda3/lib/python3.9/site-packages/paramiko/util.py", line 279, in retry_on_signal
return function()
File "/home/david/miniconda3/lib/python3.9/site-packages/paramiko/client.py", line 358, in <lambda>
retry_on_signal(lambda: sock.connect(addr))
The -J switch of OpenSSH ssh is for jump host. It has nothing to do with any key.
For implementing a jump host in Paramiko, see:
Nested SSH using Python Paramiko
Obligatory warning: Do not use AutoAddPolicy this way – You are losing a protection against MITM attacks by doing so. For a correct solution, see Paramiko "Unknown Server".