The problem arises if for some reason, the remote PC where the DB resides, reboots. With this implementation I will later bring up a connection to the DB on localhost:localport ( localport being returned by fnc_ssh_tunnel()). LogPrint("SSH Tunnel Started to " + str(sshServer.tunnel_bindings), DEBUG_ID) ![]() You can download from here: .I have implemented a function to establish an ssh-tunnel in Python, so I can insert data in a DB behind a NAT (no port forwarding available). TunnelServer is based on Paramiko and Paramiko demos, so it’s released under GNU LGPL 2.1 (please refer to LICENSE file). This topic is very interesing and I’ve learnt very much about SSH, so if you are interested in this protocol, I advise you to work with paramiko and to look at RFC4254 ( Secure Shell Protocol) to understand darkest parts of the code. ![]() Server.py contains other parts, such as listening for SSH connections, but I invite you to read the code, I tried to comment it very much. TunnelServer needs the paramiko.Transport which manages the current connection.If you don’t like the port that you were asked for, you can’t change, you can only deny access. Port 0 means that the server will chose the port. For forwardings, you can’t know the original address, but only the one which you have to listen to.If you don’t do it, Python garbage collector will delete the channel and your session will suddenly close. You can change the “sorry, we have not shell access” by overriding the variable no_shell.Īll Paramiko abilities are kept: you can implement your own shell, or SFTP server etc… But please mind some things: You can allow or deny forwardings and direct connections by overriding two methods: check_forward_address and check_direct. As you can see you just have to check logins with check_auth_password or check_auth_publickey and tell your auth methods with get_allowed_auths and you have a SSH server which will accept logins, allow port forwarding and direct TCP connections, but won’t have an interactive shell. I’ve included a demo server in the archive ( server.py). That’s great, but sometimes unhandy, so I’ve written this class, which is a middleware: the class user still has to check login, but you don’t have to create threads to listen on forwards etc… It’s very transparent: it manages the packages for you, but you are the one who should manage the rest (login check, shell comunication, PTY allocation…, socket-ssh channel synchronization). ![]() ![]() Python already has a brilliant SSH library: Paramiko. If you have a server you probably already use SSH, therefore you don’t want to share your custom port and grant access to your server, or create accounts to allow it.Ī solution could be creating a chroot or something like that, but I wasn’t really confident in it, therefore I looked for an alternative SSH server, and I’ve come up with this library: TunnelServer. However there is a great disadvantage: the SSH server. They allow to bypass firewalls and NAT problems, and you can use as unprivileged user, since you don’t have to install virtual network devices such as TUN or TAP.Īnother good reason to chose SSH is that it is a standard protocol, so there are many implementations: OpenSSH on most Unices, PuTTY on Windows and cross platform libraries (Java, Python…).
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |