Proxycommand in paramiko

Question

I'm trying to do a simple proxycommand using paramiko in python.

Basically I'm trying to replicate the behaviour of this ssh command:

ssh -i ~/.ssh/destination_key [email protected] -o 'ProxyCommand ssh -i ~/.ssh/jumpbox_key -W %h:%p [email protected]'

The above works as expected amd connects to destination.test.internal. I'm trying to do the same thing in python with the following on the same box:

#!/usr/bin/python3
import paramiko
import argparse

addresses = ["destination.test.internal"];

ssh = paramiko.SSHClient()
ssh.load_system_host_keys()
ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())

proxy = paramiko.ProxyCommand("ssh -i ~/.ssh/jumpbox_key -W %h:%p [email protected]")

for address in addresses:
    #Connect over ssh to each server
    try:
        ssh.connect(address , username='user', key_filename="~/.ssh/destination_key", sock = proxy )       
    except paramiko.AuthenticationException:
        print ("Authentication Failed")
    except paramiko.SSHException:
        print ("Connection Failed")


    stdin,stdout,stderr = ssh.exec_command('ls -l')
    print (stdout.readlines())

    ssh.close()

Needless to say this isn't working. It's failing with:

Traceback (most recent call last):
Exception: Error reading SSH protocol banner
  File "/usr/local/lib/python3.5/dist-packages/paramiko/transport.py", line 1893, in _check_banner
    buf = self.packetizer.readline(timeout)
  File "/usr/local/lib/python3.5/dist-packages/paramiko/packet.py", line 331, in readline
    buf += self._read_timeout(timeout)
  File "/usr/local/lib/python3.5/dist-packages/paramiko/packet.py", line 501, in _read_timeout
    raise socket.timeout()
socket.timeout

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/usr/local/lib/python3.5/dist-packages/paramiko/transport.py", line 1749, in run
    self._check_banner()
  File "/usr/local/lib/python3.5/dist-packages/paramiko/transport.py", line 1897, in _check_banner
    raise SSHException('Error reading SSH protocol banner' + str(e))
paramiko.ssh_exception.SSHException: Error reading SSH protocol banner

Connection Failed
Traceback (most recent call last):
  File "./log_file_fix.py", line 31, in <module>
    stdin,stdout,stderr = ssh.exec_command('ls -l')
  File "/usr/local/lib/python3.5/dist-packages/paramiko/client.py", line 436, in exec_command
    chan = self._transport.open_session(timeout=timeout)
  File "/usr/local/lib/python3.5/dist-packages/paramiko/transport.py", line 716, in open_session
    timeout=timeout)
  File "/usr/local/lib/python3.5/dist-packages/paramiko/transport.py", line 800, in open_channel
    raise SSHException('SSH session not active')
paramiko.ssh_exception.SSHException: SSH session not active

However I'm not sure where I'm going wrong.

Answer 1

Instead of %h:%p, Specify host and port inside paramiko.ProxyCommand()

proxy = paramiko.ProxyCommand("ssh -i ~/.ssh/jumpbox_key -W DESTINATION_HOST_ADDRESS:22 [email protected]")

You have to change your code like below:

#!/usr/bin/python3
import paramiko
import argparse

addresses = ["destination.test.internal"];

ssh = paramiko.SSHClient()
ssh.load_system_host_keys()
ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())
  
for address in addresses:
    proxy_jump_command='ssh -i ~/.ssh/jumpbox_key -W {HOST}:{PORT} [email protected]'.format(HOST=address, PORT=22)
    proxy = paramiko.ProxyCommand(proxy_jump_command)
    #Connect over ssh to each server
    try:
        ssh.connect(address , username='user', key_filename="~/.ssh/destination_key", sock = proxy )       
    except paramiko.AuthenticationException:
        print ("Authentication Failed")
    except paramiko.SSHException:
        print ("Connection Failed")


    stdin,stdout,stderr = ssh.exec_command('ls -l')
    print (stdout.readlines())

    ssh.close()