SSHScript v2.0 Make Connections

Last Updated on 2023/11/07

Back to Index

Topics

• Connect by Password
• Connect by SSH Key
• Connect by ProxyCommand
• Nested Connection

🔵 Connect by Password

The common approach to connect is to connect by account and password. For example:

## filename: example.spy
## run: sshscript example.spy
with $.connect('user@host','1234') as host_session:
    $hostname
    assert $.stdout.strip() == 'host'

Or with sshscript module:

## filename: example.py
## run: python3 example.py
import sshscript
session = sshscript.SSHScriptSession()
with session.connect('user@host','1234') as host_session:
    host_session('hostname')
    assert host_session.stdout.strip() == 'host'

🔵 Connect by SSH Key

The recommended approach to connect to remote servers is to use SSH keys, which offer a more secure and convenient alternative to passwords. SSH keys are generated using the ssh-keygen command, which creates a pair of public and private keys. The public key is stored on the remote server, while the private key is kept secret on the client machine.

## You can tell Paramiko which key to use
with $.connect('user@host',pkey=$.pkey('/path/to/key')) as host_session:
    $hostname
    assert $.stdout.strip() == 'host'

## Without password and pkey, Paramiko would serch default path for SSH key
## Which usually is "~/.ssh/id_rsa"
with $.connect('user@host') as host_session:
    pass

🔵 Connect by ProxyCommand

Keyword arguments passed to connect(), except for “policy”, are passed through to paramiko.SSHClient().connect(). This means you can use any keyword arguments that are supported by paramiko.SSHClient().connect(), such as “proxyCommand”.

Here is an example of how to use the proxyCommand keyword argument to connect to a remote server through a proxy:

with $.connect('user@host',proxyCommand='openssl s_client -ign_eof -connect 1.2.3.4:5555 -quiet') :
    $hostname
    assert $.stdout.strip() == 'host'

🔵 Nested Connections

Connecting from a bridge host to a protected host is straightforward.

with $.connect('user@bridge','1234') as host_session:
    with $.connect('user@database','1234') as inner_host_session:
        inner_host_session('hostname')
        assert inner_host_session.stdout.strip() == 'database'

By nesting connections, you can establish deeper levels of connection.

Important note: When making a nested connection, the hostname must be resolvable by the host in the middle. For instance, in the following example:

with $.connect('user@bridge','1234') as host_session:
    with $.connect('user@database','1234') as inner_host_session:
        with $.connect('user@accounts','1234') as inner_inner_host_session:
            pass

• The hostname “bridge” is resolvable by localhost.
• The hostname “database” should be resolvable by the “bridge” host.
• The hostname “accounts” should be resolvable by the “database” host.

By default, Paramiko searches for SSH keys on localhost. In the following example, when connecting to the “database” host, Paramiko will use the SSH key on localhost:

## using the ssh key on localhost
with $.connect('user@bridge') as host_session:
    ## still using the ssh key on localhost
    with $.connect('user@database') as inner_host_session:
        ## still using the ssh key on localhost
        with $.connect('user@accounts') as inner_inner_host_session:
            pass

To use the SSH key on the “bridge” host, you need to explicitly specify it using the $.pkey() function. For example:

with $.connect('user@bridge') as host_session:
    ## "/home/user/.ssh/id_rsa" is on the "bridge" host
    pkey = $.pkey('/home/user/.ssh/id_rsa')
    with $.connect('user@database',pkey=pkey) as inner_host_session:
        ## "/home/user/.ssh/id_rsa" is on the "database" host
        pkey = $.pkey('/home/user/.ssh/id_rsa')
        with $.connect('user@accounts',pkey=pkey) as inner_inner_host_session:
            pass

The following code accomplishes the same task but utilizes the sshscript module:

import sshscript
session = sshscript.SSHScriptSession()
with session.connect('user@bridge') as bridge_session:
    ## "/home/user/.ssh/id_rsa" is on the "bridge" host
    pkey = bridge_session.pkey('/home/user/.ssh/id_rsa')
    with bridge_session.connect('user@database',pkey=pkey) as database_host_session:
        ## "/home/user/.ssh/id_rsa" is on the "database" host
        pkey = database_host_session.pkey('/home/user/.ssh/id_rsa')
        with database_host_session.connect('user@accounts',pkey=pkey) as accounts_host_session:
            pass