ssh_support: Use native Paramiko API for Proxy

This uses the native paramiko API for proxycommands instead of invoking OpenSSH on the host after connecting to it since that gives race conditons with Paramiko.
author: Sander Vrijders <sander.vrijders@ugent.be> 2017-10-24 18:08:44 +0200
committer: Sander Vrijders <sander.vrijders@ugent.be> 2017-10-24 18:08:44 +0200
commit: d91a601494ba14172b6c239aa6c28e6256c62ca7 (patch)
tree: 2d14bc314dc10ea4e0b865305187357f0e0fefd4 /rumba/ssh_support.py
parent: c09a71b756ab3208ac02a006f9a4d54792b803b5 (diff)
download: rumba-d91a601494ba14172b6c239aa6c28e6256c62ca7.tar.gz
rumba-d91a601494ba14172b6c239aa6c28e6256c62ca7.zip
1 files changed, 27 insertions, 30 deletions
diff --git a/rumba/ssh_support.py b/rumba/ssh_support.py
index 8ceee55..eff837d 100644
--- a/rumba/ssh_support.py
+++ b/rumba/ssh_support.py
@@ -57,16 +57,30 @@ def _print_stream(stream):
                 logger.debug(oi)
         return o.rstrip()
 
-def ssh_connect(ssh_client, hostname, port, username, password, time_out,
-                proxy):
+def ssh_connect(hostname, port, username, password, time_out, proxy_server):
     retry = 0
     max_retries = 10
     while retry < max_retries:
         time.sleep(retry * 5)
+
         try:
+            if proxy_server is not None:
+                proxy_client = get_ssh_client()
+                # Assume port 22 for the proxy server for now
+                proxy_client.connect(proxy_server, 22, username, password,
+                                     look_for_keys=True, timeout=time_out)
+
+                trans = proxy_client.get_transport()
+                proxy = trans.open_channel('direct-tcpip',
+                                           (hostname, port), ('127.0.0.1', 0))
+            else:
+                proxy = None
+
+            ssh_client = get_ssh_client()
+
             ssh_client.connect(hostname, port, username, password,
                                look_for_keys=True, timeout=time_out, sock=proxy)
-            return
+            return ssh_client
         except (paramiko.ssh_exception.SSHException, EOFError):
             retry += 1
             logger.error('Failed to connect to host, retrying: ' +
@@ -76,7 +90,7 @@ def ssh_connect(ssh_client, hostname, port, username, password, time_out,
             logger.error(hostname + ' has a mismatching entry in ' +
                          '~/.ssh/known_hosts')
             logger.error('If you are sure this is not a man in the ' +
-                         'middle attack, edit that file to remove the' +
+                         'middle attack, edit that file to remove the ' +
                          'entry and then hit return to try again.')
             input('Hit Enter when ready')
     if retry == max_retries:
@@ -139,15 +153,10 @@ def execute_commands(testbed, ssh_config, commands, time_out=3):
     no result received in given number of seconds, the value None can
     be used when no timeout is needed
     """
-    if ssh_config.proxy_command is not None:
-        proxy = paramiko.ProxyCommand(ssh_config.proxy_command)
-    else:
-        proxy = None
-
-    ssh_client = get_ssh_client()
 
-    ssh_connect(ssh_client, ssh_config.hostname, ssh_config.port,
-                testbed.username, testbed.password, time_out, proxy)
+    ssh_client = ssh_connect(ssh_config.hostname, ssh_config.port,
+                             testbed.username, testbed.password, time_out,
+                             ssh_config.proxy_server)
 
     o = ""
     for command in commands:
@@ -200,15 +209,10 @@ def write_text_to_file(testbed, ssh_config, text, file_name):
     @param text: string to be written in file
     @param file_name: file name (including full path) on the host
     """
-    ssh_client = get_ssh_client()
 
-    if ssh_config.proxy_command is not None:
-        proxy = paramiko.ProxyCommand(ssh_config.proxy_command)
-    else:
-        proxy = None
-
-    ssh_connect(ssh_client, ssh_config.hostname, ssh_config.port,
-                testbed.username, testbed.password, None, proxy)
+    ssh_client = ssh_connect(ssh_config.hostname, ssh_config.port,
+                             testbed.username, testbed.password, None,
+                             ssh_config.proxy_server)
 
     cmd = "touch " + file_name + "; chmod a+rwx " + file_name
 
@@ -238,19 +242,12 @@ def copy_files_to_testbed(testbed, ssh_config, paths, destination):
     @param paths: source paths (local) as an iterable
     @param destination: destination folder name (remote)
     """
-    ssh_client = get_ssh_client()
-
-    if ssh_config.proxy_command is not None:
-        proxy = paramiko.ProxyCommand(ssh_config.proxy_command)
-    else:
-        proxy = None
-
     if destination is not '' and not destination.endswith('/'):
         destination = destination + '/'
 
-
-    ssh_connect(ssh_client, ssh_config.hostname, ssh_config.port,
-                testbed.username, testbed.password, None, proxy)
+    ssh_client = ssh_connect(ssh_config.hostname, ssh_config.port,
+                             testbed.username, testbed.password, None,
+                             ssh_config.proxy_server)
 
     try:
         sftp_client = ssh_client.open_sftp()
author	Sander Vrijders <sander.vrijders@ugent.be>	2017-10-24 18:08:44 +0200
committer	Sander Vrijders <sander.vrijders@ugent.be>	2017-10-24 18:08:44 +0200
commit	d91a601494ba14172b6c239aa6c28e6256c62ca7 (patch)
tree	2d14bc314dc10ea4e0b865305187357f0e0fefd4 /rumba/ssh_support.py
parent	c09a71b756ab3208ac02a006f9a4d54792b803b5 (diff)
download	rumba-d91a601494ba14172b6c239aa6c28e6256c62ca7.tar.gz rumba-d91a601494ba14172b6c239aa6c28e6256c62ca7.zip