search

MarketSquare / SSHLibrary

Robot Framework test library for SSH and SFTP
http://marketsquare.github.io/SSHLibrary/
Other
158 stars 139 forks source link

open connection using socks proxy #328

Open sharkwsk opened 5 years ago

sharkwsk commented 5 years ago

I have setup a SOCKs proxy via another SSH session (outside the robotframework/SSH library). This tunnel is persistent.

I have added below configuration in the ssh config file

/root/.ssh/config

ProxyCommand /bin/nc -x 127.0.0.1:9876 %h %p

When I ssh from the terminal, I can see the SSH is tunnelled through the SOCKs proxy

However, when I use robot framework, it does not seem to tunnel through the proxy defined in the config file. Appreciate your help

sebastianciupinski commented 5 years ago

/root/.ssh/config is configuration file for linux ssh command. Robot Framework does not use ssh binary, it is based on paramiko python library.

So you need to create tunnel even if you have already did it on system level. How to do that?

Open  Connection       ${jump_host_ip}         alias=tunell
Login    @{login_parameters}            #or         Login With Public Key
Create Local Ssh Tunell           ${some_port}           ${destination_host_ip}
Open Connection              127.0.0.1             port=${some_port}      alias=connection_over_tunell
Login ...
Do some stuff
Close Connection         connection_over_tunell
Close Connection         tunell
sharkwsk commented 5 years ago

Ok, it will be hard to setup Individual local port forwarding if you have too many target machines, hence using a unified SOCKS proxy would be a good option. Is that possible with python SSH library ?

sebastianciupinski commented 5 years ago

I am connecting to about 400 machines this way, just by selecting random, not used TCP port each time. According to second part - I think you can look for paramiko proxycommand, e.g. here: https://www.programcreek.com/python/example/52881/paramiko.ProxyCommand and wrap it in RF keyword

sharkwsk commented 5 years ago

I can see that in the pythonclient.py file there is a function to read the ssh config file. Isn't it triggered before initiating SSH connection from python client ?

@staticmethod def _read_ssh_config_host(host): ssh_config_file = os.path.expanduser("~/.ssh/config") if os.path.exists(ssh_config_file): conf = paramiko.SSHConfig() with open(ssh_config_file) as f: conf.parse(f) return conf.lookup(host)['hostname'] if not None else host return host

sharkwsk commented 5 years ago

Some more info... I have below in my ssh config file Host server1 HostName 10.10.10.1 ProxyCommand /bin/nc -x 127.0.0.1:8888 %h %p

I have setup the SOCKS5 proxy and in the terminal if I do "ssh server1", I land on the actual server1 via the SOCK5 proxy. I can login

I modified the pythonclient.py file in /usr/local/lib/python2.7/dist-packages/SSHLibrary (refer to attached) based on my limited understanding and tried to run using robot command, however the SSH connection does not setup

pythonclient.txt

Below is the error I am getting when I run debug

20190809 00:56:25.122 - FAIL - timeout: timed out 20190809 00:56:25.123 - DEBUG - Traceback (most recent call last): File "/usr/local/lib/python2.7/dist-packages/SSHLibrary/library.py", line 881, in login return self._login(self.current.login, username, password, delay) File "/usr/local/lib/python2.7/dist-packages/SSHLibrary/library.py", line 932, in _login login_output = login_method(username, args) File "/usr/local/lib/python2.7/dist-packages/SSHLibrary/abstractclient.py", line 184, in login self._login(username, password, look_for_keys=look_for_keys) File "/usr/local/lib/python2.7/dist-packages/SSHLibrary/pythonclient.py", line 98, in _login timeout=float(self.config.timeout), sock=self.proxy) File "/usr/local/lib/python2.7/dist-packages/paramiko/client.py", line 349, in connect retry_on_signal(lambda: sock.connect(addr)) File "/usr/local/lib/python2.7/dist-packages/paramiko/util.py", line 280, in retry_on_signal return function() File "/usr/local/lib/python2.7/dist-packages/paramiko/client.py", line 349, in retry_on_signal(lambda: sock.connect(addr)) File "/usr/lib/python2.7/socket.py", line 228, in meth return getattr(self._sock,name)(args)

sharkwsk commented 5 years ago

Any hints from anyone

mihaiparvu commented 5 years ago

Do you think the PR https://github.com/robotframework/SSHLibrary/pull/265/ will help in this case? Basically, it enables the use of ProxyCommand when using Login keywords.

sharkwsk commented 5 years ago

I used attached changes and it worked OK for me with necessary updates to ssh config file

I will look into the other thread and see, Thank you pythonclient.txt

mihaiparvu commented 5 years ago

At the moment, SOCKS proxy cannot be supported by SSHLibrary, because it isn't implemented in paramiko (the Pythom package that SSHLibrary relies for everything related to ssh). Looks like there is an open issue on their GitHub tracker, but no clear indication on when it is going to be implemented.