search

pahaz / sshtunnel

SSH tunnels to remote server.
MIT License
1.23k stars 184 forks source link

SSH fails if keys are used #226

Open petasis opened 3 years ago

petasis commented 3 years ago

Hi all,

For some reason, ssh tunnels that used to work, stopped working. (I have updated the server to Fedora 33, but is this a reason for ssh connections failure?).

sshtunnel works if I use a password:

tunnel = SSHTunnelForwarder(
    ssh_address="socialwebobservatory",
    ssh_port=222,
    ssh_username="user",
    ssh_password="pass",
    #ssh_private_key="/home/user/.ssh/id_rsa",
    remote_bind_address=('127.0.0.1', 9200),
    compression=True,
    logger=create_logger(loglevel=1)
)

Gives the following log:

2021-01-14 12:21:49,464| INF | MainThrea/1060@sshtunnel | 0 keys loaded from agent
2021-01-14 12:21:49,467| DEB | MainThrea/1309@sshtunnel | Private key file (/home/user/.ssh/id_rsa, <class 'paramiko.rsakey.RSAKey'>) successfully loaded
2021-01-14 12:21:49,467| INF | MainThrea/1117@sshtunnel | 1 key(s) loaded
2021-01-14 12:21:49,467| INF | MainThrea/0978@sshtunnel | Connecting to gateway: socialwebobservatory as user 'user'
2021-01-14 12:21:49,467| DEB | MainThrea/0983@sshtunnel | Concurrent connections allowed: True
2021-01-14 12:21:49,468| DEB | MainThrea/1400@sshtunnel | Trying to log in with key: b'6f8dd558d86b3df310b1d787d0dc54bc'
2021-01-14 12:21:49,469| DEB | MainThrea/1204@sshtunnel | Transport socket info: (<AddressFamily.AF_INET: 2>, <SocketKind.SOCK_STREAM: 1>, 0), timeout=0.1
2021-01-14 12:21:49,498| DEB | MainThrea/1410@sshtunnel | Authentication error
2021-01-14 12:21:49,498| WAR | MainThrea/1450@sshtunnel | Tunnels are not started. Please .start() first!
2021-01-14 12:21:49,498| INF | MainThrea/1474@sshtunnel | Closing ssh transport
2021-01-14 12:21:49,498| DEB | MainThrea/1477@sshtunnel | Transport is closed
2021-01-14 12:21:49,498| DEB | MainThrea/1414@sshtunnel | Trying to log in with password: **********************************
2021-01-14 12:21:49,499| DEB | MainThrea/1204@sshtunnel | Transport socket info: (<AddressFamily.AF_INET: 2>, <SocketKind.SOCK_STREAM: 1>, 0), timeout=0.1
2021-01-14 12:21:49,532| INF | Srv-34429/1433@sshtunnel | Opening tunnel: 0.0.0.0:34429 <> 127.0.0.1:9200
2021-01-14 12:21:49,533| INF | MainThrea/1374@sshtunnel | Closing all open connections...
2021-01-14 12:21:49,533| DEB | MainThrea/1378@sshtunnel | Listening tunnels: 0.0.0.0:34429
2021-01-14 12:21:49,533| WAR | MainThrea/1450@sshtunnel | Server is not started. Please .start() first!

However, if I use the key, it does not work:

tunnel = SSHTunnelForwarder(
    ssh_address="socialwebobservatory",
    ssh_port=222,
    ssh_username="user",
    #ssh_password="pass",
    ssh_private_key="/home/user/.ssh/id_rsa",
    remote_bind_address=('127.0.0.1', 9200),
    compression=True,
    logger=create_logger(loglevel=1)
)

Gives the following log:

2021-01-14 12:25:52,253| INF | MainThrea/1060@sshtunnel | 0 keys loaded from agent
2021-01-14 12:25:52,256| DEB | MainThrea/1309@sshtunnel | Private key file (/home/user/.ssh/id_rsa, <class 'paramiko.rsakey.RSAKey'>) successfully loaded
2021-01-14 12:25:52,256| INF | MainThrea/1117@sshtunnel | 1 key(s) loaded
2021-01-14 12:25:52,259| DEB | MainThrea/1309@sshtunnel | Private key file (/home/user/.ssh/id_rsa, <class 'paramiko.rsakey.RSAKey'>) successfully loaded
2021-01-14 12:25:52,259| INF | MainThrea/0978@sshtunnel | Connecting to gateway: socialwebobservatory as user 'user'
2021-01-14 12:25:52,259| DEB | MainThrea/0983@sshtunnel | Concurrent connections allowed: True
2021-01-14 12:25:52,259| DEB | MainThrea/1400@sshtunnel | Trying to log in with key: b'6f8dd558d86b3df310b1d787d0dc54bc'
2021-01-14 12:25:52,260| DEB | MainThrea/1204@sshtunnel | Transport socket info: (<AddressFamily.AF_INET: 2>, <SocketKind.SOCK_STREAM: 1>, 0), timeout=0.1
2021-01-14 12:25:52,287| DEB | MainThrea/1410@sshtunnel | Authentication error
2021-01-14 12:25:52,287| WAR | MainThrea/1450@sshtunnel | Tunnels are not started. Please .start() first!
2021-01-14 12:25:52,287| INF | MainThrea/1474@sshtunnel | Closing ssh transport
2021-01-14 12:25:52,287| DEB | MainThrea/1477@sshtunnel | Transport is closed
2021-01-14 12:25:52,287| DEB | MainThrea/1400@sshtunnel | Trying to log in with key: b'6f8dd558d86b3df310b1d787d0dc54bc'
2021-01-14 12:25:52,288| DEB | MainThrea/1204@sshtunnel | Transport socket info: (<AddressFamily.AF_INET: 2>, <SocketKind.SOCK_STREAM: 1>, 0), timeout=0.1
2021-01-14 12:25:52,360| DEB | MainThrea/1410@sshtunnel | Authentication error
2021-01-14 12:25:52,361| WAR | MainThrea/1450@sshtunnel | Tunnels are not started. Please .start() first!
2021-01-14 12:25:52,361| INF | MainThrea/1474@sshtunnel | Closing ssh transport
2021-01-14 12:25:52,361| DEB | MainThrea/1477@sshtunnel | Transport is closed
2021-01-14 12:25:52,361| ERR | MainThrea/1427@sshtunnel | Could not open connection to gateway
Traceback (most recent call last):
  File "/opt/Intellitech/projects/mypythonpackages/test_swo_tunnel.py", line 1, in <module>
    from ellogon import esclient_swo
  File "/opt/Intellitech/projects/mypythonpackages/ellogon/ellogon/esclient_swo.py", line 17, in <module>
    tunnel.start()
  File "/home/user/.local/lib/python3.9/site-packages/sshtunnel.py", line 1331, in start
    self._raise(BaseSSHTunnelForwarderError,
  File "/home/user/.local/lib/python3.9/site-packages/sshtunnel.py", line 1174, in _raise
    raise exception(reason)
sshtunnel.BaseSSHTunnelForwarderError: Could not establish session to SSH gateway

Of course, if I use ssh to login, the key works.

Any ideas?

pahaz commented 3 years ago

It looks like a bug. Thanks!

I can propose a little trick for your case. Try:

...
tunnel = SSHTunnelForwarder(
    ssh_address="socialwebobservatory",
    ssh_port=222,
    ssh_username="user",
    ssh_password="pass",
    #ssh_private_key="/home/user/.ssh/id_rsa",
    remote_bind_address=('127.0.0.1', 9200),
    compression=True,
    logger=create_logger(loglevel=1)
)
tunnel.ssh_pkeys = []  # DIRTY HACK!! Change it in future!
...
sroertgen commented 3 years ago

the hack is not working for me.

tlagore commented 2 years ago

It looks like a bug. Thanks!

I can propose a little trick for your case. Try:

...
tunnel = SSHTunnelForwarder(
    ssh_address="socialwebobservatory",
    ssh_port=222,
    ssh_username="user",
    ssh_password="pass",
    #ssh_private_key="/home/user/.ssh/id_rsa",
    remote_bind_address=('127.0.0.1', 9200),
    compression=True,
    logger=create_logger(loglevel=1)
)
tunnel.ssh_pkeys = []  # DIRTY HACK!! Change it in future!
...

This hack is not working for me. Still tries to use the pkey even when I just want to connect with user/password

shariqueakbare commented 2 years ago

use paramiko 2.7.2 to solve it when you are using ssh tunnel with ssh key instead of password

CryptokidFH commented 1 year ago

None of the other solutions worked for me, however specifying host_pkey_directories finally got the error to stop showing up. Even though my ssh_pkey property pointed to a valid file with path, without also specifying the folder, it will fall back to checking the id_rsa, even if you are successfully using a key with no password already, like I was.

aditya-krish commented 1 year ago

None of the other solutions worked for me, however specifying host_pkey_directories finally got the error to stop showing up. Even though my ssh_pkey property pointed to a valid file with path, without also specifying the folder, it will fall back to checking the id_rsa, even if you are successfully using a key with no password already, like I was.

This worked for me as well. 🎩