1. Scenario Description:
Host A |
Host B |
Host C |
10.13.170.76 |
172.28.117.156 (squid) |
10.95.113.131 |
Host a----> Host B (---> Host c), a 80 access host via B C131
2.Python Code;
Import paramikoimport socketimport loggingfrom base64 import b64encodeimport timelogging.basicconfig (loglevel=logging. DEBUG) Log = logging.getlogger ("squid") Def http_proxy (Proxy,target,auth=none, timeout=none) : sock = socket.socket (Socket.af_inet, socket. SOCK_STREAM) sock.settimeout (timeout) sock.connect (proxy) log.debug ("Connected") cmd_connect = "connect %s:%d http/1.1\r\n " % target if auth is not None: cmd_connect += " : basic %s\r\n" % b64encode ('%s:%s ' % auth) cmd_connect += "\ r \ n" log.debug ("--> %s" % str (cmd_connect)) sock.sendall (cmd_ ConnecT) response = [] sock.settimeout (2) try: # in worst case this loop will take 2 seconds if not response was received (sock.timeout) while True: &NBSP;&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;CHUNK&NBSP;=&NBSP;SOCK.RECV (1024x768) if not chunk: break response.append (Chunk) if "\r\n\r\n" in chunk: break except socket.error,se: if "Timed out" not in se: response = [se] response = ". Join ( Response) log.debug ("<-- %s" % str (response)) if "200 connection established" not in response.lower (): raise exception ("unable to establish http-tunnel: %s" % &NBSP;STR (response)) return sockif __name__ == "__main__": log.setlevel (logging. DEBUG) log.debug ("--start--") sock = http_proxy (proxy= ("172.28.117.157", 80), &NBSP;&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;&Nbsp; target= ("10.95.113.131", 22), auth= (' Germany ', ' Germany '), &NBSP;&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;TIMEOUT=50) ssh = paramiko. Sshclient () ssh.set_missing_host_key_policy (Paramiko. Autoaddpolicy ()) ssh.connect (hostname= "10.95.113.131", sock=sock, username= " Root ", password=" 123 ") # time.sleep (+) print " # > login users \n%s " % ssh.exec_command (" w ") [1].read ()
Run Result:
/system/library/frameworks/python.framework/versions/2.7/bin/python2.7 /users/germany/workspace/python2_ study/python_squid.pydebug:squid:--start--debug:squid:connecteddebug:squid:--> connect 10.95.113.131:22 http/1.1proxy-authorization: basic z2vybwfuetpnzxjtyw55debug:squid:<-- http/1.0 200 connection established#> login user 15:23:01 up 102 days, 7:57, 1 user, load average: 0.04, 0.09, 0.14user tty from [email protected] idle JCPU PCPU WHATroot pts/0 172.28.117.157 15:03 11:20 0.01s 0.01s -bashprocess finisheD with exit code 0
3. Summary:
Mainly in the generation of Paramiko in Connect connection required proxy sock, where the connection squid is the use of HTTP Tunnel,http tunnel have connect message, the socket in the corresponding message format can be connected with squid. Since squid is using basic auth it is necessary to use B64encode to encode the username and password.
This article is from the Linux OPS blog, so be sure to keep this source http://germanygu.blog.51cto.com/3574209/1952670
Python uses sockets for SSH jump