本篇文章主要介绍了"python 堡垒机续-----终端方式",主要涉及到方面的内容,对于系统运维感兴趣的同学可以参考一下:
第一步:环境准备
堡垒机服务器:192.168.1.1
后端服务器1:192.168.1.2
后端服务器2:192.168.1.3
堡垒机安装paramiko ...
第一步:环境准备
堡垒机服务器:192.168.1.1
后端服务器1:192.168.1.2
后端服务器2:192.168.1.3
堡垒机安装paramiko 版本:paramiko-1.16.0
堡垒机python版本:Python 2.7.7
第二步:编写menu.py文件,实现类似菜单功能
#!/usr/bin/env python
# encoding: utf-8
# @author: eddy
# @contact: 278298125@qq.com
# @site: http://my.oschina.net/eddylinux
# @file: menu.py
# @time: 2016-01-18 21:58
# @version: 1.0
import os
import sys
msg = '''
\033[42;1mWelcome using eddy's auditing system!\033[0m
'''
print msg
host_dict = {
'eddy1':'192.168.1.2',
'eddy2':'192.168.1.3',
}
while True:
for hostname, ip in host_dict.items():
print hostname,ip
try:
host = raw_input('Please choose one server to login:').strip()
if host == 'quit':
print 'Goodbye'
break
except KeyboardInterrupt:
continue
except EOFError:
continue
if len(host) == 0:
continue
if not host_dict.has_key(host):
print 'No host matched,try again'
continue
print '\033[32;1mGoing to connect \033[0m',host_dict[host]
os.system("python eddy_auditing.py %s" %host_dict[host])
第三步:编写核心功能代码
eddy_auditing.py
#!/usr/bin/env python
# encoding: utf-8
# @author: eddy
# @contact: 278298125@qq.com
# @site: http://my.oschina.net/eddylinux
# @file: menu.py
# @time: 2016-01-18 21:58
# @version: 1.0
import base64
from binascii import hexlify
import getpass
import os
import select
import socket
import sys
import time
import traceback
from paramiko.py3compat import input
import paramiko
try:
#导入interactive模块
import interactive
except ImportError:
from . import interactive
def agent_auth(transport, username):
agent = paramiko.Agent()
agent_keys = agent.get_keys()
if len(agent_keys) == 0:
return
#对key认证方式进行处理
for key in agent_keys:
print('Trying ssh-agent key %s' % hexlify(key.get_fingerprint()))
try:
transport.auth_publickey(username, key)
print('... success!')
return
except paramiko.SSHException:
print('... nope.')
#主机和用户名认证处理
def manual_auth(username, hostname):
default_auth = 'p'
auth = input('Auth by (p)assword, (r)sa key, or (d)ss key? [%s] ' % default_auth)
if len(auth) == 0:
auth = default_auth
#判断key是否是rsa
if auth == 'r':
default_path = os.path.join(os.environ['HOME'], '.ssh', 'id_rsa')
path = input('RSA key [%s]: ' % default_path)
if len(path) == 0:
path = default_path
try:
key = paramiko.RSAKey.from_private_key_file(path)
except paramiko.PasswordRequiredException:
password = getpass.getpass('RSA key password: ')
key = paramiko.RSAKey.from_private_key_file(path, password)
t.auth_publickey(username, key)
#判断key是否是dsa
elif auth == 'd':
default_path = os.path.join(os.environ['HOME'], '.ssh', 'id_dsa')
path = input('DSS key [%s]: ' % default_path)
if len(path) == 0:
path = default_path
try:
key = paramiko.DSSKey.from_private_key_file(path)
except paramiko.PasswordRequiredException:
password = getpass.getpass('DSS key password: ')
key = paramiko.DSSKey.from_private_key_file(path, password)
t.auth_publickey(username, key)
#用户名密码认证处理
else:
pw = getpass.getpass('Password for %s@%s: ' % (username, hostname))
t.auth_password(username, pw)
# 设置日志
paramiko.util.log_to_file('eddy.log')
#定义用户名
username = ''
if len(sys.argv) > 1:
hostname = sys.argv[1]
if hostname.find('@') >= 0:
username, hostname = hostname.split('@')
else:
hostname = input('Hostname: ')
if len(hostname) == 0:
print('*** Hostname required.')
sys.exit(1)
#定义端口
port = 6666
if hostname.find(':') >= 0:
hostname, portstr = hostname.split(':')
port = int(portstr)
#建立连接
try:
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
sock.connect((hostname, port))
except Exception as e:
print('*** Connect failed: ' + str(e))
traceback.print_exc()
sys.exit(1)
#使用paramiko进行登陆处理
try:
t = paramiko.Transport(sock)
try:
t.start_client()
except paramiko.SSHException:
print('*** SSH negotiation failed.')
sys.exit(1)
try:
keys = paramiko.util.load_host_keys(os.path.expanduser('~/.ssh/known_hosts'))
except IOError:
try:
keys = paramiko.util.load_host_keys(os.path.expanduser('~/ssh/known_hosts'))
except IOError:
print('*** Unable to open host keys file')
keys = {}
# 检查服务器密钥
key = t.get_remote_server_key()
if hostname not in keys:
print('*** WARNING: Unknown host key!')
elif key.get_name() not in keys[hostname]:
print('*** WARNING: Unknown host key!')
elif keys[hostname][key.get_name()] != key:
print('*** WARNING: Host key has changed!!!')
sys.exit(1)
else:
print('*** Host key OK.')
#获取用户名
if username == '':
default_username = getpass.getuser()
username = input('Username [%s]: ' % default_username)
if len(username) == 0:
username = default_username
agent_auth(t, username)
if not t.is_authenticated():
manual_auth(username, hostname)
if not t.is_authenticated():
print('*** Authentication failed. :(')
t.close()
sys.exit(1)
#新开一个连接
chan = t.open_session()
chan.get_pty()
chan.invoke_shell()
print('*** Here we go!\n')
interactive.interactive_shell(chan)
chan.close()
t.close()
except Exception as e:
print('*** Caught exception: ' + str(e.__class__) + ': ' + str(e))
traceback.print_exc()
try:
t.close()
except:
pass
sys.exit(1)
编写linux与windows处理方法
interactive.py
#!/usr/bin/env python
# encoding: utf-8
# @author: eddy
# @contact: 278298125@qq.com
# @site: http://my.oschina.net/eddylinux
# @file: menu.py
# @time: 2016-01-18 21:58
# @version: 1.0
import socket
import sys
from paramiko.py3compat import u
try:
import termios
import tty
has_termios = True
except ImportError:
has_termios = False
def interactive_shell(chan):
if has_termios:
posix_shell(chan)
else:
windows_shell(chan)
#linux处理方法
def posix_shell(chan):
import select
#获取原来的tty
oldtty = termios.tcgetattr(sys.stdin)
try:
#设置tty
tty.setraw(sys.stdin.fileno())
tty.setcbreak(sys.stdin.fileno())
chan.settimeout(0.0)
while True:
r, w, e = select.select([chan, sys.stdin], [], [])
if chan in r:
try:
x = u(chan.recv(1024))
if len(x) == 0:
sys.stdout.write('\r\n*** EOF\r\n')
break
sys.stdout.write(x)
sys.stdout.flush()
except socket.timeout:
pass
if sys.stdin in r:
x = sys.stdin.read(1)
if len(x) == 0:
break
chan.send(x)
finally:
#把修改的tty变回来
termios.tcsetattr(sys.stdin, termios.TCSADRAIN, oldtty)
#windows处理方法
def windows_shell(chan):
import threading
sys.stdout.write("Line-buffered terminal emulation. Press F6 or ^Z to send EOF.\r\n\r\n")
def writeall(sock):
while True:
data = sock.recv(256)
if not data:
sys.stdout.write('\r\n*** EOF ***\r\n\r\n')
sys.stdout.flush()
break
sys.stdout.write(data)
sys.stdout.flush()
writer = threading.Thread(target=writeall, args=(chan,))
writer.start()
try:
while True:
d = sys.stdin.read(1)
if not d:
break
chan.send(d)
except EOFError:
# user hit ^Z or F6
pass
另外在堡垒机上,在用户登录堡垒机的家目录下的bashrc文件中添加一下内容,例如eddy用户登录堡垒机就在eddy用户家目录下的.bashrc添加一下内容
/usr/bin/python /root/script/menu.py
exit
以防止在终端堡垒机程序之后终端会话留在堡垒机上
以上三步完成一个简单堡垒机功能
总共三个文件 menu.py eddy_auditing.py interactive.py
关系:menu.py 菜单文件
eddy_auditing.py 核心功能文件,会调用interactive.py
interactive.py 处理linux与windows方法验证:
这里为了测试方便我直接登陆本机测试
ssh root@127.0.0.1
输入密码之后,将不会出现常见的终端界面,会出现menu.py中定义的堡垒机菜单
选择相应主机,输入用户名和密码
这样也就登陆上后端主机,和以往操作没有什么太大变化
退出之后就不会在堡垒机上了,而是会中断与堡垒机的会话
这样一个简单、简易的堡垒机就算完成了
以上就介绍了python 堡垒机续-----终端方式,包括了方面的内容,希望对系统运维有兴趣的朋友有所帮助。
本文网址链接:http://www.codes51.com/article/detail_293368.html
