快捷導(dǎo)航

Python實現(xiàn)堡壘機模式下遠程命令執(zhí)行操作示例

更新時間：2019年05月09日 14:20:13 作者：cakincqm

這篇文章主要介紹了Python實現(xiàn)堡壘機模式下遠程命令執(zhí)行操作,結(jié)合實例形式分析了Python堡壘機模式執(zhí)行遠程命令的原理與相關(guān)操作技巧,需要的朋友可以參考下

本文實例講述了Python實現(xiàn)堡壘機模式下遠程命令執(zhí)行操作。分享給大家供大家參考，具體如下：

一點睛

堡壘機環(huán)境在一定程度上提升了運營安全級別，但同時也提高了日常運營成本，作為管理的中轉(zhuǎn)設(shè)備，任何針對業(yè)務(wù)服務(wù)器的管理請求都會經(jīng)過此節(jié)點，比如SSH協(xié)議，首先運維人員在辦公電腦通過SSH協(xié)議登錄堡壘機，再通過堡壘機SSH跳轉(zhuǎn)到所有的業(yè)務(wù)服務(wù)器進行維護操作。

我們可以利用paramiko的invoke_shell機制來實現(xiàn)通過堡壘機實現(xiàn)服務(wù)器操作，原理是SSHClient.connect到堡壘機后開啟一個新的SSH會話（session），通過新的會話運行“ssh user@IP”去實現(xiàn)遠程執(zhí)行命令的操作。

二代碼

#coding=utf-8
#!/usr/bin/env python
import paramiko
import os,sys,time
hostname="192.168.0.120"      # 定義業(yè)務(wù)服務(wù)器
username="root"
password="123456"
blip="192.168.0.101"        # 定義業(yè)務(wù)堡壘機
bluser="root"
blpasswd="123456"
port=22
passinfo='\'s password: '      # 輸入服務(wù)器密碼的前標志串
paramiko.util.log_to_file('syslogin.log')
ssh=paramiko.SSHClient()      # ssh登錄堡壘機
ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())
ssh.connect(hostname=blip,username=bluser,password=blpasswd)
#new session
channel=ssh.invoke_shell()     # 創(chuàng)建會話，開啟命令調(diào)用
channel.settimeout(10)       # 會話命令執(zhí)行超時時間，單位為秒
buff = ''
resp = ''
channel.send('ssh '+username+'@'+hostname+'\n')    # 執(zhí)行ssh登錄業(yè)務(wù)主機
while not buff.endswith(passinfo):           # ssh登錄的提示信息判斷，輸出串尾含有"\'s password："時退出while循環(huán)
  try:
    resp = channel.recv(9999)
  except Exception,e:
    print 'Error info:%s connection time.' % (str(e))
    channel.close()
    ssh.close()
    sys.exit()
  buff += resp
  if not buff.find('yes/no')==-1:          # 輸出串尾含有"yes/no"時發(fā)送"yes"并回車
    channel.send('yes\n')
print(buff)
print("*************************************************************************************")
channel.send(password+'\n')              # 發(fā)送業(yè)務(wù)主機密碼
buff=''
while not buff.endswith('# '):             # 輸出串尾為"# "時說明校驗通過并退出while循環(huán)
  resp = channel.recv(9999)
  if not resp.find(passinfo)==-1:          # 輸出串尾含有"\'s password： "時說明 密碼不正確,要求重新輸入
    print 'Error info: Authentication failed.'
    channel.close()                # 關(guān)閉連接對象后退出
    ssh.close()
    sys.exit()
  buff += resp
channel.send('ifconfig\n')               # 認證通過后發(fā)送ifconfig命令來查看結(jié)果
buff=''
try:
  while buff.find('# ')==-1:
    resp = channel.recv(9999)
    buff += resp
except Exception, e:
  print "error info:"+str(e)
print buff                       # 打印輸出串
channel.close()
ssh.close()

三輸出結(jié)果

E:\Python\python_auto_maintain\venv\Scripts\python.exe E:/Python/python_auto_maintain/6_3_2.py
Last login: Thu Feb 28 22:00:07 2019 from 192.168.0.106
hello cakin24!
ssh root@192.168.0.120
[root@slave2 ~]# ssh root@192.168.0.120
root@192.168.0.120's password:
*************************************************************************************
ifconfig
enp0s3: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
        inet 192.168.0.120 netmask 255.255.255.0 broadcast 192.168.0.255
        inet6 fe80::a00:27ff:fe0a:6e8a prefixlen 64 scopeid 0x20<link>
        ether 08:00:27:0a:6e:8a txqueuelen 1000 (Ethernet)
        RX packets 2046 bytes 179711 (175.4 KiB)
        RX errors 0 dropped 0 overruns 0 frame 0
        TX packets 1408 bytes 148744 (145.2 KiB)
        TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
        inet 127.0.0.1 netmask 255.0.0.0
        inet6 ::1 prefixlen 128 scopeid 0x10<host>
        loop txqueuelen 1 (Local Loopback)
        RX packets 404117 bytes 68752333 (65.5 MiB)
        RX errors 0 dropped 0 overruns 0 frame 0
        TX packets 404117 bytes 68752333 (65.5 MiB)
        TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
qbr07d54630-64: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1450
        ether 42:76:47:57:b2:75 txqueuelen 1000 (Ethernet)
        RX packets 11 bytes 572 (572.0 B)
        RX errors 0 dropped 0 overruns 0 frame 0
        TX packets 0 bytes 0 (0.0 B)
        TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
qvb07d54630-64: flags=4419<UP,BROADCAST,RUNNING,PROMISC,MULTICAST> mtu 1450
        inet6 fe80::4076:47ff:fe57:b275 prefixlen 64 scopeid 0x20<link>
        ether 42:76:47:57:b2:75 txqueuelen 1000 (Ethernet)
        RX packets 12 bytes 816 (816.0 B)
        RX errors 0 dropped 0 overruns 0 frame 0
        TX packets 8 bytes 648 (648.0 B)
        TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
qvo07d54630-64: flags=4419<UP,BROADCAST,RUNNING,PROMISC,MULTICAST> mtu 1450
        inet6 fe80::dcbe:efff:feb7:5d52 prefixlen 64 scopeid 0x20<link>
        ether de:be:ef:b7:5d:52 txqueuelen 1000 (Ethernet)
        RX packets 8 bytes 648 (648.0 B)
        RX errors 0 dropped 0 overruns 0 frame 0
        TX packets 12 bytes 816 (816.0 B)
        TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
[root@localhost ~]#