试想在如下环境中:你可以访问一台在内网中的SSH服务器,同时,你还想访问在同一个网段中的Web服务器。你不能直接访问Web服务器,但是SSH服务器可以访问Web服务器,而且这个SSH服务器上没有安装你想要使用的工具。
我们可以利用Python创建一个转发的SSH隧道来实现这些功能,具体详情参见如下代码:
# -*- coding:UTF-8 -*-
'''
文件可将SSH服务端打开的某个端口的数据流量导向到指定的另一台服务器的端口上
例如:打开命令行输入以下代码:
rforward.py 192.168.209.121 -p 8080 -r 192.168.209.122:80 --user root --password
输入ssh密码后,控制台打印如下:
----------------------------控制台内容开始----------------------------------------
D:\Workspaces\python27\py_hacker\com\lyz\chapter2>rforward.py 192.168.209.121 -p 8080 -r 192.168.209.122:80 --user root --password
Enter SSH password:
Connecting to ssh host 192.168.209.121 ...
D:\Program Files\Python27\lib\site-packages\paramiko\client.py:779: UserWarning: Unknown ssh-rsa host key for 192.168.209.121: 3bc514e5b8ad5377141030149ea79649
key.get_name(), hostname, hexlify(key.get_fingerprint()),
Now forwarding remote port 8080 to 192.168.209.122:80 ...
----------------------------控制台内容结束----------------------------------------
说明程序已经启动成功。
rforward.py 192.168.209.121 -p 8080 -r 192.168.209.122:80 --user root --password的作用是:
将访问192.168.209.121:8080的数据流量通过SSH隧道导向到192.168.209.122:80上,也就是说,打开浏览器访问:8080会通过SSH隧道导向到:80上。
这样,只要我们能够访问:8080,不能直接访问:80,通过这种方式,我们也能够访问:80了
Created on 2017年12月19日
@author: liuyazhuang
'''
import getpass
import os
import socket
import select
import sys
import threading
from optparse import OptionParser
import paramiko
SSH_PORT = 22
DEFAULT_PORT = 4000
g_verbose = True
def handler(chan, host, port):
sock = socket.socket()
try:
sock.connect((host, port))
except Exception as e:
verbose('Forwarding request to %s:%d failed: %r' % (host, port, e))
return
verbose('Connected! Tunnel open %r -> %r -> %r' % (chan.origin_addr,
chan.getpeername(), (host, port)))
while True:
r, w, x = select.select([sock, chan], [], [])
if sock in r:
data = sock.recv(1024)
if len(data) == 0:
break
chan.send(data)
if chan in r:
data = chan.recv(1024)
if len(data) == 0:
break
sock.send(data)
chan.close()
sock.close()
verbose('Tunnel closed from %r' % (chan.origin_addr,))
def reverse_forward_tunnel(server_port, remote_host, remote_port, transport):
transport.request_port_forward('', server_port)
while True:
chan = transport.accept(1000)
if chan is None:
continue
thr = threading.Thread(target=handler, args=(chan, remote_host, remote_port))
thr.setDaemon(True)
thr.start()
def verbose(s):
if g_verbose:
print(s)
HELP = """\
Set up a reverse forwarding tunnel across an SSH server, using paramiko. A
port on the SSH server (given with -p) is forwarded across an SSH session
back to the local machine, and out to a remote site reachable from this
network. This is similar to the openssh -R option.
"""
def get_host_port(spec, default_port):
"parse 'hostname:22' into a host and port, with the port optional"
args = (spec.split(':', 1) + [default_port])[:2]
args[1] = int(args[1])
return args[0], args[1]