I want to achieve something like ssh -J user@host1 user@host2
Both host1 and host2 only accept authentication via keyboard-interactive and not publickey, or the regular password authentication. The password for both hosts is the same. These are constraints I cannot change so no 'use ssh keys' answers please :)
I have played around with doing this in paramiko (see below), however I'm open to using other python modules to achieve this.
import paramiko
...
client1 = paramiko.SSHClient()
client1.set_missing_host_key_policy(paramiko.AutoAddPolicy())
client1.connect(host1, 22, username, password=password)
transport = client1.get_transport()
dest_addr = (host2, 22)
local_addr = ('127.0.0.1', 22)
channel = transport.open_channel("direct-tcpip", dest_addr, local_addr)
client2 = paramiko.SSHClient()
client2.set_missing_host_key_policy(paramiko.AutoAddPolicy())
client2.connect(host2, username, password=password, sock=channel)
but I get the following error:
Traceback (most recent call last):
File "/usr/local/lib/python3.7/site-packages/paramiko/transport.py", line 1528, in auth_password
return self.auth_interactive(username, handler)
File "/usr/local/lib/python3.7/site-packages/paramiko/transport.py", line 1633, in auth_interactive
return self.auth_handler.wait_for_response(my_event)
File "/usr/local/lib/python3.7/site-packages/paramiko/auth_handler.py", line 250, in wait_for_response
raise e
paramiko.ssh_exception.AuthenticationException: Authentication failed.
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File “./myscript”, line 50, in <module>
client2(host2, username, password=password, sock=channel)
File "/usr/local/lib/python3.7/site-packages/paramiko/client.py", line 446, in connect
passphrase,
File "/usr/local/lib/python3.7/site-packages/paramiko/client.py", line 764, in _auth
raise saved_exception
File "/usr/local/lib/python3.7/site-packages/paramiko/client.py", line 751, in _auth
self._transport.auth_password(username, password)
File "/usr/local/lib/python3.7/site-packages/paramiko/transport.py", line 1531, in auth_password
raise e
File "/usr/local/lib/python3.7/site-packages/paramiko/transport.py", line 1509, in auth_password
return self.auth_handler.wait_for_response(my_event)
File "/usr/local/lib/python3.7/site-packages/paramiko/auth_handler.py", line 250, in wait_for_response
raise e
paramiko.ssh_exception.BadAuthenticationType: Bad authentication type; allowed types: ['publickey', 'keyboard-interactive']
This whole thing works fine when both host1 and host2 use publickey authentication however in this specific example I need to use keyboard-interactive.
EDIT:
Fails to connect to host2, here is the paramiko log file contents:
INF [20200907-20:39:41.318] thr=1 paramiko.transport: Connected (version 2.0, client X)
INF [20200907-20:39:41.803] thr=1 paramiko.transport: Authentication (publickey) failed.
INF [20200907-20:39:41.960] thr=1 paramiko.transport: Authentication (publickey) failed.
INF [20200907-20:39:42.685] thr=1 paramiko.transport: Authentication (keyboard-interactive) successful!
INF [20200907-20:39:42.877] thr=2 paramiko.transport: Connected (version 2.0, client X)
INF [20200907-20:39:43.283] thr=2 paramiko.transport: Authentication (publickey) failed.
INF [20200907-20:39:43.444] thr=2 paramiko.transport: Authentication (publickey) failed.
INF [20200907-20:39:43.795] thr=2 paramiko.transport: Authentication (keyboard-interactive) failed.
Nevermind, turns out my second connect line was wrong:
client2.connect(host2, username, password=password, sock=channel)
I didn't specify what the second parameter was:
client2.connect(host2, username=username, password=password, sock=channel)
or
client2.connect(host2, 22, username, password=password, sock=channel)
both work as expected.