Search code examples
pythonsshparamiko

Paramiko equivalent of OpenSSH ssh -J switch

I am trying to translate this ssh this command to Python using the paramiko library.

sshpass -p SomePassword ssh -J specificSshHost admin@11.0.0.0 \ 
    -oHostKeyAlgorithms=+ssh-rsa \ 
    -oKexAlgorithms=+diffie-hellman-group1-sha1 \ 
    -o "StrictHostKeyChecking no"

Where specificSshHost points to this file in .ssh/config as follows

Host specificSshHost
  User admin
  IdentityFile ~/.ssh/mySpecificRsaKey

What I have so far

import paramiko
import os
client = paramiko.SSHClient()
client.load_host_keys("/home/name/.ssh/mySpecificRsaKey")
user = 'admin'
pswd = 'SomePassword'
ssh_keypath = ".ssh/mySpecificSshHost"
REMOTE_SERVER_IP = "11.0.0.0"
client.set_missing_host_key_policy(paramiko.AutoAddPolicy())
client.connect(hostname=str(REMOTE_SERVER_IP), username=user,
               key_filename=ssh_keypath)

This is what I find in the paramiko log file

INFO:paramiko.hostkeys:Not enough fields found in known_hosts in line 26 ('xPuIyxnS2aQoUvDVyCtJEJ47P6nH8su/bDGj6hrS1GBOFYLrCu4LBQ==')
INFO:paramiko.hostkeys:Unable to handle key of type RSA

I have read that paramiko supports the rsa and also those algorithms, so I do not understand why the connect command is just hanging there. The error trace triggered by a keyboardInterrupt is

  File "/tmp/ipykernel_202149/1488139442.py", line 36, in <module>
    client.connect(hostname=str(REMOTE_SERVER_IP), username =str(user),

  File "/home/david/miniconda3/lib/python3.9/site-packages/paramiko/client.py", line 358, in connect
    retry_on_signal(lambda: sock.connect(addr))

  File "/home/david/miniconda3/lib/python3.9/site-packages/paramiko/util.py", line 279, in retry_on_signal
    return function()

  File "/home/david/miniconda3/lib/python3.9/site-packages/paramiko/client.py", line 358, in <lambda>
    retry_on_signal(lambda: sock.connect(addr))
Solution

  • The -J switch of OpenSSH ssh is for jump host. It has nothing to do with any key.

    For implementing a jump host in Paramiko, see:
    Nested SSH using Python Paramiko

    Obligatory warning: Do not use AutoAddPolicy this way – You are losing a protection against MITM attacks by doing so. For a correct solution, see Paramiko "Unknown Server".