[Update] Using gateway

7a3ef527 · ibuler · c0a47c33 · 7a3ef527 · 7a3ef527
Commit 7a3ef527 authored Mar 25, 2018 by ibuler
Hide whitespace changes
Inline Side-by-side

Showing with 36 additions and 6 deletions

interface.py coco/interface.py +1 -1

proxy.py coco/proxy.py +35 -5

No files found.
--- a/coco/interface.py
+++ b/coco/interface.py
@@ -114,7 +114,7 @@ class SSHInterface(paramiko.ServerInterface):
    def check_channel_forward_agent_request(self, channel):
        logger.debug("Check channel forward agent request: %s" % channel)
        self.request.type = "forward-agent"
-        self.request.meta = {'channel': channel}
+        self.request.meta['channel'] = channel.get_id()
        self.event.set()
        return False

--- a/coco/proxy.py
+++ b/coco/proxy.py
@@ -6,6 +6,8 @@ import socket
 import threading
 import time
 import weakref
+import os
 import paramiko
 from paramiko.ssh_exception import SSHException
@@ -16,7 +18,7 @@ from .utils import wrap_with_line_feed as wr, wrap_with_warning as warning, \
 logger = get_logger(__file__)
-TIMEOUT = 8
+TIMEOUT = 10
 BUF_SIZE = 4096
@@ -84,17 +86,45 @@ class ProxyServer:
    def get_telnet_server_conn(self, asset, system_user):
        pass
+    def make_proxy_command(self, asset):
+        gateway = asset.domain.random_gateway()
+        proxy_command = [
+            "ssh", "-p", str(gateway.port),
+            "{}@{}".format(gateway.username, gateway.ip),
+            "-W", "{}:{}".format(asset.ip, asset.port), "-q",
+        ]
+        if gateway.password:
+            proxy_command.insert(0, "sshpass -p {}".format(gateway.password))
+        if gateway.private_key:
+            gateway.set_key_dir(os.path.join(self.app.root_path, 'keys'))
+            proxy_command.append("-i {}".format(gateway.private_key_file))
+        proxy_command = ' '.join(proxy_command)
+        return proxy_command
    def get_ssh_server_conn(self, asset, system_user):
        ssh = paramiko.SSHClient()
        ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())
+        sock = None
+        if asset.domain:
+            asset.domain = self.app.service.get_domain_detail_with_gateway(asset.domain)
+            try:
+                proxy_command = self.make_proxy_command(asset)
+                sock = paramiko.ProxyCommand(proxy_command)
+            except (paramiko.AuthenticationException,
+                    paramiko.BadAuthenticationType, SSHException,
+                    TimeoutError) as e:
+                logger.error(e)
        try:
            ssh.connect(
                asset.ip, port=asset.port, username=system_user.username,
                password=system_user.password, pkey=system_user.private_key,
-                timeout=TIMEOUT, compress=True, auth_timeout=10,
+                timeout=TIMEOUT, compress=True, auth_timeout=TIMEOUT,
-                look_for_keys=False
+                look_for_keys=False, sock=sock
            )
-        except (paramiko.AuthenticationException, paramiko.BadAuthenticationType, SSHException, TimeoutError):
+        except (paramiko.AuthenticationException, paramiko.BadAuthenticationType, SSHException):
            admins = self.app.config['ADMINS'] or 'administrator'
            self.client.send(warning(wr(
                "Authenticate with server failed, contact {}".format(admins),
@@ -112,7 +142,7 @@ class ProxyServer:
                password_short, key_fingerprint,
            ))
            return None
-        except socket.error as e:
+        except (socket.error, TimeoutError) as e:
            self.client.send(wr(" {}".format(e)))
            return None
        finally: