Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix SSL through SSH jump #1179

Merged
merged 1 commit into from
Nov 23, 2024
Merged

fix SSL through SSH jump #1179

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
15 changes: 15 additions & 0 deletions changelog.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,3 +1,18 @@
Upcoming Release (TBD)
======================

Bug Fixes:
----------

* fix SSL through SSH jump host by using a true python socket for a tunnel

Internal:
---------

Features:
---------


1.28.0 (2024/11/10)
======================

Expand Down
1 change: 1 addition & 0 deletions mycli/AUTHORS
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -98,6 +98,7 @@ Contributors:
* Houston Wong
* Mohamed Rezk
* Ryosuke Kazami
* Cornel Cruceru


Created by:
Expand Down
4 changes: 2 additions & 2 deletions mycli/packages/paramiko_stub/__init__.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,9 +13,9 @@ def __getattr__(self, name):
import sys
from textwrap import dedent
print(dedent("""
To enable certain SSH features you need to install paramiko:
To enable certain SSH features you need to install paramiko and sshtunnel:

pip install paramiko
pip install paramiko sshtunnel

It is required for the following configuration options:
--list-ssh-config
Expand Down
32 changes: 19 additions & 13 deletions mycli/sqlexecute.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,7 @@
decoders)
try:
import paramiko
import sshtunnel
except ImportError:
from mycli.packages.paramiko_stub import paramiko

Expand Down Expand Up @@ -189,19 +190,24 @@ def connect(self, database=None, user=None, password=None, host=None,
)

if ssh_host:
client = paramiko.SSHClient()
client.load_system_host_keys()
client.set_missing_host_key_policy(paramiko.WarningPolicy())
client.connect(
ssh_host, ssh_port, ssh_user, ssh_password,
key_filename=ssh_key_filename
)
chan = client.get_transport().open_channel(
'direct-tcpip',
(host, port),
('0.0.0.0', 0),
)
conn.connect(chan)
##### paramiko.Channel is a bad socket implementation overall if you want SSL through an SSH tunnel
#####
# instead let's open a tunnel and rewrite host:port to local bind
try:
chan = sshtunnel.SSHTunnelForwarder(
(ssh_host, ssh_port),
ssh_username=ssh_user,
ssh_pkey=ssh_key_filename,
ssh_password=ssh_password,
remote_bind_address=(host, port)
)
chan.start()

conn.host=chan.local_bind_host
conn.port=chan.local_bind_port
conn.connect()
except Exception as e:
raise e

if hasattr(self, 'conn'):
self.conn.close()
Expand Down
1 change: 1 addition & 0 deletions requirements-dev.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,7 @@ colorama>=0.4.1
git+https://github.com/hayd/pep8radius.git # --error-status option not released
click>=7.0
paramiko==2.11.0
sshtunnel==0.4.0
pyperclip>=1.8.1
importlib_resources>=5.0.0
pyaes>=1.6.1
Expand Down