Execute restricted remote script on ssh connect with local arguments via python paramiko

Question

Well, I have a restricted command association on the remote site authorized_keys file as follows:

command="python /usr/share/my_script.py" ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDDxiK......

and this script should take parameters.

On the local site I am trying to fire up the remote script whith my local parameters using paramiko:

import sys, paramiko

host = '192.168.1.10'
port = 22
restricted_key = '/root/.ssh/restricted_key'

client.set_missing_host_key_policy(paramiko.AutoAddPolicy())
client.connect(host, port=port, username=user, key_filename=restricted_key)

arg1, arg2, arg3 = ('python', 'is', 'cool')
command = 'python /usr/share/my_script.py %s %s %s' % (arg1, arg2, arg3)
stdin, stdout, stderr = client.exec_command(command)

if not stderr.readlines():
    return stdout.readlines()
else:
    raise IOError

Here is the remote script python /usr/share/my_script.py:

if __name__ == "__main__":
try:
    arg1, arg2, arg3 = (sys.argv[1], sys.argv[2], sys.argv[3])
    open('/tmp/just_a_test', 'a+').write('%s %s %s' % (arg1, arg2, arg3))
except Exception, e:
    print 'ERROR : %s' % str(e)

The script exits with no error, but it seems not to fire up the remote execution. I'd like to be able to do this in a 100% python way, as such as it could be possible.

score 1 · Accepted Answer · answered Feb 20 '13 at 22:40

Adding the environnement variable $SSH_ORIGINAL_COMMAND in the authorized_keys command does it.

command="python /usr/share/my_script.py $SSH_ORIGINAL_COMMAND" ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDDxiK......

Then in my paramiko execute I just have put the arguments to send to the remote command as follows:

command = '%s %s %s' % (arg1, arg2, arg3)
stdin, stdout, stderr = client.exec_command(command)

Execute restricted remote script on ssh connect with local arguments via python paramiko

1 Answers1