1

I have to connect to a jumpserver to connect to a bunch of routers running only telnet. I'm new to SSH tunneling, but I've figured out that on the command line on my local machine, the following command forms the necessary tunnel: 

$ ssh -fNL 2300:remote_host:23 user@jumpServer

Then all I have to do is connect to port 2300 on the local machine for the traffic to be forwarded to port 23 on the router (which doesn't have SSH and only has telnet): 

> telnet localhost 2300

I have a few questions:

  1. Where does the actual tunnel form? As I said, the router has port 22 blocked, i.e., it isn't capable of running SSH. However, my local machine and the gateway/jumpserver can. So, if the tunnel's forming between my local machine and the jump server, what is the mode of transport between the jumpserver and the router?
  2. If I understand this right, there's a listener on my local machine on port 2300, that forwards all traffic to some port on the jump server via the SSH tunnel, that then forwards it to the router. Right?
  3. [Python Specific question] How do I get the sshtunnel module to do this programmatically? I tried the following: 
from sshtunnel import open_tunnel
from telnetlib import Telnet

js = '123.456.555.666'
js_usr = "user"
rem_host = '123.456.789.101'

with open_tunnel(
    ssh_address_or_host=(js, 22),
    ssh_username=js_usr,
    ssh_password="password",
    remote_bind_address=(rem_host, 23)
) as tunnel:
    with Telnet(js, tunnel.local_bind_port, 10) as tn:
        tn.interact()

However, this throws the following error:

Traceback (most recent call last): File "C:/Users/somsinha/PycharmProjects/SysTEst/sshTunnelTest.py", line 14, in with Telnet(js, tunnel.local_bind_port, 10) as tn:

File "C:\Users\somsinha\bin\WPy64-3741\python-3.7.4.amd64\lib\telnetlib.py", line 218, in init self.open(host, port, timeout)

File "C:\Users\somsinha\bin\WPy64-3741\python-3.7.4.amd64\lib\telnetlib.py", line 234, in open self.sock = socket.create_connection((host, port), timeout)

File "C:\Users\somsinha\bin\WPy64-3741\python-3.7.4.amd64\lib\socket.py", line 727, in create_connection raise err

File "C:\Users\somsinha\bin\WPy64-3741\python-3.7.4.amd64\lib\socket.py", line 716, in create_connection sock.connect(sa)

ConnectionRefusedError: [WinError 10061] No connection could be made because the target machine actively refused it

How to I make python ssh -fNL 2300:remote_host:23 user@jumpServer manually?

Somenath Sinha
  • 1,174
  • 3
  • 16
  • 35
  • For your questions 1 and 2, you are right. To do this in Python follow example 2 in https://pypi.org/project/sshtunnel/ with telnet lib (https://docs.python.org/3.8/library/telnetlib.html). – Karioki Nov 30 '19 at 07:32
  • @Karioki could you please modify the example with the IPs in my case? I'm a bit confused about which IP should be used where. – Somenath Sinha Nov 30 '19 at 07:53

1 Answers1

1

Everything is right with your code except use should use "localhost" with telnet:

from sshtunnel import open_tunnel
from telnetlib import Telnet

js = '123.456.555.666'
js_usr = "user"
rem_host = '123.456.789.101'

with open_tunnel(
    ssh_address_or_host=(js, 22),
    ssh_username=js_usr,
    ssh_password="password",
    remote_bind_address=(rem_host, 23)
) as tunnel:
   # Use localhost as host
    with Telnet('localhost', tunnel.local_bind_port, 10) as tn:
        tn.interact()

The reason is the port is forwarded to the localhost and it must be accessed from it.

Karioki
  • 646
  • 6
  • 18