Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > comp.lang.python > #52222 > unrolled thread

Python 3 and SSH Tunnel

Back to article view | Back to comp.lang.python

Contents

  Python 3 and SSH Tunnel "D. Xenakis" <gouzounakis@hotmail.com> - 2013-08-08 12:30 -0700
    Re: Python 3 and SSH Tunnel Skip Montanaro <skip@pobox.com> - 2013-08-08 15:03 -0500
    Re: Python 3 and SSH Tunnel Chris Angelico <rosuav@gmail.com> - 2013-08-08 23:54 +0100
      Re: Python 3 and SSH Tunnel "D. Xenakis" <gouzounakis@hotmail.com> - 2013-08-08 17:46 -0700
        Re: Python 3 and SSH Tunnel Chris Angelico <rosuav@gmail.com> - 2013-08-09 01:56 +0100
        Re: Python 3 and SSH Tunnel Bernd Waterkamp <Bernd-Waterkamp@web.de> - 2013-08-09 18:40 +0200
      Re: Python 3 and SSH Tunnel "D. Xenakis" <gouzounakis@hotmail.com> - 2013-08-08 17:50 -0700
        Re: Python 3 and SSH Tunnel Chris Angelico <rosuav@gmail.com> - 2013-08-09 01:57 +0100
    Re: Python 3 and SSH Tunnel "D. Xenakis" <gouzounakis@hotmail.com> - 2013-08-10 03:39 -0700
      Re: Python 3 and SSH Tunnel Veritatem Ignotam <veritatem.ignotam@gmail.com> - 2013-08-10 14:29 -0400
      Re: Python 3 and SSH Tunnel Dennis Lee Bieber <wlfraed@ix.netcom.com> - 2013-08-10 16:16 -0400

#52222 — Python 3 and SSH Tunnel

HOWTO anyone?

What im trying to succeed here is create one SSH tunnel, so that i can connect from a python script running on my pc, to a remote MySQL database running on my Host and id like to stick with Python 3.3 .

I contacted my host and he informed me that this is the only way.

I tried pycrypto + paramiko but from what i have noticed, paramiko is not Python 3.3 ready.
Any thoughts?

[toc] | [next] | [standalone]

#52226

On Thu, Aug 8, 2013 at 2:30 PM, D. Xenakis <gouzounakis@hotmail.com> wrote:
> HOWTO anyone?
>
> What im trying to succeed here is create one SSH tunnel, so that i can connect from a python script running on my pc, to a remote MySQL database running on my Host and id like to stick with Python 3.3 .

http://lmgtfy.com/?q=python3+ssh+tunnel

First hit:

http://zeromq.github.io/pyzmq/ssh.html

which says, in part: "pexpect has no Python3 support at this time, so
Python 3 users should get Thomas Kluyver’s pexpect-u fork."

Also, search PyPI for "tunnel".  There might well be something useful there.

Skip

[toc] | [prev] | [next] | [standalone]

#52233

On Thu, Aug 8, 2013 at 8:30 PM, D. Xenakis <gouzounakis@hotmail.com> wrote:
> HOWTO anyone?
>
> What im trying to succeed here is create one SSH tunnel, so that i can connect from a python script running on my pc, to a remote MySQL database running on my Host and id like to stick with Python 3.3 .
>
> I contacted my host and he informed me that this is the only way.
>
> I tried pycrypto + paramiko but from what i have noticed, paramiko is not Python 3.3 ready.

I'm not sure what exactly is going on here, but why not simply
establish a tunnel using ssh(1) and then invoke your Python script
separately? You simply point your script at a database on localhost,
after establishing a tunnel from local 3306 to remote localhost:3306.
No need to play with Python crypto.

Alternatively, can you use PostgreSQL instead? :)

ChrisA

[toc] | [prev] | [next] | [standalone]

#52236

> > HOWTO anyone?
> 
> >
> 
> > What im trying to succeed here is create one SSH tunnel, so that i can connect from a python script running on my pc, to a remote MySQL database running on my Host and id like to stick with Python 3.3 .
> 
> >
> 
> > I contacted my host and he informed me that this is the only way.
> 
> >
> 
> > I tried pycrypto + paramiko but from what i have noticed, paramiko is not Python 3.3 ready.
> 
> 
> 
> I'm not sure what exactly is going on here, but why not simply
> 
> establish a tunnel using ssh(1) and then invoke your Python script
> 
> separately? You simply point your script at a database on localhost,
> 
> after establishing a tunnel from local 3306 to remote localhost:3306.
> 
> No need to play with Python crypto.
> 
> 
> 
> Alternatively, can you use PostgreSQL instead? :)
> 
> 
> 
> ChrisA

Yes you are right.
I've played with putty to achieve this but to be honest i'd like something more efficient. Opening putty everytime and making all the connection settings etc, and then running the programm, is kinda messy. Id like this to be done in an automatic way from the program so that things roll easy.
I thought maybe i should find a way how to call and run a batch file from inside my python program or a powershell command, but i do not know even if that could work for the ssh tunneling.

any ideas?

[toc] | [prev] | [next] | [standalone]

#52238

On Fri, Aug 9, 2013 at 1:46 AM, D. Xenakis <gouzounakis@hotmail.com> wrote:
> I've played with putty to achieve this but to be honest i'd like something more efficient. Opening putty everytime and making all the connection settings etc, and then running the programm, is kinda messy. Id like this to be done in an automatic way from the program so that things roll easy.
> I thought maybe i should find a way how to call and run a batch file from inside my python program or a powershell command, but i do not know even if that could work for the ssh tunneling.

You should at very least be able to save PuTTY's settings under some
name. Once you've done that, check PuTTY's docs for a way to invoke it
with particular saved settings. I'm pretty sure there's a way to do
that. The program can then invoke that as a background process, then
go on to do whatever you need.

Be aware, though, that you'll need to set up passwordless access (with
a keypair) if you're to fully automate the process. But you may have
already done that.

ChrisA

[toc] | [prev] | [next] | [standalone]

#52266

D. Xenakis schrieb:

> I've played with putty to achieve this but to be honest i'd like
> something more efficient. Opening putty everytime and making all the
> connection settings etc, and then running the programm, is kinda messy.
> Id like this to be done in an automatic way from the program so that
> things roll easy. I thought maybe i should find a way how to call and
> run a batch file from inside my python program or a powershell command,
> but i do not know even if that could work for the ssh tunneling. 
> 
> any ideas?

Both popular frameworks for python SSH  - twisted and paramiko - are still
being ported to python3. If you need to run your code on Windows, take a
look at plink, a command line tool for PuTTY:

http://the.earth.li/~sgtatham/putty/0.60/htmldoc/Chapter7.html#plink

You can wrap plink and your python script in a batch-file or call plink
from inside your script using subprocess. 

[toc] | [prev] | [next] | [standalone]

#52237

> Alternatively, can you use PostgreSQL instead? :)

Yes there is such an option to be honest.
Would that be helpfull instead of MySQL?

[toc] | [prev] | [next] | [standalone]

#52239

On Fri, Aug 9, 2013 at 1:50 AM, D. Xenakis <gouzounakis@hotmail.com> wrote:
>> Alternatively, can you use PostgreSQL instead? :)
>
> Yes there is such an option to be honest.
> Would that be helpfull instead of MySQL?

It would, mainly because it's simply a better database engine.
Everything to do with tunneling is going to be the same, save that you
use port 5432 instead of 3306. But check if you can configure remote
access directly on PostgreSQL.

ChrisA

[toc] | [prev] | [next] | [standalone]

#52299

What about the security though? 

To be specific, i need to create an application (python 3.3 strictly) where users will save/load their settings online to a remote hosted database. I do not wish to change the database from listening to any other thing than localhost for security reasons, so i assume the best solution for me would be to make the program create some ssh tunnels before the saving/loading happens.

But would this policy make my database (or the rest of the databases that im running on that machine) unsecure? Is there any workaround this?

How would you do that online saving/loading?

[toc] | [prev] | [next] | [standalone]

#52316

I think I missed an earlier thread of this and I'm not quite sure what 
your application is, but properly allocating user permissions on your 
databases should eliminate any security concerns there. Also, for the 
tunnel, whether you're using one account or multiple (one for each 
user), those accounts should be properly secured as well.

Ignotus

On 08/10/2013 06:39 AM, D. Xenakis wrote:
> What about the security though?
>
> To be specific, i need to create an application (python 3.3 strictly) where users will save/load their settings online to a remote hosted database. I do not wish to change the database from listening to any other thing than localhost for security reasons, so i assume the best solution for me would be to make the program create some ssh tunnels before the saving/loading happens.
>
> But would this policy make my database (or the rest of the databases that im running on that machine) unsecure? Is there any workaround this?
>
> How would you do that online saving/loading?

[toc] | [prev] | [next] | [standalone]

#52322

On Sat, 10 Aug 2013 03:39:49 -0700 (PDT), "D. Xenakis"
<gouzounakis@hotmail.com> declaimed the following:

>What about the security though? 
>
>To be specific, i need to create an application (python 3.3 strictly) where users will save/load their settings online to a remote hosted database. I do not wish to change the database from listening to any other thing than localhost for security reasons, so i assume the best solution for me would be to make the program create some ssh tunnels before the saving/loading happens.
>
>But would this policy make my database (or the rest of the databases that im running on that machine) unsecure? Is there any workaround this?
>
>How would you do that online saving/loading?

	You run a "server" on the database machine which accepts the save/load
connections from the remote users -- it then accesses the (now) local
database for the settings information.

	How you secure the "server" becomes part of your protocol... HTTPS with
a login/password scheme? (I'm presuming the users won't be seeing a web
page, so cookies might be a non-starter for the session; instead you'd need
the user login/password for all traffic). Your "server" then becomes
responsible for handling all validation, and the database is still just
localhost to the server.
-- 
	Wulfraed                 Dennis Lee Bieber         AF6VN
    wlfraed@ix.netcom.com    HTTP://wlfraed.home.netcom.com/

[toc] | [prev] | [standalone]

Back to top | Article view | comp.lang.python

csiph-web