Python ssh using Tor proxy

Question

I would like to be able to send data through Tor when I use ssh from Python scripts. Tor works as expected when I use an OpenSSH client to manually ssh to the host. This is my ssh config file. I use connect-proxy with ProxyCommand to route the connections through Tor (again, this works fine via a standard OpenSSH client):

host host
user user
hostname host.domain.com
CheckHostIP no
Compression yes
Protocol 2
ProxyCommand connect-proxy -S localhost:9050 %h %p

I have this Python test script:

import paraproxy
import paramiko

conf = paramiko.SSHConfig()
conf.parse(open('/home/user/.ssh/config'))
host = conf.lookup('host')
print host

client = paramiko.SSHClient()
client.set_missing_host_key_policy(paramiko.AutoAddPolicy())
client.connect(host["hostname"], username=host["user"], password='test')
client.close()

This script does ssh to the host, however, it does not use the ProxyCommand in the ssh config file, thus it does not route traffic through Tor. I've tried a few different configurations, but I cannot make it work. Any ideas on how to make this work?

Answer 1

You need to create ProxyCommand (a socket-like object) and pass it to client.connect()

import paramiko

conf = paramiko.SSHConfig()
conf.parse(open('/home/user/.ssh/config'))
host = conf.lookup('host')
print host

proxy = paramiko.ProxyCommand(host['proxycommand'])

client = paramiko.SSHClient()
client.set_missing_host_key_policy(paramiko.AutoAddPolicy())
client.connect(host["hostname"], username=host["user"], password='test', sock=proxy)
client.close()

Docs for connect() method. Note timeout parameter. It's always a good idea to specify it if you are doing some automation.