Python 3 and SSH Tunnel

[D. Xenakis]

HOWTO anyone?

What im trying to succeed here is create one SSH tunnel, so that i can connect from a python script running on my pc, to a remote MySQL database running on my Host and id like to stick with Python 3.3 .

I contacted my host and he informed me that this is the only way.

I tried pycrypto + paramiko but from what i have noticed, paramiko is not Python 3.3 ready.
Any thoughts?

 

[Skip Montanaro]

HOWTO anyone?

What im trying to succeed here is create one SSH tunnel, so that i can connect from a python script running on my pc, to a remote MySQL database running on my Host and id like to stick with Python 3.3 .

http://lmgtfy.com/?q=python3+ssh+tunnel

First hit:

http://zeromq.github.io/pyzmq/ssh.html

which says, in part: "pexpect has no Python3 support at this time, so
Python 3 users should get Thomas Kluyver’s pexpect-u fork."

Also, search PyPI for "tunnel". There might well be something useful there..

Skip

 

[Chris Angelico]

HOWTO anyone?

What im trying to succeed here is create one SSH tunnel, so that i can connect from a python script running on my pc, to a remote MySQL database running on my Host and id like to stick with Python 3.3 .

I contacted my host and he informed me that this is the only way.

I tried pycrypto + paramiko but from what i have noticed, paramiko is not Python 3.3 ready.

I'm not sure what exactly is going on here, but why not simply
establish a tunnel using ssh(1) and then invoke your Python script
separately? You simply point your script at a database on localhost,
after establishing a tunnel from local 3306 to remote localhost:3306.
No need to play with Python crypto.

Alternatively, can you use PostgreSQL instead?

ChrisA

 

[D. Xenakis]

I'm not sure what exactly is going on here, but why not simply

establish a tunnel using ssh(1) and then invoke your Python script

separately? You simply point your script at a database on localhost,

after establishing a tunnel from local 3306 to remote localhost:3306.

No need to play with Python crypto.



Alternatively, can you use PostgreSQL instead?



ChrisA

Yes you are right.
I've played with putty to achieve this but to be honest i'd like something more efficient. Opening putty everytime and making all the connection settings etc, and then running the programm, is kinda messy. Id like this to be done in an automatic way from the program so that things roll easy.
I thought maybe i should find a way how to call and run a batch file from inside my python program or a powershell command, but i do not know even if that could work for the ssh tunneling.

any ideas?

 

[D. Xenakis]

Alternatively, can you use PostgreSQL instead?

Yes there is such an option to be honest.
Would that be helpfull instead of MySQL?

 

[Chris Angelico]

I've played with putty to achieve this but to be honest i'd like something more efficient. Opening putty everytime and making all the connection settings etc, and then running the programm, is kinda messy. Id like this to be done in an automatic way from the program so that things roll easy.
I thought maybe i should find a way how to call and run a batch file frominside my python program or a powershell command, but i do not know even if that could work for the ssh tunneling.

You should at very least be able to save PuTTY's settings under some
name. Once you've done that, check PuTTY's docs for a way to invoke it
with particular saved settings. I'm pretty sure there's a way to do
that. The program can then invoke that as a background process, then
go on to do whatever you need.

Be aware, though, that you'll need to set up passwordless access (with
a keypair) if you're to fully automate the process. But you may have
already done that.

ChrisA

 

[Chris Angelico]

Yes there is such an option to be honest.
Would that be helpfull instead of MySQL?

It would, mainly because it's simply a better database engine.
Everything to do with tunneling is going to be the same, save that you
use port 5432 instead of 3306. But check if you can configure remote
access directly on PostgreSQL.

ChrisA

 

[Bernd Waterkamp]

I've played with putty to achieve this but to be honest i'd like
something more efficient. Opening putty everytime and making all the
connection settings etc, and then running the programm, is kinda messy.
Id like this to be done in an automatic way from the program so that
things roll easy. I thought maybe i should find a way how to call and
run a batch file from inside my python program or a powershell command,
but i do not know even if that could work for the ssh tunneling.

any ideas?

Both popular frameworks for python SSH - twisted and paramiko - are still
being ported to python3. If you need to run your code on Windows, take a
look at plink, a command line tool for PuTTY:

http://the.earth.li/~sgtatham/putty/0.60/htmldoc/Chapter7.html#plink

You can wrap plink and your python script in a batch-file or call plink
from inside your script using subprocess.

 

[D. Xenakis]

What about the security though?

To be specific, i need to create an application (python 3.3 strictly) whereusers will save/load their settings online to a remote hosted database. I do not wish to change the database from listening to any other thing than localhost for security reasons, so i assume the best solution for me would be to make the program create some ssh tunnels before the saving/loading happens.

But would this policy make my database (or the rest of the databases that im running on that machine) unsecure? Is there any workaround this?

How would you do that online saving/loading?

 

[Veritatem Ignotam]

I think I missed an earlier thread of this and I'm not quite sure what
your application is, but properly allocating user permissions on your
databases should eliminate any security concerns there. Also, for the
tunnel, whether you're using one account or multiple (one for each
user), those accounts should be properly secured as well.

Ignotus

 

[Dennis Lee Bieber]

What about the security though?

To be specific, i need to create an application (python 3.3 strictly) where users will save/load their settings online to a remote hosted database. I do not wish to change the database from listening to any other thing than localhost for security reasons, so i assume the best solution for me would be to make the program create some ssh tunnels before the saving/loading happens.

But would this policy make my database (or the rest of the databases that im running on that machine) unsecure? Is there any workaround this?

How would you do that online saving/loading?

You run a "server" on the database machine which accepts the save/load
connections from the remote users -- it then accesses the (now) local
database for the settings information.

How you secure the "server" becomes part of your protocol... HTTPS with
a login/password scheme? (I'm presuming the users won't be seeing a web
page, so cookies might be a non-starter for the session; instead you'd need
the user login/password for all traffic). Your "server" then becomes
responsible for handling all validation, and the database is still just
localhost to the server.