Chapter 16 ■ telnet and SSh
314
Again, consult the excellent paramiko documentation at the URL just mentioned to see the simple but complete
set of file operations that SFTP supports.
Other Features
I have just covered, in the past few sections, all of the SSH operations that are supported by methods on the
basic SSHClient object. The more obscure features with which you might be familiar, like remote X11 sessions and
port forwarding, require that you go one level deeper in the paramiko interface and talk directly to the client’s
“transport” object.
The transport is the class that actually knows the low-level operations that get combined to power an SSH
connection. You can ask a client for its transport easily.
transport = client.get_transport()
Though I lack the room to cover additional SSH features here, the understanding of SSH that you have gained
0in this chapter should help you understand them given the paramiko documentation combined with example
code—whether from the demos directory of the paramiko project itself or from blogs, Stack Overflow, or other
materials about paramiko that you might find online.
One feature I should mention explicitly is port forwarding, where SSH opens a port on either the local or remote
host—at least making the port available to connections from localhost and possibly also accepting connections from
other machines on the Internet—and “forwards” these connections across the SSH channel where it connects to some
other host and port on the remote end, passing data back and forth.
Port forwarding can be useful. For example, I sometimes find myself developing a web application that I cannot
run easily on my laptop because it needs access to a database and other resources that are available only on a server
farm. But I might not want the hassle of running the application on a public port, where I might have to adjust firewall
rules to open it, and then getting HTTPS running so that third parties cannot see my work-in-progress.
An easy solution is to run the under-development web application on the remote development machine the way
I would locally—listening on localhost:8080 so that it cannot be contacted from another computer—and then tell SSH
that I want connections to my local port 8080, made on my laptop, to be forwarded out so that they really connect to
port 8080 on that local machine.
$ ssh -L 8080:localhost:8080 devel.example.com
If you need to create port forwards when running an SSH connection with paramiko, then I have bad news
and good news. The bad news is that the top-level SSHClient does not, alas, provide an easy way to create a forward
because it supports more common operations such as shell sessions. Instead, you will have to create the forward by
talking directly to the “transport” object and then writing loops that copy data in both directions over the forward
yourself.
But the good news is that paramiko comes with example scripts showing exactly how to write port-forwarding
loops. These two scripts, from the main paramiko trunk, should get you started:
http://github.com/paramiko/paramiko/blob/master/demos/forward.py
http://github.com/paramiko/paramiko/blob/master/demos/rforward.py
Of course, since the port-forward data is passed back and forth across channels inside the SSH connection, you
do not have to worry if they are raw, unprotected HTTP or other traffic that is normally visible to third parties; since
they are now embedded inside SSH, they are protected by its own encryption from being intercepted.