Native Tunnel

This module provides general purpose functionality for tunneling connections via an intermediary SSH proxy.

Clients connect to a provided local port and get traffic forwarded to/from the target host via an SSH proxy.

class pssh.clients.native.tunnel.LocalForwarder

Thread runner for a group of local port forwarding proxies.

Starts servers in their own gevent hub via thread run target.

Use enqueue to create new servers and get port to connect to via out_q once a target has been put into the input queue.

SSHClient is the client for the SSH host that will be proxying.

There can be as many LocalForwarder(s) as needed to scale.

Relationship of clients to forwarders to servers is:

One client -> One Forwarder -> Many Servers <-> Many proxy hosts -> one target host per proxy host

A Forwarder starts servers. Servers communicate with clients directly via Forwarder thread.

Multiple forwarder threads can be used to scale clients to more threads as number of clients increases causing contention in forwarder threads handling proxy connections.

cleanup_server(client)

Stop server for given proxy client and remove client from this forwarder.

enqueue(client, host, port)

Add target host:port to tunnel via client to queue.

Parameters:

• client (pssh.clients.native.single.SSHClient) – The client to connect via.

• host (str) – Target host to open connection to.

• port (int) – Target port to connect on.

run()

Thread runner ensures a non-main hub has been created for all subsequent greenlets and waits for (client, host, port) tuples to be put into self.in_q.

A server is created once something is in the queue and only then is the port to connect to put into self.out_q.

shutdown()

Stop all tunnel servers and shutdown LocalForwarder thread.

This function will join the current thread and wait for it to shutdown if needed.

class pssh.clients.native.tunnel.TunnelServer(client, host, port, bind_address='127.0.0.1', num_retries=3)

Local port forwarding server for tunneling connections from remote SSH server.

Accepts connections on an available bind_address port once started and tunnels data to/from remote SSH host for each connection.

TunnelServer.listen_port will return listening port for server on given host once TunnelServer.started is True.

property listen_port