小弟是學習python半年的菜鳥，想請教ptt各位先進，如何利用python 建立ssh連線，經由跳板機到遠端的設備下指令呢?
路徑: my pc -> jump host -> target machine
有參考網路上的寫法
import paramiko
import sys
import subprocess
vm=paramiko.SSHClient()
vm.set_missing_host_key_policy(paramiko.AutoAddPolicy())
vm.connect('jump_host_ip', username='jump_host_username', password='jump_host_password')
#
vmtransport = vm.get_transport()
dest_addr = ('target_machine_ip', 22)
local_addr = ('my_pc_ip', 22)
vmchannel = vmtransport.open_channel("direct-tcpip", dest_addr, local_addr)
#
jhost=paramiko.SSHClient()
jhost.set_missing_host_key_policy(paramiko.AutoAddPolicy())
jhost.connect('target_machine_ip',username='target_machine_username',password='target_machine_password', sock=vmchannel)
#
stdin, stdout, stderr = jhost.exec_command("sh clock")
#
data = stdout.read()
print(data.decode("utf-8"))
#
jhost.close()
vm.close()
# End
但會出現錯誤
Secsh channel 0 open FAILED: User does not have permission: Administratively prohibited
Traceback (most recent call last):
File "C:\Users\omc\Desktop\try_jump_host.py", line 16, in <module>
vmchannel = vmtransport.open_channel("direct-tcpip", dest_addr, local_addr)
File”C:\Users\omc\AppData\Local\Programs\Python\Python36-32\lib\site-packages\paramiko-2.4.1-py3.6.egg\paramiko\transport.py", line 902, in open_channel
raise e
paramiko.ssh_exception.ChannelException: (1, 'Administratively prohibited')
請問這樣是程式碼有問題，還是說目前的網路環境不允許這樣連線呢? 懇請各位先進指點一二

因為你搞錯目標了("direct-tcpip",(jump_host_ip,22),('127.0.0.1',22))你的 vm channel 是建立在 my pc -> jump host而不是你上面寫的直接建在　jump_host -> target_mechine就我所知你要做第二種操作 jump_host 的 sshd config要開AllowTcpForwarding yes好像是叫做 reverse proxy忽略我上面所說，你把 jhost.commect 的 target_machine_換成 local_addr 就可以了剛試了一下，你有權限看到跳板的 /etc/ssh/sshd_config拉到最下面 是否有　Match User jump_host_usernameAllowTcpForwarding yes應該是要打開這個設定才能做ＴＣＰ forwording