{"id":19261468,"url":"https://github.com/wangyihang/dbappsecurity-unified-security-management-python-connector","last_synced_at":"2026-06-19T11:01:23.455Z","repository":{"id":113353536,"uuid":"607530582","full_name":"WangYihang/DBAPPSecurity-Unified-Security-Management-Python-Connector","owner":"WangYihang","description":"Python Connector for DBAPPSecurity Unified Security Management | 明御®运维审计与风险控制系统（堡垒机）","archived":false,"fork":false,"pushed_at":"2023-03-20T06:09:40.000Z","size":49,"stargazers_count":1,"open_issues_count":0,"forks_count":2,"subscribers_count":2,"default_branch":"main","last_synced_at":"2025-02-23T18:35:17.243Z","etag":null,"topics":["devops","devsecops","jumpserver","paramiko","ssh"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/WangYihang.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null}},"created_at":"2023-02-28T06:39:56.000Z","updated_at":"2023-04-17T15:44:13.000Z","dependencies_parsed_at":null,"dependency_job_id":"417323bb-f289-45c9-8c76-20c93bea6abe","html_url":"https://github.com/WangYihang/DBAPPSecurity-Unified-Security-Management-Python-Connector","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/WangYihang/DBAPPSecurity-Unified-Security-Management-Python-Connector","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/WangYihang%2FDBAPPSecurity-Unified-Security-Management-Python-Connector","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/WangYihang%2FDBAPPSecurity-Unified-Security-Management-Python-Connector/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/WangYihang%2FDBAPPSecurity-Unified-Security-Management-Python-Connector/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/WangYihang%2FDBAPPSecurity-Unified-Security-Management-Python-Connector/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/WangYihang","download_url":"https://codeload.github.com/WangYihang/DBAPPSecurity-Unified-Security-Management-Python-Connector/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/WangYihang%2FDBAPPSecurity-Unified-Security-Management-Python-Connector/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":34528144,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-06-19T02:00:06.005Z","response_time":61,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["devops","devsecops","jumpserver","paramiko","ssh"],"created_at":"2024-11-09T19:27:06.502Z","updated_at":"2026-06-19T11:01:23.438Z","avatar_url":"https://github.com/WangYihang.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# 使用 Python 对明御堡垒机后的服务器进行自动化运维\n\n明御®运维审计与风险控制系统（堡垒机）[1] 是由安恒信息出品的堡垒机产品，其支持通过 Web 界面与 SSH 对主机进行运维 [2]。\n\n其 Web 界面提供了批量运维的功能，用户可以通过申请 “API 访问键” 实现自动化运维；\n\n而在其 SSH 方式中，运维者首先需要通过 SSH 协议登陆到统一的堡垒机，登陆后将会得到一个交互式终端，该终端无法执行系统命令，仅有选择服务器等基础功能。运维者需要通过方向键选择要运维的服务器，敲回车后，将会由该堡垒机连接内网的服务器，界面将会变为内网服务器的终端，此时将与直连内网服务器进行操作没有区别。\n\n本项目通过使用 Paramiko 库将上述 SSH 方式的认证过程进行了自动化。通过使用本项目，你可以使用 Python 对明御堡垒机后的服务器进行自动化运维（批量执行 Shell 命令、批量获取交互式终端等），可以方便地与其他系统进行集成。\n\n注意：堡垒机有能力“录制”你与堡垒机的完整交互过程，用于后续的安全审计。\n\n## 环境搭建\n\n```bash\n# 安装 Python, pip, Poetry\nsudo apt install python3 python3-pip\npython3 -m pip install --upgrade pip\npython3 -m pip config set global.index-url https://pypi.tuna.tsinghua.edu.cn/simple\npython3 -m pip install poetry\n\n# 下载代码\ngit clone https://github.com/WangYihang/DBAPPSecurity-Unified-Security-Management-Python-Connector\ncd DBAPPSecurity-Unified-Security-Management-Python-Connector\npoetry install\n```\n\n## 运行\n\n1. 将 `example.secrets.toml` 复制为 `.secrets.toml`；\n2. 编辑 `.secrets.toml`，填入对应的认证信息；\n    1. `DBAPP_SECURITY_USM_ENDPOINT` 堡垒机地址，如：`sso.example.com:60022`；\n    2. `DBAPP_SECURITY_USM_USERNAME` 堡垒机账号；\n    3. `DBAPP_SECURITY_USM_PASSWORD` 堡垒机密码；\n    4. `DBAPP_SECURITY_USM_OTP_SECRET` 堡垒机“手机身份验证器”的“密钥”；\n3. 运行自动化运维脚本\n\n    ```\n    poetry run python main.py\n    ```\n\n## 示例代码\n\n1. 上传文件\n\n    ```\n    client = derive_new_client(server_id=1)\n    client.enter_server()\n    client.upload_file(\"/etc/passwd\", \"/tmp/49e43945-5270-4d16-9d73-917eff2710e8\")\n    client.exit_server()\n    ```\n\n2. 执行系统命令并返回命令执行结果\n\n    ```python\n    client = derive_new_client(server_id=1)\n    client.enter_server()\n    print(client.shell_exec(\"id\"))\n    client.exit_server()\n    ```\n\n## FAQ\n\n1. 如何获取身份验证码\n\n    ```\n    poetry run python -c 'import pyotp; from config import settings; print(pyotp.TOTP(settings.DBAPP_SECURITY_USM_OTP_SECRET).now())'\n    ```\n\n2. 可否通过 Paramiko 向内网服务器上传/下载文件？\n\n    不能（应该）。\n\n3. 与服务器的连接最长能够维持多久？\n\n    未知，但最大空闲时间是 30 分钟。\n\n    经过测试，当与服务器的连接空闲超过 1800 秒时，连接将会被服务器主动关闭，并给出如下提示。\n\n    ```\n    [USM] session closed by 'idle timeout (1800 sec)'\n    ```\n\n[1]: https://www.dbappsecurity.com.cn/product/cloud157.html\n[2]: https://netmarket.oss.aliyuncs.com/9197aa5f-6fc2-47bd-8d35-f6b3c8e09b18.pdf","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fwangyihang%2Fdbappsecurity-unified-security-management-python-connector","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fwangyihang%2Fdbappsecurity-unified-security-management-python-connector","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fwangyihang%2Fdbappsecurity-unified-security-management-python-connector/lists"}