SSH Forwarding
The RADKit Client can establish an SSH server, functioning similarly to a regular SSH server, but with the RADKit protocol as the transport layer.
This enables you to access devices as if you were directly connected to the network.
The SSH username specifies the target device, following this pattern:
<device_name>@<service_id>.
Client Operation
Starting/Stopping the SSH Server
To start the SSH server, use start_ssh_proxy():
>>> ssh = start_ssh_proxy(2222, password="pass")
To stop the SSH server, use stop_ssh_proxy():
>>> stop_ssh_proxy()
Note
Before being able to use SSH forwarding you need to perform any kind of login and get the needed services:
>>> sso_login(...)
>>> service_cloud(...)
>>> service_direct_with_sso(...)
>>>
>>> service_direct(...)
>>> service_integrated(...)
Introspection
You can introspect all connections and sessions created on the server.
Server State:
>>> ssh
------------------ ---------------------------------------------------
status RUNNING
requested_port 2222
requested_host localhost
addresses [('::1', 2222), ('127.0.0.1', 2222)]
fingerprint_md5 MD5:fc:68:c6:3c:b0:e7:3f:3e:6e:d4:34:ff:aa:57:ce:ef
fingerprint_sha256 SHA256:+HOFSDUBXhbY5SSvBzxBysw+SlrXuRYo2RP84/Lyxns
#active 0
#failed 0
#closed 0
#total 0
------------------ ---------------------------------------------------
Connections:
>>> ssh.connections
<radkit_client.sync.ssh_forwarding.SshConnections object at 0x1203da990>
SSH connections:
key status device_name service_name exception #active #failed #closed #total
----- -------- ------------- -------------- ----------- --------- --------- --------- --------
0 ACTIVE self exut-t78u-c939 None 1 0 0 1
>>> ssh.connections[0]
------------------ ---------------------------------------------------
status RUNNING
requested_port 2222
requested_host localhost
addresses [('::1', 2222), ('127.0.0.1', 2222)]
fingerprint_md5 MD5:fc:68:c6:3c:b0:e7:3f:3e:6e:d4:34:ff:aa:57:ce:ef
fingerprint_sha256 SHA256:+HOFSDUBXhbY5SSvBzxBysw+SlrXuRYo2RP84/Lyxns
#active 1
#failed 0
#closed 0
#total 1
------------------ ---------------------------------------------------
Sessions:
>>> ssh.connections[0].sessions
<radkit_client.sync.ssh_forwarding.SshSessions object at 0x117701190>
SSH sessions:
key status device_name service_name request_type term term_size pty_requested exception
----- -------- ------------- -------------- -------------- ------------- --------------------------------------- --------------- -----------
0 ACTIVE None None None xterm-ghostty os.terminal_size(columns=107, lines=58) True None
>>> ssh.connections[0].sessions[0]
[ACTIVE] <radkit_client.sync.ssh_forwarding.SshSession object at 0x120647e10>
------------- ---------------------------------------
device_name self
service_name exut-t78u-c939
status ACTIVE
request_type SHELL
term xterm-ghostty
term_size os.terminal_size(columns=107, lines=58)
pty_requested True
exception None
------------- ---------------------------------------
Host Key
An SSH server requires a host private key to ensure secure transmission. The SSH proxy can either generate an ephemeral ED25519 private key stored only in memory or accept a custom one:
>>> ssh = start_ssh_proxy(..., host_key=<private-key-bytes>)
You can introspect the private key, fingerprints, or derived public key with the following approach:
>>> ssh.host_key_pair
<radkit_client.async_.ssh_forwarding.SshHostKeyPair object at 0x12604af90>
------------------ ---------------------------------------------------
fingerprint_md5 MD5:fc:68:c6:3c:b0:e7:3f:3e:6e:d4:34:ff:aa:57:ce:ef
fingerprint_sha256 SHA256:+HOFSDUBXhbY5SSvBzxBysw+SlrXuRYo2RP84/Lyxns
------------------ ---------------------------------------------------
Private key should remain private. Do not share it. Store it securely.
>>> ssh.host_key_pair.private_key
b'-----BEGIN OPENSSH PRIVATE KEY-----\n<bytes>\n-----END OPENSSH PRIVATE KEY-----\n'
>>> ssh.host_key_pair.public_key
b'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKggZcPZq2vdxbECTle6Yn0k7alRkqgaM3s62sB3jk27\n'
Usage
Currently SSH forwarding supports:
exec- executing command over SSH with PTY request:ssh -t <device>@<service>@localhost -p <port> <command>
shell- interactive session:ssh <device>@<service>@localhost -p <port>