如何以编程方式检测可用的ssh身份验证类型? [英] How can I programmatically detect ssh authentication types available?

问题描述

我想编写一个监视插件，用于检查网络上的各种主机，以确保未启用密码或交互式SSH身份验证.也就是说，我需要编写以下代码:

I'd like to write a monitoring plugin that checks various hosts on my network to make sure that password or interactive SSH authentication is not enabled. That is, I need to write code that:

1. 连接到SSH端口.
2. 枚举可用的身份验证方法.
3. 验证仅基于密钥的身份验证是可能的.

使用python或bourne sh代码(使用ssh)的方法对我来说最有趣，但是也欢迎使用其他语言，库或提示.

Methods using either python or bourne sh code (using ssh) is most interesting to me, but other languages, libraries or hints are appreciated too.

推荐答案

我目前正在自己​​构建一个，但是，您可以使用PreferredAuthentications选项强制ssh将受支持的方法输出(输出到STDERR).可以通过选择的grep/python/language轻松地对此进行解析.

I'm currently building one myself, however, you can force ssh to output (to STDERR) the supported methods by using the PreferredAuthentications option. This can easily be parsed with grep/python/language of choice.

HostA$ ssh -o PreferredAuthentications=none HostB
Permission denied (publickey,gssapi-with-mic).
HostA$ ssh -o PreferredAuthentications=none HostC
Permission denied (publickey,gssapi-with-mic,password,keyboard-interactive,hostbased).

这篇关于如何以编程方式检测可用的ssh身份验证类型?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！