如何以编程方式检测可用的ssh身份验证类型? [英] How can I programmatically detect ssh authentication types available?
问题描述
我想编写一个监视插件,用于检查网络上的各种主机,以确保未启用密码或交互式SSH身份验证.也就是说,我需要编写以下代码:
I'd like to write a monitoring plugin that checks various hosts on my network to make sure that password or interactive SSH authentication is not enabled. That is, I need to write code that:
- 连接到SSH端口.
- 枚举可用的身份验证方法.
- 验证仅基于密钥的身份验证是可能的.
使用python或bourne sh代码(使用ssh
)的方法对我来说最有趣,但是也欢迎使用其他语言,库或提示.
Methods using either python or bourne sh code (using ssh
) is most interesting to me, but other languages, libraries or hints are appreciated too.
推荐答案
我目前正在自己构建一个,但是,您可以使用PreferredAuthentications选项强制ssh将受支持的方法输出(输出到STDERR).可以通过选择的grep/python/language轻松地对此进行解析.
I'm currently building one myself, however, you can force ssh to output (to STDERR) the supported methods by using the PreferredAuthentications option. This can easily be parsed with grep/python/language of choice.
HostA$ ssh -o PreferredAuthentications=none HostB
Permission denied (publickey,gssapi-with-mic).
HostA$ ssh -o PreferredAuthentications=none HostC
Permission denied (publickey,gssapi-with-mic,password,keyboard-interactive,hostbased).
这篇关于如何以编程方式检测可用的ssh身份验证类型?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!