How can I programmatically detect ssh authenticati

2019-04-06 17:05发布

问题:

I'd like to write a monitoring plugin that checks various hosts on my network to make sure that password or interactive SSH authentication is not enabled. That is, I need to write code that:

  1. Connects to an SSH port.
  2. Enumerates available authentication methods.
  3. Verifies that only key based authentication is possible.

Methods using either python or bourne sh code (using ssh) is most interesting to me, but other languages, libraries or hints are appreciated too.

回答1:

I'm currently building one myself, however, you can force ssh to output (to STDERR) the supported methods by using the PreferredAuthentications option. This can easily be parsed with grep/python/language of choice.

HostA$ ssh -o PreferredAuthentications=none HostB
Permission denied (publickey,gssapi-with-mic).
HostA$ ssh -o PreferredAuthentications=none HostC
Permission denied (publickey,gssapi-with-mic,password,keyboard-interactive,hostbased).


回答2:

RFC 4252, which defines authentication in SSH, says the following:

Authentication methods are identified by their name, as defined in [SSH-ARCH]. The "none" method is reserved, and MUST NOT be listed as supported. However, it MAY be sent by the client. The server MUST always reject this request, unless the client is to be granted access without any authentication, in which case, the server MUST accept this request. The main purpose of sending this request is to get the list of supported methods from the server.

So you can send a request for none authentication to get the list of supported ones. However, authentication itself occurs after certain lower-level actions take place (key exchange is one of them) so you might need to write a part of SSH protocol in sh script, which is probably a non-trivial task.



回答3:

You can now use the nmap built-in NSE script called ssh-auth-methods to do this:

# nmap -p 22 --script ssh-auth-methods 192.168.1.2

Starting Nmap 7.60 ( https://nmap.org ) at 2017-12-26 00:56 GMT
Nmap scan report for 192.168.1.2
Host is up (0.027s latency).

PORT   STATE SERVICE
22/tcp open  ssh
| ssh-auth-methods:
|   Supported authentication methods:
|     publickey
|_    keyboard-interactive
MAC Address: AA:BB:CC:DD:EE:FF (Apple)

Nmap done: 1 IP address (1 host up) scanned in 2.40 seconds

In addition, someone has made a similar python3 script.



回答4:

If you need *nix solution, you can also hook into OpenSSH sources. If Windows suitable for you - you can also try some .NET commercial libraries, they are much handier than OpenSSH sources :)