首页 文章

在pexpect python期间root身份验证失败

提问于
浏览
0

下面的观察结果并非总是如此,但是一段时间后用root用户和正确的密码用ssh多次访问SUT,python代码遇到了麻烦:

Apr 25 05:51:56 SUT sshd[31570]: pam_tally2(sshd:auth): user root (0) tally 83, deny 10
Apr 25 05:52:16 SUT sshd[31598]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=10.10.10.13  user=root
Apr 25 05:52:21 SUT sshd[31568]: error: PAM: Authentication failure for root from 10.10.10.13
Apr 25 05:52:21 SUT sshd[31568]: Connection closed by 10.10.10.13 [preauth]

这是下面的python代码:

COMMAND_PROMPT = '.*:~ #'
SSH_NEWKEY = '(?i)are you sure you want to continue connecting'

def scp(source, dest, password):
    cmd = 'scp ' + source + ' ' + dest
    try:
        child = pexpect.spawn('/bin/bash', ['-c', cmd], timeout=None)
        res = child.expect([pexpect.TIMEOUT, SSH_NEWKEY, COMMAND_PROMPT, '(?i)Password'])
        if res == 0:
            print('TIMEOUT Occurred.')
        if res == 1:
            child.sendline('yes')
            child.expect('(?i)Password')
            child.sendline(password)
            child.expect([pexpect.EOF], timeout=60)
        if res == 2:
            pass
        if res == 3:
            child.sendline(password)
            child.expect([pexpect.EOF], timeout=60)
    except:
        print('File not copied!!!')
        self.logger.error(str(self.child))

当ssh不成功时,这是pexpect打印输出:

version: 2.3 ($Revision: 399 $)
command: /usr/bin/ssh
args: ['/usr/bin/ssh', 'root@100.100.100.100']
searcher: searcher_re:
    0: re.compile(".*:~ #")
buffer (last 100 chars): :
Account locked due to 757 failed logins

Password:
before (last 100 chars): :
Account locked due to 757 failed logins

Password:
after: <class 'pexpect.TIMEOUT'>
match: None
match_index: None
exitstatus: None
flag_eof: False
pid: 2284
child_fd: 5
closed: False
timeout: 30
delimiter: <class 'pexpect.EOF'>
logfile: None
logfile_read: None
logfile_send: None
maxread: 2000
ignorecase: False
searchwindowsize: None
delaybeforesend: 0
delayafterclose: 0.1
delayafterterminate: 0.1

任何线索可能是什么,是否可能在我的SUT上为pam身份验证配置了任何缺失或错误?问题是,当SUT以这个pam故障开始时,python代码将始终有问题,只有重新启动SUT似乎有帮助:(

通过ssh root @ ...手动访问SUT总是有效,即使pexpect不能!该帐户似乎没有锁定根据:

SUT:~ # passwd -S root
root P 04/24/2017 -1 -1 -1 -1

我已经研究了其他一些问题,但没有提到真正的解决方案或者可以使用我的python代码 .

谢谢你 .

python-2.7 ssh pexpect pam

1 回答

  • 0

    我的工作是修改pam_tally配置文件的测试目的 . 似乎SUT承认多重访问是一种威胁,甚至锁定root帐户!

    通过在几个pam_tally配置文件中删除此条目 even_deny_root root_unlock_time=5

    /etc/pam.d/common-account:account    required        pam_tally2.so     deny=10 onerr=fail unlock_time=600 even_deny_root root_unlock_time=5 file=/home/test/faillog
/etc/pam.d/common-auth:auth          required        pam_tally2.so     deny=10 onerr=fail unlock_time=600 even_deny_root root_unlock_time=5 file=/home/test/faillog

    这些更改将动态激活,无需重启服务!

    注意:重新启动后,这些条目很可能会回来!

    回复于

相关问题