0
下面的觀察並非總是如此,但訪問一段時間後SUT多次使用ssh以root用戶密碼正確的Python代碼陷入困境有:PAM認證失敗
Apr 25 05:51:56 SUT sshd[31570]: pam_tally2(sshd:auth): user root (0) tally 83, deny 10
Apr 25 05:52:16 SUT sshd[31598]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=10.10.10.13 user=root
Apr 25 05:52:21 SUT sshd[31568]: error: PAM: Authentication failure for root from 10.10.10.13
Apr 25 05:52:21 SUT sshd[31568]: Connection closed by 10.10.10.13 [preauth]
這是下面Python代碼:
COMMAND_PROMPT = '.*:~ #'
SSH_NEWKEY = '(?i)are you sure you want to continue connecting'
def scp(source, dest, password):
cmd = 'scp ' + source + ' ' + dest
try:
child = pexpect.spawn('/bin/bash', ['-c', cmd], timeout=None)
res = child.expect([pexpect.TIMEOUT, SSH_NEWKEY, COMMAND_PROMPT, '(?i)Password'])
if res == 0:
print('TIMEOUT Occurred.')
if res == 1:
child.sendline('yes')
child.expect('(?i)Password')
child.sendline(password)
child.expect([pexpect.EOF], timeout=60)
if res == 2:
pass
if res == 3:
child.sendline(password)
child.expect([pexpect.EOF], timeout=60)
except:
print('File not copied!!!')
self.logger.error(str(self.child))
如果SSH不成功,這是Pexpect的打印輸出:
version: 2.3 ($Revision: 399 $)
command: /usr/bin/ssh
args: ['/usr/bin/ssh', '[email protected]']
searcher: searcher_re:
0: re.compile(".*:~ #")
buffer (last 100 chars): :
Account locked due to 757 failed logins
Password:
before (last 100 chars): :
Account locked due to 757 failed logins
Password:
after: <class 'pexpect.TIMEOUT'>
match: None
match_index: None
exitstatus: None
flag_eof: False
pid: 2284
child_fd: 5
closed: False
timeout: 30
delimiter: <class 'pexpect.EOF'>
logfile: None
logfile_read: None
logfile_send: None
maxread: 2000
ignorecase: False
searchwindowsize: None
delaybeforesend: 0
delayafterclose: 0.1
delayafterterminate: 0.1
任何線索也許它可能是什麼,它可能是什麼缺失或錯誤配置爲我的SUT上的pam身份驗證?問題是,當SUT從此pam失敗開始時,python代碼將始終存在問題,並且只有SUT重新啓動似乎有幫助:(
通過ssh root @ ...手動訪問SUT始終正常工作,即使Pexpect的不能!!!帳戶似乎沒有根據鎖定:
SUT:~ # passwd -S root
root P 04/24/2017 -1 -1 -1 -1
我已經調查了一些其他的問題,但沒有真正的解決辦法是提及或可能與我的Python代碼工作
謝謝大家的支持
你可以從代碼中看到什麼錯誤?哪些條件被執行? – Jakuje
其實它只是除了!我沒有添加代碼來獲取錯誤編號或破壞的條件!我不知道如何以一般方式做到這一點:( – FotisK
我已經更新了一些關於該問題的更多信息 – FotisK