自动连接jumperver
一,开启google mfa验证码
1.谷歌mfa验证码
#!/usr/bin/python env
# -*- coding: utf-8 -*-
# Author:cc
# date: 2020/6/10
import hmac, base64, struct, hashlib, time
import platform
import sys
jumpserver = sys.argv[1]
def get_hotp_token(secret, intervals_no):
key = base64.b32decode(secret, True)
msg = struct.pack(">Q", intervals_no)
h = hmac.new(key, msg, hashlib.sha1).digest()
# 加上chr字符串
o = ord(chr(h[19])) & 15
h = (struct.unpack(">I", h[o:o+4])[0] & 0x7fffffff) % 1000000
return h
def get_totp_token(secret, bias):
return get_hotp_token(secret, intervals_no=int(time.time()+bias)//30)
def get_google_code(secret):
googlecode = get_totp_token(secret, 3) # CHJ_WARN 这个参数是试出来的
return '%06d' % googlecode
if __name__ == '__main__':
# get_google_code("T7APKBLX63CDJQRD")
# print(get_google_code())
if jumpserver == "xxx":
secret = "xxx" # 这里是谷歌双因子认证:Google Authenticator 的 Secret
elif jumpserver == "xxx":
secret = "xxx"
elif jumpserver == "xxx":
secret = "xxx"
else:
print("输入跳板机不存在")
sys.exit(0)
get_google_code(secret)
print(get_google_code(secret))
2.连接jumpserver脚本
#!/usr/bin/expect
##此脚本用来自动登录jumpserver
set timeout 10
set USER "panbiao"
set PORT "2222"
set HOST [lindex $argv 0]
set MFA [ exec python3.7 {/Users/panbiao/pem/mfa.py} $HOST ]
spawn ssh -i /Users/panbiao/pem/panbiao-$HOST.pem -p $PORT $USER@$HOST.xxx.com
expect {
"*yes/no*" { send "yes
"; exp_continue }
"**auth*" { send "$MFA
" }
}
#expect "**auth" {send "$MFA
" }
interact
3.直接使用 ./ssh_jumpserver.sh + 要连的跳板机就好
二,未开启google mfa验证码,直接使用密钥登录
#!/bin/bash
function ssh_jumpserver(){
ssh -i $pem -p 2222 panbiao@$host -o StrictHostKeyChecking=no
}
while true
do
cat <<-EOF
1.环境1
2.环境2
3.环境3
EOF
read -p "input number:" num
case $num in
1)
pem="/Users/panbiao/pem/xxx.pem"
host="xxx.com"
ssh_jumpserver
;;
2)
pem="/Users/panbiao/pem/xxx.pem"
host="xxx.com"
ssh_jumpserver
;;
3)
pem="/Users/panbiao/pem/xxx.pem"
host="xxx.com"
ssh_jumpserver
;;
*)
exit
;;
esac
done