1.修改paramiko源码包实现
https://github.com/paramiko/paramiko/tree/1.10.1 下载源码包
unzip paramiko-1.10.1.zip
paramiko-1.10.1/demos/demo.py 模拟用户登录,在demo.py中会调用interactive.py
paramiko-1.10.1/demos/interactive.py 会把用户执行的命令以及服务器返回的结果打印出来
修改interactive.py,可以把用户名、执行的命令、时间、主机ip记录到日志中
demo.py
import base64
from binascii import hexlify
import getpass
import os
import select
import socket
import sys
import threading
import time
import traceback
import paramiko
import interactive
#define host
print("�33[34;1mWelcome zhengshun's Fort Machine
There have those machines:�33[0m")
dictroy = {
"vc-app01":"192.168.101.131",
"vc-app02":"192.168.101.130",
"vc-app03":"192.168.101.132"
}
while 1:
try:
print('')
for k,v in dictroy.items():
print k,v
print('')
hostname = raw_input('please input IP:')
if hostname == '':continue
elif hostname == 'exit':break
elif hostname == 'quit':break
def agent_auth(transport, username):
"""
Attempt to authenticate to the given transport using any of the private
keys available from an SSH agent.
"""
agent = paramiko.Agent()
agent_keys = agent.get_keys()
if len(agent_keys) == 0:
return
for key in agent_keys:
print 'Trying ssh-agent key %s' % hexlify(key.get_fingerprint()),
try:
transport.auth_publickey(username, key)
print '... success!'
return
except paramiko.SSHException:
print '... nope.'
def manual_auth(username, hostname):
default_auth = 'p'
auth = 'p'
if len(auth) == 0:
auth = default_auth
if auth == 'r':
default_path = os.path.join(os.environ['HOME'], '.ssh', 'id_rsa')
path = raw_input('RSA key [%s]: ' % default_path)
if len(path) == 0:
path = default_path
try:
key = paramiko.RSAKey.from_private_key_file(path)
except paramiko.PasswordRequiredException:
password = getpass.getpass('RSA key password: ')
key = paramiko.RSAKey.from_private_key_file(path, password)
t.auth_publickey(username, key)
elif auth == 'd':
default_path = os.path.join(os.environ['HOME'], '.ssh', 'id_dsa')
path = raw_input('DSS key [%s]: ' % default_path)
if len(path) == 0:
path = default_path
try:
key = paramiko.DSSKey.from_private_key_file(path)
except paramiko.PasswordRequiredException:
password = getpass.getpass('DSS key password: ')
key = paramiko.DSSKey.from_private_key_file(path, password)
t.auth_publickey(username, key)
else:
pw = '123456'
t.auth_password(username, pw)
# setup logging
paramiko.util.log_to_file('demo.log')
username = 'root'
if len(hostname) == 0:
print '*** Hostname required.'
sys.exit(1)
port = 22
if hostname.find(':') >= 0:
hostname, portstr = hostname.split(':')
port = int(portstr)
# now connect
try:
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
sock.connect((hostname, port))
except:
print('�33[31;1minvalid value�33[0m')
continue
#except Exception, e:
# print '*** Connect failed: ' + str(e)
# traceback.print_exc()
# sys.exit(1)
try:
t = paramiko.Transport(sock)
try:
t.start_client()
except paramiko.SSHException:
print '*** SSH negotiation failed.'
sys.exit(1)
try:
keys = paramiko.util.load_host_keys(os.path.expanduser('~/.ssh/known_hosts'))
except IOError:
try:
keys = paramiko.util.load_host_keys(os.path.expanduser('~/ssh/known_hosts'))
except IOError:
print '*** Unable to open host keys file'
keys = {}
# check server's host key -- this is important.
key = t.get_remote_server_key()
if not keys.has_key(hostname):
print '*** WARNING: Unknown host key!'
elif not keys[hostname].has_key(key.get_name()):
print '*** WARNING: Unknown host key!'
elif keys[hostname][key.get_name()] != key:
print '*** WARNING: Host key has changed!!!'
sys.exit(1)
else:
print '*** Host key OK.'
# get username
if username == '':
default_username = getpass.getuser()
username = raw_input('Username [%s]: ' % default_username)
if len(username) == 0:
username = default_username
agent_auth(t, username)
if not t.is_authenticated():
manual_auth(username, hostname)
if not t.is_authenticated():
print '*** Authentication failed. :('
t.close()
sys.exit(1)
chan = t.open_session()
chan.get_pty()
chan.invoke_shell()
print '*** Here we go!'
print
interactive.interactive_shell(chan)
chan.close()
t.close()
except Exception, e:
print '*** Caught exception: ' + str(e.__class__) + ': ' + str(e)
traceback.print_exc()
try:
t.close()
except:
pass
sys.exit(1)
except:
continue
2.创建跳板机用户,并设置用户登陆的环境变量
注意事项:用户登录跳板机后不能跳过demo.py程序,如果退出demo.py程序则注销跳板机的登陆,只能选择要登陆的主机ip,选择后直接登陆,如果用户在输入错误时,要循环从头开始
adduser audit
vim /home/audit/.bash_profile 在环境变量中加入执行python demo.py文件,执行后logout
3.使用shellinabox实现webssh
https://code.google.com/archive/p/shellinabox/downloads 下载shellinabox-2.14.tar.gz
tar zxf shellinabox-2.14.tar.gz
cd shellinabox-2.14
./configure --prefix=/usr/local/webshell && make && make install
bash /usr/local/webshell/bin/shellinaboxd & 后台运行,shellinabox默认端口是4200
访问https://ip:4200就可以登陆跳板机
展示:
