由于jumpserver使用了Google auth认证,登录终端需要使用秘钥登录,比较繁琐,因此编写了简化代码
# 1、mac下,将秘钥存储到python脚本
cat ~/ga.py
#!/usr/bin/python
import hmac, base64, struct, hashlib, time
secretKey = '私钥'
def cal_google_code(secret_key):
input = int(time.time())//30
key = base64.b32decode(secret_key) # length of the key must be a multiplier of eight
msg = struct.pack(">Q", input)
google_code = hmac.new(key, msg, hashlib.sha1).digest()
try:
o = google_code[19] & 15
except:
o = ord(google_code[19]) & 15
google_code = str((struct.unpack(">I", google_code[o:o+4])[0] & 0x7fffffff) % 1000000)
if len(google_code) == 5:
google_code = '0' + google_code
if len(google_code) == 4:
google_code = '00' + google_code
return google_code
print(cal_google_code(secretKey))
# 2、mac下,直接将文件存储到可执行目录[必须添加sleep,否则在item2下会出错误]
cat /usr/local/bin/jumpserver
#!/usr/bin/expect -f
set nickNamePY "你的花名拼音"
set gaCode [exec sh -c {python ~/ga.py}]
spawn ssh $nickNamePY@jumpserver.010sec.com
expect {
"MFA" {
sleep 0.3
send "$gaCode\n"
expect "Opt>" {
send "\n"
}
}
"Opt>" {
send "\n"
}
}
interact
# 赋予可执行权限
chmod +x /usr/local/bin/jumpserver
# 这样就可以实现简单化的登录方案
http://www.10qianwan.com/articledetail/329157.html time-based基于google key生成6位验证码(google authenticator)
https://github.com/grahammitchell/google-authenticator/blob/master/google-authenticator.py