def valid_ssh(hostname, port, username, password=None, pkey=None, with_expect=True):
try:
private_key = AppSetting.get('private_key')
public_key = AppSetting.get('public_key')
except KeyError:
private_key, public_key = SSH.generate_key()
AppSetting.set('private_key', private_key, 'ssh private key')
AppSetting.set('public_key', public_key, 'ssh public key')
try:
if password:
_cli = SSH(hostname, port, username, password=str(password))
_cli.add_public_key(public_key)
if pkey:
private_key = pkey
cli = SSH(hostname, port, username, private_key)
cli.ping()
except BadAuthenticationType:
if with_expect:
data = '该主机不支持密钥认证,错误代码:E01'
else:
data = '该主机不支持密钥认证,错误代码:E02'
return False, 500, data
except AuthenticationException:
if password and with_expect:
data = '密钥认证失败,错误代码:E03'
else:
data = "密钥认证失败,错误代码:E04"
return False, 500, data
return True, 200, {'msg': "认证成功"}
def valid_ssh(hostname,
port,
username,
password=None,
pkey=None,
with_expect=True):
try:
private_key = AppSetting.get('private_key')
public_key = AppSetting.get('public_key')
except KeyError:
private_key, public_key = SSH.generate_key()
AppSetting.set('private_key', private_key, 'ssh private key')
AppSetting.set('public_key', public_key, 'ssh public key')
if password:
_cli = SSH(hostname, port, username, password=str(password))
_cli.add_public_key(public_key)
if pkey:
private_key = pkey
try:
cli = SSH(hostname, port, username, private_key)
cli.ping()
except BadAuthenticationType:
if with_expect:
raise TypeError('该主机不支持密钥认证,请参考官方文档,错误代码:E01')
return False
except AuthenticationException:
if password and with_expect:
raise ValueError('密钥认证失败,请参考官方文档,错误代码:E02')
return False
return True
def post(self, request):
form, error = JsonParser(Argument('data', type=list,
help='缺少必要的参数')).parse(request.body)
if error is None:
for item in form.data:
AppSetting.set(**item)
return json_response(error=error)
def valid_ssh(hostname, port, username, password, with_expect=True):
try:
private_key = AppSetting.get('private_key') #定义私钥公钥
public_key = AppSetting.get('public_key')
except KeyError: #错误检查
private_key, public_key = SSH.generate_key()
AppSetting.set('private_key', private_key, 'ssh private key')
AppSetting.set('public_key', public_key, 'ssh public key')
cli = SSH(hostname, port, username, private_key)
if password:
_cli = SSH(hostname, port, username, password=str(password))
code, out = _cli.exec_command('mkdir -p -m 700 ~/.ssh && \
echo %r >> ~/.ssh/authorized_keys && \
chmod 600 ~/.ssh/authorized_keys' % public_key)
if code != 0:
raise Exception(f'add public key error: {out!r}')
try:
cli.ping()
except BadAuthenticationType:
if with_expect:
raise TypeError('该主机不支持密钥认证,请参考官方文档,错误代码:E01')
return False
except AuthenticationException:
if password and with_expect:
raise ValueError('密钥认证失败,请参考官方文档,错误代码:E02')
return False
return True
def handle(self, *args, **options):
target = options['target']
if target == 'mfa':
if options['value'] != 'disable':
return self.echo_error(f'mfa设置,不支持的值【{options["value"]}】')
AppSetting.set('MFA', {'enable': False})
self.echo_success('MFA已禁用')
else:
self.echo_error('未识别的操作')
self.print_help()
def post(self, request):
form, error = JsonParser(
Argument('enable', type=bool, help='参数错误'),
Argument('code', required=False)
).parse(request.body)
if error is None:
if form.enable:
if not form.code:
return json_response(error='请输入验证码')
key = f'{request.user.username}:code'
code = cache.get(key)
if not code:
return json_response(error='验证码已失效,请重新获取')
if code != form.code:
ttl = cache.ttl(key)
cache.expire(key, ttl - 100)
return json_response(error='验证码错误')
cache.delete(key)
AppSetting.set('MFA', {'enable': form.enable})
return json_response(error=error)
def valid_ssh(hostname, port, username, password):
try:
private_key = AppSetting.get('private_key')
public_key = AppSetting.get('public_key')
except KeyError:
private_key, public_key = SSH.generate_key()
AppSetting.set('private_key', private_key, 'ssh private key')
AppSetting.set('public_key', public_key, 'ssh public key')
if password:
cli = SSH(hostname, port, username, password=str(password))
code, out = cli.exec_command('mkdir -p -m 700 ~/.ssh && \
echo %r >> ~/.ssh/authorized_keys && \
chmod 600 ~/.ssh/authorized_keys' % public_key)
if code != 0:
raise Exception(f'add public key error: {out!r}')
else:
cli = SSH(hostname, port, username, private_key)
try:
cli.ping()
except AuthenticationException:
return False
return True