验证用户是否能够使用密码进行SSH

时间:2019-05-21 04:14:58

标签: ansible

我想测试用户是否能够使用SSH密码进行SSH。这就是我要做的。我尝试了以下模块:local_action,wait_for,但是这些没有给我结果。剧本的结果只能告诉我尝试SSH时连接成功或失败的位置。

要求是测试哪个用户帐户成功建立了到远程服务器的SSH连接。将要运行ansible脚本的用户在这些服务器上拥有多个帐户,但是SSH登录将以用户不知道的正确权限成功登录。用户帐户均具有相同的密码。

库存文件:

all:
  children:
    FXO-Test:
      hosts:        
        host1.abcd.com:
        host2.abcd.com:

      vars:
        ansible_user: user1

剧本:

---
  - hosts: "{{ targethosts }}"
    gather_facts: no
    tasks:
    - name: Test connection
      local_action: command ssh -q -o BatchMode=yes -o ConnectTimeout=3 {{ inventory_hostname }}
      register: test_user
      ignore_errors: true
      changed_when: false

使用命令调用:

ansible-playbook checkLogin.yml -i ans_inventory_test --ask-pass --extra-vars "targethosts=FXO-Test"  | tee verify_user.log

期望查看哪些SSH连接失败以及哪些连接正常。

根据弗拉基米尔·博特卡(Vladimir Botka)的回应,我对剧本进行了一些调整,以从清单文件中提取主机名。

我更新的剧本'verifySSHLogin.yml':

- hosts: localhost
  gather_facts: no
  vars:
    my_users:
      - user1
      - user2
    my_hosts: "{{ query('inventory_hostnames', 'all') }}"
  tasks:
    - expect:
        command: "ssh -o PubkeyAuthentication=no -o StrictHostKeyChecking=no {{ item.0 }}@{{ item.1 }}"
        timeout: 2
        responses:
          (.*)password(.*):
            - "password"      # Fit the password
            - "\x03"          # Ctrl-C
          (.*)\$(.*): "exit"  # Fit the prompt
      loop: "{{ my_users|product(my_hosts)|list }}"
      register: result
      ignore_errors: yes
    - debug:
        msg: "{{ (item.rc  == 0)|ternary(item.invocation.module_args.command ~ ' [OK]',item.invocation.module_args.command ~ ' [KO]') }}"
      loop: "{{ result.results }}"

我现在使用以下命令调用

ansible-playbook verifySSHLogin.yml -i ans_inventory_test --extra-vars "targethosts=FXO-Test"  | tee verify_user.log

然后我可以像这样对verify_user.log做一个grep:

grep '\"msg\": \"ssh' verify_user.log

这给了我以下期望的结果:

"msg": "ssh -o PubkeyAuthentication=no -o StrictHostKeyChecking=no user1@host1.abc.corp.com [OK]"
"msg": "ssh -o PubkeyAuthentication=no -o StrictHostKeyChecking=no user1@host2.abc.corp.com [OK]"
"msg": "ssh -o PubkeyAuthentication=no -o StrictHostKeyChecking=no user1@host3.abc.corp.com [KO]"
"msg": "ssh -o PubkeyAuthentication=no -o StrictHostKeyChecking=no user2@host1.abc.corp.com [KO]"
"msg": "ssh -o PubkeyAuthentication=no -o StrictHostKeyChecking=no user2@host2.abc.corp.com [KO]"
"msg": "ssh -o PubkeyAuthentication=no -o StrictHostKeyChecking=no user2@host3.abc.corp.com [KO]"

进一步调整了剧本,以避免对SSH密码进行硬编码。最终的剧本看起来像现在这样:

- hosts: localhost
  gather_facts: no
  vars:
    my_users:
      - user1
      - user2
    my_hosts: "{{ query('inventory_hostnames', 'all') }}"
  tasks:
    - expect:
        command: "ssh -o PubkeyAuthentication=no -o StrictHostKeyChecking=no {{ item.0 }}@{{ item.1 }}"
        timeout: 2
        responses:
          (.*)password(.*):
            - "{{ ansible_password }}"      # Fit the password
            - "\x03"          # Ctrl-C
          (.*)\$(.*): "exit"  # Fit the prompt
      loop: "{{ my_users|product(my_hosts)|list }}"
      register: result
      ignore_errors: yes
    - debug:
        msg: "{{ (item.rc  == 0)|ternary(item.invocation.module_args.command ~ ' [OK]',item.invocation.module_args.command ~ ' [KO]') }}"
      loop: "{{ result.results }}"

SSH密码可以像这样传递给ansible-playbook命令:

ansible-playbook verifySSHLogin.yml -i ans_inventory_test -k --extra-vars "targethosts=FXO-Test"  | tee verify_user.log

1 个答案:

答案 0 :(得分:1)

expect模块将完成此工作。鉴于  user1 @ test_01可以登录,下面的播放

- hosts: localhost
  vars:
    my_users:
      - user1
      - user2
    my_hosts:
      - test_01
      - test_02
  tasks:
    - expect:
        command: "ssh {{ item.0 }}@{{ item.1 }}"
        timeout: 2
        responses:
          (.*)password(.*):
            - "password"      # Fit the password
            - "\x03"          # Ctrl-C
          (.*)\$(.*): "exit"  # Fit the prompt
      with_nested:
        - "{{ my_users }}"
        - "{{ my_hosts }}"
      register: result
      ignore_errors: yes
    - debug:
        msg: "{{ (item.rc  == 0)|ternary(item.invocation.module_args.command ~ ' [OK]',
                                         item.invocation.module_args.command ~ ' [KO]') }}"
      loop: "{{ result.results }}"

给予(grep msg):

"msg": "ssh user1@test_01 [OK]"
"msg": "ssh user1@test_02 [KO]"
"msg": "ssh user2@test_01 [KO]"
"msg": "ssh user2@test_02 [KO]"