initial commit
This commit is contained in:
Moritz Rudert (helios)
45
check_ssh_no_password_login
Executable file
45
check_ssh_no_password_login
Executable file
@@ -0,0 +1,45 @@
|
||||
#!/usr/bin/env perl
|
||||
# Note: Quite experimental, use with care
|
||||
use strict;
|
||||
use warnings;
|
||||
use Getopt::Std;
|
||||
use 5.010;
|
||||
|
||||
my %opts;
|
||||
my $port;
|
||||
|
||||
getopts('H:p:', \%opts);
|
||||
|
||||
if (not $opts{'H'}) {
|
||||
die("Usage: $0 -H HOST -p port\n");
|
||||
}
|
||||
|
||||
if (not $opts{'p'}) {
|
||||
$port = "-p22";
|
||||
} else {
|
||||
$port = "-p" . $opts{'p'};
|
||||
}
|
||||
|
||||
my $host = $opts{'H'};
|
||||
my $ssh_cmd = 'ssh ' . $port . ' -o PreferredAuthentications=keyboard-interactive,password'
|
||||
. ' -o BatchMode=yes -o CheckHostIP=no -o StrictHostKeyChecking=no'
|
||||
. " -o UserKnownHostsFile=/dev/null -o LogLevel=FATAL"
|
||||
. " root\@${host} /bin/false 2>&1";
|
||||
|
||||
my $output = qx{$ssh_cmd};
|
||||
|
||||
my ($accepted) = ($output =~ m/^Permission denied \((.*)\)\./);
|
||||
|
||||
if (not $accepted) {
|
||||
say "Unable to parse ssh output: $output";
|
||||
exit 3;
|
||||
}
|
||||
|
||||
if ($accepted =~ /password/) {
|
||||
say "Password login enabled (server accepts $accepted)";
|
||||
exit 2;
|
||||
}
|
||||
else {
|
||||
say "Password login disabled (server accepts $accepted)";
|
||||
exit 0;
|
||||
}
|
||||
Reference in New Issue
Block a user