SSH如何在Linux上提示输入用户名和密码
[英]How does SSH prompt for user name and password on Linux
问题描述
I am creating an application that runs on multiple remote Linux devices and has a central administrator to manage the devices.
我正在创建一个在多个远程 Linux 设备上运行的应用程序,并且有一个中央管理员来管理这些设备。 I am adding a feature so the user can open a terminal window in the central administrator to a remote device.我正在添加一项功能,以便用户可以在中央管理员中打开终端 window 到远程设备。 It works a lot like using an SSH client to remote into a server except I am using the existing communication channel between the central administrator and the device so I do not need to use the SSH protocol at all.它的工作原理很像使用 SSH 客户端远程访问服务器,除了我使用中央管理员和设备之间的现有通信通道,因此我根本不需要使用 SSH 协议。
I have it mostly working.我大部分时间都在工作。 I create a pseudo terminal (pty) on the device and communicate the output/input between the pty and the terminal client running on the central administrator.我在设备上创建了一个伪终端 (pty),并在 pty 和在中央管理员上运行的终端客户端之间传送输出/输入。
The one part that I can't figure out is how SSH prompts for a username and then password using a client like putty.我无法弄清楚的一个部分是 SSH 如何使用 putty 之类的客户端提示输入用户名和密码。 Is this something that the shell in the pseudo terminal prompts for or is the client doing the prompting and passing that to the SSH server?这是伪终端中的 shell 提示的内容,还是客户端进行提示并将其传递给 SSH 服务器?
If the shell is prompting for user and/or password, what shell command does this?如果 shell 提示输入用户和/或密码,那么 shell 命令是做什么的? I have tried many things with su and sudo but have not figured it out.我用 su 和 sudo 尝试了很多东西,但还没有弄清楚。
If the client is prompting before the shell is created, how does the SSH server authenticate the user and password?如果客户端在创建shell之前提示,那么SSH服务器如何认证用户和密码? What library calls are used to do this?使用哪些库调用来执行此操作?
If anyone has suggestions about where to look for this information, please share them.如果有人对在哪里查找此信息有任何建议,请分享。
2 个解决方案
解决方案1
0 2021-04-23 15:44:53
PuTTY implements SSH, and part of that is implementing the authentication exchange. PuTTY 实现了 SSH,其中一部分是实现身份验证交换。 For servers that allow password authentication, SSH will usually prompt for a password if an initial attempt using a key failed.对于允许密码身份验证的服务器,如果使用密钥的初始尝试失败,SSH 通常会提示输入密码。
This is likely a feature of PuTTY's SSH implementation.这可能是 PuTTY 的 SSH 实现的一个特性。 In other words, to get that prompt to appear, you must expose a valid SSH service.换句话说,要显示该提示,您必须公开有效的 SSH 服务。
If you're running a plain-text TCP service you may want to do this to at least encrypt it.如果您正在运行纯文本 TCP 服务,您可能希望这样做至少对其进行加密。
解决方案2
0 2021-04-27 20:15:10
In looking through the source code for OpenSSH ( https://github.com/openssh/openssh-portable ) there is code in there to prompt for user and password and then authenticate the credentials.在查看 OpenSSH 的源代码 ( https://github.com/openssh/openssh-portable ) 中有代码提示输入用户和密码,然后验证凭据。 The prompting is done through the terminal interface.提示是通过终端界面完成的。
So I believe the answer to my question is that my server running on the remote Linux devices need to send terminal commands to the xterm client to prompt for credentials.所以我相信我的问题的答案是我在远程 Linux 设备上运行的服务器需要向 xterm 客户端发送终端命令以提示输入凭据。 Then authenticate those credentials and start the pseudo terminal in the user context.然后验证这些凭据并在用户上下文中启动伪终端。
This functionality is not built into the shell and it is not built into the terminal client.此功能未内置在 shell 中,也未内置在终端客户端中。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.