Try provided passwords/passphrases multiple times during authentication #7
Assignees
Labels
Comments
def onConnectionPrompt(prompt, state, logger):
"""
:type prompt: str
:type state: dict[str, object]
:type logger: logging.Logger
:rtype: str|None
"""
prompt = prompt.lower()
state.setdefault('triedPassword', 0)
state.setdefault('triedKeys', {})
if 'enter passphrase for key' in prompt:
key = re.findall( r'key \'(.+)\':\s*$', prompt, flags = re.IGNORECASE | re.MULTILINE )
if key is None or len(key) != 1: key = '???'
else: key = key[0]
state['triedKeys'].setdefault(key, 0)
if state['triedKeys'][key] > 2:
logger.error('Connect failed: incorrect passphrase')
return None
else:
state['triedKeys'][key] += 1
state['triedPassword'] = 0
logger.debug('Trying key \'{}\''.format(key))
return state['passphrase']
if 'password:' in prompt:
if state['triedPassword'] > 2:
logger.error('Connect failed: incorrect password')
return None
else:
state['triedPassword'] += 1
state['triedKeys'] = {}
logger.debug('Trying password')
return state['password']
return None |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
When going through multiple jumpboxes (rare, I know), it's possible to be prompted twice for a passphrase or password. Right now, the default promptCallback will never try the same credential twice in succession, instead considering that an indication of failure and bailing out. Since
sshdoes not distinguish between a successful or unsuccessful response toPassword:orEnter passphrase for key:without turning up verbosity, let's relax this and allow the default promptCalback to try the same credential successively, say, three times? Arbitrary, but should cover almost all imaginable out-of-box usecases.The text was updated successfully, but these errors were encountered: