From 770df7122ead1e290a75f88b3ff88794f4cfc434 Mon Sep 17 00:00:00 2001 From: Feng_Qi Date: Fri, 11 Feb 2022 15:26:40 +0800 Subject: [PATCH 1/4] VERSION 0.4.0 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit 支持在 sshHost 中配置 ciphers 和 keyExchanges 参数,以更好的适配不同的服务器环境 --- funcs/sshconnect.go | 32 ++++++++++++++++---------------- g/cfg.go | 17 ++++++++++++----- g/const.go | 2 +- main.go | 13 ++++++++++--- 4 files changed, 39 insertions(+), 25 deletions(-) diff --git a/funcs/sshconnect.go b/funcs/sshconnect.go index 403c802..fd8f359 100644 --- a/funcs/sshconnect.go +++ b/funcs/sshconnect.go @@ -14,7 +14,7 @@ import ( "golang.org/x/crypto/ssh" ) -func connect(user, password, host, key string, port int, cipherList []string) (*ssh.Session, error) { +func connect(user, password, host, key string, port int, cipherList, keyExchangeList []string) (*ssh.Session, error) { var ( auth []ssh.AuthMethod addr string @@ -45,16 +45,16 @@ func connect(user, password, host, key string, port int, cipherList []string) (* } auth = append(auth, ssh.PublicKeys(signer)) } - if len(cipherList) == 0 { - config = ssh.Config{ - Ciphers: []string{"aes128-ctr", "aes192-ctr", "aes256-ctr", "aes128-gcm@openssh.com", "arcfour256", "arcfour128", "aes128-cbc", "3des-cbc", "aes192-cbc", "aes256-cbc"}, - KeyExchanges: []string{"diffie-hellman-group-exchange-sha1", "diffie-hellman-group1-sha1", "diffie-hellman-group-exchange-sha256"}, - } + config.Ciphers = []string{"aes128-ctr", "aes192-ctr", "aes256-ctr", "aes128-gcm@openssh.com", "arcfour256", "arcfour128", "aes128-cbc", "3des-cbc", "aes192-cbc", "aes256-cbc"} } else { - config = ssh.Config{ - Ciphers: cipherList, - } + config.Ciphers = cipherList + } + + if len(keyExchangeList) == 0 { + config.KeyExchanges = []string{"diffie-hellman-group-exchange-sha1", "diffie-hellman-group1-sha1", "diffie-hellman-group-exchange-sha256"} + } else { + config.KeyExchanges = keyExchangeList } clientConfig = &ssh.ClientConfig{ @@ -92,12 +92,12 @@ func connect(user, password, host, key string, port int, cipherList []string) (* return session, nil } -func Dossh(username, password, host, key string, cmdlist []string, port, timeout int, cipherList []string, linuxMode bool, ch chan g.SSHResult) { +func Dossh(username, password, host, key string, cmdlist []string, port, timeout int, cipherList, keyExchangeList []string, linuxMode bool, ch chan g.SSHResult) { chSSH := make(chan g.SSHResult) if linuxMode { - go dossh_run(username, password, host, key, cmdlist, port, cipherList, chSSH) + go dossh_run(username, password, host, key, cmdlist, port, cipherList, keyExchangeList, chSSH) } else { - go dossh_session(username, password, host, key, cmdlist, port, cipherList, chSSH) + go dossh_session(username, password, host, key, cmdlist, port, cipherList, keyExchangeList, chSSH) } var res g.SSHResult @@ -113,8 +113,8 @@ func Dossh(username, password, host, key string, cmdlist []string, port, timeout return } -func dossh_session(username, password, host, key string, cmdlist []string, port int, cipherList []string, ch chan g.SSHResult) { - session, err := connect(username, password, host, key, port, cipherList) +func dossh_session(username, password, host, key string, cmdlist []string, port int, cipherList, keyExchangeList []string, ch chan g.SSHResult) { + session, err := connect(username, password, host, key, port, cipherList, keyExchangeList) var sshResult g.SSHResult sshResult.Host = host @@ -159,8 +159,8 @@ func dossh_session(username, password, host, key string, cmdlist []string, port return } -func dossh_run(username, password, host, key string, cmdlist []string, port int, cipherList []string, ch chan g.SSHResult) { - session, err := connect(username, password, host, key, port, cipherList) +func dossh_run(username, password, host, key string, cmdlist []string, port int, cipherList, keyExchangeList []string, ch chan g.SSHResult) { + session, err := connect(username, password, host, key, port, cipherList, keyExchangeList) var sshResult g.SSHResult sshResult.Host = host diff --git a/g/cfg.go b/g/cfg.go index b3a3a32..cfe81be 100644 --- a/g/cfg.go +++ b/g/cfg.go @@ -27,6 +27,12 @@ type SSHHost struct { type HostJson struct { SshHosts []SSHHost + Global GlobalConfig +} + +type GlobalConfig struct { + Ciphers string + KeyExchanges string } type SSHResult struct { @@ -36,6 +42,9 @@ type SSHResult struct { } func SplitString(str string) (strList []string) { + if str == "" { + return + } if strings.Contains(str, ",") { strList = strings.Split(str, ",") } else { @@ -72,20 +81,18 @@ func Getfile(filePath string) ([]string, error) { } //gu -func GetJsonFile(filePath string) ([]SSHHost, error) { - result := []SSHHost{} +func GetJsonFile(filePath string) (HostJson, error) { + var result HostJson b, err := ioutil.ReadFile(filePath) if err != nil { log.Println("read file ", filePath, err) return result, err } - var m HostJson - err = json.Unmarshal(b, &m) + err = json.Unmarshal(b, &result) if err != nil { log.Println("read file ", filePath, err) return result, err } - result = m.SshHosts return result, nil } func WriteIntoTxt(sshResult SSHResult, locate string) error { diff --git a/g/const.go b/g/const.go index 43aee6a..9e9db32 100644 --- a/g/const.go +++ b/g/const.go @@ -9,5 +9,5 @@ package g // json Unmarshal with error // 0.2.3 const ( - VERSION = "0.3.0" + VERSION = "0.4.0" ) diff --git a/main.go b/main.go index 439e461..7b7693f 100644 --- a/main.go +++ b/main.go @@ -23,6 +23,7 @@ func main() { key := flag.String("k", "", "ssh private key") port := flag.Int("port", 22, "ssh port") ciphers := flag.String("ciphers", "", "ciphers") + keyExchanges := flag.String("keyexchanges", "", "keyexchanges") cmdFile := flag.String("cmdfile", "", "cmdfile path") hostFile := flag.String("hostfile", "", "hostfile path") ipFile := flag.String("ipfile", "", "ipfile path") @@ -36,7 +37,7 @@ func main() { flag.Parse() - var cmdList, hostList, cipherList []string + var cmdList, hostList, cipherList, keyExchangeList []string var err error sshHosts := []g.SSHHost{} @@ -88,6 +89,9 @@ func main() { if *ciphers != "" { cipherList = g.SplitString(*ciphers) } + if *keyExchanges != "" { + keyExchangeList = g.SplitString(*keyExchanges) + } if *cfgFile == "" { for _, host := range hostList { host_Struct.Host = host @@ -100,11 +104,14 @@ func main() { sshHosts = append(sshHosts, host_Struct) } } else { - sshHosts, err = g.GetJsonFile(*cfgFile) + sshHostConfig, err := g.GetJsonFile(*cfgFile) if err != nil { log.Println("load cfgFile error: ", err) return } + cipherList = g.SplitString(sshHostConfig.Global.Ciphers) + keyExchangeList = g.SplitString(sshHostConfig.Global.KeyExchanges) + sshHosts = sshHostConfig.SshHosts for i := 0; i < len(sshHosts); i++ { if sshHosts[i].Cmds != "" { sshHosts[i].CmdList = g.SplitString(sshHosts[i].Cmds) @@ -124,7 +131,7 @@ func main() { startTime := time.Now() log.Println("Multissh start") limitFunc := func(chLimit chan bool, ch chan g.SSHResult, host g.SSHHost) { - funcs.Dossh(host.Username, host.Password, host.Host, host.Key, host.CmdList, host.Port, *timeLimit, cipherList, host.LinuxMode, ch) + funcs.Dossh(host.Username, host.Password, host.Host, host.Key, host.CmdList, host.Port, *timeLimit, cipherList, keyExchangeList, host.LinuxMode, ch) <-chLimit } for i, host := range sshHosts { From 53850621a533bb9ce742ab819c1028c3a9ecfc13 Mon Sep 17 00:00:00 2001 From: Feng_Qi Date: Fri, 11 Feb 2022 15:50:19 +0800 Subject: [PATCH 2/4] README VERSION 0.4.0 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit 更新 readme 和 example --- README.MD | 80 ++++++++++++++++++++++++++---------------------- ssh.json.example | 40 +++++++++++++----------- 2 files changed, 65 insertions(+), 55 deletions(-) diff --git a/README.MD b/README.MD index 0d96985..5cfb03f 100644 --- a/README.MD +++ b/README.MD @@ -29,40 +29,42 @@ https://github.com/shanghai-edu/multissh/releases/ # ./multissh -h Usage of ./multissh: -c string - cfg File Path + cfg File Path -ciphers string - ciphers + ciphers -cmdfile string - cmdfile path + cmdfile path -cmds string - cmds + cmds -f string - write file locate + write file locate -hostfile string - hostfile path + hostfile path -hosts string - host address list + host address list -ipfile string - ipfile path + ipfile path -ips string - ip address list - -j print output in json format + ip address list + -j print output in json format -k string - ssh private key - -l In linux mode,multi command combine with && ,such as date&&cd /opt&&ls + ssh private key + -keyexchanges string + keyexchanges + -l In linux mode,multi command combine with && ,such as date&&cd /opt&&ls -n int - max execute number (default 20) + max execute number (default 20) -outTxt - write result into txt + write result into txt -p string - password + password -port int - ssh port (default 22) + ssh port (default 22) -t int - max timeout (default 30) + max timeout (default 30) -u string - username - -v show version + username + -v show version ``` **cmdfile 示例** ``` @@ -82,24 +84,28 @@ show clock **ssh.json 示例** ``` { - "SshHosts": [ - { - "Host": "192.168.31.51", - "Port": 22, - "Username": "admin", - "Password": "admin", - "cmds":"show clock;show clock" - }, - { - "Host": "192.168.80.131", - "Port": 22, - "Username": "root", - "Password": "", - "key": "./server.key", - "linuxMode": true, - "CmdFile": "cmd2.txt.example" - } - ] + "SshHosts": [{ + "Host": "192.168.31.51", + "Port": 22, + "Username": "admin", + "Password": "admin", + "cmds": "show clock;show clock" + }, + { + "Host": "192.168.80.131", + "Port": 22, + "Username": "root", + "Password": "", + "key": "./server.key", + "linuxMode": true, + "CmdFile": "cmd2.txt.example" + } + ], + "Global": { + "Ciphers": "aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc", + "KeyExchanges": "diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1" + } + } ``` diff --git a/ssh.json.example b/ssh.json.example index bede1a5..01fa5ee 100644 --- a/ssh.json.example +++ b/ssh.json.example @@ -1,20 +1,24 @@ { - "SshHosts": [ - { - "Host": "192.168.31.51", - "Port": 22, - "Username": "admin", - "Password": "admin", - "cmds":"show clock;show clock" - }, - { - "Host": "192.168.80.131", - "Port": 22, - "Username": "root", - "Password": "", - "key": "./server.key", - "linuxMode": true, - "CmdFile": "cmd2.txt.example" - } - ] + "SshHosts": [{ + "Host": "192.168.31.51", + "Port": 22, + "Username": "admin", + "Password": "admin", + "cmds": "show clock;show clock" + }, + { + "Host": "192.168.80.131", + "Port": 22, + "Username": "root", + "Password": "", + "key": "./server.key", + "linuxMode": true, + "CmdFile": "cmd2.txt.example" + } + ], + "Global": { + "Ciphers": "aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc", + "KeyExchanges": "diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1" + } + } \ No newline at end of file From fa8ecd9a332e0bd4a2248c4f64f856f7e4c4cce3 Mon Sep 17 00:00:00 2001 From: TieWay59 Date: Sat, 11 Mar 2023 20:37:40 +0800 Subject: [PATCH 3/4] =?UTF-8?q?fix:=20=E8=A1=A5=E9=BD=90=20`connect`=20?= =?UTF-8?q?=E5=87=BD=E6=95=B0=E7=BC=BA=E5=A4=B1=E7=9A=84=E5=8F=82=E6=95=B0?= =?UTF-8?q?=E6=95=B0=E9=87=8F?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit 采用 nil 作为 `keyExchangeList` 从而提供默认的行为 --- funcs/ssh_test.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/funcs/ssh_test.go b/funcs/ssh_test.go index 0ff1d7e..478d8b0 100644 --- a/funcs/ssh_test.go +++ b/funcs/ssh_test.go @@ -18,7 +18,7 @@ const ( func Test_SSH(t *testing.T) { var cipherList []string - session, err := connect(username, password, ip, key, port, cipherList) + session, err := connect(username, password, ip, key, port, cipherList, nil) if err != nil { t.Error(err) return From cfc416503f562b4e1a38f15cf961f80fe5c5cd50 Mon Sep 17 00:00:00 2001 From: TieWay59 Date: Sat, 11 Mar 2023 20:43:51 +0800 Subject: [PATCH 4/4] =?UTF-8?q?doc:=20=E5=A2=9E=E5=8A=A0=20`Test=5FSSH`=20?= =?UTF-8?q?=E5=87=BD=E6=95=B0=E6=8F=8F=E8=BF=B0?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- funcs/ssh_test.go | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/funcs/ssh_test.go b/funcs/ssh_test.go index 478d8b0..5dc124a 100644 --- a/funcs/ssh_test.go +++ b/funcs/ssh_test.go @@ -16,6 +16,10 @@ const ( key = "../server.key" ) +// Tests the SSH functionality of the package. +// +// It requires manual input of the local SSH private key path into the key +// variable, and the remote address into the ip variable. func Test_SSH(t *testing.T) { var cipherList []string session, err := connect(username, password, ip, key, port, cipherList, nil)