mpServer%E5%BC%80%E5%90%AFMFA%E8%AE%A4%E8%AF%81" style="box-sizing: border-box; outline: 0px; margin: 24px 0px 8px; padding: 0px; font-family: "PingFang SC", "Microsoft YaHei", SimHei, Arial, SimSun; font-size: 22px; color: rgb(79, 79, 79); line-height: 32px; font-synthesis-style: auto; overflow-wrap: break-word; text-wrap: wrap; background-color: rgb(255, 255, 255);">1、JumpServer开启MFA认证
开启MFA认证:
开启后效果:
2、使用浏览器登录堡垒机,配置MFA
按需下载对应app进行绑定
到此手机绑定成功,登录时候可以在手机app查看动态码。
但是每次登录,都需要打开手机,找到动态码,手动输入很麻烦
使用SecureCRT可实现自动输入,很方便快捷。
3、生成动态码python脚本内容如下:
需要将google_secret改为你的Secret
import sys
import calendar
import datetime
import hashlib
import time
import base64
import hmac
import codecs
import re
class OTP(object):
def __init__(self, s, digits=6, digest=hashlib.sha1, name=None, issuer=None):
self.digits = digits
self.digest = digest
self.secret = s
self.name = name or 'Secret'
self.issuer = issuer
def generate_otp(self, input):
if input < 0:
raise ValueError('input must be a positive integer')
hasher = hmac.new(self.byte_secret(), self.int_to_bytestring(input), self.digest)
hmac_hash = bytearray(hasher.digest())
offset = hmac_hash[-1] & 0xf
code = ((hmac_hash[offset] & 0x7f) << 24 |
(hmac_hash[offset + 1] & 0xff) << 16 |
(hmac_hash[offset + 2] & 0xff) << 8 |
(hmac_hash[offset + 3] & 0xff))
str_code = str(code % 10 ** self.digits)
while len(str_code) < self.digits:
str_code = '0' + str_code
return str_code
def byte_secret(self):
secret = self.secret
missing_padding = len(secret) % 8
if missing_padding != 0:
secret += '=' * (8 - missing_padding)
return base64.b32decode(secret, casefold=True)
@staticmethod
def int_to_bytestring(i, padding=8):
result = bytearray()
while i != 0:
result.append(i & 0xFF)
i >>= 8
return bytes(bytearray(reversed(result)).rjust(padding, b'\0'))
class TOTP(OTP):
def __init__(self, s, digits=6, digest=hashlib.sha1, name=None, issuer=None, interval=30):
self.interval = interval
super(TOTP, self).__init__(s=s, digits=digits, digest=digest, name=name, issuer=issuer)
def now(self):
return self.generate_otp(self.timecode(datetime.datetime.now()))
def timecode(self, for_time):
if for_time.tzinfo:
return int(calendar.timegm(for_time.utctimetuple()) / self.interval)
else:
return int(time.mktime(for_time.timetuple()) / self.interval)
def Main():
google_secret = '此处替换为刚才记录的Secret'
code = TOTP(s=google_secret,interval=30).now()
tab = crt.GetScriptTab()
if tab.Session.Connected != True:
crt.Dialog.MessageBox("Session Not Connected")
return
tab.Screen.Synchronous = True
tab.Screen.WaitForStrings(['Please Enter MFA Code.[OTP Code]: '])
tab.Screen.Send("{code}\r".format(code=code))
return
Main()
4、配置SecureCRT
5、验证
双击左侧刚才配置的主机进行登录
6、已自动登录完美,很省事方便,也很方便被黑客利用
推荐本站淘宝优惠价购买喜欢的宝贝:
本文链接:https://www.hqyman.cn/post/8058.html 非本站原创文章欢迎转载,原创文章需保留本站地址!
打赏微信支付宝扫一扫,打赏作者吧~
休息一下~~