I am trying to write a bash script that runs ssh command with debug (ssh -vvv) against a specified host/hosts.
I am not trying to login to the server, but rather just trying to see what all kex, mac and ciphers does the server offer.
I did create a script to find the kex algos after negotiation using the -G option.
#!/bin/bash
for f in `cat servers.txt`;
do echo "### $f ###";
echo -e "kexalgorithms"
result=$(ssh -G $f uname -a | grep kexalgorithms)
echo $result;
done
However, I now realize that this output with depend on the ssh config on the local machine and will not give me the exact kex offered by the remote server.
If I do a ssh -vvv <host> it would give this info in the line
debug2: peer server KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256,[email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256
debug2: host key algorithms: rsa-sha2-512,rsa-sha2-256,ssh-ed25519 debug2: ciphers
But, if run ssh -vvv from the script it will be stuck at username/password prompt.
Is there any way that I can save the standard output till the password prompt to a file (probably with the host name as the filename) and break the script run at a password prompt?
Thanks in advance
CodePudding user response:
Get all supported algorithms for key exchange from remote ssh-server with nmap:
nmap --script ssh2-enum-algos -p 22 YOUR-SSH-SERVER \
| awk -v a='kex_algorithms:' '$2==a{getline; while( $0~/^\| {7}/ ){ print $2; getline }}'
Output (e.g.):
curve25519-sha256 [email protected] ecdh-sha2-nistp256 ecdh-sha2-nistp384 ecdh-sha2-nistp521 diffie-hellman-group-exchange-sha256 diffie-hellman-group16-sha512 diffie-hellman-group18-sha512 diffie-hellman-group14-sha256
CodePudding user response:
You can use ssh -o BatchMode=yes. It'll exit when the remote side asks for a password.
According to man ssh_config:
BatchMode
If set to
yes, user interaction such as password prompts and host key confirmation requests will be disabled. This option is useful in scripts and other batch jobs where no user is present to interact with ssh(1). The argument must beyesorno(the default).