5 Replies Latest reply on May 1, 2019 10:27 AM by iiliev

    mySSHSession - Account Lockout

    redsand007 Novice

      Was wondering if there is a way to limit the number of attemps mySSHSession tries when establishing a connection.  With the basic code below it will try multiple times and ends up locking the specified user account if an incorrect password is used.  SSH keys are an option but was just wondering about this specifically. 

      var mySSHSession = new SSHSession(host,user); 

       

       

      //sample command  var cmd = "uptime";

       

       

      mySSHSession.connectWithPassword(myPassword);  

      mySSHSession.executeCommand(cmd, true);

       

       

      // add logging/debugging as needed   

      var output = mySSHSession.getOutput(); 

      var error = mySSHSession.getError(); 

      var exitCode = mySSHSession.exitCode; 

       

           System.log(host + " - " + "Output: '" + output + "'"); 

           //System.log("Error: '" + error + "'");  

           //System.log("Exit code: '" + exitCode + "'"); 

           // close out the session:  

       

       

      mySSHSession.disconnect();

        • 1. Re: mySSHSession - Account Lockout
          Jonathan77 Novice

          Not sure what you mean here..

           

          Are you running that in a workflow multiple times in a short amount of time with a bad user & password...

           

          Well.. if it is because the code ran itself 1 times but try multiple time.. you could add a try & catch statement.

           

          i.e.

           

          try

          {

            <do whatever you want to try here>

          }

          catch (e)

          {

            System.error(e);

          }

           

          Or is it because, you have this code in a workflow and it reties multiple times to ran that workflow if it fails?

          • 2. Re: mySSHSession - Account Lockout
            iiliev Champion
            VMware EmployeesCommunity Warriors

            The underlying SSH library used by SSH plug-in has a configuration property named MaxAuthTries (default value is 6, if I recall correctly). The problem, however, is that this property is not exposed directly in the vRO scripting API.

             

            Could you insert the following line after the session creation and before connection attempt? Not sure if it will help, but is worth to try.

             

            mySSHSession.addEnvironment("MaxAuthTries", "1"); // "1" for a single attempt; tweak the value as needed
            
            • 3. Re: mySSHSession - Account Lockout
              redsand007 Novice
              Unfortunately iiliev that did not work.  It is def. trying 6 x's which as you stated is the default value.
              • 4. Re: mySSHSession - Account Lockout
                redsand007 Novice
                This is a single script element run once so no multiple retries.  I've done basic error catching and it states "Too many authentication failures" after the default 6 attempts.
                • 5. Re: mySSHSession - Account Lockout
                  iiliev Champion
                  VMware EmployeesCommunity Warriors

                  OK, so a new build of SSH plug-in will be needed, with proper support for MaxAuthTries session configuration property.

                   

                  If you need an urgent fix, I'd suggest to contact your VMware representative to open an official support request. This way, it will get higher priority in the backlog.