redsand007
Contributor
Contributor

mySSHSession - Account Lockout

Was wondering if there is a way to limit the number of attemps mySSHSession tries when establishing a connection.  With the basic code below it will try multiple times and ends up locking the specified user account if an incorrect password is used.  SSH keys are an option but was just wondering about this specifically. 

var mySSHSession = new SSHSession(host,user); 

//sample command  var cmd = "uptime";

mySSHSession.connectWithPassword(myPassword);  

mySSHSession.executeCommand(cmd, true);

// add logging/debugging as needed   

var output = mySSHSession.getOutput(); 

var error = mySSHSession.getError(); 

var exitCode = mySSHSession.exitCode; 

     System.log(host + " - " + "Output: '" + output + "'"); 

     //System.log("Error: '" + error + "'");  

     //System.log("Exit code: '" + exitCode + "'"); 

     // close out the session:  

mySSHSession.disconnect();

0 Kudos
5 Replies
Jonathan77
Enthusiast
Enthusiast

Not sure what you mean here..

Are you running that in a workflow multiple times in a short amount of time with a bad user & password...

Well.. if it is because the code ran itself 1 times but try multiple time.. you could add a try & catch statement.

i.e.

try

{

  <do whatever you want to try here>

}

catch (e)

{

  System.error(e);

}

Or is it because, you have this code in a workflow and it reties multiple times to ran that workflow if it fails?

0 Kudos
iiliev
VMware Employee
VMware Employee

The underlying SSH library used by SSH plug-in has a configuration property named MaxAuthTries (default value is 6, if I recall correctly). The problem, however, is that this property is not exposed directly in the vRO scripting API.

Could you insert the following line after the session creation and before connection attempt? Not sure if it will help, but is worth to try.

mySSHSession.addEnvironment("MaxAuthTries", "1"); // "1" for a single attempt; tweak the value as needed

0 Kudos
redsand007
Contributor
Contributor

Unfortunately iiliev that did not work.  It is def. trying 6 x's which as you stated is the default value.
0 Kudos
redsand007
Contributor
Contributor

This is a single script element run once so no multiple retries.  I've done basic error catching and it states "Too many authentication failures" after the default 6 attempts.
0 Kudos
iiliev
VMware Employee
VMware Employee

OK, so a new build of SSH plug-in will be needed, with proper support for MaxAuthTries session configuration property.

If you need an urgent fix, I'd suggest to contact your VMware representative to open an official support request. This way, it will get higher priority in the backlog.

0 Kudos