update ssh document

trzsz · Feb 4, 2024 · dae51b5 · dae51b5
1 parent 2ba8239
commit dae51b5
Show file tree

Hide file tree

Showing 2 changed files with 70 additions and 2 deletions.
diff --git a/cn/ssh.md b/cn/ssh.md
@@ -408,6 +408,18 @@ trzsz-ssh ( tssh ) 设计为 ssh 客户端的直接替代品，提供与 openssh
       #!! ExpectCaseSendPass1 token d7... # 在 ExpectPattern1 匹配之前，若遇到 token 则解码 d7... 并发送
   ```
 
+- 在匹配到指定输出时，自动生成 `totp` 2FA 双因子验证码，然后自动输入，用法如下：
+
+  ```
+  Host totp
+      #!! ExpectCount 2  # 配置自动交互的次数，默认是 0 即无自动交互
+      #!! ExpectPattern1 token:  # 配置第一个自动交互的匹配表达式
+      #!! ExpectSendTotp1 xxxxx  # 配置 totp 的 secret（明文），一般可通过扫二维码获得
+      #!! ExpectPattern2 token:  # 配置第二个自动交互的匹配表达式
+      # 下面是运行 tssh --enc-secret 输入 totp 的 secret 得到的密文串
+      #!! ExpectSendEncTotp2 821fe830270201c36cd1a869876a24453014ac2f1d2d3b056f3601ce9cc9a87023
+  ```
+
 - 在匹配到指定输出时，执行指定的命令获取动态密码，然后自动输入，用法如下：
 
   ```
@@ -432,6 +444,11 @@ trzsz-ssh ( tssh ) 设计为 ssh 客户端的直接替代品，提供与 openssh
       #!! ExpectSendText2 \|1\|\|\r  # 先 sleep 100ms，然后发送 1，再 sleep 200ms，最后发送 \r 回车
   ```
 
+- 有些服务器连密码也不支持连着发送，则需要配置 `ExpectPassSleep`，默认为 `no`，可配置为 `each` 或 `enter`：
+
+  - 配置 `ExpectPassSleep each` 则每输入一个字符就 sleep 一小段时间，默认 100 毫秒，可配置 `ExpectSleepMS` 进行调整。
+  - 配置 `ExpectPassSleep enter` 则只是在发送 `\r` 回车之前 sleep 一小段时间，默认 100 毫秒，可配置 `ExpectSleepMS` 进行调整。
+
 - 如果不知道 `ExpectPattern2` 如何配置，可以先将 `ExpectCount` 配置为 `2`，然后使用 `tssh --debug` 登录，就会看到 `expect` 捕获到的输出，可以直接复制输出的最后部分来配置 `ExpectPattern2`。把 `2` 换成其他任意的数字也适用。
 
 ## 记住密码
@@ -520,6 +537,17 @@ trzsz-ssh ( tssh ) 设计为 ssh 客户端的直接替代品，提供与 openssh
       636f64653a20 my_code  # 其中 `636f64653a20` 是问题 `code: ` 的 hex 编码, `my_code` 是明文答案
   ```
 
+- 对于 `totp` 2FA 双因子验证码，则可以如下配置（同样支持按序号或 hex 编码进行配置）：
+
+  ```
+  Host totp
+      TotpSecret1 xxxxx  # 按序号配置 totp 的 secret（明文），一般可通过扫二维码获得
+      totp636f64653a20 xxxxx  # 按 `code: ` 的 hex 编码 `636f64653a20` 配置 totp 的 secret（明文）
+      # 下面是运行 tssh --enc-secret 输入命令 xxxxx 得到的密文串，加上 `enc` 前缀进行配置
+      encTotpSecret2 8ba828bd54ff694bc8c4619f802b5bed73232e60a680bbac05ba5626269a81a00b
+      enctotp636f64653a20 8ba828bd54ff694bc8c4619f802b5bed73232e60a680bbac05ba5626269a81a00b
+  ```
+
 - 对于可以通过命令行获取到的动态密码，则可以如下配置（同样支持按序号或 hex 编码进行配置）：
 
   ```
@@ -534,8 +562,14 @@ trzsz-ssh ( tssh ) 设计为 ssh 客户端的直接替代品，提供与 openssh
 - 如果启用了 `ControlMaster` 多路复用，或者是在 `Warp` 终端，请参考前面 `自动交互` 加 `Ctrl` 前缀来实现。
 
   ```
+  Host ctrl_totp
+      #!! CtrlExpectCount 1  # 配置自动交互的次数
+      #!! CtrlExpectPattern1 code:  # 配置密码提示语的匹配表达式（这里以 2FA 验证码举例）
+      #!! CtrlExpectSendTotp1 xxxxx  # 配置 totp 的 secret（明文），一般可通过扫二维码获得
+      #!! CtrlExpectSendEncTotp1 622ada31cf...  # 或者配置 tssh --enc-secret 得到的密文串
+
   Host ctrl_otp
-      #!! CtrlExpectCount 1  # 配置自动交互的次数，一般只要输入一次密码
+      #!! CtrlExpectCount 1  # 配置自动交互的次数
       #!! CtrlExpectPattern1 token:  # 配置密码提示语的匹配表达式（这里以动态密码举例）
       #!! CtrlExpectSendOtp1 oathtool --totp -b xxxxx  # 配置获取动态密码的命令（明文）
       #!! CtrlExpectSendEncOtp1 77b4ce85d0...  # 或者配置 tssh --enc-secret 得到的密文串

diff --git a/ssh.md b/ssh.md
@@ -408,6 +408,18 @@ trzsz-ssh ( tssh ) is an ssh client designed as a drop-in replacement for the op
       #!! ExpectCaseSendPass1 token d7... # Before matching ExpectPattern1, if encountering token, then decode d7... and send
   ```
 
+- When the server's output is matched, generate the `totp` 2FA code, and send it:
+
+  ```
+  Host totp
+      #!! ExpectCount 2  # Configures the number of automated interactions, default is 0 which means no automated interaction
+      #!! ExpectPattern1 token:  # Configures the first automated interaction match expression
+      #!! ExpectSendTotp1 xxxxx  # Configure the secret (plain text) of totp, generally obtained by scanning the QR code
+      #!! ExpectPattern2 token:  # Configures the second automated interaction match expression
+      # The following ciphertext was generated by encoding the secret of totp with `tssh --enc-secret`.
+      #!! ExpectSendEncTotp2 821fe830270201c36cd1a869876a24453014ac2f1d2d3b056f3601ce9cc9a87023
+  ```
+
 - When the server's output is matched, execute the specified command to obtain the one-time password, and send it:
 
   ```
@@ -432,6 +444,11 @@ trzsz-ssh ( tssh ) is an ssh client designed as a drop-in replacement for the op
       #!! ExpectSendText2 \|1\|\|\r  # Configures the second automated input, sleep 100ms, send 1, sleep 200ms, send \r.
   ```
 
+- Some servers may not support sending password continuously. Then you need to configure `ExpectPassSleep`, which is `no` by default, and can be configured as `each` or `enter`:
+
+  - Configuring `ExpectPassSleep each` will sleep for a short period of time for each character send, the default is 100 milliseconds, and you can configure `ExpectSleepMS` to adjust it.
+  - Configuring `ExpectPassSleep enter` will only sleep for a short period of time before `\r` send, the default is 100 milliseconds, and you can configure `ExpectSleepMS` to adjust it.
+
 - If you don’t know how to configure `ExpectPattern2`, you can first configure `ExpectCount` to `2`, then use `tssh --debug` to log in, you will see the output captured by `expect`, and you can directly copy the last part of the output to configure `ExpectPattern2`. Replacing `2` with any other number will also work.
 
 ## Remember Password
@@ -520,6 +537,17 @@ trzsz-ssh ( tssh ) is an ssh client designed as a drop-in replacement for the op
       636f64653a20 my_code  # The `636f64653a20` is the hex code of `code: `, `my_code` is plain answer.
   ```
 
+- For `totp` 2FA code, you can configure them as follows (configure by serial number or hex code of the question):
+
+  ```
+  Host totp
+      TotpSecret1 xxxxx  # Configure the secret (plain text) of totp by serial number
+      totp636f64653a20 xxxxx  # Configure the secret of totp by the hex code of the question `code: ` that is `636f64653a20`
+      # The following ciphertext was generated by encoding the secret of totp with `tssh --enc-secret`. Add the `enc` prefix for configuration.
+      encTotpSecret2 8ba828bd54ff694bc8c4619f802b5bed73232e60a680bbac05ba5626269a81a00b
+      enctotp636f64653a20 8ba828bd54ff694bc8c4619f802b5bed73232e60a680bbac05ba5626269a81a00b
+  ```
+
 - For one-time password that can be obtained by the command line, you can configure them as follows (configure by serial number or hex code of the question):
 
   ```
@@ -534,8 +562,14 @@ trzsz-ssh ( tssh ) is an ssh client designed as a drop-in replacement for the op
 - If `ControlMaster` multiplexing is enabled or using `Warp` terminal, you will need to use the `Automated Interaction` mentioned earlier to achieve remembering answers.
 
   ```
+  Host ctrl_totp
+      #!! CtrlExpectCount 1  # Configure the number of automated interactions
+      #!! CtrlExpectPattern1 code:  # Configure the matching expression for the password prompt (totp 2FA)
+      #!! CtrlExpectSendTotp1 xxxxx  # Configure the secret (plain text) of totp, generally obtained by scanning the QR code
+      #!! CtrlExpectSendEncTotp1 622ada31cf...  # Or configure the encrypted secret of totp encoded using `tssh --enc-secret`
+
   Host ctrl_otp
-      #!! CtrlExpectCount 1  # Configure the number of automated interactions, typically only requires entering the password once
+      #!! CtrlExpectCount 1  # Configure the number of automated interactions
       #!! CtrlExpectPattern1 token:  # Configure the matching expression for the password prompt (one-time password)
       #!! CtrlExpectSendOtp1 oathtool --totp -b xxxxx  # Configure the command line to obtain the one-time password
       #!! CtrlExpectSendEncOtp1 77b4ce85d0...  # Or configure the encrypted command line encoded using `tssh --enc-secret`