当前位置:网站首页>6-6 vulnerability exploitation SSH security defense
6-6 vulnerability exploitation SSH security defense
2022-07-07 02:33:00 【Mountain Rabbit 1】
SSH Modify the default port
By default ,SSH Use 22 port . For the sake of safety , Generally, the default port will be modified .
modify 22 For other port numbers , Thus, our listening port is modified
Be careful : You must restart after modification SSH service , Only in this way can our configuration file , In the process of restarting , Reload , Thus effective .
Turn on ubuntu Of ssh service function , stay kali Detect in the middle
nc 192.168.0.104 22
stay ubuntu among , Modify port number
cd /etc/ssh/
ls
sudo gedit sshd_config
2222
service ssh restart
service ssh status
netstat -pantu
nc 192.168.0.104 22
nc 192,168.0.104 2222
Modify the function of the default port , So we can't use it directly 22 Port number connection , Further detection is needed , Detection ssh Listening port , To make the corresponding connection
SSH Set up PGP Sign in
By default ,SSH Use user name and password for remote login , Will cause violent cracking , Keep trying user names and passwords , So as to log in to the system , In order to prevent this process , adopt putty This software , To generate the corresponding private key , Configure the private key , Authentication , So that we can log in without user password , More secure , Prevent violent cracking
Generate SSH Key pair , Use puttygen.
Download link :https://www.chiark.greenend.org/~sgtatham/putty/latest.html
Click on Generate Generate the private key
Click on save private key, It will be generated on the desktop .ppk, This name can also be named by yourself
SSH Set up PGP Sign in
Use ssh-keygen Command in Linux Generate .ssh Catalog , stay .ssh Create a new key storage file authorized_keys, And copy the private key file to .ssh Under the table of contents . Use command puttygen -L “ Copy the private key file ”, Copy content to authorized_keys In file .
ssh-keygen
This time will be in /home/liuxiaoyang/ Generate hidden directory under .ssh, Switch to .ssh, new directory authorized_keys
SSH Set up PGP Sign in
Use Putty The client loads the private key file to connect .
Click on auth
After loading , We are connecting , You don't need to enter the corresponding connection password , Only need Data Enter the user name in
cd ~
pwd
ls -alh
cd .ssh/
ls
puttygen -L private.ppk
gedit authorized_keys
Paste the content here , Preservation , After saving , We have one aythorized_keys file
This is the time , We can do that windows Next , Or installed under other systems ppy, Under the client software , Connect ssh, It uses PGP Connect
SSH Defend against brute force cracking user accounts
Set up pgp To prevent violent cracking , But we can still log in with account and password
stay linux You can configure that you cannot log in with user name and password , Use only SSH PGP How to verify login . Evaded SSH Brute force .
Problems arise : Cannot log in with user password , There are complex operations to a large extent .
for instance , There are many administrators in our current system , Cannot log in with user name and password , Everyone needs PPT file , To log in , It will be a lot of work and operation
cd /etc/ssh/
sudo gedit sshd_config
service ssh restart
service ssh status
below , We are kali Login with user name and password , To verify that
ssh [email protected]
ssh [email protected] -p 2222
Because we can't log in , So brute force software , Is failure
iptables Set threshold to prevent brute force cracking
use iptables Firewall to prevent brute force cracking , We can set the corresponding threshold , After we try to login three times , Just lock the login , Makes it impossible for him to log in
utilize Iptables Error validating multiple connections , Lock the account 120 second .
sudo iptables -l INPUT -p tcp --dport 22 -i eth0 -m state --state NEW -m recent --set
sudo iptables -l INPUT -p tcp --dport 22 -i eth0 -m state --state NEW -m recent --update --seconds 120 --hitcount 3 -j DROP
After setting , Reboot required SSH service .
service ssh restart
We can set a longer time , You can only try three combinations in a day , You can only try 1000 combinations a year , When our password setting is complex , Brute force cracking is also a very slow situation , Brute force cracking cannot take effect , Or say , It takes a lot of energy , several tens of years , It may be tens of thousands of years , Can the current dictionary , Guess and solve
边栏推荐
- leetcode:736. Lisp 语法解析【花里胡哨 + 栈 + 状态enumaotu + slots】
- [Mori city] random talk on GIS data (II)
- #yyds干货盘点# 解决名企真题:最大差值
- MetaForce原力元宇宙佛萨奇2.0智能合约系统开发(源码部署)
- Integerset of PostgreSQL
- Application analysis of face recognition
- C#/VB.NET 删除Word文档中的水印
- Lidar: introduction and usage of ouster OS
- [unity notes] screen coordinates to ugui coordinates
- Collection recommandée!! Quel plug - in de gestion d'état flutter est le plus fort? Regardez le classement des manons de l'île, s'il vous plaît!
猜你喜欢
AWS学习笔记(一)
1 -- Xintang nuc980 nuc980 porting uboot, starting from external mx25l
豆瓣平均 9.x,分布式领域的 5 本神书!
老板被隔离了
This week's hot open source project!
Increase 900w+ playback in 1 month! Summarize 2 new trends of top flow qiafan in station B
1个月增长900w+播放!总结B站顶流恰饭的2个新趋势
[paper reading | deep reading] rolne: improving the quality of network embedding with structural role proximity
Web3对法律的需求
go swagger使用
随机推荐
Zhang Ping'an: accelerate cloud digital innovation and jointly build an industrial smart ecosystem
leetcode:5. 最长回文子串【dp + 抓着超时的尾巴】
Introduction to FLIR blackfly s industrial camera
压缩 js 代码就用 terser
Station B's June ranking list - feigua data up main growth ranking list (BiliBili platform) is released!
Schedulx v1.4.0 and SaaS versions are released, and you can experience the advanced functions of cost reduction and efficiency increase for free!
Untiy文本框的代码换行问题
安全巡检的工作
How do I dump SoapClient requests for debugging- How to dump SoapClient request for debug?
The third season of ape table school is about to launch, opening a new vision for developers under the wave of going to sea
unity webgl自适应网页尺寸
Metaforce force meta universe development and construction - fossage 2.0 system development
STM32项目 -- 选题分享(部分)
测试优惠券要怎么写测试用例?
15million employees are easy to manage, and the cloud native database gaussdb makes HR office more efficient
人脸识别应用解析
Web3对法律的需求
Detailed explanation of line segment tree (including tested code implementation)
C#/VB.NET 删除Word文檔中的水印
Web3's need for law