Почетак › Форуми › Линукс › Линукс форе & фазони › sshdfilter
- This topic has 3 одговора, 2 гласа, and was last updated 15 years, 1 month раније by
MisterNo.
-
АуторЧланци
-
31. јануара 2006. у 4:40 pm #6920
LYb
УчесникSlucajno sam naleteo na ovu skripticu. U sustini je wrapper za sshd i jako dobro radi. Naravno, korisno samo onima koji koriste sshd.
31. јануара 2006. у 9:05 pm #40132MisterNo
УчесникBas cu pogledati kad imam vremena. Ali po meni najbolja fora kada je ssh u pitanju ti je port knocking. Odnosno drzis zatvoren port 22 i onda ga pucanjem na neki odredjeni port (oni su dali primer 1599) otvoras port 22na 60 sekundi ili koliko ti god hoces.(naravno pri tome ti ne ubija vec uspostavljenu ssh sesiju)
1. фебруара 2006. у 2:51 am #40133LYb
УчесникMmm, da, samo mi je uvek nekako bilo „mnogo posla“, iako ga nema puno. Ovo radi na zgodnu foru, ako ne pokusa login na postojeceg usera, blokira IP, ako user postoji i pogresi password unapred definisani broj puta, blokira ga. Blokira ga tako sto ga doda u predefinisani SSHD chain u uptables gde dropuje sve sa tog IP-a sto dolazi na port 22. Evo primera sa sajta koji najbolje ilustruje kako to izgleda u praksi:
With sshdfilter installed, taking each attack on a case by case basis:
347 attempts becomes 0 attempts – first attemped guess was for a non-existant user, so was instantly blocked.
306 attempts becomes 0 attempts – same reason, non-existant user.
115 attempts becomes 1 attempt – first guess was for root and is allowed a default of 3 chances, the second guess was for a non-existant user and so was blocked anyway.
115 attempts becomes 1 attempt – same as previous.
127 attempts becomes 3 attempts – many initial guesses for root account, so sshdfilter blocks after the first 3 failed attempts.
18 attempts becomes 0 attempts – first attempted guess was for a non-existant user, so was blocked instantly.
554 attempts becomes 3 attempts – many initial guesses for root accont, so sshdfilter blocks after the first 3 failed attempts.
107 attempts becomes 1 attempt – first guess was for a valid user (nobody), second guess was for a non-existant user so was blocked.
9 attempts becomes 0 attempts – first guess was for a non-existant user so was blocked instantly.
52 attempts becomes 3 attempts – many initial guesses for root accont, so sshdfilter blocks after the first 3 failed attempts.1. фебруара 2006. у 10:38 am #40134MisterNo
УчесникDa super je fora. Inace ssh je jedna od najmocnijih stvari u linuxu. Skoro za sve stvari za remote mi radi posao. Jedino dugo nisam mogao da nadjem resenje kada treba da mapiram neke direktorijume sa udaljene masine a da to bude sigurno. Prvo sam probao tunel sa ssh i pppd ali mi se nije nesto pokazao. Posle sam iskopao openvpn i stvarno me je odusevio. (i to sam uradio najjednostavniju mogucu konfiguraciju openvpn-a home-office varijantu iz primera)
-
АуторЧланци
Мораш бити пријављен да би поставио коментар у овој теми.