Početak›Forumi›Linuks›Linuks fore & fazoni›sshdfilter
- This topic has 3 odgovora, 2 glasa, and was last updated 18 years, 2 months ranije by MisterNo.
-
AutorČlanci
-
31. januar 2006. u 4:40 pm #6920LYbUčesnik
Slucajno sam naleteo na ovu skripticu. U sustini je wrapper za sshd i jako dobro radi. Naravno, korisno samo onima koji koriste sshd.
31. januar 2006. u 9:05 pm #40132MisterNoUčesnikBas cu pogledati kad imam vremena. Ali po meni najbolja fora kada je ssh u pitanju ti je port knocking. Odnosno drzis zatvoren port 22 i onda ga pucanjem na neki odredjeni port (oni su dali primer 1599) otvoras port 22na 60 sekundi ili koliko ti god hoces.(naravno pri tome ti ne ubija vec uspostavljenu ssh sesiju)
1. februar 2006. u 2:51 am #40133LYbUčesnikMmm, da, samo mi je uvek nekako bilo “mnogo posla”, iako ga nema puno. Ovo radi na zgodnu foru, ako ne pokusa login na postojeceg usera, blokira IP, ako user postoji i pogresi password unapred definisani broj puta, blokira ga. Blokira ga tako sto ga doda u predefinisani SSHD chain u uptables gde dropuje sve sa tog IP-a sto dolazi na port 22. Evo primera sa sajta koji najbolje ilustruje kako to izgleda u praksi:
With sshdfilter installed, taking each attack on a case by case basis:
347 attempts becomes 0 attempts – first attemped guess was for a non-existant user, so was instantly blocked.
306 attempts becomes 0 attempts – same reason, non-existant user.
115 attempts becomes 1 attempt – first guess was for root and is allowed a default of 3 chances, the second guess was for a non-existant user and so was blocked anyway.
115 attempts becomes 1 attempt – same as previous.
127 attempts becomes 3 attempts – many initial guesses for root account, so sshdfilter blocks after the first 3 failed attempts.
18 attempts becomes 0 attempts – first attempted guess was for a non-existant user, so was blocked instantly.
554 attempts becomes 3 attempts – many initial guesses for root accont, so sshdfilter blocks after the first 3 failed attempts.
107 attempts becomes 1 attempt – first guess was for a valid user (nobody), second guess was for a non-existant user so was blocked.
9 attempts becomes 0 attempts – first guess was for a non-existant user so was blocked instantly.
52 attempts becomes 3 attempts – many initial guesses for root accont, so sshdfilter blocks after the first 3 failed attempts.1. februar 2006. u 10:38 am #40134MisterNoUčesnikDa super je fora. Inace ssh je jedna od najmocnijih stvari u linuxu. Skoro za sve stvari za remote mi radi posao. Jedino dugo nisam mogao da nadjem resenje kada treba da mapiram neke direktorijume sa udaljene masine a da to bude sigurno. Prvo sam probao tunel sa ssh i pppd ali mi se nije nesto pokazao. Posle sam iskopao openvpn i stvarno me je odusevio. (i to sam uradio najjednostavniju mogucu konfiguraciju openvpn-a home-office varijantu iz primera)
-
AutorČlanci
Moraš biti prijavljen da bi postavio komentar u ovoj temi.