Morning~Sun.
0%

用到的ssh

发表于

1. ssh-blacklist

1
2
3
4
5
6
7
8
9
10
11
12
13
14
#! /bin/bash
cat /var/log/secure|awk '/Failed/{print $(NF-3)}'|sort|uniq -c|awk '{print $2"="$1;}' > /tmp/black.list
for i in `cat  /tmp/black.list`
do
  IP=`echo $i |awk -F= '{print $1}'`
  NUM=`echo $i|awk -F= '{print $2}'`
  if [ ${#NUM} -gt 1 ]; then
    grep $IP /etc/hosts.deny > /dev/null
    if [ $? -gt 0 ];then
    #   echo "sshd:$IP:deny" >> /etc/hosts.deny
      echo "sshd:$IP:deny"
    fi
  fi
done

日志 /var/log/secure 记录的有登陆信息

登录未成功日志:
Dec 26 13:30:33 pro-rm-db-0001 sshd[18616]: Failed password for invalid user nae from 91.92.241.114 port 33842 ssh2

加入黑名单后拒绝登陆的日志:
Dec 26 13:55:07 pro-rm-db-0001 sshd[20297]: refused connect from 91.92.241.114 (91.92.241.114)

2. ssh proxy

  • A-user: 用户机器,不能直连 C;
  • B-jump: 中间跳板机,可以直连 C;
  • C-dst: 目标机器;
1
A-user(192.168.1.5) --> B-jump(121.1.2.3) --> C-dst(10.10.29.68)

新版openssh, 从A直接跳C

1
ssh -J root@121.1.2.3 root@10.10.29.68

旧版 openssh, 从A直接跳C

1
ssh -o ProxyCommand="ssh -W %h:%p root@121.1.2.3"  root@10.10.29.68

配置文件, 从A直接跳C

1
2
3
4
Host 10.10.29.68
HostName C-dst
User root
ProxyCommand ssh -W %h:%p root@121.1.2.3