sshdfilter
Dobrodošli, Gost. Molim vas prijavite se ili se registrujte.
Da li ste izgubili vaš aktivacioni e-mail?

Prijavite se sa korisničkim imenom, lozinkom i dužinom sesije

Linuxo Forumi

Linuxo Forumi > Linux > Linux fore & fazoni (Urednik: popac) > sshdfilter
Stranice: [1]   Idi dole
« prethodna tema sledeća tema »
  Štampaj  
Autor Tema: sshdfilter  (Pročitano 973 puta)
0 članova i 1 posetilac pregledaju ovu temu.
LYb
Global Moderator
Hero Member
*****
Van mreže Van mreže

Pol: Muškarac
Poruke: 1955
« poslato: 31 Јануар 2006, 17:40:10 »
Slucajno sam naleteo na ovu skripticu. U sustini je wrapper za sshd i jako dobro radi. Naravno, korisno samo onima koji koriste sshd.

http://www.csc.liv.ac.uk/~greg/sshdfilter/
Prijavi uredniku   Sačuvana
MisterNo
Sr. Member
****
Van mreže Van mreže

Poruke: 334
« Odgovor #1 poslato: 31 Јануар 2006, 22:05:48 »
Bas cu pogledati kad imam vremena. Ali po meni najbolja fora kada je ssh u pitanju ti je port knocking. Odnosno drzis zatvoren port 22 i onda ga pucanjem na neki odredjeni port (oni su dali primer 1599) otvoras port 22na 60 sekundi ili koliko ti god hoces.(naravno pri tome ti ne ubija vec uspostavljenu ssh sesiju)
Prijavi uredniku   Sačuvana
LYb
Global Moderator
Hero Member
*****
Van mreže Van mreže

Pol: Muškarac
Poruke: 1955
« Odgovor #2 poslato: 01 Фебруар 2006, 03:51:53 »
Mmm, da, samo mi je uvek nekako bilo "mnogo posla", iako ga nema puno. Ovo radi na zgodnu foru, ako ne pokusa login na postojeceg usera, blokira IP, ako user postoji i pogresi password unapred definisani broj puta, blokira ga. Blokira ga tako sto ga doda u predefinisani SSHD chain u uptables gde dropuje sve sa tog IP-a sto dolazi na port 22. Evo primera sa sajta koji najbolje ilustruje kako to izgleda u praksi:

With sshdfilter installed, taking each attack on a case by case basis:
347 attempts becomes 0 attempts - first attemped guess was for a non-existant user, so was instantly blocked.
306 attempts becomes 0 attempts - same reason, non-existant user.
115 attempts becomes 1 attempt - first guess was for root and is allowed a default of 3 chances, the second guess was for a non-existant user and so was blocked anyway.
115 attempts becomes 1 attempt - same as previous.
127 attempts becomes 3 attempts - many initial guesses for root account, so sshdfilter blocks after the first 3 failed attempts.
18 attempts becomes 0 attempts - first attempted guess was for a non-existant user, so was blocked instantly.
554 attempts becomes 3 attempts - many initial guesses for root accont, so sshdfilter blocks after the first 3 failed attempts.
107 attempts becomes 1 attempt - first guess was for a valid user (nobody), second guess was for a non-existant user so was blocked.
9 attempts becomes 0 attempts - first guess was for a non-existant user so was blocked instantly.
52 attempts becomes 3 attempts - many initial guesses for root accont, so sshdfilter blocks after the first 3 failed attempts.
Prijavi uredniku   Sačuvana
MisterNo
Sr. Member
****
Van mreže Van mreže

Poruke: 334
« Odgovor #3 poslato: 01 Фебруар 2006, 11:38:10 »
Da super je fora. Inace ssh je jedna od najmocnijih stvari u linuxu. Skoro za sve stvari za remote mi radi posao. Jedino dugo nisam mogao da nadjem resenje kada treba da mapiram neke direktorijume sa udaljene masine a da to bude sigurno. Prvo sam probao tunel sa ssh i pppd ali mi se nije nesto pokazao. Posle sam iskopao openvpn i stvarno me je odusevio. (i to sam uradio najjednostavniju mogucu konfiguraciju openvpn-a home-office varijantu iz primera)
Prijavi uredniku   Sačuvana
Stranice: [1]   Idi gore
  Štampaj  
« prethodna tema sledeća tema »
 
Prebaci se na: