Category Archives: ssh

检测sshd异常登录的脚本,防止暴力破解: #!/bin/bash #This is a host.deny Shell Script #2013-08-24 cat /var/log/secure | awk ‘/Failed/{print $(NF-3)}’ | sort | uniq -c | awk ‘{print $2 “=” $1;}’ > /tmp/black_ip.txt DEFINE=10 for i in `cat /tmp/black_ip.txt` do IP=`echo $i | awk -F= … Continue reading

Posted on August 25, 2021 by fencatn | Leave a comment

ssh通过ProxyCommand解决本地内网登陆云服务内网环境问题

Posted on August 20, 2019 by fencatn

现在大家在操作云主机时可能有个非常常见的需求:本地需要登陆云服务器,但云服务器在内网,只有一台跳板机可以使用。常规操作你需要先登陆跳板机,再登陆云服务器,其实这两步可以合成一部,就是利用ssh的ProxyCommand功能。下面举例详细说明: 先说明实验环境,n0是客户端,模拟企业内网,n1是云端的跳板机,n4是需要登陆的目标云主机,那常规情况下,需要n0登陆n1,再从n1登陆n4。 操作步骤也很简单,3个要点: (1)n1可以直接登陆到n4,n0可以直接登陆到n1,这个是废话; (2)n1有n0的公钥,也就是no可以免密登陆n1; (3)n4有n0的公钥,也就是n0可以免密登陆n4; (4)也就是说n1可不可以免密登陆n4无所谓,只要n1和n4的网是通的就行了,n0是借n1跳到n4,仅此而已,n1不需要其他操作; 下面是n4存放的公钥,可以看到n0的我放上去了 [root@n4 ~]# cat /root/.ssh/authorized_keys ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCwHtKHmZP94Je5axcLe9/tT0XTQvwwCXglrsNvkRwJEtbLYFXU9qqYpqvQ3L1QXmA3oLRKjRHCsTvFPjFnA9mNFTRtEy9CHNJF7Gw57kfI1XIJF1IsWjTzYtya8RAWDflRRZtc+tB6Wkf1TR+51aAhT5fVMXU+AGR/itghwH7qi5Vb5PpsXrE18UnmfeibA+UGZ072ShaTTUBrHiQX7JTPDx5W/iR8KjUs6gj1tS+B030IfNTnkc31NUFQafIlmDD1ZKvqfxKyF0vUFzoUquebhZXYZDoQm7LWH9ZPt7W0nV/QBcXHiFIhRDREEulf0C9YxmBH4QhvacFavj39LuJr root@n0 下面是n1存放的公钥,可以看到n0我也放上去了 [root@n1 ~]# cat /root/.ssh/authorized_keys ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCwHtKHmZP94Je5axcLe9/tT0XTQvwwCXglrsNvkRwJEtbLYFXU9qqYpqvQ3L1QXmA3oLRKjRHCsTvFPjFnA9mNFTRtEy9CHNJF7Gw57kfI1XIJF1IsWjTzYtya8RAWDflRRZtc+tB6Wkf1TR+51aAhT5fVMXU+AGR/itghwH7qi5Vb5PpsXrE18UnmfeibA+UGZ072ShaTTUBrHiQX7JTPDx5W/iR8KjUs6gj1tS+B030IfNTnkc31NUFQafIlmDD1ZKvqfxKyF0vUFzoUquebhZXYZDoQm7LWH9ZPt7W0nV/QBcXHiFIhRDREEulf0C9YxmBH4QhvacFavj39LuJr root@n0 关键的步骤来了,在n0上面编辑.ssh/config [root@n0 ~]# cat /root/.ssh/config Host n1 Hostname xxx.xxx.xxx.n1 Port 22 User root IdentityFile ~/.ssh/id_rsa Host n4 … Continue reading

Posted in ssh | Tagged | Leave a comment

expect配合脚本实现ssh免密

Posted on August 19, 2019 by fencatn

1、生成密钥,创建脚本目录,具体不贴图了 [root@n0 sshcopy]# [root@n0 sshcopy]# pwd /root/sshcopy [root@n0 sshcopy]# ll total 8 -rwxr-xr-x. 1 root root 360 Aug 19 02:23 ssh.exp -rwxr-xr-x. 1 root root 199 Aug 19 02:46 sshkey.sh [root@n0 sshcopy]# 2、编辑免密脚本 [root@n0 sshcopy]# cat ssh.exp #!/usr/bin/expect set timeout … Continue reading

Posted in shell, ssh | Tagged | Leave a comment

ssh非交互式密钥分发

Posted on July 16, 2019 by fencatn

ssh非交互式密钥分发 一、用户名和密码相同的情况 原文地址:https://yq.aliyun.com/articles/337907 原文脚本有些问题,我重新修改了一下 1、安装sshpass,负责免交互式登陆ssh,如果要深入了解,看下面的链接 https://linux.cn/article-8086-1.html [root@n0 ~]# yum install -y sshpass Loaded plugins: fastestmirror Loading mirror speeds from cached hostfile * base: mirrors.aliyun.com * extras: mirrors.aliyun.com * updates: mirrors.cn99.com base | 3.6 kB 00:00:00 extras | 3.4 kB 00:00:00 … Continue reading

Posted in ssh | Tagged | Leave a comment

SSH连接的时候Host key verification failed.

Posted on June 15, 2018 by fencatn

SSH连接的时候Host key verification failed. [root@cache001 swftools-0.9.0]# ssh 192.168.1.90 @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY! Someone could be eavesdropping on you right now (man-in-the-middle attack)! It is also … Continue reading

Posted in LinuxBasic, ssh | Tagged | Leave a comment