在这里记录自己做渗透测试的时候遇到的杂七杂八的SSH问题,慢慢更新,遇到新的问题会往上放
SSH密码爆破
hydra -l seppuku -P password.lst 192.168.87.90 ssh建议在知道用户名的情况下使用密码爆破,ssh不同于http,线程只能开到4
SSH指纹验证
首次连接到Linux系统时,SSH会提示您接受计算机的指纹以成功建立连接,因为“known_hosts”文件中没有指纹。指纹是系统公钥的简化版本。
# 初次连接验证指纹
The authenticity of host '192.168.1.4 (192.168.1.4)' can't be established.
ECDSA key fingerprint is 6a:75:e3:ac:5d:f8:cc:04:01:7b:ef:4d:42:ad:b9:83.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes为了保护自己免受中间人攻击(MITM),ssh程序将使用自上次连接以来存储的指纹来验证远程系统ssh的指纹。
如果指纹已更改,则会提醒您并询问您是否要继续。
这个时候就会直接中断连接,此时需要清除上一次连接的指纹
ssh-keygen -R 192.168.87.90或者手动排查
.ssh/known_hosts文件删除其中关于上述ip的指纹就可以了
批量添加SSH指纹
将需要SSH连接的机器ip号放在一个文件下list保存
之后使用ssh-keyscan批量添加
ssh-keyscan -f ./ssh-ip-list >> ~w/.ssh/known_hosts注意管道符使用>>
免密码登录
使用ssh-keygen在本地一个生成密匙对
$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/local_user/.ssh/id_rsa): #密钥存储文件
Enter passphrase (empty for no passphrase): #使用该密钥对的密码,可为空
Enter same passphrase again: #重输入密码,确认
Your identification has been saved in /home/local_user/.ssh/id_rsa.
Your public key has been saved in /home/local_user/.ssh/id_rsa.pub.然后拷贝公匙到服务器上
ssh-copy-id user@remote-ip或者手动拷贝公匙到服务器上/home/local_user/.ssh/id_rsa.pub然后将公匙内容复制到/home/server_user/.ssh/authorized_keys文件末尾
私匙权限配置
.ssh 700
id_rsa 600
id_rsa.pub 644
authorized_keys 600私匙格式
-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEAypJlwjKXf0F4YvL2gfwvoUuvB7fuGMMfCe41gLCsTsleOUy2
CJX+oNwVVKPpl6TYI4nXPGbiwfGzoxm0FZa7D9yr83OgwuvMMp83OkVcwL9v+x7a
tK8AAVZ0NjvOPGkvEhB2rPS2mKg1xRKXCM7pA0KSOoDbk9coOpadjg4G0f1YPWrw
p6iLfIErfY2+5hS7QyTQpuRmHuR4eKLF1NFRp8gYuNCVtr0n2Uu6hWuI7RWBGQZJ
Joj8LKjfRRYmKGpyqiGTdRy+8yCyAuT55shuCzXuc+/3HE2jACOD8+pSPKjwxzm4
fuaSfBTUkHfyhiSKIkop2YfIDLKRPM8dGn5zuQIDAQABAoIBADM+s7Vb3Q1ZP54w
foHFjTsNjVqzge0Lt1doxmomx4Aq2sY+DLLBVyfUZSUDTj2JexAKd8OU93o+rcXt
46uudOX/WhR9RMbqpb6MnokEMQGlrCtn08Xvm127RCzQFk0cAsdcGNmKEoMt0mRn
XoPg6/tiJOHd5S5SOKARqAveqoUGUYI3xgsiRpj8CCRIDUgHi9J0++qUeauVw3m3
lvyTnUTw0uf5+sRkI173CUY+ygJapGM7Lg59xzcjEq5H4so0IztQo3o/pOIfeS6W
bqIpY7D63YBGLgpi9JcN/d2bSfafkfhcrAcjPjRXwEFPmYjMbsTBOKcTtCSDVo6/
ho6fTl0CgYEA9F1uIkqxFKIMt2/uK4/1gPOXy/1cjxcsFoah0Ql7d0gj26H6AgXk
nPncIoO1kojPnB+TUy4qz+Bd7teDbkHSaWNJYIVJZQbvskstwgL4+XamiWrJA/Jp
h7y0I0zRxCMBj5yhBNrp6P+f8vtVMpjbKV17jfe6aakfyuayPugHHh8CgYEA1DeM
4lR/+/fUbxtws+aTx8h9TwisYq38D39KNsWkynnb+9pnLCbVbVETtv4sfD/aQfah
R7CxOG+mD4Vryjpk/wwzZeUDzcQpiTx4RsgP6MkFU8knORKfBdimaUpiasWlNWgy
caXR/iA6EmA4jht8vf/+UOUV8GXV9VqDIWUhgycCgYEAvJaGcqyWMUhG7CLT+oal
f5l/Iw0rq7rEabYJmBvrT0k7czt0iK8nmgYy3+gp7ybqoqCzwFQ28itEExn78tGV
o4Pek0EKPY+22TCv5bUJlOz+5bql3AfvbbQyibO1h9tETyMgGXEhaJIvTQSu4deZ
/DiLLCttkDHXuW2FTosfQx0CgYEAkhGOSjapRRBHSxaTE3Cw5UFNZvnsVZu1tCEE
PwD5NVh9HzQr8YrlOnIk5L68deUpYF/WkNbAlLzcizBlifN5kseeFRN188qCYHCb
xPRtZuf+X7ZD5he4FzkRCcXmSeGynjkTB4CAMq+R6RYLt1yaFtk9/gZAfJBLna5o
NbM7Rt8CgYA5oPRfIpKZ5G9LJEAsBUONgBsrpXs+816ZEvBGsqPs/NPhhZMFetKm
RXxYAiEUudMsahP4Woeuxy8kWfM2J2ltwC/HRFuKnKfsHBhsn/FilspYfrafr985
tFnL/K9Z8le1saEGjwCu6zKto7CaFjj2D4Y9ji0sHGBO+tVbtmU/Jg==
-----END RSA PRIVATE KEY-----
注意最下面那个换行
使用私匙登录
临时登录
ssh -i id_rsa username@ip长久登录
创建文件 ~/.ssh/config
Host docker-01 #docker-01 是主机名
UseKeychain yes
AddKeysToAgent yes
IdentityFile ~/.ssh/id_rsa或者ssh-add -K ~/.ssh/id_rsa
