V2EX = way to explore
V2EX 是一个关于分享和探索的地方
现在注册
已注册用户请  登录
通过以下 Referral 链接购买 DigitalOcean 主机,你将可以帮助 V2EX 持续发展
DigitalOcean - SSD Cloud Servers
mrjnamei
V2EX  ›  VPS

vps 一天到晚都遭遇 ssh 攻击,写了个假的获取 ssh 攻击字典和 ip 地址。

  •  
  •   mrjnamei · 38 天前 · 1165 次点击
    这是一个创建于 38 天前的主题,其中的信息可能已经有所发展或是发生改变。

    运行 main.go, 文件写到本地。 本身的 sshd 服务监听地址从 22 端口改到其他端口。

    
    package main
    
    import (
    	"bufio"
    	"encoding/json"
    	"errors"
    	"flag"
    	"fmt"
    	"golang.org/x/crypto/ssh"
    	"log"
    	"net"
    	"os"
    	"path/filepath"
    )
    
    // ssh-keygen -t rsa -f ~/.ssh/id_rsa_fake
    const pk = `-----BEGIN OPENSSH PRIVATE KEY-----
    b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAABlwAAAAdzc2gtcn
    NhAAAAAwEAAQAAAYEAvMTrz1RZr8nE7CUUmfpZYeOxyA2wzdUWbgssFI0CyPf7undy/BHk
    Ji3DE1S6ejAx4ca8ul99wifU/6MoYTzFIZJZPvD3e/sKS5yJR/rypSWEj2dO/e4oGXwTql
    MFgeN8Vbc7JwHQHno863rDMOiF6G4ixB8+ratnSidbcCoUu2ADSljNXrntOCNuDr+duUOC
    TNpu2hCOWeBOHHdsAhY9NkRyHFJWd/nf385j97ClLnHdj7d4e36FR9/hJZ/GuGRQdRgF5S
    NiYR+Fu3P5p1f4Qe9IqKPhzlvYpZTuSJP+2onFzhWxCdArgC6fE/9V1K0Y46WWfd5V7Rz4
    AJPhQsRQ59J0vaIBH75nabwKLoVNeSLLgNjNx1KgQpR0aDn7W9XuAzLLUDTS5MAVxo51lU
    2beRU+ED/BMBRueSyZZK7BcH2xZoC5va6NkC8MdLxKYNxwR7ltPP6Jl1m+SYXqnF3qt18O
    OnW8hA/dJ4Goapl1f46dykiWqEYmrqBt7KYpMxmnAAAFmJ2nizqdp4s6AAAAB3NzaC1yc2
    EAAAGBALzE689UWa/JxOwlFJn6WWHjscgNsM3VFm4LLBSNAsj3+7p3cvwR5CYtwxNUunow
    MeHGvLpffcIn1P+jKGE8xSGSWT7w93v7CkuciUf68qUlhI9nTv3uKBl8E6pTBYHjfFW3Oy
    cB0B56POt6wzDohehuIsQfPq2rZ0onW3AqFLtgA0pYzV657Tgjbg6/nblDgkzabtoQjlng
    Thx3bAIWPTZEchxSVnf539/OY/ewpS5x3Y+3eHt+hUff4SWfxrhkUHUYBeUjYmEfhbtz+a
    dX+EHvSKij4c5b2KWU7kiT/tqJxc4VsQnQK4AunxP/VdStGOOlln3eVe0c+ACT4ULEUOfS
    dL2iAR++Z2m8Ci6FTXkiy4DYzcdSoEKUdGg5+1vV7gMyy1A00uTAFcaOdZVNm3kVPhA/wT
    AUbnksmWSuwXB9sWaAub2ujZAvDHS8SmDccEe5bTz+iZdZvkmF6pxd6rdfDjp1vIQP3SeB
    qGqZdX+OncpIlqhGJq6gbeymKTMZpwAAAAMBAAEAAAGAKDCAyA58XcnGbERkw3eiig3RLv
    eDOf9xHBKy2tk+y4zIgmWmDHa+rUY27ymt3g/evuPyEHf+LVUPqzGQiktG6SPgbl8dQb8r
    7Pcx3ypVeMWpGGL1VWjcDrj08uFkHchSE2nEZUSki6iYycXEQuhughLYwgqo7I6+mfIRLK
    s46L/DU5PefZl2IOqiJu+y49u0pSooSbMWq5nu526hhzw24hPme5MoJ7kCagLmE7j/IglK
    E6wLMbe5JplKtRj0VRO+Ew6bgEtOPMjoTZ35izrpDDcIBWQGMz0ivHCcGrAZ7Nl/AwgkKQ
    NkCd/SeCxXht+DxiLNsHJ3bkm/K+LCrAUm7VVkYJWMLwiV0WEcbf/Vy4eii2ShLLXu+3fQ
    /tesokvyEnuqyzrukVOpebWragIoVNPDjh7n6gOyqtlZjpRIz6AlmSN7uTF6RtRPHkbAP1
    qHbZEn5KkUF6q2FC2wPL4yQDvNvWeIplKYXROc7YHA81lXRiTV3XZx6GfEG4NRTTVxAAAA
    wQDfRg6AB6cM8xcK01wyI4HdWTY650SpT5FlP7ttiaraxQ5eEcqx6FtBv+D3yspXk4QfO8
    w/6Gn3cRtMEqvu4fG0hgIT72wnK38qyYkvcLhoqFtf8LOSOHinxhr4BZnpXtcuexMUphEu
    xl7MJuRvz+QdBIIn1ckpuxmT9+rBXfbKUvNl87CDeWYvXOJkLt41Y3Hhq0j0r53MraY32g
    MAtrfDEziRvKkyGI6aGb1GAsIlj6yv+oT4hV/ZrGin+Z9qq20AAADBAPtCOuLuZObjLQii
    OZVDVhBVdSQFxAj41KiDj13jfbnR4CmSGhaWAvPEaHkYLGcwvxzmtTobmdszL5XebJ2GcQ
    WdR+pbjNfbVWaPRel0qfygZ4npTc1uEZ1j7bG31pI3GmUEwCdT5JR3fD3GCb0FZjkqXsVQ
    rqIVe3WhTiq2fZ6C/OIoA5U65FkgkJ4rC+uBwK7904gdIVlnVlIHO5umGrLM4EjXNKj18b
    0PdwRbTtviKKVNDKEiMLpHWIMhjEXKCQAAAMEAwFTRzIa8apCBBCqMXTkMQdrrDMWuO6EH
    qnGORATMjfNTlp9PFLNu4yB4GuWzFWZJDM2ry8jmziv0BEuePit0btDNYg4rP3OTlO1cpG
    SLbSUObc34DZPVrb47ehQRx8G3aQOembzrOfzGITpfxzoXuqjChrgj1tw0jwnT6kpTRTOB
    GkLJ/1TwYO7H0mxbNOwvIIKybHuHdJa6smKDSqZT4/LQsvCY4oJSUEPPlnJur/YE1Om0lp
    L0hrEtkgoX03IvAAAAHHptakB6aGFuZ2RlTWFjQm9vay1Qcm8ubG9jYWwBAgMEBQY=
    -----END OPENSSH PRIVATE KEY-----`
    
    var (
    	saveFile string
    )
    
    func init() {
    	flag.StringVar(&saveFile, "f", "file.txt", "filepath")
    }
    
    type Source struct {
    	IP       string `json:"ip"`
    	Username string `json:"username"`
    	Password string `json:"password"`
    }
    
    func (s *Source) String() string {
    	b, _ := json.Marshal(s)
    	return string(b)
    }
    
    func main() {
    	flag.Parse()
    	dir := filepath.Dir(saveFile)
    	os.MkdirAll(dir, 0755)
    
    	fi, err := os.OpenFile(saveFile, os.O_WRONLY|os.O_APPEND|os.O_CREATE, 0755)
    	if err != nil {
    		fmt.Println("openfile failed: ", err)
    		return
    	}
    
    	defer fi.Close()
    
    	buf := bufio.NewWriter(fi)
    	defer buf.Flush()
    
    	// 创建 SSH 服务器配置
    	config := &ssh.ServerConfig{
    		NoClientAuth: false, // 启用客户端认证
    	}
    	// 生成 SSH 密钥对
    	privateKey, err := ssh.ParsePrivateKey([]byte(pk))
    	if err != nil {
    		log.Fatalf("Failed to parse private key: %v", err)
    	}
    
    	config.AddHostKey(privateKey)
    
    	// 添加用户身份验证
    	config.PasswordCallback = func(ctx ssh.ConnMetadata, password []byte) (*ssh.Permissions, error) {
    		s := Source{
    			IP:       ctx.RemoteAddr().String(),
    			Username: ctx.User(),
    			Password: string(password),
    		}
    		fmt.Fprintln(buf, s.String())
    		buf.Flush()
    		fmt.Println(s.String())
    
    		return nil, errors.New("invalid password")
    	}
    
    	// 监听 22 端口
    	listener, err := net.Listen("tcp", ":22")
    	if err != nil {
    		log.Fatalf("Failed to listen on 22: %v", err)
    	}
    	log.Println("Listening on :22 ...")
    
    	for {
    		// 接受连接
    		conn, err := listener.Accept()
    		if err != nil {
    			log.Fatalf("Failed to accept connection: %v", err)
    		}
    
    		// 处理连接
    		go handleConnection(conn, config)
    	}
    }
    
    func handleConnection(conn net.Conn, config *ssh.ServerConfig) {
    	defer conn.Close()
    	// 进行 SSH 握手
    	ssh.NewServerConn(conn, config)
    }
    
    
    7 条回复    2024-11-17 17:21:12 +08:00
    gbw1992
        1
    gbw1992  
       38 天前
    互联网蛐蛐盒子
    ochatokori
        2
    ochatokori  
       38 天前 via Android
    你可能要找的是:ssh 蜜罐
    enjoying
        3
    enjoying  
       38 天前
    为啥不用证书登入,而不是密码登入
    mrjnamei
        4
    mrjnamei  
    OP
       38 天前
    @enjoying 谁攻击用证书呀
    htfcuddles
        5
    htfcuddles  
       37 天前   ❤️ 1
    闲得慌,正经人谁会开密码,证书随你攻击,要不把 RSA 也破了吧
    alect
        6
    alect  
       36 天前
    改端口+证书登录
    aarontian
        7
    aarontian  
       34 天前
    禁用密码+证书登陆+fail2ban 禁 ip 足矣,日常 22 端口,不怎么虚(记得不开 fail2ban 的时候我自己连 22 端口经常会被卡断)

    ssh 错误登陆默认都会写入 btmp 里,fail2ban 应该就是监听这个文件,通过 ipset+iptable 维持黑名单,成熟方案,你这做法绕远路了,而且还差一步封禁
    关于   ·   帮助文档   ·   博客   ·   API   ·   FAQ   ·   实用小工具   ·   2526 人在线   最高记录 6679   ·     Select Language
    创意工作者们的社区
    World is powered by solitude
    VERSION: 3.9.8.5 · 21ms · UTC 04:19 · PVG 12:19 · LAX 20:19 · JFK 23:19
    Developed with CodeLauncher
    ♥ Do have faith in what you're doing.