Ukuhamba kwamachweba (ngesiNgisi ichweba lingqongqoza) ngokungangabazeki kuwumkhuba wokuthi sonke esiphatha amaseva kufanele sazi kahle, lapha ngichaza ngokuningiliziwe ukuthi yini lokhu nokuthi ungayisebenzisa kanjani futhi uyilungiselele kanjani le 😉
Njengamanje labo bethu abaphatha iseva banokufinyelela kwe-SSH kuleyo seva, abanye siguqula imbobo ezenzakalelayo ye-SSH futhi ayisasebenzisi itheku 22 kanti abanye bayishiya nje kanjalo (okuthile okunganconyiwe), kepha iseva inike amandla ukufinyelela kwe-SSH ngetheku elithile futhi lokhu sekuvele 'kusengozini'.
cunt I-Port Knocking singafinyelela okulandelayo:
1. Ukufinyelela kwe-SSH akunikiwe amandla nganoma iyiphi imbobo. Uma ngabe i-SSH yethulelwe i-port 9191 (ngokwesibonelo) lelo chweba (9191) lizovalwa kuwo wonke umuntu.
2. Uma othile efuna ukufinyelela kuseva nge-SSH, kusobala ukuthi ngeke bakwazi, ngoba itheku 9191 livaliwe ... kepha, uma sisebenzisa 'umlingo' noma inhlanganisela eyimfihlo, lelo chweba lizovulwa, ngokwesibonelo:
1. Ngithumela ucingo ku-port 7000 yeseva
2. Ngenza enye i-telnet ethekwini 8000 yeseva
3. Ngenza enye i-telnet ethekwini 9000 yeseva
4. Iseva ithola ukuthi othile wenze inhlanganisela eyimfihlo (thinta amachweba 7000, 8000 no-9000 ngaleyo ndlela) futhi izovula itheku 9191 ukucela ukungena ngemvume nge-SSH (izoyivula kuphela i-IP lapho inhlanganisela yenziwa khona inombolo yetheku kuyagculisa).
5. Manje ukuvala i-SSH ngivele ngisebenzise i-telnet ethekwini 3500
6. Ngizokwenza enye i-telnet ethekwini 4500
7. Futhi ekugcineni enye i-telnet ethekwini 5500
8. Ukwenza le enye inhlanganisela eyimfihlo etholwa yiseva izovala i-port 9191 futhi.
Ngamanye amagama, ukuchaza lokhu kalula kakhulu ...
cunt I-Port Knocking iseva yethu ingaba nezimbobo ezithile ezivaliwe, kepha lapho iseva ikuthola lokho kusuka ku- X I-IP inhlanganisela ethekwini eyiyo yenziwe (ukumiswa okuchazwe ngaphambilini kufayela lokumisa) izokwenza umyalo othile ngokwawo ngokusobala (umyalo kuchazwe futhi kufayela le-config).
Ngabe akuqondakali? 🙂
/ Ungayifaka kanjani i-daemon yePort Knocking?
Ngikwenza nephakeji kokd, okuzosivumela ngendlela elula kakhulu futhi elula futhi esheshayo yokusebenzisa nokuhlela I-Port Knocking.
Faka iphakheji: knockd
/ Ungayilungisa kanjani iPort Knocking nge-knockd?
Uma sekufakiwe siyaqhubeka nokuyilungiselela, ngenxa yalokhu sihlela (njengezimpande) ifayela /etc/knockd.conf:
nano /etc/knockd.conf
Njengoba ukwazi ukubona kulelo fayela sekuvele kukhona ukumiswa okuzenzakalelayo:
Ukuchaza izilungiselelo ezizenzakalelayo kulula impela.
- Okokuqala, SebenzisaSyslog kusho ukuthi ukurekhoda umsebenzi (i-log) esizoyisebenzisa / var / log / syslog.
- Okwesibili, esigabeni [openSSH] Yilapho kusobala ukuthi imiyalo yokuvula i-SSH izohamba, okokuqala sinokulandelana kwamachweba (inhlanganisela eyimfihlo) elungiselelwe ngokuzenzakalela (itheku 7000, itheku 8000 futhi ekugcineni itheku 9000). Ngokusobala amachweba angashintshwa (empeleni ngiyayincoma) futhi njengoba kungenjalo akudingeki ukuthi abe ngu-3, angaba ngaphezulu noma ngaphansi, kuya ngawe.
- Okwesithathu, seq_timeout = i-5 kusho isikhathi sokulinda ukuhlangana kwembobo eyimfihlo ukuthi kwenzeke. Ngokuzenzakalelayo kusethwe kumasekhondi ayi-5, lokhu kusho ukuthi uma sesiqale ukwenza itheku lingqongqoza (okusho ukuthi, lapho sifonela ethekwini 7000) sinemizuzwana engama-5 ukuqeda ukulandelana okulungile, uma kudlula imizuzwana emihlanu asikakaqedi ichweba lingqongqoza lapho-ke kuzovele kube sengathi ukulandelana bekungavumelekile.
- Okwesine, umyalo ayidingi incazelo eningi. Lokhu kuzoba umyalo nje ozokwenziwa yisiphakeli lapho sithola inhlanganisela echazwe ngenhla. Umyalo osethwe ngokuzenzakalela okwenzayo ukuvula i-port 22 (shintsha leli chweba letheku lakho le-SSH) kuphela ku-IP elenze ukuhlanganiswa okulungile kwamachweba.
- Okwesihlanu, tcpflags = i-syn Ngalo mugqa sichaza uhlobo lwamaphakethe isiphakeli esizowabona evumelekile ethekwini elingqongqozayo.
Bese kuthi kube khona isigaba sokuvala i-SSH, ukuthi ukumiswa okuzenzakalelayo akuyona enye into ngaphandle kokulandelana okufanayo kwamachweba angenhla kepha kulandelana okuphambene.
Nakhu ukucushwa nokunye ukuguqulwa:
Ungaqala kanjani i-daemon eqoqiwe?
Ukuyiqala kufanele siguqule kuqala (njengezimpande) ifayela / etc / default / knockd:
nano /etc/default/knockd
Lapho siguqula umugqa wenombolo 12 othi: «START_KNOCKD = 0»Futhi ushintshe lelo 0 libe ngu-1, besizoba:«START_KNOCKD = 1«
Uma lokhu sekwenziwe manje simane sikuqale:
service knockd start
Futhi i-voila, ilungiselelwe futhi iyasebenza.
I-Port Knocking ngokungqongqoza nokusebenza!
Njengoba ukwazi ukubona ekucushweni kwangaphambilini, uma ukungqubuzana kwembobo kwenziwa ethekwini 1000, bese kufika ku-2000 futhi ekugcineni kube ngu-3000 bese kuthi i-port 2222 (i-SSH yami) ivuleke, nakhu enye ikhompyutha ekhipha itheku ingqongqoza:
Lapho sengicindezele u- [Enter] ku-Knock No.1, ku-No.2 futhi ekugcineni ku-No.3 itheku lizovuleka, nayi i-log:
Njengoba ukwazi ukubona, lapho ungqongqoza ethekwini 1000, isigaba 1 sabhaliswa, bese kuthi ngo-2000 kube isigaba 2 futhi ekugcineni kube ngu-3 no-3000, lapho wenza lokhu, umyalo engiwumemezele ku .conf uyenziwa futhi yilokho.
Ngemuva kwalokho ukuvala itheku kuzoba ukushaya u-9000, 8000 bese kuthi ekugcineni kube ngu-7000, nayi ilogi:
Futhi lapha incazelo yokusetshenziswa iphela 😀
Njengoba ukwazi ukubona, iPort Knocking iyathandeka futhi ilusizo impela, ngoba yize singafuni ukumane sivule itheku ngemuva kokuhlanganiswa okuthile kwamachweba, umyalo noma i-oda elizokwenziwa iseva lingahluka, lelo ... esikhundleni ukuvula ichweba esingamemezela ukubulala inqubo, ukumisa insiza efana ne-apache noma i-mysql, njll ... umkhawulo umcabango wakho.
Kuhle futhi kuze kube manje le ndatshana… angiyena uchwepheshe kule ndaba kodwa bengifuna ukuhlanganyela nawe le nqubo ethakazelisa kakhulu.
Sanibonani
I-athikili enhle kakhulu, iyathakazelisa impela futhi bengingazi ukuthi ikhona ... kungakuhle uma uqhubeka ukhipha izindatshana zama-newbie sysadmins nezinto
Ukubingelela nokubonga ^ _ ^
Siyabonga ngokuphawula.
Yebo ... kungukuthi ngezihloko ezikwi-DNS ye-FICO, angifuni ukusala ngemuva kwe-LOL !!!
Akuyilutho engathi sina. Ezinyangeni ezimbalwa ezedlule ngezwa okuthile ngePort Knocking futhi kwangidonsa ngokushesha, kepha njengoba ngangicabanga ukuthi kuzoba nzima kakhulu ngaleso sikhathi angizange ngithathe isinqumo sokungena, izolo nje ngibuyekeza amanye amaphakheji avela ku-repo engithole ukuthi angqongqozile futhi uthathe isinqumo sokuzama, futhi nasi isifundo.
Bengihlale ngithanda ukubeka izindatshana zobuchwepheshe, ezinye zingahle zingathandeki ngokwanele kepha… ngiyethemba ukuthi ezinye ziyi-😉
Phendula ngokucaphuna
Sawubona, ngiyazi ukuthi le ndatshana ibinesikhathi esithile ikhona kepha ngingenisa umbuzo wami ukubona ukuthi kukhona yini umuntu ongangisombululela wona.
Iqiniso ukuthi ngisebenzise i-port engqongqoza okusajingijolo wami ukuzama ukuthuthukisa ezokuphepha lapho ngixhuma kuyo ngaphandle kwenethiwekhi yendawo. Ukuze lokhu kusebenze bekufanele ngivule uhla lwamachweba ku-7000-9990 router eqonde emshinini. Kuphephile ukuvula lawo machweba ku-router noma ngokuphambene nalokho, lapho uzama ukuthola ukuphepha okwengeziwe, ngabe ngenza okuphambene nalokho?
Sanibonani futhi ngiyabonga.
Kuhle, ngibe yi-sysadmin iminyaka futhi bengingamazi.
Umbuzo owodwa ... ukwenza kanjani "ukungqongqoza"?
Ingabe uxhumana nalawo machweba? Ithini i-telnet ekuphendulayo? Noma kukhona umyalo wokuzuliswa "ngokungqongqoza"?
Kuhle kakhulu i-athikili. Okumangalisayo. Ngibonga kakhulu
Ngenze isivivinyo ngetelnet futhi yonke into yenze izimanga ... kepha, ngokumangazayo kukhona umyalo othi 'knock', yenza a indoda iyangqongqoza ukuze ubone 😉
I-telnet ayiphenduli nakancane kimi, ama-iptable anenqubomgomo ye-DROP ayenza ingaphenduli nhlobo futhi i-telnet ihlala lapho ilinde impendulo ethile (engeke ize ifike), kepha i-daemon engqongqozile izobona ukungqongqoza noma kungekho ophendulayo it 😀
Ngiyabonga kakhulu ngokuphawula kwakho, kuyintokozo ukwazi ukuthi izindatshana zami zisathanda i- ^ _ ^
Kungezwe kuzintandokazi! : D!
Gracias!
Ngiyabonga 😀
Ukuphepha kwe-Ahh, lowo muzwa omnandi wokuthi sivikela i-pc ku-plumb, bese kuthi izinsuku / amasonto kamuva sizame ukuxhuma sisendaweni ethile ekude esingenakukwazi ukuyifinyelela ngoba i-firewall ayikho kumodi "yomuntu", lokhu kubizwa ukuhlala ngaphandle inqaba maqondana nama-sysadmins. 😉
Kungakho lokhu okuthunyelwe kuwusizo kangaka, uma ungqongqoza ungangena noma yikuphi lapho ungathumela iphakethe kunethiwekhi yakho yangakini, futhi abahlaseli balahlekelwa intshisekelo lapho bebona ukuthi itheku le-ssh livaliwe, angicabangi ukuthi bazongqongqoza ukuvula itheku.
Hheyi, i-athikili yinhle.
Into eyodwa: kuyasebenza ukuxhuma kusuka ngaphandle kwenethiwekhi yendawo?
Ngikusho lokhu ngoba ngine-router enamachweba avaliwe kususwa leyo ehambelana ne-ssh eqondiswe kabusha kuseva.
Ngicabanga ukuthi ukuze isebenze ngaphandle kwenethiwekhi yendawo, kuzodingeka ukuthi kuvulwe amachweba we-router ahambelana nePort Knocking bese ebaqondisa futhi kuseva.
Mmm ...
Angazi ukuthi ngiphephe kangakanani ukwenza lokhu.
Ucabangani?
Angiqiniseki ngempela, angizange ngenze isivivinyo kodwa ngicabanga ukuthi yebo, kufanele uvule amachweba ku-router ngoba uma kungenjalo ngeke ukwazi ukungqongqoza iseva.
Yenza isivivinyo ngaphandle kokuvula amachweba ku-router, uma kungakusebenzeli kuyihlazo, ngoba ngivumelana nawe, akukhuthazwa ukuvula lawa machweba ku-router.
Ngempela, kufanele sivule amachweba bese siwaqondisa kabusha kwikhompyutha esiyibizayo.
Isihawu.
Kuhle ngiyabonga kakhulu! Ngisanda kuqala ukutadisha umsebenzi wenethiwekhi futhi lezi zifundo zingilungele! ngiyabonga ngokuthatha isikhathi sakho sabelane ngolwazi
Ngifunde okuningi eminyakeni edlule nomphakathi weLinux womhlaba jikelele ... iminyaka embalwa bengifuna ukufaka isandla futhi, yingakho nje ngibhala 😀
Ngiyabonga kakhulu, awazi ukuthi ingisiza kanjani, sengizosetha iseva futhi lokhu kuzongihambela kahle.
Phendula ngokucaphuna
Yilokho esenzelwe kona, ukusiza 😉
Indatshana enhle kakhulu! Bengingenalo ulwazi ngalokhu futhi kungisiza kakhulu (ngisebenzisa iRackSpace esebenzisa i-KVM, ngakho-ke ingifanela njengegilavu!). Kungezwe kokuthandayo.
Siyabonga ngokuphawula 🙂
Njengenjwayelo DesdeLinux isilethela okuthunyelwe okuhle kakhulu okunokufundisa okuwusizo ngempela ukukusebenzisa, siyabonga ngokwabelana !! 🙂
Ngiyabonga ngokuphawula kwakho 🙂
Yebo, sihlala sizama ukwanelisa ukomela ulwazi abafundi bethu abanalo 😀
Okuthakazelisayo, angazanga inketho.
Iya ngqo ekunciphiseni umtapo wami wezincwadi.
Gracias!
Ubumnandi kimi 😀
Phendula ngokucaphuna
Sanibonani KZKG ^ Gaara !!! Ucindezelwe. Indatshana enhle yokuvikela amaseva. Cha @% * & ^ umqondo wokuthi into enjalo ikhona. Ngizozama. Ngiyabonga
kuhle lokhu…. ^ - ^
Sawubona, ungachaza ukuthi ungayifaka kanjani ku-CentOS 5.x?
Ngilande i-rpm:
http://pkgs.repoforge.org/knock/knock-0.5-3.el5.rf.x86_64.rpm
Kufakiwe:
rpm -i knock-0.5-3.el5.rf.x86_64.rpm
Lungiselela ifayela lokumisa ngemizuzwana engu-15 yesikhathi kanye nechweba engilisebenzisa ukuxhuma nge-ssh kuma-vps wami
Idimoni liqala:
/ usr / sbin / knockd &
I-telnet futhi akukho lutho itheku elingavali, ngokuzenzakalela itheku livulekile, kepha alivali.
Ingabe kukhona engikwenzayo okungalungile?
Mmmm, izicelo zetelnet kulawo machweba zingafundwa ngumlawuli wenethiwekhi yethu yasendaweni, noma ngumhlinzeki wethu wesevisi, cha? Kungavimba abantu bangaphandle kepha hhayi bona, ngakho-ke uma befuna ukuvula itheku lethu bangakwenza ngoba Bheka izicelo esizenzayo, mmm ake sithi ivikela kepha hhayi i-100%
Kungenzeka, kepha angicabangi ukuthi bazocabanga ukuthi i-telnet ethile yenza isenzo se-X. Ngaphandle kokuthi babone ukuthi amaphethini afanayo wetelnet ayalandelwa.
I-athikili ethakazelisayo, nginombuzo. Ngicabanga ukuthi kunephutha emfanekisweni wefayela lokumisa, ngoba uma uhlaziya kahle, kuyo yomibili imigqa yomyalo usebenzisa i-ACCEPT kuma-Iptables. Ngicabanga ukuthi umuntu kufanele AMUKELE kanti omunye kufanele ANQABE.
Ngaphandle kwalokho, isinyathelo esihle kakhulu. Ngiyabonga kakhulu ngokuthatha isikhathi sakho uchaze ulwazi lwakho kwabanye.
Phendula ngokucaphuna