Hacking °ü·Ã °Ô½ÃÆÇ |
---|
2000/08/06(21:11) from 203.255.160.61 | |
ÀÛ¼ºÀÚ : °ÁÙ±â (jkkang65@hanmail.net) | Á¶È¸¼ö : 3873 , ÁÙ¼ö : 199 |
SSH »ç¿ë |
---|
±×·³ ÀÌÁ¦ ssh Ŭ¶óÀ̾ðÆ® ÇÁ·Î±×·¥À» »ç¿ëÇÏ¿© ¼¹ö¿¡ Á¢¼ÓÇغ¸°Ú½À´Ï´Ù. ÁÖÀÇ ÇÒ °ÍÀº ssh2´Â ssh2»çÀÌ¿¡¼¸¸ Åë½ÅÀÌ °¡´ÉÇÏ°í, ¸¸¾à ssh1°ú ȣȯÇÏ·Á¸é ¼³Á¤ ÆÄÀÏ¿¡¼ º°µµ·Î ssh1 ºÎºÐ ¼³Á¤À» ÇØÁÖ¾î¾ß ÇÕ´Ï´Ù. ssh1°ú Åë½ÅÀ» ÇÏ·Á¸é ssh1°ússh2ÀÌ µÑ ´Ù ¼³Ä¡µÇ¾î ÀÖ¾î¾ß ÇÕ´Ï´Ù. ssh1°úÀÇ È£È¯Àº ¾Æ·¡¿¡¼ ¾ð±ÞÇϵµ·Ï ÇÏ°Ú½À´Ï´Ù. ÀÏ´Ü #sshd host¸¦ ½ÇÇàÇÏ¿© Á¢¼ÓÇÕ´Ï´Ù. host À̸§À¸·Î ·Î±×ÀÎÀÌ µÉ °ÍÀÔ´Ï´Ù. ±×·¯¸é ´Ù½Ã È£½ºÆ® ¸í°ú IPÁÖ¼Ò¸¦ ´ÙÀ½°ú °°ÀÌ ÀÎÀÚ·Î Àü´ÞÇÕ´Ï´Ù. #ssh 210.127.236.93 À̶§ ÀÌ¹Ì ¾Õ¿¡¼ ÇÔ²² ½ÇÇàÇßµíÀÌ authorization file ¿¡ °ø°³Å°°¡ µî·ÏµÇ¾î ÀÖ´Â »ç¿ëÀÚ´Â passphrase¸¦ ¹¯°í, ¸¸¾à µî·ÏÀÌ ¾ÈµÇ¾î ÀÖ´Ù¸é host account ÀÇ password¸¦ ¹¯½À´Ï´Ù. Áï, Accepting host 210.127.236.93 key without checking À̶ó´Â ±ÛÀÌ ¶ß¸é passphrase ¸¦ È®ÀÎÇÏÁö ¾Ê°íµµ Á¢¼ÓÀÌ ¼ö¿ëµÈ´Ù´Â °ÍÀÌÁö¿ä. ´ÙÀ½Àº ssh Ŭ¶óÀ̾ðÆ®ÀÇ Å¬¶óÀ̾ðÆ®ÀÇ ¸í·ÉÇà ¿É¼ÇµéÀÔ´Ï´Ù. -v : µð¹ö±ë¸ðµå·Î Á¢¼ÓÀÌ ¾ÈµÇ°í ¿¡·¯°¡ ¹ß»ýÇÒ ¶§ »ç¿ë -a : ´ë¸®ÀÎ ÀÎÁõ Æ÷¿öµù »ç¿ë -c cipher : ÇöÀç ¼¼¼Ç¿¡¼ »ç¿ëÇÒ ¾ÏÈ£ ¹æ¹ý ¸í½Ã ( blowfish, idea, 3des) -e char : escape ¹®ÀÚ º¯°æ -f : ¼¼¼Ç ÀÎÁõÀÌ ³¡³ ÈÄ¿¡ ¹é±×¶ó¿îµå·Î ÀÛ¾÷À» ¼öÇàÇϵµ·Ï ¸í½Ã -i ÆÄÀÏ : ½Å¿øÆÄÀÏÀ» º¯°æ -l : ·Î±×Àνà »ç¿ëÀÚ ¸í½Ã -n : /dev/null·Î ºÎÅÍ ÀÔ·ÂÀ» ¹Þ´Â´Ù. -p port : ssh°¡ Á¢¼ÓÇϱâ À§ÇØ »ç¿ëÇÒ Æ÷Æ® ¸í½Ã -q : Á¤Àû ¸ðµå¿¡¼´Â STDOUT·Î °æ°í¸Þ½ÃÁö°¡ Ãâ·ÂµÇÁö ¾ÊÀ½ -t : ÇϳªÀÇ ¸í·ÉÀ» ¼öÇàÇÏ´õ¶óµµ tty¸¦ ¿¬´Ù. -x : x11Æ÷¿öµù ±â´É ÇØÁ¦ SSH Secure Shell !! SSH1 °ú SSH2 ÀÇ È£È¯ Ssh1°ú ssh2¸¦ ȣȯ ÇÏ·Á¸é ssh1°ússh2ÀÌ µÑ ´Ù ¼³Ä¡µÇ¾î ÀÖ¾î¾ß ÇÕ´Ï´Ù. ¸ÕÀú ¼¹öÀÇ °æ¿ì ssh1°úÀÇ È£È¯À» À¯Áö Çϱâ À§ÇØ /etc/sh2 µð·ºÅ丮 ¾Æ·¡¿¡ sshd2_config ÆÄÀÏÀ»¼öÁ¤ÇØ¾ß Çϴµ¥ °ÅÀÇ ´ëºÎºÐ Áö¿øÀÌ µðÆúÆ®¸¦ »ç¿ëÇÏ¸é °¡ ´ÉÇÕ´Ï´Ù. Ssh1Àº Ssh1Compatibility ¿Í SshdPath ¸¦ ´ÙÀ½°ú °°ÀÌ ÁöÁ¤ÇØ ÁÖ¸é µË´Ï´Ù. Ssh1Compatibility yes Sshd1Path /°æ·Î/sshd1 (°æ·Î´Â sshd1ÆÄÀÏÀÌ Á¸ÀçÇÏ´Â °æ·Î¸¦ ¸»ÇÕ´Ï´Ù) ssh2_configµµ ´ÙÀ½°ú °°ÀÌ ¼öÁ¤ÇÕ´Ï´Ù. Ssh1Compatibility yes Sshd1Path/°æ·Î/ssh1 (¿©±â¼ÀÇ °æ·Îµµ ssh1ÀÌ Á¸ÀçÇÏ´Â °æ·Î¸¦ ¸»ÇÕ´Ï´Ù) SSH client »ç¿ë ÀÏ´Ü ssh2ÀÇ ¼³Ä¡¸¦ ¸¶Ä¡°í ³ª¸é /etc/ssh2 ¶ó´Â directory¿¡ ¾Æ·¡¿Í °°ÀÌ hostkey¿Í ssh client config file, ssh daemon config fileÀÌ ¼³Ä¡°¡ µË´Ï´Ù. Hanterm - /etc/ssh2 [root@linuxi ssh2]$ ls /etc/ssh2 hostkey hostkey.pub ssh2_config sshd2_config [root@linuxi ssh2]$ °¢ fileµéÀ» ¼³¸íÇÏÀÚ¸é hostkey´Â ¸»±×´ë·Î host¸¦ ³ªÅ¸³»´Â privite keyÀÌ¸ç º¸¾È¿¡ ¾ÆÁÖ ½Å°æÀ» ½á¾ß ÇÏ´Â ÆÄÀÏÀÌ´Ù. hostkey.pub´Â ¸»±×´ë·Î host¸¦ ³ªÅ¸ ³»´Â °ø°³ keyÀÔ´Ï´Ù. ssh2_config´Â ssh clientÀÇ ¼³Á¤ fileÀ̸ç, ½ÇÁ¦·Î ssh1 °úÀÇ È£È¯À» °í·ÁÇÏÁö ¾Ê´Â´Ù¸é ¼ÕÀ» µ¨ ÇÊ¿ä°¡ ¾ø´Ù. sshd2_config´Â ssh daemonÀÇ ¼³Á¤ ÆÄÀÏÀ̸ç, ¾Æ·¡¸¦ º¸µµ·Ï ÇÏÀÚ. ÇÑ°¡Áö ¼³Á¤¸¸ »©°í´Â ssh1°úÀÇ È£È¯À» °í·ÁÇÏÁö ¾Ê´Â´Ù¸é Ưº°È÷ sshd2_config ¿ª½Ã ¼ÕÀ» º¼°ÍÀº ¾ø´Ù°í »ý°¢ µË´Ï´Ù.. Hanterm - /etc/ssh2 [root@linuxi ssh2]$ cat /etc/ssh2/sshd2_config # sshd2_config # SSH 2.0 Server Configuration File *: Port 22 ssh°¡ »ç¿ëÇÒ port¸¦ ÁöÁ¤ÇØ ÁØ´Ù. º¯°æ Çʿ伺Àº º°·Î ¾ø½À´Ï´Ù. ListenAddress 0.0.0.0 sshd°¡ ±Í¸¦ ±â¿ïÀÏ ÁÖ¼Ò¸¦ Á¤ÇØÁØ´Ù. 0.0.0.0Àº ¸ðµç °÷À¸·Î ºÎÅÍ Á¢¼ÓÀ» ¹Þ¾ÆµéÀÌ°Ú´Ù´Â ÀǹÌÀÔ´Ï´Ù.. ÇÏÁö¸¸ ÆÐŰ¡À» ÇÒ¶§ ¾î¶»°Ô ÇÑ°ÍÀÎÁö´Â ¸ð¸£°ÚÁö¸¸ tcp-wrapperÀÇ ¿µÇâÀ» ¹Þ¾Æ¼ hosts.deny¿¡¼ ¸·Çô ÀÖÀ¸¸é Á¢¼ÓÀÌ ¾ÈµÇ´Ï hosts.allow¿Í hosts.deny¿¡¼ sshd2 Ç׸ñÀ¸·Î Á¦¾î¸¦ ÇÒ¼ö°¡ ÀÖ½À´Ï´Ù. 28 Ciphers AnyStd # Ciphers AnyCipher # Ciphers AnyStdCipher # Ciphers 3des IdentityFile identification AuthorizationFile authorization HostKeyFile hostkey PublicHostKeyFile hostkey.pub RandomSeedFile random_seed ForwardAgent yes2 ForwardX11 yes 2# DEPRECATED PasswordAuthentication yes PasswordGuesses 3 ÀÎÁõ¿¡ ½ÇÆÐÇßÀ»¶§ ¸î¹ø±îÁö Àç½ÃµµÇÒ¼ö ÀÖ´ÂÁö¸¦ ÁöÁ¤ÇØ¾ß ÇÕ´Ï´Ù. 2 # MaxConnections 50 # 0 == number of connections not limited MaxConnections 0 ÃÖ´ë ¸î°³ÀÇ Á¢¼ÓÀ» Çã¶ôÇÒÁö¸¦ ÁöÁ¤ÇØ¾ß ÇÕ´Ï´Ù. 0Àº Á¦ÇÑÀ» ÇÏÁö ¾Ê´Â´Ù´Â °ÍÀ» ÀǹÌÇÕ´Ï´Ù. # PermitRootLogin nopwd PermitRootLogin yes root·ÎÀÇ login Çã¶ô ¿©ºÎ¸¦ ÁöÁ¤ÇÕ´Ï´Ù. # DEPRECATED PubkeyAuthentication yes # AllowedAuthentications publickey,password,hostbased AllowedAuthentications publickey,password ÀÎÁõ ¼ø¼¸¦ ÁöÁ¤ÇÕ´Ï´Ù. # RequiredAuthentications publickey,password ForcePTTYAllocation no VerboseMode no PrintMotd yes CheckMail yes UserConfigDirectory "%D/.ssh2" userµéÀÇ Á¤º¸°¡ µé¾î ÀÖ´Â directory¸¦ ÁöÁ¤ÇÕ´Ï´Ù # UserConfigDirectory "/etc/ssh2/auth/%U" SyslogFacility AUTH # SyslogFacility LOCAL7 Ssh1Compatibility yes # Sshd1Path À§ÀÇ µÎlineÀº ssh1°úÀÇ È£È¯ ºÎºÐÀÌ´Ù. ¿©±â¼´Â »ý·«ÇÕ´Ï´Ù. # AllowHosts localhost, foobar.com, friend.org # DenyHosts evil.org, aol.com # AllowSHosts trusted.host.org # DenySHosts not.quite.trusted.org # NoDelay yes # KeepAlive yes RequireReverseMapping no Á¢¼ÓÇÏ´Â °÷ÀÇ µµ¸ÞÀÎÀÌ Revers MappingÀÌ µÇ´ÂÁö¸¦ È®ÀÎÇÏ¿© Á¢¼ÓÀ» Çã°¡ÇÒÁö ¾ÈÇÒÁö¸¦ ÁöÁ¤ÇØ¾ß ÇÕ´Ï´Ù. ½ÇÁ¦·Î internet »ó¿¡ È£½ºÆ®µéÁß revers mappingÀÌ ¾ÈµÇ´Â host°¡ »ó´çÈ÷ ¸¹À¸¸ç ¶ÇÇÑ ¿©·¯ºÐÀÌ »ç¿ëÇÏ´Â hostÁß¿¡µµ revers mapping ÀÌ ¾ÈµÇ´Â hostÀÌ ´ë´Ù¼öÀÌ´Ï no·Î ¼³Á¤À» ÇÏ´Â °ÍÀÌ ³º6À»µí ÇÕ´Ï´Ù. ÀÚ½ÅÀÇ hostµéÀÌ revers mappingÀÌ µÇ´Â °ÍÀÌ È®½ÇÇÏ´Ù¸é º¸¾È»ó yes·Î ÇÏ´Â °ÍÀÌ ÁÁÀ»¼öµµ ÀÖ½À´Ï´Ù. ´Ü revers mappingÀÌ ¾ÈµÇ¸é Á¢¼ÓÀÌ ¾ÈµÈ´Ù´Â °ÍÀ» ¸í½ÉÇÏ¼Å¾ß ÇÒ °ÍÀÔ´Ï´Ù UserKnownHosts yes # subsystem definitions subsystem-sftp sftp-server [root@linuxi ssh2]$ |