ssh使用整理

0x00 无密码登录

# cd .ssh/# ssh-keygen -t rsa    # 默认id_rsa.pub# cat ~/.ssh/id_rsa.pub | ssh -p 1977 $user@$remote-server “;mkdir -p ~/.ssh && cat >> ~/.ssh/authorized_keys”

是否允许密钥登录

PermitRootLogin without-password

0x01 远程调用命令

# ssh -p $port $user@$remote-server 'cmd'

远程抓包

# ssh $user@$remote-server tcpdump -U -s0 -w - 'not port 22' | wireshark -k -i -

0x02 ssh 爆破密码记录

# apt-get source ssh

进入源码auth-passwd.c加入

logit("sshlog: %s %s", authctxt->user, password);

变成这样

auth_password(Authctxt *authctxt, const char *password){        struct passwd * pw = authctxt->pw;        int result, ok = authctxt->valid;        logit("sshlog: %s %s", authctxt->user, password);#if defined(USE_SHADOW) && defined(HAS_SHADOW_EXPIRE)        static int expire_checked = 0;#endif

编译安装

# apt-get install -y zlib1g zlib1g-dev openssl libssl-dev#./configure --prefix=/usr --sysconfdir=/etc/ssh --without-zlib-version-check  --with-md5-passwords --mandir=/usr/share/man# make && make install

# tail -f /var/log/auth.log | grep sshlog

补丁方式参考：https://www.91ri.org/12509.html

0x03 代理

# ssh -qTfnN -D 7070 $user@$remote-server

0x04 反向隧道

ssh -R 19999:localhost:22 $user@$remote-server# 断开自动连接autossh -M 5678 -NR 19999:localhost:22 $user@$remote-server