Shulou(Shulou.com)06/01 Report--

This article mainly introduces how to solve the ssh backdoor problem of Linux. It is very detailed and has a certain reference value. Interested friends must read it!

Many times, my site needed someone's remote support, but he was blocked by the company's fire prevention. Few people realize that if you can reach the outside through a firewall, you can easily let in external information. From the original intention, this is called "smashing a hole in the firewall". I call it the SSH back door. In order to use it, you must have a machine that acts as an intermediary to connect to the Internet. In this example, such a machine is called blackbox.example.com. The machine behind the corporate firewall is called ginger. The machines supported by this technology are called tech. The following figure explains the setup process.

Photo: smashing a hole in the firewall

Here are the steps:

1. Check what is allowed, but make sure you ask the right person. Most people are worried that you have opened the firewall, but they do not understand that it is fully encrypted. Moreover, the external machine must be cracked in order to enter the company. However, you may belong to the "aggressive" type. Make your own judgment in the way you should choose, but don't complain about others when you don't like it.

two。 Use the-R flag to connect from ginger to blackbox.example.com via SSH. Suppose you are the root user on ginger, and tech needs the root user ID to help use the system. Use the-R flag to forward the description of port 2222 on blackbox to port 22 on ginger. This sets the SSH channel. Note that only SSH traffic can enter ginger: you don't put ginger on unprotected Internet.

You can do this using the following syntax:

~ # ssh-R 2222:localhost:22 thedude@blackbox.example.com

After entering blackbox, you just need to stay logged in. I always enter the following command:

Thedude@blackbox:~$ while [1]; do date; sleep 300; done

Keep the machine busy. Then minimize the window.

3. Now instruct your friends on tech to connect to blackbox using SSH without using any special SSH tags. But you have to give them the password:

Root@tech:~# ssh thedude@blackbox.example.com.

After 4.tech is on blackbox, you can connect to ginger from SSH using the following command:

Thedude@blackbox:~$: ssh-p 2222 root@localhost

5.Tech prompts for a password. The root password of ginger should be entered.

6. Now you and the support from tech can work together and solve the problem. You even need to use the screen together!

The above is all the contents of the article "how to solve the ssh backdoor problem of Linux". Thank you for reading! Hope to share the content to help you, more related knowledge, welcome to follow the industry information channel!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.