In addition to Weibo, there is also WeChat
Please pay attention
WeChat public account
Shulou
2025-01-18 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Network Security >
Share
Shulou(Shulou.com)06/01 Report--
The branch has installed a new Huawei firewall. In order to facilitate management, it has turned on SSH in the public network interface. The default port is port 22 of TCP. Configuration is complete, can be normal access, but then came the problem, the use of web login or SSH pop-up password verification failed, so that I began to doubt life.
Fortunately, the business can run normally, after more than half an hour, log in again, you can log in normally, check the log
Apr 20 2019 23:55:48 USG6300% MANAGER/4/UNLOCK (l): The user was unlocked. (User Name=admin)
Apr 20 2019 23:24:36 USG6300% MANAGER/3/LOCK (l): The user was locked out. (User Name=admin, Lock Time=30 min, Lock Reason=password incorrect for 3 times, Access Type=ssh, IP Address=91.236.116.214)
Apr 20 2019 22:39:14 USG6300% MANAGER/4/UNLOCK (l): The user was unlocked. (User Name=admin)
Apr 20 2019 22:01:41 USG6300% MANAGER/3/LOCK (l): The user was locked out. (User Name=admin, Lock Time=30 min, Lock Reason=password incorrect for 3 times, Access Type=ssh, IP Address=193.201.224.236)
Because the wrong password was entered three times in a row within the specified time, the account was locked for 30 minutes.
After thinking about the reason, what is the problem? There are two possibilities:
FW's public network interface allows PING, and the default SSH port that may be sniffed has not been changed. After sniffing, try to log in with a weak password or dictionary.
So how to solve this problem?
It must be to change the configuration, shut down the PING of the public network, and change the port of the SSH.
At the network-> interface, find the public network interface and turn off PING
Change the default SSH port
Next, you can log in using port 9022 from ssh to LAN in the intranet. Then test 9022 of the public network and find that you can't log in. What is the reason?
We have changed the port of the SSH protocol, which means that the security policy from untrust-- > local 9022 will be released. The original service-manager ssh permit allowed under the interface should automatically generate an implicit policy to go from untrust-- > loal 22. We should create our own security policy and we should be able to access it.
First, you need to create a service.
Create a security policy
After further testing, the public network can be accessed through SSH. After shutting down PING and changing the SSH port, no one has tried to log in, and the problem is solved.
Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.
Views: 0
*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.
Continue with the installation of the previous hadoop.First, install zookooper1. Decompress zookoope
"Every 5-10 years, there's a rare product, a really special, very unusual product that's the most un
© 2024 shulou.com SLNews company. All rights reserved.
12
Report
