Shulou(Shulou.com)06/01 Report--

This article focuses on "how to achieve a secret handshake in the SSH agent", interested friends may wish to take a look. The method introduced in this paper is simple, fast and practical. Let's let the editor take you to learn "how to achieve a secret handshake in a SSH agent".

1. Principle

Here are the instructions provided by ISP:

In cryptography, obfuscation refers to encoding the input data before it is sent to a hash function or other encryption scheme. This technique helps to make brute force attacks unfeasible, as it is difficult to determine the correct cleartext. From a cryptographic point of view, Obfuscation (obfuscation) refers to encoding input data before sending it to a hash formula or other encryption formula, which makes it difficult to crack profit because it is very difficult to confirm the correct plaintext.

The concept is quite eloquent, and then my lousy translator also …... However, the meaning is very clear, in fact, it is to change the handshake so that the monster can not see the ssh protocol used for data transmission, and then the ssh agent comes back full of blood.

two。 Solution

Awesome Bruce Leidl wrote a great patch for openssh. It can obfuscate the handshake signal (handshake) when creating encrypted SSH connections. Such an encrypted handshake signal can fool the deep packet inspection equipment used by the monster, successfully complete the mission, and then ensure the security and stability of the network.

(1) preparation

You need to have a Linux server under the control of the monster, and then configure the Obfuscated-openssh patch on the server.

Obfuscated-openssh click here to download, and then execute the following command to compile and install:

The code is as follows:

. / configure make make install

It is recommended that you install it separately from the regular SSH daemon.

(2) configuration

As a SSH agent, there is no need for users to log in to the server through ssh, so this part of the permission needs to be restricted so that users can only use the SOCKS agent. To do this, you need to create a dedicated user account.

The following is the command to add a user named "golengssh" with a password of "goleng.com" who cannot log on to the server remotely.

The code is as follows:

Sudo useradd-m-s / usr/sbin/nologin-p goleng.com golengssh

At this point, I believe you have a deeper understanding of "how to achieve a secret handshake in the SSH agent". You might as well do it in practice. Here is the website, more related content can enter the relevant channels to inquire, follow us, continue to learn!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.