首页 注册 登录
V2EX = way to explore
V2EX 是一个关于分享和探索的地方
现在注册
已注册用户请  登录
通过以下 Referral 链接购买 DigitalOcean 主机,你将可以帮助 V2EX 持续发展
DigitalOcean - SSD Cloud Servers
mrjnamei
V2EX  ›  VPS

vps 一天到晚都遭遇 ssh 攻击,写了个假的获取 ssh 攻击字典和 ip 地址。

  •   
  •   mrjnamei · 1 天前 · 601 次点击

    运行 main.go, 文件写到本地。 本身的 sshd 服务监听地址从 22 端口改到其他端口。 

    
package main

import (
	"bufio"
	"encoding/json"
	"errors"
	"flag"
	"fmt"
	"golang.org/x/crypto/ssh"
	"log"
	"net"
	"os"
	"path/filepath"
)

// ssh-keygen -t rsa -f ~/.ssh/id_rsa_fake
const pk = `-----BEGIN OPENSSH PRIVATE KEY-----
b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAABlwAAAAdzc2gtcn
NhAAAAAwEAAQAAAYEAvMTrz1RZr8nE7CUUmfpZYeOxyA2wzdUWbgssFI0CyPf7undy/BHk
Ji3DE1S6ejAx4ca8ul99wifU/6MoYTzFIZJZPvD3e/sKS5yJR/rypSWEj2dO/e4oGXwTql
MFgeN8Vbc7JwHQHno863rDMOiF6G4ixB8+ratnSidbcCoUu2ADSljNXrntOCNuDr+duUOC
TNpu2hCOWeBOHHdsAhY9NkRyHFJWd/nf385j97ClLnHdj7d4e36FR9/hJZ/GuGRQdRgF5S
NiYR+Fu3P5p1f4Qe9IqKPhzlvYpZTuSJP+2onFzhWxCdArgC6fE/9V1K0Y46WWfd5V7Rz4
AJPhQsRQ59J0vaIBH75nabwKLoVNeSLLgNjNx1KgQpR0aDn7W9XuAzLLUDTS5MAVxo51lU
2beRU+ED/BMBRueSyZZK7BcH2xZoC5va6NkC8MdLxKYNxwR7ltPP6Jl1m+SYXqnF3qt18O
OnW8hA/dJ4Goapl1f46dykiWqEYmrqBt7KYpMxmnAAAFmJ2nizqdp4s6AAAAB3NzaC1yc2
EAAAGBALzE689UWa/JxOwlFJn6WWHjscgNsM3VFm4LLBSNAsj3+7p3cvwR5CYtwxNUunow
MeHGvLpffcIn1P+jKGE8xSGSWT7w93v7CkuciUf68qUlhI9nTv3uKBl8E6pTBYHjfFW3Oy
cB0B56POt6wzDohehuIsQfPq2rZ0onW3AqFLtgA0pYzV657Tgjbg6/nblDgkzabtoQjlng
Thx3bAIWPTZEchxSVnf539/OY/ewpS5x3Y+3eHt+hUff4SWfxrhkUHUYBeUjYmEfhbtz+a
dX+EHvSKij4c5b2KWU7kiT/tqJxc4VsQnQK4AunxP/VdStGOOlln3eVe0c+ACT4ULEUOfS
dL2iAR++Z2m8Ci6FTXkiy4DYzcdSoEKUdGg5+1vV7gMyy1A00uTAFcaOdZVNm3kVPhA/wT
AUbnksmWSuwXB9sWaAub2ujZAvDHS8SmDccEe5bTz+iZdZvkmF6pxd6rdfDjp1vIQP3SeB
qGqZdX+OncpIlqhGJq6gbeymKTMZpwAAAAMBAAEAAAGAKDCAyA58XcnGbERkw3eiig3RLv
eDOf9xHBKy2tk+y4zIgmWmDHa+rUY27ymt3g/evuPyEHf+LVUPqzGQiktG6SPgbl8dQb8r
7Pcx3ypVeMWpGGL1VWjcDrj08uFkHchSE2nEZUSki6iYycXEQuhughLYwgqo7I6+mfIRLK
s46L/DU5PefZl2IOqiJu+y49u0pSooSbMWq5nu526hhzw24hPme5MoJ7kCagLmE7j/IglK
E6wLMbe5JplKtRj0VRO+Ew6bgEtOPMjoTZ35izrpDDcIBWQGMz0ivHCcGrAZ7Nl/AwgkKQ
NkCd/SeCxXht+DxiLNsHJ3bkm/K+LCrAUm7VVkYJWMLwiV0WEcbf/Vy4eii2ShLLXu+3fQ
/tesokvyEnuqyzrukVOpebWragIoVNPDjh7n6gOyqtlZjpRIz6AlmSN7uTF6RtRPHkbAP1
qHbZEn5KkUF6q2FC2wPL4yQDvNvWeIplKYXROc7YHA81lXRiTV3XZx6GfEG4NRTTVxAAAA
wQDfRg6AB6cM8xcK01wyI4HdWTY650SpT5FlP7ttiaraxQ5eEcqx6FtBv+D3yspXk4QfO8
w/6Gn3cRtMEqvu4fG0hgIT72wnK38qyYkvcLhoqFtf8LOSOHinxhr4BZnpXtcuexMUphEu
xl7MJuRvz+QdBIIn1ckpuxmT9+rBXfbKUvNl87CDeWYvXOJkLt41Y3Hhq0j0r53MraY32g
MAtrfDEziRvKkyGI6aGb1GAsIlj6yv+oT4hV/ZrGin+Z9qq20AAADBAPtCOuLuZObjLQii
OZVDVhBVdSQFxAj41KiDj13jfbnR4CmSGhaWAvPEaHkYLGcwvxzmtTobmdszL5XebJ2GcQ
WdR+pbjNfbVWaPRel0qfygZ4npTc1uEZ1j7bG31pI3GmUEwCdT5JR3fD3GCb0FZjkqXsVQ
rqIVe3WhTiq2fZ6C/OIoA5U65FkgkJ4rC+uBwK7904gdIVlnVlIHO5umGrLM4EjXNKj18b
0PdwRbTtviKKVNDKEiMLpHWIMhjEXKCQAAAMEAwFTRzIa8apCBBCqMXTkMQdrrDMWuO6EH
qnGORATMjfNTlp9PFLNu4yB4GuWzFWZJDM2ry8jmziv0BEuePit0btDNYg4rP3OTlO1cpG
SLbSUObc34DZPVrb47ehQRx8G3aQOembzrOfzGITpfxzoXuqjChrgj1tw0jwnT6kpTRTOB
GkLJ/1TwYO7H0mxbNOwvIIKybHuHdJa6smKDSqZT4/LQsvCY4oJSUEPPlnJur/YE1Om0lp
L0hrEtkgoX03IvAAAAHHptakB6aGFuZ2RlTWFjQm9vay1Qcm8ubG9jYWwBAgMEBQY=
-----END OPENSSH PRIVATE KEY-----`

var (
	saveFile string
)

func init() {
	flag.StringVar(&saveFile, "f", "file.txt", "filepath")
}

type Source struct {
	IP       string `json:"ip"`
	Username string `json:"username"`
	Password string `json:"password"`
}

func (s *Source) String() string {
	b, _ := json.Marshal(s)
	return string(b)
}

func main() {
	flag.Parse()
	dir := filepath.Dir(saveFile)
	os.MkdirAll(dir, 0755)

	fi, err := os.OpenFile(saveFile, os.O_WRONLY|os.O_APPEND|os.O_CREATE, 0755)
	if err != nil {
		fmt.Println("openfile failed: ", err)
		return
	}

	defer fi.Close()

	buf := bufio.NewWriter(fi)
	defer buf.Flush()

	// 创建 SSH 服务器配置
	config := &ssh.ServerConfig{
		NoClientAuth: false, // 启用客户端认证
	}
	// 生成 SSH 密钥对
	privateKey, err := ssh.ParsePrivateKey([]byte(pk))
	if err != nil {
		log.Fatalf("Failed to parse private key: %v", err)
	}

	config.AddHostKey(privateKey)

	// 添加用户身份验证
	config.PasswordCallback = func(ctx ssh.ConnMetadata, password []byte) (*ssh.Permissions, error) {
		s := Source{
			IP:       ctx.RemoteAddr().String(),
			Username: ctx.User(),
			Password: string(password),
		}
		fmt.Fprintln(buf, s.String())
		buf.Flush()
		fmt.Println(s.String())

		return nil, errors.New("invalid password")
	}

	// 监听 22 端口
	listener, err := net.Listen("tcp", ":22")
	if err != nil {
		log.Fatalf("Failed to listen on 22: %v", err)
	}
	log.Println("Listening on :22 ...")

	for {
		// 接受连接
		conn, err := listener.Accept()
		if err != nil {
			log.Fatalf("Failed to accept connection: %v", err)
		}

		// 处理连接
		go handleConnection(conn, config)
	}
}

func handleConnection(conn net.Conn, config *ssh.ServerConfig) {
	defer conn.Close()
	// 进行 SSH 握手
	ssh.NewServerConn(conn, config)
}
    5 条回复    2024-11-14 17:25:58 +08:00
    gbw1992
        1
    gbw1992  
       1 天前
    互联网蛐蛐盒子
    ochatokori
        2
    ochatokori  
       1 天前 via Android
    你可能要找的是:ssh 蜜罐
    enjoying
        3
    enjoying  
       1 天前
    为啥不用证书登入,而不是密码登入
    mrjnamei
        4
    mrjnamei  
    OP
       1 天前
    @enjoying 谁攻击用证书呀
    htfcuddles
        5
    htfcuddles  
       17 小时 28 分钟前
    闲得慌,正经人谁会开密码,证书随你攻击,要不把 RSA 也破了吧
    关于   ·   帮助文档   ·   博客   ·   API   ·   FAQ   ·   实用小工具   ·   5795 人在线   最高记录 6679   ·     Select Language
    创意工作者们的社区
    World is powered by solitude
    VERSION: 3.9.8.5 · 20ms · UTC 02:54 · PVG 10:54 · LAX 18:54 · JFK 21:54
    Developed with CodeLauncher
    ♥ Do have faith in what you're doing.