ssh_scan - Yana Tabbatar da Kanfigareshan Sabar SSH ku da Manufofin ku a cikin Linux
ssh_scan shine samfurin SSH mai sauƙin amfani da na'urar daukar hotan takardu don Linux da sabobin UNIX, wanda Mozilla OpenSSH Jagorar Tsaro ta yi wahayi zuwa gare shi, wanda ke ba da shawarwarin tushen madaidaicin madaidaicin sigogi na SSH kamar Ciphers, MACs, da KexAlgos da ƙari mai yawa.
Yana da wasu fa'idodi masu zuwa:
- Yana da ƙarancin dogaro, ssh_scan yana ɗaukar ɗan asalin Ruby da BinData ne kawai don yin aikinsa, babu abin dogaro.
- Mai ɗaukar nauyi ne, zaku iya amfani da ssh_scan a cikin wani aikin ko don sarrafa ayyuka.
- Yana da sauƙin amfani, kawai nuna shi a sabis na SSH kuma sami rahoton JSON na abin da yake tallafawa da matsayinsa.
- Hakanan ana iya daidaita shi, zaku iya ƙirƙirar manufofin ku na al'ada waɗanda suka dace da takamaiman bukatun ku.
Yadda ake Sanya ssh_scan a cikin Linux
Akwai hanyoyi guda uku da zaku iya shigar da ssh_scan kuma sune:
Don shigarwa da aiki azaman gem, rubuta:
----------- On Debian/Ubuntu ----------- $ sudo apt-get install ruby gem $ sudo gem install ssh_scan ----------- On CentOS/RHEL ----------- # yum install ruby rubygem # gem install ssh_scan
Don gudu daga kwandon docker, rubuta:
# docker pull mozilla/ssh_scan # docker run -it mozilla/ssh_scan /app/bin/ssh_scan -t github.com
Don shigarwa da aiki daga tushe, rubuta:
# git clone https://github.com/mozilla/ssh_scan.git # cd ssh_scan # gpg2 --keyserver hkp://keys.gnupg.net --recv-keys 409B6B1796C275462A1703113804BB82D39DC0E3 # curl -sSL https://get.rvm.io | bash -s stable # rvm install 2.3.1 # rvm use 2.3.1 # gem install bundler # bundle install # ./bin/ssh_scan
Yadda ake amfani da ssh_scan a cikin Linux
Ma'anar yin amfani da ssh_scan shine kamar haka:
$ ssh_scan -t ip-address $ ssh_scan -t server-hostname
Misali don bincika saitunan SSH da manufofin uwar garken 92.168.43.198, shigar:
$ ssh_scan -t 192.168.43.198
Lura za ku iya kuma wuce [IP/Range/Sunan mai watsa shiri] zuwa zaɓi na -t kamar yadda aka nuna a cikin zaɓuɓɓukan da ke ƙasa:
$ ssh_scan -t 192.168.43.198,200,205 $ ssh_scan -t test.tecmint.lan
I, [2017-05-09T10:36:17.913644 #7145] INFO -- : You're using the latest version of ssh_scan 0.0.19
[
{
"ssh_scan_version": "0.0.19",
"ip": "192.168.43.198",
"port": 22,
"server_banner": "SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.1",
"ssh_version": 2.0,
"os": "ubuntu",
"os_cpe": "o:canonical:ubuntu:16.04",
"ssh_lib": "openssh",
"ssh_lib_cpe": "a:openssh:openssh:7.2p2",
"cookie": "68b17bcca652eeaf153ed18877770a38",
"key_algorithms": [
"[email ",
"ecdh-sha2-nistp256",
"ecdh-sha2-nistp384",
"ecdh-sha2-nistp521",
"diffie-hellman-group-exchange-sha256",
"diffie-hellman-group14-sha1"
],
"server_host_key_algorithms": [
"ssh-rsa",
"rsa-sha2-512",
"rsa-sha2-256",
"ecdsa-sha2-nistp256",
"ssh-ed25519"
],
"encryption_algorithms_client_to_server": [
"[email ",
"aes128-ctr",
"aes192-ctr",
"aes256-ctr",
"[email ",
"[email "
],
"encryption_algorithms_server_to_client": [
"[email ",
"aes128-ctr",
"aes192-ctr",
"aes256-ctr",
"[email ",
"[email "
],
"mac_algorithms_client_to_server": [
"[email ",
"[email ",
"[email ",
"[email ",
"[email ",
"[email ",
"[email ",
"hmac-sha2-256",
"hmac-sha2-512",
"hmac-sha1"
],
"mac_algorithms_server_to_client": [
"[email ",
"[email ",
"[email ",
"[email ",
"[email ",
"[email ",
"[email ",
"hmac-sha2-256",
"hmac-sha2-512",
"hmac-sha1"
],
"compression_algorithms_client_to_server": [
"none",
"[email "
],
"compression_algorithms_server_to_client": [
"none",
"[email "
],
"languages_client_to_server": [
],
"languages_server_to_client": [
],
"hostname": "tecmint",
"auth_methods": [
"publickey",
"password"
],
"fingerprints": {
"rsa": {
"known_bad": "false",
"md5": "0e:d0:d7:11:f0:9b:f8:33:9c:ab:26:77:e5:66:9e:f4",
"sha1": "fc:8d:d5:a1:bf:52:48:a6:7e:f9:a6:2f:af:ca:e2:f0:3a:9a:b7:fa",
"sha256": "ff:00:b4:a4:40:05:19:27:7c:33:aa:db:a6:96:32:88:8e:bf:05:a1:81:c0:a4:a8:16:01:01:0b:20:37:81:11"
}
},
"start_time": "2017-05-09 10:36:17 +0300",
"end_time": "2017-05-09 10:36:18 +0300",
"scan_duration_seconds": 0.221573169,
"duplicate_host_key_ips": [
],
"compliance": {
"policy": "Mozilla Modern",
"compliant": false,
"recommendations": [
"Remove these Key Exchange Algos: diffie-hellman-group14-sha1",
"Remove these MAC Algos: [email , [email , [email , hmac-sha1",
"Remove these Authentication Methods: password"
],
"references": [
"https://wiki.mozilla.org/Security/Guidelines/OpenSSH"
]
}
}
]
Kuna iya amfani da -p don tantance tashar tashar daban, -L don kunna logger da -V don ayyana matakin magana kamar yadda aka nuna a ƙasa:
$ ssh_scan -t 192.168.43.198 -p 22222 -L ssh-scan.log -V INFO
Bugu da ƙari, yi amfani da fayil ɗin manufofin al'ada (tsoho Mozilla Modern) tare da -P ko --manufofin [FILE] kamar haka:
$ ssh_scan -t 192.168.43.198 -L ssh-scan.log -V INFO -P /path/to/custom/policy/file
Buga wannan don duba duk zaɓuɓɓukan amfani da ssh_scan da ƙarin misalai:
$ ssh_scan -h
ssh_scan v0.0.17 (https://github.com/mozilla/ssh_scan)
Usage: ssh_scan [options]
-t, --target [IP/Range/Hostname] IP/Ranges/Hostname to scan
-f, --file [FilePath] File Path of the file containing IP/Range/Hostnames to scan
-T, --timeout [seconds] Timeout per connect after which ssh_scan gives up on the host
-L, --logger [Log File Path] Enable logger
-O, --from_json [FilePath] File to read JSON output from
-o, --output [FilePath] File to write JSON output to
-p, --port [PORT] Port (Default: 22)
-P, --policy [FILE] Custom policy file (Default: Mozilla Modern)
--threads [NUMBER] Number of worker threads (Default: 5)
--fingerprint-db [FILE] File location of fingerprint database (Default: ./fingerprints.db)
--suppress-update-status Do not check for updates
-u, --unit-test [FILE] Throw appropriate exit codes based on compliance status
-V [STD_LOGGING_LEVEL],
--verbosity
-v, --version Display just version info
-h, --help Show this message
Examples:
ssh_scan -t 192.168.1.1
ssh_scan -t server.example.com
ssh_scan -t ::1
ssh_scan -t ::1 -T 5
ssh_scan -f hosts.txt
ssh_scan -o output.json
ssh_scan -O output.json -o rescan_output.json
ssh_scan -t 192.168.1.1 -p 22222
ssh_scan -t 192.168.1.1 -p 22222 -L output.log -V INFO
ssh_scan -t 192.168.1.1 -P custom_policy.yml
ssh_scan -t 192.168.1.1 --unit-test -P custom_policy.yml
Bincika wasu artilces masu amfani akan SSH Server:
- SSH Password Shigar Amfani da SSH Keygen a cikin Sauƙaƙe Matakai 5
- 5 Mafi kyawun Ayyuka don Tsare Sabar SSH
- Ƙuntata Samun Mai Amfani na SSH zuwa Takaitaccen Bayani Ta Amfani da Chrooted Jail
- Yadda ake Siffata Haɗin SSH na Musamman don Sauƙaƙe Samun Nisa
Don ƙarin cikakkun bayanai ziyarci wurin ajiyar ssh_scan Github: https://github.com/mozilla/ssh_scan
A cikin wannan labarin, mun nuna muku yadda ake saitawa da amfani da ssh_scan a cikin Linux. Shin kun san wasu kayan aikin makamancin haka a wajen? Bari mu san ta hanyar hanyar amsawa da ke ƙasa, gami da duk wani tunani game da wannan jagorar.