通过以下 Referral 链接购买 DigitalOcean 主机,你将可以帮助 V2EX 持续发展 DigitalOcean - SSD Cloud Servers
这是一个创建于 362 天前的主题,其中的信息可能已经有所发展或是发生改变。
运行 main.go, 文件写到本地。 本身的 sshd 服务监听地址从 22 端口改到其他端口。
package main import ( "bufio" "encoding/json" "errors" "flag" "fmt" "golang.org/x/crypto/ssh" "log" "net" "os" "path/filepath" ) // ssh-keygen -t rsa -f ~/.ssh/id_rsa_fake const pk = `-----BEGIN OPENSSH PRIVATE KEY----- b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAABlwAAAAdzc2gtcn NhAAAAAwEAAQAAAYEAvMTrz1RZr8nE7CUUmfpZYeOxyA2wzdUWbgssFI0CyPf7undy/BHk Ji3DE1S6ejAx4ca8ul99wifU/6MoYTzFIZJZPvD3e/sKS5yJR/rypSWEj2dO/e4oGXwTql MFgeN8Vbc7JwHQHno863rDMOiF6G4ixB8+ratnSidbcCoUu2ADSljNXrntOCNuDr+duUOC TNpu2hCOWeBOHHdsAhY9NkRyHFJWd/nf385j97ClLnHdj7d4e36FR9/hJZ/GuGRQdRgF5S NiYR+Fu3P5p1f4Qe9IqKPhzlvYpZTuSJP+2onFzhWxCdArgC6fE/9V1K0Y46WWfd5V7Rz4 AJPhQsRQ59J0vaIBH75nabwKLoVNeSLLgNjNx1KgQpR0aDn7W9XuAzLLUDTS5MAVxo51lU 2beRU+ED/BMBRueSyZZK7BcH2xZoC5va6NkC8MdLxKYNxwR7ltPP6Jl1m+SYXqnF3qt18O OnW8hA/dJ4Goapl1f46dykiWqEYmrqBt7KYpMxmnAAAFmJ2nizqdp4s6AAAAB3NzaC1yc2 EAAAGBALzE689UWa/JxOwlFJn6WWHjscgNsM3VFm4LLBSNAsj3+7p3cvwR5CYtwxNUunow MeHGvLpffcIn1P+jKGE8xSGSWT7w93v7CkuciUf68qUlhI9nTv3uKBl8E6pTBYHjfFW3Oy cB0B56POt6wzDohehuIsQfPq2rZ0onW3AqFLtgA0pYzV657Tgjbg6/nblDgkzabtoQjlng Thx3bAIWPTZEchxSVnf539/OY/ewpS5x3Y+3eHt+hUff4SWfxrhkUHUYBeUjYmEfhbtz+a dX+EHvSKij4c5b2KWU7kiT/tqJxc4VsQnQK4AunxP/VdStGOOlln3eVe0c+ACT4ULEUOfS dL2iAR++Z2m8Ci6FTXkiy4DYzcdSoEKUdGg5+1vV7gMyy1A00uTAFcaOdZVNm3kVPhA/wT AUbnksmWSuwXB9sWaAub2ujZAvDHS8SmDccEe5bTz+iZdZvkmF6pxd6rdfDjp1vIQP3SeB qGqZdX+OncpIlqhGJq6gbeymKTMZpwAAAAMBAAEAAAGAKDCAyA58XcnGbERkw3eiig3RLv eDOf9xHBKy2tk+y4zIgmWmDHa+rUY27ymt3g/evuPyEHf+LVUPqzGQiktG6SPgbl8dQb8r 7Pcx3ypVeMWpGGL1VWjcDrj08uFkHchSE2nEZUSki6iYycXEQuhughLYwgqo7I6+mfIRLK s46L/DU5PefZl2IOqiJu+y49u0pSooSbMWq5nu526hhzw24hPme5MoJ7kCagLmE7j/IglK E6wLMbe5JplKtRj0VRO+Ew6bgEtOPMjoTZ35izrpDDcIBWQGMz0ivHCcGrAZ7Nl/AwgkKQ NkCd/SeCxXht+DxiLNsHJ3bkm/K+LCrAUm7VVkYJWMLwiV0WEcbf/Vy4eii2ShLLXu+3fQ /tesokvyEnuqyzrukVOpebWragIoVNPDjh7n6gOyqtlZjpRIz6AlmSN7uTF6RtRPHkbAP1 qHbZEn5KkUF6q2FC2wPL4yQDvNvWeIplKYXROc7YHA81lXRiTV3XZx6GfEG4NRTTVxAAAA wQDfRg6AB6cM8xcK01wyI4HdWTY650SpT5FlP7ttiaraxQ5eEcqx6FtBv+D3yspXk4QfO8 w/6Gn3cRtMEqvu4fG0hgIT72wnK38qyYkvcLhoqFtf8LOSOHinxhr4BZnpXtcuexMUphEu xl7MJuRvz+QdBIIn1ckpuxmT9+rBXfbKUvNl87CDeWYvXOJkLt41Y3Hhq0j0r53MraY32g MAtrfDEziRvKkyGI6aGb1GAsIlj6yv+oT4hV/ZrGin+Z9qq20AAADBAPtCOuLuZObjLQii OZVDVhBVdSQFxAj41KiDj13jfbnR4CmSGhaWAvPEaHkYLGcwvxzmtTobmdszL5XebJ2GcQ WdR+pbjNfbVWaPRel0qfygZ4npTc1uEZ1j7bG31pI3GmUEwCdT5JR3fD3GCb0FZjkqXsVQ rqIVe3WhTiq2fZ6C/OIoA5U65FkgkJ4rC+uBwK7904gdIVlnVlIHO5umGrLM4EjXNKj18b 0PdwRbTtviKKVNDKEiMLpHWIMhjEXKCQAAAMEAwFTRzIa8apCBBCqMXTkMQdrrDMWuO6EH qnGORATMjfNTlp9PFLNu4yB4GuWzFWZJDM2ry8jmziv0BEuePit0btDNYg4rP3OTlO1cpG SLbSUObc34DZPVrb47ehQRx8G3aQOembzrOfzGITpfxzoXuqjChrgj1tw0jwnT6kpTRTOB GkLJ/1TwYO7H0mxbNOwvIIKybHuHdJa6smKDSqZT4/LQsvCY4oJSUEPPlnJur/YE1Om0lp L0hrEtkgoX03IvAAAAHHptakB6aGFuZ2RlTWFjQm9vay1Qcm8ubG9jYWwBAgMEBQY= -----END OPENSSH PRIVATE KEY-----` var ( saveFile string ) func init() { flag.StringVar(&saveFile, "f", "file.txt", "filepath") } type Source struct { IP string `json:"ip"` Username string `json:"username"` Password string `json:"password"` } func (s *Source) String() string { b, _ := json.Marshal(s) return string(b) } func main() { flag.Parse() dir := filepath.Dir(saveFile) os.MkdirAll(dir, 0755) fi, err := os.OpenFile(saveFile, os.O_WRONLY|os.O_APPEND|os.O_CREATE, 0755) if err != nil { fmt.Println("openfile failed: ", err) return } defer fi.Close() buf := bufio.NewWriter(fi) defer buf.Flush() // 创建 SSH 服务器配置 config := &ssh.ServerConfig{ NoClientAuth: false, // 启用客户端认证 } // 生成 SSH 密钥对 privateKey, err := ssh.ParsePrivateKey([]byte(pk)) if err != nil { log.Fatalf("Failed to parse private key: %v", err) } config.AddHostKey(privateKey) // 添加用户身份验证 config.PasswordCallback = func(ctx ssh.ConnMetadata, password []byte) (*ssh.Permissions, error) { s := Source{ IP: ctx.RemoteAddr().String(), Username: ctx.User(), Password: string(password), } fmt.Fprintln(buf, s.String()) buf.Flush() fmt.Println(s.String()) return nil, errors.New("invalid password") } // 监听 22 端口 listener, err := net.Listen("tcp", ":22") if err != nil { log.Fatalf("Failed to listen on 22: %v", err) } log.Println("Listening on :22 ...") for { // 接受连接 conn, err := listener.Accept() if err != nil { log.Fatalf("Failed to accept connection: %v", err) } // 处理连接 go handleConnection(conn, config) } } func handleConnection(conn net.Conn, config *ssh.ServerConfig) { defer conn.Close() // 进行 SSH 握手 ssh.NewServerConn(conn, config) }  | 1 ltmst 362 天前 互联网蛐蛐盒子 |
 | 2 ochatokori 362 天前 via Android 你可能要找的是:ssh 蜜罐 |
 | 3 enjoying 32 天前 为啥不用证书登入,而不是密码登入 |
 | 5 htfcuddles 361 天前  1 闲得慌,正经人谁会开密码,证书随你攻击,要不把 RSA 也破了吧 |
 | 6 alect 360 天前 改端口+证书登录 |
 | 7 aarontian 358 天前 禁用密码+证书登陆+fail2ban 禁 ip 足矣,日常 22 端口,不怎么虚(记得不开 fail2ban 的时候我自己连 22 端口经常会被卡断) ssh 错误登陆默认都会写入 btmp 里,fail2ban 应该就是监听这个文件,通过 ipset+iptable 维持黑名单,成熟方案,你这做法绕远路了,而且还差一步封禁 |
Select Language