Using one time password with ssh.

最新推荐文章于 2024-12-30 06:43:03 发布
最新推荐文章于 2024-12-30 06:43:03 发布
阅读量199 收藏
点赞数
分类专栏: debian 文章标签: SSH AIX IBM Security HTML
本文介绍了一种通过使用一次性密码(OTP)来增强SSH登录安全性的方法。文章详细描述了如何安装并配置必要的软件包,如libpam-otpw,并调整sshd_config文件设置以启用Challenge Response验证。此外,还提供了重启SSH服务的方法及额外的安全建议。

摘要生成于 C知道 ,由 DeepSeek-R1 满血版支持, 前往体验 >

With my host being public to internet, security now is the most concerning than it ever was.
So, first step, using one time password when login with ssh.

$ sudo apt-get install libpam-otpw

--- /etc/ssh/sshd_config ---
UsePrivilegeSeparation no
ChallengeResponseAuthentication yes
--- /etc/pam.d/sshd ---
#@include common-auth
auth required pam_otpw.so
session optional pam_otpw.so

~ $ optw-gen # Save the output!
$ sudo /etc/init.d/ssh restart

And here is some other tips:
http://www.ibm.com/developerworks/cn/aix/library/au-sshlocks/index.html?ca=drs-
运维系列(亲测有效):关于重装VPS系统后,SSH登录的问题
weixin_54626591的博客
02-01 1179
关于重装VPS系统后,SSH登录的问题
One-time Password-动态口令
来啊 快活啊
05-07 4369
TOTP: Time-based One-time Password Algorithm RFC 4226 One-Time Password and HMAC-based One-Time Password RFC 2104 HMAC Keyed-Hashing for Message Authentication 动态令牌-(OTP,HOTP,TOTP)-基本原理-必看 谷歌验证 (G...
Unable to negotiate with xxx.xxx.xxx.xxx port xxxxx: no matching key exchange method found
程永强
04-13 1384
Unable to negotiate with xxx.xxx.xxx.xxx port xxxxx: no matching key exchange method found
Using an ssh-agent, or how to type your ssh password once, safely.
loryliu的专栏
06-11 1100
If you work a lot on linux and use ssh often, you quicklyrealize that typing your password every time you connect to a remotehost gets annoying. Not only that, it is not the best solution in terms of
ssh免密登陆与git详解
weixin_47680367的博客
04-23 3616
root@zabbix-proxy .ssh]# scp /root/.ssh/id_rsa.pub root@192.168.220.128:/home/git/.ssh/authorized_keys #确保ssh服务器/home/git/.ssh/目录存在,scp是ssh的文件复制命令。参考文章:http://blog.itpub.net/70017844/viewspace-2909916/linux系统CentOS Linux release 7.9.2009 (Core)
python ssh模块设置超时_ssh超时时间设置(设置ClientAliveInterval),附SSH超详细参数...
weixin_39821604的博客
12-08 1068
AcceptEnvSpecifies what environment variables sent by the client will be copied into the session'senviron(7). SeeSendEnvinssh_config(5)for how to configure the client. TheTERMenvironment variab...
ssh 转发
勤不了一点
04-15 1442
ssh 一些转发配置与测试,SSH 命令的三种代理功能
关于 .ssh文件
miyangsoho的博客
04-25 3560
git clone git@192.168.1.235:operation/ihaozhuo.gitCloning into 'ihaozhuo'...git@192.168.1.235's password:Permission denied, please try again...
[转载] ssh medusa 2.0
BLOCKGOLD.E的博客
05-30 920
sudo ./configure --enable-module-ssh=yes 渗透linux环境的网络,口令破解是必不可少的。接下来介绍一款优秀的口令破解工具,首先先下载破解工具: medusa 是一款不错的口令破解软件,速度也不错,使用的时候,需要提供破解的ip,medusa本身不提供扫描功能,读取ip也只能为 单个ip,所以需要和nmap之类软件配合使用获取开...
• Install OpenSSH on one Linux VM, check the service status and then connect to it using the ssh client from the other Linux VM.
05-25
To install OpenSSH on a Linux VM, you can follow these steps: ...8. You should now be connected to the Linux VM via SSH. You can run commands on the remote machine as if you were logged in directly.
python语言paramiko库SSHClient类的部分使用理解
m0_66158540的博客
03-05 6079
SSHClient类打包了.Transport,.Channel,.SFTPClient来满足多方面的认证和传输的要求,下面来看看部分用法。 一、类实例化 ssh_client = paramiko.SSHClient() 实例化一个SSHClient类的对象。 实例化的时候做了些什么呢?查看一下paramiko版本2.8.1中的源码: def __init__(self): """ Create a new SSHClient. """ self._syst
VS Code SSH 远程连接时断时续 / 不稳定问题排查
u013669912的博客
12-30 3531
……
我的代码如下,然后这个代码运行是能正常运行的,但我用pyinstaller进行打包pyinstaller --onefile \ --hidden-import=secrets \ --hidden-import=asyncio \ --hidden-import=oracledb.thin_impl \ --hidden-import=oracledb.base_impl \ --hidden-import=oracledb.constants \ --hidden-import=uuid \ test2.py ,打包之后的文件就显示oracle连接失败 #!/usr/bin/env python3 # -*- coding: utf-8 -*- import paramiko import re import sys import time import oracledb import traceback class NetworkInfoQuery: def __init__(self): # SSH connection settings self.aggregator_ip = '172.31.200.100' self.auth = { 'user': 'monitor', 'passwd': '#$12Bcl185Hadmin' } self.timeout = 25 self.buffer_size = 65535 self.device_type = None # Oracle database configuration self.db_config = { 'user': 'zhujh', 'password': 'zhujh20250422', 'host': '10.126.25.137', 'port': 1521, 'service_name': 'nodepdb1' } def decrement_ip(self, ip): """Decrement the last octet of an IPv4 address""" print(f"\n[DEBUG] Original WAN IP: {ip}") parts = list(map(int, ip.split('.'))) parts[-1] -= 1 adjusted_ip = '.'.join(map(str, parts)) print(f"[DEBUG] Adjusted WAN IP: {adjusted_ip}") return adjusted_ip # ========== SSH/Network Methods ========== def create_connection(self, host): """Establish SSH connection to network device""" print(f"\n[SSH] Connecting to {host}...") client = paramiko.SSHClient() client.set_missing_host_key_policy(paramiko.AutoAddPolicy()) try: client.connect( host, username=self.auth['user'], password=self.auth['passwd'], timeout=self.timeout ) print(f"[SSH] Connected to {host} successfully") return client except Exception as e: print(f"\n[SSH ERROR] Connection to {host} failed: {str(e)}") traceback.print_exc() sys.exit(1) def get_next_hop(self, target_ip): """Retrieve next hop from aggregation switch""" print("\n[PHASE 1] Querying aggregation switch routing table...") with self.create_connection(self.aggregator_ip) as conn: cmd = f"display ip routing-table {target_ip}" print(f"[CMD] Executing: {cmd}") _, stdout, stderr = conn.exec_command(cmd, get_pty=True) output = stdout.read().decode() + stderr.read().decode() print("[DEBUG] Parsing next hops...") hops = re.findall(r'\d+\.\d+\.\d+\.\d+(?=\s+\S+\s*$)', output, re.M) if hops: print(f"[RESULT] Next hops identified: {hops}") return hops[0] print("\n[ERROR] No valid next hop found in routing table") sys.exit(1) def retrieve_wan_ip(self, next_hop, target_ip): """Obtain WAN IP from head router""" self.device_type = None print(f"\n[PHASE 2] Connecting to head router {next_hop}...") with self.create_connection(self.aggregator_ip) as conn: channel = conn.invoke_shell() channel.settimeout(30) print("[SSH] Starting interactive session...") output = self.handle_ssh_flow(channel, next_hop, target_ip) return self.parse_routing_output(output, self.device_type) def handle_ssh_flow(self, channel, next_hop, target_ip): """Manage SSH jump with corrected prompt sequence""" buffer = "" # Initiate SSH connection print(f"[SSH] Jumping to {next_hop}...") channel.send(f"ssh {next_hop}\n") buffer += self.wait_for_match(channel, ['Username:'], 10) # Send username print("[AUTH] Sending username...") channel.send(f"{self.auth['user']}\n") buffer += self.wait_for_match(channel, ['[Y/N]', 'Password:'], 10) # Handle authentication prompts if '[Y/N]' in buffer: print("[SSH] Handling key verification...") channel.send("y\n") time.sleep(1) buffer += self.wait_for_match(channel, ['[Y/N]'], 8) if '[Y/N]' in buffer: channel.send("y\n") time.sleep(1) buffer += self.wait_for_match(channel, ['Password:'], 5) # Send password print("[AUTH] Sending password...") time.sleep(0.5) channel.send(f"{self.auth['passwd']}\n") buffer += self.wait_for_match(channel, ['>', '#'], 10) last_line = buffer.split('\n')[-1].strip() if '>' in last_line: self.device_type = 'H3C' cmd = f"display ip routing-table {target_ip}\n" elif '#' in last_line: self.device_type = 'Ruijie' cmd = f"show ip route {target_ip}\n" else: print("\n[ERROR] Unable to determine device type from prompt") sys.exit(1) print(f"[DEVICE] Identified as {self.device_type} device") # Execute target command print(f"[CMD] Executing: {cmd.strip()}") time.sleep(0.5) channel.send(cmd) buffer += self.wait_for_match(channel, ['>', '#'], 10) # Terminate connection print("[SSH] Closing connection...") time.sleep(0.5) channel.send("quit\n") buffer += self.wait_for_match(channel, ['>'], 5) return buffer def wait_for_match(self, channel, triggers, timeout): """Wait for specified patterns in response""" buffer = "" start = time.time() print(f"[SSH] Waiting for triggers: {triggers}") while time.time() - start < timeout: if channel.recv_ready(): data = channel.recv(self.buffer_size).decode('utf-8', 'ignore') buffer += data print(f"[DEVICE] {data.strip()}") for trigger in triggers: if trigger.lower() in data.lower(): print(f"[SSH] Trigger matched: {trigger}") return buffer time.sleep(0.5) print("[WARNING] Trigger timeout reached") return buffer def parse_routing_output(self, output, device_type): """Extract valid WAN IP from routing table""" print("\n[DEBUG] Parsing routing table output...") valid_ips = [] try: if device_type == 'H3C': pattern = r''' \b(\d+\.\d+\.\d+\.\d+/\d+) \s+(O_INTRA|Direct|O_INTER) \s+\d+\s+\d+\s+ (\d+\.\d+\.\d+\.\d+) \s+(?!InLoop)\S+ ''' matches = re.findall(pattern, output, re.VERBOSE) valid_ips = [match[2] for match in matches if match[2] != "127.0.0.1"] elif device_type == 'Ruijie': pattern = r''' Routing\s+Descriptor\s+Blocks:.*? (\d+\.\d+\.\d+\.\d+) ''' matches = re.findall(pattern, output, re.DOTALL | re.VERBOSE) valid_ips = [ip for ip in matches if ip != "0.0.0.0"] if valid_ips: print(f"[RESULT] Valid WAN IPs found: {valid_ips}") return valid_ips[0] except Exception as e: print(f"\n[PARSE ERROR] Routing table parsing failed: {str(e)}") traceback.print_exc() print("\n[ERROR] No valid WAN IP detected in routing output", f"\nDevice Type: {device_type}", f"\nOutput:\n{output}") sys.exit(1) # ========== Database Methods ========== def get_db_connection(self): """Create Oracle database connection without client""" print("\n[DATABASE] Connecting using Thin mode...") try: dsn = f"{self.db_config['host']}:{self.db_config['port']}/{self.db_config['service_name']}" conn = oracledb.connect( user=self.db_config['user'], password=self.db_config['password'], dsn=dsn, mode=THIN ) print("[DATABASE] Thin mode connection successful") return conn except Exception as e: print("\n[DATABASE ERROR] Connection failed:") print(f"Error Type: {type(e).__name__}") print(f"Details: {str(e)}") print("Troubleshooting:") print(f"1. Verify network connectivity to {self.db_config['host']}:{self.db_config['port']}") print("2. Check username/password validity") print("3. Validate service name configuration") traceback.print_exc() return None def query_network_info(self, head_ip): """Query network information by router IP""" print(f"\n[PHASE 3] Querying database for {head_ip}...") conn = self.get_db_connection() if not conn: return None cursor = None try: cursor = conn.cursor() sql = """ SELECT line_no, inst_name, inst_addr FROM repair.tb_line_wan WHERE router_ip = :1 """ print(f"[SQL] Executing query: {sql.strip()}") cursor.execute(sql, (head_ip,)) columns = [col[0].lower() for col in cursor.description] results = [dict(zip(columns, row)) for row in cursor] print(f"[RESULT] Found {len(results)} records") return results except oracledb.Error as e: print(f"\n[SQL ERROR] Query failed: {e}") traceback.print_exc() return None finally: if cursor: cursor.close() if conn: conn.close() def is_valid_ip(self, ip): """Validate IPv4 address""" if not re.match(r'^\d+\.\d+\.\d+\.\d+$', ip): print(f"[VALIDATION] Invalid IP format: {ip}") return False try: parts = list(map(int, ip.split('.'))) if all(0 <= p <= 255 for p in parts): return True print(f"[VALIDATION] IP octet out of range: {ip}") return False except ValueError: print(f"[VALIDATION] Invalid IP components: {ip}") return False # ========== Main Workflow ========== def get_network_info_by_local_ip(self, target_ip): """Main workflow: from local IP to network info""" print("\n" + "="*40) print(f"Starting query for {target_ip}") print("="*40) if not self.is_valid_ip(target_ip): print("\n[VALIDATION ERROR] Invalid IP address") return None try: # Phase 1: Get gateway IP print("\n=== Phase 1: Next Hop Query ===") gateway = self.get_next_hop(target_ip) # Phase 2: Get WAN IP print("\n=== Phase 2: WAN IP Retrieval ===") wan_ip = self.retrieve_wan_ip(gateway, target_ip) adjusted_wan_ip = self.decrement_ip(wan_ip) # Phase 3: Database Query print("\n=== Phase 3: Database Query ===") results = self.query_network_info(adjusted_wan_ip) return { 'target_ip': target_ip, 'head_ip': adjusted_wan_ip, 'network_info': results } except Exception as e: print(f"\n[CRITICAL ERROR] Process failed: {str(e)}") traceback.print_exc() sys.exit(1) def display_results(result): """Display query results""" if not result: print("\n[RESULT] No data returned from query") return print("\n" + "="*40) print("Final Results") print("="*40) if not result['network_info']: print(f"\nNo records found for WAN IP: {result['head_ip']}") return print(f"\nTarget IP: {result['target_ip']}") print(f"WAN Router IP: {result['head_ip']}") print(f"Found {len(result['network_info'])} record(s):") for idx, info in enumerate(result['network_info'], 1): print(f"\nRecord #{idx}:") print(f"Line Number: {info['line_no']}") print(f"Institution Name: {info['inst_name']}") print(f"Institution Address: {info['inst_addr']}") def get_user_input(): """Get IP address from user input""" print("\n" + "="*40) print("Network Information Query System") print("="*40) while True: try: target_ip = input("\nEnter LAN IP address: ").strip() if target_ip: return target_ip print("Invalid input: Empty value") except KeyboardInterrupt: print("\n\nOperation cancelled by user") sys.exit(0) if __name__ == "__main__": try: target_ip = get_user_input() query = NetworkInfoQuery() result = query.get_network_info_by_local_ip(target_ip) display_results(result) except Exception as e: print(f"\n[SYSTEM ERROR] Unexpected error: {str(e)}") traceback.print_exc() sys.exit(1) finally: print("\n" + "="*40) print("Query process completed") print("="*40 + "\n")
05-13
connection = oracledb.connect(user="username", password="pwd", dsn="host:port/service_name") ``` - **关键点**:`THIN`是`oracledb`模块的属性,直接使用会触发NameError(需确保已`import oracledb`)[^1] #...
嵌入式C语言从入门到精通视频教程.zip
08-21
目录: 1.1C语言会被淘汰吗?.mp4 1.2 如何成为嵌入式高手.mp4 1.3 搭建开发环境.mp4 1.4初识程序结构.mp4 1.5单片机程序的编译与运行简介.mp4 2.1 单片机中数据表现形式.mp4 2.2 为什么要引入数据类型.mp4 2.3 为什么要使用C99的整数类型.mp4 2.4 sizeof用法.mp4 2.5 GPIO输出速度影响什么.mp4 2.5 负数的二进制表现形式.mp4 2.6 变量的用法与注意事项.mp4 2.7 浮点型数据类型 2.8 一个字符引入的BUG 2.9 浮点数应用注意事项 2.10 为什么要引入ASCII码 3.1 C语言有哪些运算符 3.2 算数运算符及应用案例 3.3 算数复合赋值运算符 3.4 增1和减1运算符及应用案例 3.5 单片机是如何控制外设的 3.6 牢记位运算符的口诀 3.7 逻辑移位与算数移位的区别 3.8 左移右移位运算应用案例 3.9 位运算应用案例1.mp4 3.10 位运算应用案例2 .mp4 4.1 printf的基本用法.mp4 4.2 printf的精细格式控制.mp4 4.3 printf输出转义序列.mp4 5.1数据运算的类型转换.mp4 5.2数据截断和数据扩充的规则.mp4 5.3数据扩充的应用案例和总结.mp4 5.4数据运算发生溢出的危害.mp4 5.5 数据扩充案例.mp4 5.6 24000000U中的U是做什么用的?.mp4 6.1 bool数据类型.mp4 ............ 网盘文件永久链接
该课题为基于Matlab的人脸考勤系统。如果需要硬件结合的话,可以调取摄像头。带有人机交互界面。可以在人机交互界面的基础之上,进行相应的拓展。人脸库可以使用您自己的真实人脸库。(11).zip
08-21
该课题为基于Matlab的人脸考勤系统。如果需要硬件结合的话,可以调取摄像头。带有人机交互界面。可以在人机交互界面的基础之上,进行相应的拓展。人脸库可以使用您自己的真实人脸库。(11).zip
该课题为基于Matlab的运动目标跟踪系统。可以实时框定运动目标。对运动目标的行为做识别。带有人机交互界面,需要在人机交互界面的基础上进行拓展(12).zip
08-21
该课题为基于Matlab的运动目标跟踪系统。可以实时框定运动目标。对运动目标的行为做识别。带有人机交互界面,需要在人机交互界面的基础上进行拓展(12).zip
毫米波MIMO系统中基于凹度近似的功率分配.zip
08-21
1.版本:matlab2014a/2019b/2024b 2.附赠案例数据可直接运行。 3.代码特点:参数化编程、参数可方便更改、代码编程思路清晰、注释明细。 4.适用对象:计算机,电子信息工程、数学等专业的大学生课程设计、期末大作业和毕业设计。
该课题为基于Matlab的运动目标跟踪系统。可以实时框定运动目标。对运动目标的行为做识别。带有人机交互界面,需要在人机交互界面的基础上进行拓展(21).zip
最新发布
08-21
该课题为基于Matlab的运动目标跟踪系统。可以实时框定运动目标。对运动目标的行为做识别。带有人机交互界面,需要在人机交互界面的基础上进行拓展(21).zip
Redirecting to /bin/systemctl start ssh.service Failed to start ssh.service: Unit ssh.service not found.
05-21
This error message indicates that the SSH service is not installed on your system or has been removed....After completing these steps, you should be able to connect to your Linux system using SSH.
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值