关于SSH入侵Regarding SSH Intrusion

DEAD TIDE

于 2024-08-16 16:20:54 发布

阅读量335

点赞数 10

分类专栏： SSH远程入侵文章标签： ssh 服务器网络

本文链接：https://blog.csdn.net/daihaon/article/details/141261386

版权

SSH远程入侵专栏收录该内容

1 篇文章 0 订阅

订阅专栏

SSH(Secure Shell)是一种加密的网络传输协议，允许用户通过网络安全地连接到远程计算机。在Kali Linux系统中，这种功能是自带的。

SSH (Secure Shell) is an encrypted network transmission protocol that allows users to securely connect to remote computers over a network. In the Kali Linux system, this feature is built-in.

相对于telnet而言，很显然SSH的实用性更强。SSH不局限于控制台登录，而是允许图形化登录。SSH主要依赖于加密技术来确保数据传输的安全性和完整性。主要有两种验证方式：密码认证和密钥认证。密码认证较为常见且方便，使用用户名和密码的方式登录，但安全性较低，容易被攻击者使用例如SQLmap等工具破解密码，盗取权限。而密钥认证会生成一对密钥，及公钥与私钥。公钥被放置在远程服务器上，私钥由用户保存。当用户尝试使用SSH连接远程服务器时，SSH会使用私钥加密数据，并将加密后的数据发送到服务器，服务器使用公钥进行解密。密钥认证较为安全，因为它在传输过程中使用了更好的加密，防范了中间人攻击等风险。

Compared to telnet, SSH is obviously more practical. SSH is not limited to console login, but allows graphical login. SSH mainly relies on encryption technology to ensure the security and integrity of data transmission. There are mainly two verification methods: password authentication and key authentication. Password authentication is common and convenient, using a username and password to log in, but its security is low and it is easy for attackers to use tools such as SQLmap to crack passwords and steal permissions. And key authentication generates a pair of keys, as well as public and private keys. The public key is placed on a remote server, and the private key is saved by the user. When a user attempts to connect to a remote server using SSH, SSH encrypts the data using a private key and sends the encrypted data to the server, which decrypts it using the public key. Key authentication is relatively secure because it uses better encryption during transmission, preventing risks such as man in the middle attacks.

而在Windows系统中，需要通过一些工具来完成SSH的连接（或入侵）。如PuTTY（下载地址https://putty.org/），FinalShell（下载地址http://www.hostbuf.com/t/988.html）等。但是建议下载Kali Linux操作系统，终端自带更多实用功能，黑客必备。

SSH入侵成功后，可以自由的控制肉鸡，因为SSH提供许多权限，还可以将肉鸡作为跳板机。不要忘了删日志哦！

In the Windows system, it is necessary to use some tools to complete SSH connection (or intrusion). Like PuTTY (download link) https://putty.org/ ）FinalShell (download link) http://www.hostbuf.com/t/988.html ）Wait. But it is recommended to download the Kali Linux operating system, as the terminal comes with more practical features and is a must-have for hackers. 
After successful SSH intrusion, the broiler can be freely controlled because SSH provides many permissions and can also use the broiler as a springboard. Don't forget to delete the log!