Há um exemplo de pcap
arquivo aberto emwireshark
A segunda coluna é o tempo. É possível ver timestamps absolutos aqui em vez de relativos?
O que significa [MASCARADO]? Está relacionado ao proto websocket? Posso afirmar que xx7.151 iniciou o fechamento da conexão?
Eu preciso configurar o acesso root sem senha com ssh tectia. Eu fiz o seguinte:
*source_host*:/etc/opt/SSHtectia/keys/root
. Também criei o arquivo /etc/opt/SSHtectia/keys/root/identification
e especifiquei a chave privada lá.*target_host*:/etc/opt/SSHtectia/keys/root
. Também criei o arquivo /etc/opt/SSHtectia/keys/root/authorization
e especifiquei a chave pública lá. Quando tentei fazer login, vejo que a chave foi aceita, mas o login foi negado
Feb 25 11:52:42 targethost ssh-server-g3: 400 Connect, Policy name: connection, Src: sourcehost.my.domain,sourcehost, Src IP: x.x.7.131, Dst IFace: default, Dst IP: x.x.7.151, Src Port: 38158, Dst Port: 22, Ver: SSH-2.0-6.3.8.79 SSH Secure Shell, Session-Id: 288135
Feb 25 11:52:42 targethost ssh-server-g3: 1002 Algorithm_negotiation_success, "kex_algorithm=diffie-hellman-group1-sha1, hostkey_algorithm=ssh-rsa, cipher=aes128-cbc/aes128-cbc, mac=hmac-sha1/hmac-sha1, compression=none/none", Session-Id: 288135
Feb 25 11:52:42 targethost ssh-server-g3: 703 Auth_methods_available, Username: root, Auth methods: publickey, Session-Id: 288135
Feb 25 11:52:42 targethost ssh-server-g3: 707 Publickey_auth_success, Username: root, Algorithm: publickey, "The user's public key matched the key (/etc/opt/SSHtectia/keys/root/authorized_11.pub, fingerprint xozel-pezer-sacok-vunud-horim-ropuc-milaf-nobip-setuc-zedar-boxex/bd7afcbc846e24252f8b29181f3940ac771f49b0) in the user's authorization file (/etc/opt/SSHtectia/keys/root/authorization)", Session-Id: 288135
Feb 25 11:52:42 targethost ssh-server-g3: 700 Auth_method_success, Username: root, Auth method: publickey, Session-Id: 288135
Feb 25 11:52:42 targethost ssh-server-g3: 702 Auth_methods_completed, Username: root, Auth methods: publickey, Src IP: x.x.7.131, Src Port: 38158, Ver: SSH-2.0-6.3.8.79 SSH Secure Shell, Session-Id: 288135
Feb 25 11:52:42 targethost ssh-server-g3: 410 Login_success, Username: root, Src: sourcehost.my.domain,sourcehost, Src IP: x.x.7.131, Dst IFace: default, Dst IP: x.x.7.151, Src Port: 38158, Dst Port: 22, Ver: SSH-2.0-6.3.8.79 SSH Secure Shell, Session-Id: 288135
Feb 25 11:52:42 targethost ssh-server-g3: 420 Session_channel_open, Username: root, Error: Denied by policy, Command: shell, Sub ID: 0, Session-Id: 288135
Feb 25 11:52:42 targethost ssh-server-g3: 421 Session_channel_close, Username: root, Sub ID: 0, Session-Id: 288135
Feb 25 11:52:42 targethost ssh-server-g3: 412 Logout, Username: root, Reason: By application, Src: sourcehost.my.domain,sourcehost, Src IP: x.x.7.131, Dst IFace: default, Dst IP: x.x.7.151, Src Port: 38158, Dst Port: 22, "Connection discarded by broker, Remote Disconnect", Session-Id: 288135
Feb 25 11:52:42 targethost ssh-server-g3: 402 Disconnect, Reason: By application, Src: sourcehost.my.domain,sourcehost, Src IP: x.x.7.131, Dst IFace: default, Dst IP: x.x.7.151, Src Port: 38158, Dst Port: 22, "Connection discarded by broker, Remote Disconnect", Session-Id: 288135
Os logins sem senha não root estão funcionando bem.