Upload
others
View
3
Download
0
Embed Size (px)
Citation preview
UnderstandingVPSSecurityviaSSH
PatPannuto/MarcusDarden/CameronGagnon(fortoday!)
Today'sDefinitions-VPS
Today'sDefinitions-VPS
-PAM
Today'sDefinitions-VPS
-PAM
-SPAM
Today'sDefinitions-VPS
-PAM
-SSH
ReallyToday'sDefinitions-VirtualPrivateServers(VPS)
-PluggableAuthenticationModules(PAM)
-SecureSHell(SSH)
ReallyToday'sDefinitions-VirtualPrivateServers(VPS)
Homework1!
-PluggableAuthenticationModules(PAM)
-SecureSHell(SSH)
ReallyToday'sDefinitions-VirtualPrivateServers(VPS)
Homework1!
-PluggableAuthenticationModules(PAM)
-SecureSHell(SSH)Matt'spostonPiazza!
NowYouKnow
Project'sGoal-Showusthepasswordsofpeople(orprograms)tryingtoauthenticatetotheVirtualPrivateServer
Project'sGoal-Showusthepasswordsofpeople(orprograms)tryingtoauthenticatetotheVirtualPrivateServer
Lecture'sGoal-Showhowknowledgefromthisclasscanbeapplied
SettingupaVirtualPrivateServer-Whatdoyoudowhenyoufirstsetupanewcomputer,phone,orpersonaldevice?
SettingupaVirtualPrivateServer-Whatdoyoudowhenyoufirstsetupanewcomputer,phone,orpersonaldevice?
DotfilesHomework12!
SettingupaVirtualPrivateServer-Whatdoyoudowhenyoufirstsetupanewcomputer,phone,orpersonaldevice?
DotfilesHomework12!
~/.ssh/config
Hostc4cs-lecture
Hostname138.236.11.81
Userroot
IdentityFile~/.ssh/id_rsa_do_pnu
RegularandAdvancedHomework12
Let'sdiveinhttps://github.com/cameron-gagnon/ssh_pass_logging
MakeandMakefilesHomework7!
InstallingthePAMmoduleWheredidwelearnhowprogramsgetconfigurationinformation?
InstallingthePAMmoduleWheredidwelearnhowprogramsgetconfigurationinformation?
Lecture3!
InstallingthePAMmoduleWheredidwelearnhowprogramsgetconfigurationinformation?
Lecture3!
AlternativestoaPAMmoduleInstallandcompileOpenSSHfromsourcewhileaddingthispatch.Wouldgettotieinpackagemanagers(Week12!)
Scripting#fromcreate_initial_users.sh
#listofsomedefaultusernamestoadd
whileIFS=''read-ruser||[[-n"$user"]];
do
./honeypot_user.sh"$user"
done<"usernames.txt"
RegularandAdvancedHomework3AdvancedHomework6
PipingcommandsFromLecture6
ifconfigenp0s3|grep'inet'|tr-s"[:space:]"":"|cut-d":"-f4
Fromthe Makefile
cat/var/log/passwords|cut-d';'-f3|grep-vE
'^[[:cntrl:]]|^[[:space:]]*$$'|cut-d=-f2|tr-d''|sort|uniq|
tee-ausernames.txt
SecurityWhattodoaboutalltheseattempts?
Configuresettingsin /etc/ssh/sshd_config topreventpasswordbasedauthenticationfail2ban
Attendance
Questions?