Hello! 欢迎来到小浪资源网!


SSH密码验证绕过


avatar
1986424546 2024-11-16 34

SSH密码验证绕过

1. 安装
➜  Desktop sudo yum install sshpass [sudo] password for xuyaowen:  Last metadata expiration check: 0:04:22 ago on Mon 02 Jul 2018 11:25:32 AM CST. Package sshpass-1.06-5.fc28.x86_64 is already installed, skipping. Dependencies resolved. Nothing to do. Complete! 

检查是否安装

[root@yaowenxu Desktop]# rpm -qa sshpass sshpass-1.06-5.fc28.x86_64 
2. 查看 sshpass 命令帮助, 也可以使用 man sshpass

View Code

[root@yaowenxu Desktop]# sshpass Usage: sshpass [-f|-d|-p|-e] [-hV] command parameters    -f filename   Take password to use from file    -d number     Use number as file descriptor for getting password    -p password   Provide password as argument (security unwise)    -e            Password is passed as env-var "SSHPASS"    With no parameters - password will be taken from stdin     -P prompt     Which string should sshpass search for to detect a password prompt    -v            Be verbose about what you're doing    -h            Show help (this screen)    -V            Print version information At most one of -f, -d, -p or -e should be used 
3. 使用密码验证登录
➜  ~ sshpass -p 123 ssh root@10.66.65.15 
4. ssh 第一次登录提示问题使用:

ssh -o StrictHostKeyChecking=no

来解决

➜  Desktop sshpass  -p 123 ssh -o StrictHostKeyChecking=no root@10.66.8.142 Warning: Permanently added '10.66.8.142' (ECDSA) to the list of known hosts. Last login: Mon Jul  2 10:51:29 2018 
5. 优缺点

优点: 快速,便捷

缺点: 密码明文暴露,可以使用 history 命令查找到

相关阅读