Windows LiveWindows Live
 
 
鑫's profile我在Node的日子PhotosBlogLists Tools Help

Blog
    12 August

    Using AAA to authenticate SSH connection

     
    1. Capture the management session :
      access-list SSH_AUTH extended permit tcp 192.168.168.0 255.255.255.0 interface INSIDE eq ssh
    2. Allow inside clients to initiate SSH session
      ssh 192.168.168.0 255.255.255.0 INSIDE
    3. Define AAA server to authenticate SSH traffic
      aaa-server TACACS+ protocol tacacs+
      aaa-server TACACS+ host 192.168.168.21
      aaa authentication match SSH_AUTH INSIDE TACACS+
    SSH0: SSH client: IP = '192.168.168.79' interface # = 2
    SSH: host key initialised
    SSH0: starting SSH control process
    SSH0: Exchanging versions - SSH-1.5-Cisco-1.25
    SSH0: send SSH message: outdata is NULL
    server version string:SSH-1.5-Cisco-1.25SSH0: receive SSH message: 83 (83)
    SSH0: client version is - SSH-1.5-SecureCRT_5.0.0 (build 930) SecureCRT
    client version string:SSH-1.5-SecureCRT_5.0.0 (build 930) SecureCRTSSH0: begin server key generation
    SSH0: complete server key generation, elapsed time = 1640 ms
    SSH0: declare what cipher(s) we support:
    00 0x00 0x00 0x04 0xSSH0: send SSH message: SSH_SMSG_PUBLIC_KEY (2)
    SSH0: SSH_SMSG_PUBLIC_KEY message sent
    SSH0: receive SSH message: SSH_CMSG_SESSION_KEY (3)
    SSH0: SSH_CMSG_SESSION_KEY message received - msg type 0x03, length 144
    SSH0: client requests DES cipher: 2
    SSH: scb created 0x25aadb0, size 104
    SSH0: send SSH message: SSH_SMSG_SUCCESS (14)
    SSH0: keys exchanged and encryption on
    SSH0: receive SSH message: SSH_CMSG_USER (4)
    SSH0: authentication request for userid joey_ssh
    SSH(joey_ssh): user authen method is 'no AAA', aaa server group ID = 0
    SSH0: invalid userid joey_ssh
    SSH0: send SSH message: SSH_SMSG_FAILURE (15)
    SSH0: receive SSH message: SSH_CMSG_AUTH_PASSWORD (9)
    SSH0: send SSH message: SSH_SMSG_FAILURE (15)
    SSH0: receive SSH message: SSH_CMSG_AUTH_PASSWORD (9)
    SSH0: send SSH message: SSH_SMSG_FAILURE (15)
    SSH0: receive SSH message: SSH_CMSG_AUTH_PASSWORD (9)
    SSH0: authentication failed for joey_ssh
    SSH0: send SSH message: SSH_MSG_DISCONNECT (1)
    SSH0: Session disconnected by SSH server - error 0x0d "Rejected by server"
     
    The above approach is incorrect , because any kinds of session, like telnet,ssh,http, points to PIX itself only could be authenticated by using
    aaa authentication ssh console TACACS+ . instead of access-list SSH_AUTH extended permit tcp 192.168.168.0 255.255.255.0 interface INSIDE eq ssh
     
    SSH0: SSH client: IP = '192.168.168.79' interface # = 2
    SSH: host key initialised
    SSH0: starting SSH control process
    SSH0: Exchanging versions - SSH-1.5-Cisco-1.25
    SSH0: send SSH message: outdata is NULL
    server version string:SSH-1.5-Cisco-1.25SSH0: receive SSH message: 83 (83)
    SSH0: client version is - SSH-1.5-SecureCRT_5.0.0 (build 930) SecureCRT
    client version string:SSH-1.5-SecureCRT_5.0.0 (build 930) SecureCRTSSH0: begin server key generation
    SSH0: complete server key generation, elapsed time = 1870 ms
    SSH0: declare what cipher(s) we support:
    00 0x00 0x00 0x04 0xSSH0: send SSH message: SSH_SMSG_PUBLIC_KEY (2)
    SSH0: SSH_SMSG_PUBLIC_KEY message sent
    SSH0: receive SSH message: SSH_CMSG_SESSION_KEY (3)
    SSH0: SSH_CMSG_SESSION_KEY message received - msg type 0x03, length 144
    SSH0: client requests DES cipher: 2
    SSH: scb created 0x25aab00, size 104
    SSH0: send SSH message: SSH_SMSG_SUCCESS (14)
    SSH0: keys exchanged and encryption on
    SSH0: receive SSH message: SSH_CMSG_USER (4)
    SSH0: authentication request for userid joey_ssh
    SSH(joey_ssh): user authen method is 'use AAA', aaa server group ID = 3
    SSH0: send SSH message: SSH_SMSG_FAILURE (15)
    SSH0: receive SSH message: SSH_CMSG_AUTH_PASSWORD (9)
    Resetting 192.168.168.21's numtries
    SSH0: send SSH message: SSH_SMSG_SUCCESS (14)
    SSH0: authentication successful for joey_ssh
    SSH0: receive SSH message: SSH_CMSG_MAX_PACKET_SIZE (38)
    SSH0: setting max outbound packet size 4096
    SSH0: send SSH message: SSH_SMSG_SUCCESS (14)
    SSH0: receive SSH message: SSH_CMSG_REQUEST_PTY (10)
    SSH0: send SSH message: SSH_SMSG_SUCCESS (14)
    SSH0: receive SSH message: SSH_CMSG_EXEC_SHELL (12)
    SSH0: starting exec shell
    4:20 PM | Add a comment | Permalink | Blog it | Cisco
    31 July

    PIX爱之初

     

    PIX爱之初

     

     

    帐户                    我在Node的日子

     

    1.       How to enable physical port on PIX515 Version6.3 ?

    a)        Ip add <hardware_id> x.x.x.x x.x.x.x

    b)        Interface <hardware_id> <speed_mode>

    2.       Once PIX receives packets that have been fragmented , it will virtually reassemble them so that original packets could be checked.  meanwhile this feature lead a DOS threat , a malicious guy could send endless fragmented packets and PIX will store these junk packets till exhaust its memory resource.

    Firewall(config)# fragment size database-limit [if_name]

     

    3.      how to create route-on-stick on PIX ?

    4.      VLAN hopping-----------------explanation :

    The key point of this exploitation is that the Outside VLAN equals to the native VLAN of the Inside Trunk.

     

        

    5:42 PM | Add a comment | Permalink | Blog it | Cisco