Use proxy smart line selection for obfuscation of ssh (obfuscated), sshobfuscated

Source: Internet
Author: User
Tags ping and traceroute ssh server

Use proxy smart line selection for obfuscation of ssh (obfuscated), sshobfuscated

I don't know what's wrong. Some Website access is always unstable, and the speed is not satisfactory (You know, huh, you know). There is always a furious attack and defense game. I recently learned obfuscated ssh, which was developed by the author for 08 years but has never been paid much attention to. Even openssh does not accept the submission by the author. However, no one knows where to go, coincidentally, due to the increasing strength of the motherland, the obfuscated ssh has been on fire in recent years, and it is still a mess. Not to mention, for more details, refer to google and baidu. The following section only describes the installation and use process.


Project address: https://github.com/aligo/obfuscated-openssh


If you compile and install ssh, it is best not to overwrite the existing version. It is easy to choose it for use. The main operation below is based on mac, it is said that ubuntu has been supported by default (not verified), and windows will not be able to install a potty.


1. The installation and configuration process for obfuscated ssh mac is as follows:

Download source code:

Https://github.com/brl/obfuscated-openssh/archive/master.zip

Configure parameters to set the new directory:

Login brl-obfuscated-openssh-ca93a2c./configure -- prefix =/usr/local/newssh -- sysconfdir =/etc/newssh

Make:

Creating brl-obfuscated-openssh-ca93a2c make


In mac, make seems to have encountered this problem, and the solution is simple:

Make clean first

Locate the 57 rows of Makefile and add-lresolv to the end. Then, execute make & make install

Drawing brl-obfuscated-openssh-ca93a2c cat-n Makefile | grep LDFLAGS =
57 LDFLAGS =-L.-Lopenbsd-compat/-fstack-protector-all-lresolv



After installation, the effect is as follows:



Usage:

/Usr/local/newssh/bin/ssh-fCN-Z obfuscate_keyword ssh_user_name @ ssh_server-p 110-D 127.0.0.1: 7070


In this way, a complete encrypted connection is established (the encryption of handshake is initialized and the encryption of ssh sessions). How can we choose the fastest server if there are multiple servers?


The point is, you can use ping, traceroute, and other detection methods to select the fastest server for connection (the essence is in the script below, read it by yourself ), then in combination with crontab regular detection proxy availability, automatic reconnection, ha ha, no, here only paste their own script, see the https://github.com/LaiJingli/fastproxy


➜ Fastproxy cat fastproxy_v2.sh
#! /Bin/bash


### Port forwarding support obfuscated ssh handshak using ssh as socks proxy server for fast access intranet web sites behind firewall from anywhere.
### By lai


### List of alternative servers
Ssh_servers = (vip01.tttt.cn
Vip02.tttt.cn
Vip03.tttt.cn
Vip04.tttt.cn
Vip05.tttt.cn
Vip06.tttt.cn
)
### List of alternative ports
Ssh_server_ports = (80 110 11231 10813)


### Ssh parameter Definitions
Ssh_user_name = sshuser1
Ssh_user_pass = 123456
Sshpass_cmd = "/bin/sshpass-p $ ssh_user_pass"
Ssh_obf_cmd = "/usr/local/newssh/bin/ssh-o StrictHostKeyChecking = no-p 110-fCND 127.0.0.1: 7070-Z keyworks"


### Define the ping return result format of the OS where the script is running
Ping_ OS _type_macos = "round-trip"
Ping_ OS _type_linux = "rtt"
Ping_ OS _type = $ ping_ OS _type_macos




####### The following content does not need to be modified. For custom parameters, see the variable definition section above.
### Parallel background detect which ssh server is the fastest according round-trip-time using ping and traceroute (for further support)
For I in 'seq 0 $ ($ {# ssh_servers [@]}-1) '; do
Ip =$ {ssh_servers [$ I]}
# Echo $ I $ ip
### Get the average round-trip-time
### Ping 3 times, interval 0.1 s, timeout 1 s
Ping-c 2-I 0.1-t 1 $ ip | grep $ ping_ OS _type | awk-F/'{print $5}'>/tmp/$ {ip} _ rtt. log 2> & 1 &
### Record the pid of each ping process so that you can determine whether the process has been completed early based on the pid
Pids [$ I] = $!
# Echo pid of $ ip $ {pids [$ I]}
Done




#### Cyclically check whether the pid function in the pids array is completed
Pids_length =$ {# pids [@]}
Array_check (){
For I in 'seq 0 $ ($ {# pids [@]}-1) '; do
# Echo ------------------------------------- array for loop ----------------------
If [$ {pids [$ I]} = 0]; then
Echo NULL>/dev/null
Else
#### Use ps to dynamically check whether the pid is over. If 0 is returned, the process is not over.
Ps aux | awk '{print $2}' | grep ^ $ {pids [$ I]} $2> & 1>/dev/null
Pidstatus = $?
### If pids is not exists, that indecates the process is over, and display execute result, clean respective array elements
If [$ pidstatus! = 0]; then
#### Print the execution result log after the process ends
Ip =$ {ssh_servers [$ I]}
Rtt = 'cat/tmp/$ {ip} _ rtt. Log'
Rtts [$ I] = $ rtt
Echo "[$ I] ping detect of $ {ssh_servers [$ I]} is over, and it's rtt is $ {rtts [$ I]} ms"
##### Reset the corresponding pid in the pids array to 0 at the same time
Pids [$ I] = 0
#### When the process ends, 200 is returned for further judgment
Return 200
Break
Fi
Fi
### Wait for 1 seconds to check whether the pids is over
# Sleep 0.1
Done
}




#### If the number of completed tasks complete_num is not equal to the length of the pids array, the loop continues until all tasks are completed.
Complete_num = 0
While [$ {complete_num }! =$ {Pids_length}]; do
# Echo ==================================== while loop ==== ==========================================
For (j = 0; j <$ {pids_length}; j ++); do
Array_check
#### Determine whether the number of complete_num increases based on the returned value of the array_check Function
If [$? = 200]; then
Complete_num =$ ($ {complete_num} + 1 ))
#### Print the number of completed recent tasks
Echo-e "\ 033 [35m \ 033 [05 m Ping Detect Report: complete_tasks/total_tasks: [$ {complete_num}/$ {pids_length}] \ 033 [0 m"
Fi
Done
Done




### Compare the server address with the smallest rtt Value
### Initialize the minimum average round-trip-time
Min_rtt = 10000.
For I in 'seq 0 $ ($ {# ssh_servers [@]}-1) '; do
Rtt =$ {rtts [$ I]}
### If the current rtt is smaller than the minimum min_rtt, min_rtt = $ rtt
If [[$ (echo "$ rtt <$ min_rtt" | bc) = 1]; then
Min_rtt = $ rtt
Min_ip =$ {ssh_servers [$ I]}
Fi
Done
Echo ------------------------------
Echo the fastest response time is $ min_rtt MS of $ min_ip, to connect this server, plese wait a moment ......




### Kill the ssh session if it's pid is exist.
# Ps aux | grep $ ssh_user_name
Ps aux | grep $ ssh_user_name | grep-v grep | awk '{system ("kill-9" $2 )}'
# Ps aux | grep $ ssh_user_name | grep-v grep | awk '{print $2)}' | xargs kill-9
# Echo ------------------------------
### Make connection to the fastest server
$ Sshpass_cmd $ ssh_obf_cmd $ ssh_user_name @ $ min_ip
Pidstatus = $?
If [[$ pidstatus = 0]; then
Echo Good luck, you have alredeay connect to the fastest server!
Else
Echo error occur, please check.
Fi
# Echo ------------------------------
Ps aux | grep $ ssh_user_name




➜ Fastproxy





Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.