CN114866455A - Construction method, system, terminal and medium for SSH multi-level jump path - Google Patents
Construction method, system, terminal and medium for SSH multi-level jump path Download PDFInfo
- Publication number
- CN114866455A CN114866455A CN202210405407.7A CN202210405407A CN114866455A CN 114866455 A CN114866455 A CN 114866455A CN 202210405407 A CN202210405407 A CN 202210405407A CN 114866455 A CN114866455 A CN 114866455A
- Authority
- CN
- China
- Prior art keywords
- ssh
- variable parameter
- initial
- level
- information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000010276 construction Methods 0.000 title claims description 16
- 238000000034 method Methods 0.000 claims abstract description 22
- 238000004590 computer program Methods 0.000 claims description 21
- 230000009191 jumping Effects 0.000 description 5
- 230000000153 supplemental effect Effects 0.000 description 3
- 230000000295 complement effect Effects 0.000 description 2
- 230000006870 function Effects 0.000 description 2
- 238000012544 monitoring process Methods 0.000 description 2
- 230000004044 response Effects 0.000 description 2
- 238000003491 array Methods 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L45/00—Routing or path finding of packets in data switching networks
- H04L45/02—Topology update or discovery
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
- H04L69/26—Special purpose or proprietary protocols or architectures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2463/00—Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
- H04L2463/146—Tracing the source of attacks
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computing Systems (AREA)
- Computer Security & Cryptography (AREA)
- Stored Programmes (AREA)
Abstract
The application relates to a method, a system, a terminal and a medium for constructing SSH multi-level jump paths, wherein the method comprises the following steps: acquiring target variable parameters of an SSH client; performing initial configuration on the target variable parameter based on an SSH service end to obtain an initial variable parameter; after the first device jumps to the (N + 1) th device through the N-level SSH, obtaining N-level connection information through the (N + 1) th SSH server, wherein N is an integer greater than or equal to 2; performing supplementary configuration on the N-1 variable parameter based on the N-level connection information to obtain an Nth variable parameter; and taking the initial variable parameter or the Nth variable parameter as SSH multi-level jump path information. The method and the device have the effect of realizing tracing of the source-tracing SSH multi-stage jump path under the condition that original components of the existing SSH client and the existing SSH server are not changed.
Description
Technical Field
The present application relates to the field of information security technologies, and in particular, to a method, a system, a terminal, and a medium for constructing an SSH multi-level hop path.
Background
The SSH full spelling is a Secure Shell, is a protocol specially used for providing security for remote login session and other network services, and can effectively prevent the information leakage problem in the remote management process by utilizing the SSH protocol.
Some users perform jump login among different devices through an SSH protocol, and in order to ensure the security of a network environment, a jump path needs to be traced.
At present, the SSH jumping and tracing monitoring means is generally realized by modifying code logic of an SSH client and an SSH server of the system, and components and working processes of the existing SSH client and the existing SSH server are damaged, so that the monitoring is troublesome.
Disclosure of Invention
In order to facilitate tracing of the SSH multi-level jump path, the application provides a construction method, a system, a terminal and a medium of the SSH multi-level jump path.
In a first aspect, the present application provides a method for constructing an SSH multi-level jump path, which adopts the following technical scheme:
a construction method of an SSH multi-level jump path comprises the following steps:
acquiring target variable parameters of an SSH client;
performing initial configuration on the target variable parameter based on an SSH service end to obtain an initial variable parameter;
when the SSH jump login is not performed, the initial variable parameter is a null value;
when the first equipment jumps to the second equipment through the level 1 SSH, the initial variable parameters are sent to a second SSH server through the first SSH client;
acquiring first-level connection information through the second SSH server;
performing supplementary configuration on the initial variable parameter based on the primary connection information to obtain a first variable parameter;
after the first device jumps to the (N + 1) th device through the N-level SSH, obtaining N-level connection information through the (N + 1) th SSH server, wherein N is an integer greater than or equal to 2;
performing supplementary configuration on the N-1 variable parameter based on the N-level connection information to obtain an Nth variable parameter;
and taking the initial variable parameter or the first variable parameter or the Nth variable parameter as SSH multi-level jump path information.
By adopting the technical scheme, when a user jumps to log in different equipment each time, the current connection information is acquired, the initial variable parameter is updated according to the connection information, the Nth variable parameter is finally obtained, the connection information at each time can be acquired by analyzing the Nth variable parameter, and then the SSH multi-level jump path can be determined.
Optionally, the initial configuration of the target variable parameter based on the SSH server to obtain an initial variable parameter includes the following steps:
acquiring matching parameters from the SSH server;
and carrying out initial configuration on the target variable parameters based on the matching parameters to obtain initial variable parameters.
By adopting the technical scheme, the SSH protocol sends data to the server through the client, so that the matching parameters are obtained from the SSH server, the target variable parameters are configured according to the matching parameters, the characteristics of the SSH are adapted, and the response connection of the SSH server is facilitated.
Optionally, the first-level connection information includes first flag information of the first device and second flag information of the second device, and the N-level connection information includes nth flag information of the nth device and N +1 th flag information of the N +1 th device.
By adopting the technical scheme, the two devices for jumping and logging can be recorded by acquiring the connection information, so that the SSH multi-level jumping path can be determined subsequently.
Optionally, the obtaining of the first-level connection information by the second SSH server includes the following steps:
acquiring the initial variable parameter through the second SSH server;
and acquiring first mark information and second mark information through the second SSH server based on a preset script.
In a second aspect, the present application further provides a system for constructing an SSH multi-level jump path, which adopts the following technical solution:
a construction system of SSH multi-level jump path comprises an initialization module, a sending module, an acquisition module, a processing module and an output module, wherein the sending module is connected with the initialization module, the acquisition module is connected with the sending module, the processing module is connected with the acquisition module, and the output module is connected with the initialization module and the processing module:
the initialization module is used for acquiring a target variable parameter of the SSH client, and performing initial configuration on the target variable parameter based on the SSH server to obtain an initial variable parameter;
when the SSH jump login is not performed, the initial variable parameter is a null value;
when the first device jumps to the second device via the level 1 SSH:
the sending module is used for sending the initial variable parameters to a second SSH server through the first SSH client;
the acquisition module is used for acquiring primary connection information through the second SSH server;
the processing module is used for performing supplementary configuration on the initial variable parameter based on the primary connection information to obtain a first variable parameter;
after the first device jumps to the N +1 th device after the N-level SSH:
the obtaining module is further configured to obtain N-level connection information through the N +1 SSH server, where N is an integer greater than or equal to 2;
the processing module is further configured to perform supplementary configuration on the (N-1) th variable parameter based on the N-level connection information to obtain an Nth variable parameter;
and the output module is used for taking the initial variable parameter or the first variable parameter or the Nth variable parameter as SSH multi-level jump path information and outputting the SSH multi-level jump path information.
Through adopting above-mentioned technical scheme, when the user jumps and logs in different equipment at every turn, the acquisition module acquires the connection information of current time, processing module updates initial variable parameter according to connection information, finally obtains nth variable parameter, through analyzing nth variable parameter, can acquire connection information at every turn, then can confirm SSH multistage jump route, compare in prior art, can be under the condition that does not change current SSH customer end and the original subassembly of SSH server, realize tracing to source SSH multistage jump's tracking, it is very convenient.
Optionally, the initialization module includes an obtaining unit and a configuration unit, and the configuration unit is connected to the obtaining unit;
the initial acquisition unit is used for acquiring target variable parameters of an SSH client and acquiring matching parameters from the SSH server;
and the initial configuration unit is used for carrying out initial configuration on the target variable parameters based on the matching parameters to obtain initial variable parameters.
By adopting the technical scheme, the SSH protocol sends data to the server through the client, so that the initial acquisition unit acquires the matching parameters from the SSH server, and the initial configuration unit configures the target variable parameters according to the matching parameters, thereby adapting to the characteristics of the SSH and facilitating the response connection of the SSH server.
Optionally, the first-level connection information includes first flag information of the first device and second flag information of the second device, and the N-level connection information includes nth flag information of the nth device and N +1 th flag information of the N +1 th device.
By adopting the technical scheme, the two devices for jumping and logging can be recorded by acquiring the connection information, so that the SSH multi-level jumping path can be determined subsequently.
Optionally, the obtaining module includes a receiving unit and an information obtaining unit, and the information obtaining unit is connected to the receiving unit;
the receiving unit is configured to obtain the initial variable parameter through the second SSH server;
the information acquisition unit is used for acquiring the first mark information and the second mark information through the second SSH server based on a preset script.
In a third aspect, the present application provides a terminal device, which adopts the following technical solution:
the terminal device comprises a memory, a processor and a computer program which is stored in the memory and can run on the processor, wherein the SSH multi-level jump path construction method is adopted when the processor loads and executes the computer program.
By adopting the technical scheme, the construction method of the SSH multi-level jump path generates the computer program, and the computer program is stored in the memory to be loaded and executed by the processor, so that the terminal equipment is manufactured according to the memory and the processor, and the use is convenient.
In a fourth aspect, the present application provides a computer-readable storage medium, which adopts the following technical solutions:
a computer-readable storage medium, in which a computer program is stored, and when the computer program is loaded and executed by a processor, the method for constructing an SSH multi-level jump path is adopted.
By adopting the technical scheme, the computer program is generated by the construction method of the SSH multi-level jump path and is stored in the computer readable storage medium so as to be loaded and executed by the processor, and the computer program can be conveniently read and stored through the computer readable storage medium.
Drawings
Fig. 1 is a schematic overall flow chart of a method for constructing an SSH multi-level jump path according to an embodiment of the present application.
Fig. 2 is a schematic flow chart of steps S201 to S202 in a method for constructing an SSH multi-level jump path according to an embodiment of the present application.
Fig. 3 is a schematic flowchart of steps S301 to S302 in a method for constructing an SSH multi-level jump path according to an embodiment of the present application.
Fig. 4 is a schematic module connection diagram of a system for constructing an SSH multi-level jump path according to an embodiment of the present application.
Description of reference numerals:
1. initializing a module; 11. an initial acquisition unit; 12. an initial configuration unit; 2. a sending module; 3. an acquisition module; 31. a receiving unit; 32. an information acquisition unit; 4. a processing module; 5. and an output module.
Detailed Description
The present application is described in further detail below with reference to the attached drawings.
The embodiment of the application discloses a method for constructing an SSH multi-level jump path, which comprises the following steps of:
s101, acquiring target variable parameters of an SSH client;
s102, initially configuring a target variable parameter based on an SSH server to obtain an initial variable parameter, wherein the initial variable parameter is a null value when the SSH server is not subjected to SSH skip login;
s103, when the first equipment jumps to second equipment through the primary SSH, the initial variable parameters are sent to a second SSH server through the first SSH client;
s104, acquiring primary connection information through a second SSH server;
s105, performing supplementary configuration on the initial variable parameter based on the primary connection information to obtain a first variable parameter;
s106, after the first device jumps to the (N + 1) th device through the N-level SSH, obtaining N-level connection information through the (N + 1) th SSH server, wherein N is an integer greater than or equal to 2;
s107, performing supplementary configuration on the N-1 variable parameter based on the N-level connection information to obtain an Nth variable parameter;
and S108, taking the initial variable parameter or the first variable parameter or the Nth variable parameter as SSH multi-level jump path information.
Step S101, a target variable parameter is determined from the SSH client, where the target variable parameter may be arbitrarily specified, and in this embodiment, the SendEnv parameter of the SSH client is set as an environment variable parameter, for example, set as an environment variable parameter M.
And step S102, after the target variable parameters are determined, configuring the target variable parameters according to the SSH service end. Referring to fig. 2, the method specifically includes the following steps:
s201, acquiring matching parameters from an SSH server;
s202, initially configuring the target variable parameters based on the matching parameters to obtain initial variable parameters.
In this embodiment, the acceptev parameter in the SSH server is set as a matching parameter, and the environment variable parameter is configured according to the acceptev parameter, that is, the acceptev parameter is used as an environment variable value to assign the environment variable parameter, so as to obtain the initial variable parameter M. Meanwhile, in an initial situation, setting local operation of a user on the current equipment, and setting the initial variable parameter as a null value if the current equipment is not subjected to SSH jump login, namely obtaining the initial variable parameter M = { }.
Step S103, when the user operates the TTY terminal to jump from the first device to the second device through the primary SSH, the first SSH client sends the initial variable parameter to the second SSH server. In this embodiment, the first SSH client sends M = { } to the second SSH server on the second device through SendEnv.
Step S104, obtaining first-level connection information through the first SSH server, where the first-level connection information includes first flag information of the first device and second flag information of the second device, where the first flag information and the second flag information may be any one or more of an IP address, a port, a user name, and connection time. In this embodiment, the IP address of the first device is selected as the first flag information, and the IP address of the second device is selected as the second flag information.
Referring to fig. 3, acquiring the primary connection information includes the following steps:
s301, acquiring initial variable parameters through a second SSH server;
s302, acquiring the first mark information and the second mark information through a second SSH server based on the preset script.
Step S301, after establishing the connection between the first SSH client and the second SSH server, the second SSH server on the second device immediately opens an SSH _ TTY terminal, and receives an initial variable parameter, i.e., M = { }, through the acceptev function.
Step S302, a bashrc (system variable) script (hereinafter referred to as a preset script) is configured for the SSH _ TTY terminal in advance, and after the second SSH server obtains the initial variable parameter, the preset script is executed to obtain the first-level connection information, that is, the SSH skip connection information of this time. In this embodiment, an IP address of the first device can be obtained as first flag information through a preset script, and an IP address of the second device can be obtained as second flag information, which indicates that a source object of the SSH jump is the first device and a target object is the second device. For example, if the preset script is executed to obtain that the IP address of the first device is X1 and the IP address of the second device is X2, the primary connection information is (X1, X2).
Step S105, after the primary connection information is obtained, performing supplemental configuration on the initial variable parameter based on the primary connection information, where it can be seen that the initial variable parameter is M = { }, the primary connection information is (X1, X2), and then performing supplemental configuration on M = { }accordingto (X1, X2) to obtain a first variable parameter M = M + (X1, X2) = { (X1, X2) }, where one () represents that one-level SSH hop has passed, a source object of the hop is a first device with an IP address of X1, and a destination object is a second device with an IP address of X2.
When the first device jumps to a third device through 2 levels, the second SSH client sends the first variable parameter M = { (X1, X2) } to the third SSH server, the third SSH server obtains (X2, X3) the secondary connection information by executing a preset script, that is, the source object is the second device, and the destination object is the third device, and at this time, the third SSH server performs supplementary configuration on the first variable parameter according to the secondary connection information, so as to obtain the second variable parameter M = { (X1, X2), (X2, X3) }.
Step S106 to step S107, when the first device jumps to the N +1 th device after passing through the N-level SSH, where N is an integer greater than 2, it can be known that N-level connection information (XN, XN + 1) is obtained by the N +1 th SSH server, and the N-1 th variable parameter is complementarily configured according to the N-level connection information, so as to obtain the N-th variable parameter M = { (X1, X2), (X2, X3) … … (XN, XN + 1) }.
Step S108, acquiring an initial variable parameter or a first variable parameter or an Nth variable parameter on the SSH server of the current equipment as SSH multi-level jump path information. And outputting the initial variable parameter or the first variable parameter or the Nth variable parameter as SSH multi-stage jump path information, namely judging whether the current operation is from local equipment or equipment subjected to multi-stage SSH jump.
It can be known that, if the initial variable parameter M = { }isobtained from the current device, it indicates a local operation;
if a first variable parameter M = { (X1, X2) } is acquired from the current device, it is described that the device is subjected to jump login via the 1-level SSH, and the jump path is: first device > > > second device;
if the nth variable parameter M = { (X1, X2), (X2, X3) … … (XN, XN + 1) } is acquired from the current device, the content in the M information represents the path where the user operation device performs the multi-level SSH jump.
So far, the SSH user jump information logged onto the nth device is already maintained in the SSH _ TTY terminal environment variable on the nth device, any module in the operating system is accessible, and any operation instruction of the user can also perform path tracing.
The implementation principle of the construction method of the SSH multi-level jump path in the embodiment of the application is as follows: when a user jumps to log in different equipment each time, the current connection information is acquired, the initial variable parameter is updated according to the connection information, the Nth variable parameter is finally obtained, the connection information at each time can be acquired by analyzing the Nth variable parameter, and then the SSH multi-level jump path can be determined.
The embodiment of the application further discloses a system for constructing the SSH multi-level jump path, which refers to fig. 4, and includes an initialization module 1, a sending module 2, an obtaining module 3, a processing module 4, and an output module 5, where the sending module 2 is connected to the initialization module 1, the obtaining module 3 is connected to the sending module 2, the processing module 4 is connected to the obtaining module 3, and the output module 5 is connected to the initialization module 1 and the processing module 4.
The initialization module 1 is configured to obtain a target variable parameter of the SSH client, and perform initial configuration on the target variable parameter based on the SSH server to obtain an initial variable parameter.
Specifically, the initialization module 1 includes an initial obtaining unit 11 and an initial configuration unit 12, where the initial obtaining unit 11 is configured to obtain a target variable parameter of the SSH client, and obtain a matching parameter from the SSH server; the initial configuration unit 12 is configured to perform initial configuration on the target variable parameter based on the matching parameter to obtain an initial variable parameter.
More specifically, the initial acquiring unit 11 determines a target variable parameter from the SSH client, where the target variable parameter may be arbitrarily specified, and in this embodiment, sets the SendEnv parameter of the SSH client as an environment variable parameter, for example, sets the SendEnv parameter as an environment variable parameter M.
More specifically, the initial obtaining unit 11 further obtains the AcceptEnv parameter in the SSH server as a matching parameter, the initial configuration unit 12 configures the environment variable parameter according to the AcceptEnv parameter, that is, the AcceptEnv parameter is used as an environment variable value, and the initial configuration unit 12 assigns the environment variable parameter to obtain the initial variable parameter M. For example, in the initial case, assuming that the environment variable value is empty, the initial variable parameter M = { } is obtained.
When the first device jumps to the second device via the level 1 SSH:
the sending module 2 is configured to send the initial variable parameter to the second SSH server through the first SSH client. Specifically, when a user operates the TTY terminal to jump from the first device to the second device through the primary SSH, the sending module 2 sends the initial variable parameter to the second SSH server through the first SSH client. In this embodiment, the sending module 2 controls the first SSH client to send M = { } to the second SSH server on the second device through SendEnv.
The obtaining module 3 is configured to obtain the first-level connection information through the second SSH server. Specifically, the obtaining module 3 obtains primary connection information through the first SSH server, where the primary connection information includes first flag information of the first device and second flag information of the second device, and the first flag information and the second flag information may be any one or more of an IP address, a port, a user name, and connection time. In this embodiment, the IP address of the first device is selected as the first flag information, and the IP address of the second device is selected as the second flag information.
Specifically, the obtaining module 3 includes a receiving unit 31 and an information obtaining unit 32, where the receiving unit 31 is configured to obtain the initial variable parameter through the second SSH server, and the information obtaining unit 32 is configured to obtain the first flag information and the second flag information through the second SSH server based on the preset script.
More specifically, after establishing the connection between the first SSH client and the second SSH server, the receiving unit 31 controls the second SSH server on the second device to immediately open an SSH _ TTY terminal, and receives an initial variable parameter, that is, M = { }, through the acceptev function.
More specifically, the information obtaining unit 32 configures a bashrc (system variable) script (hereinafter referred to as a preset script) for the SSH _ TTY terminal in advance, and after the second SSH server obtains the initial variable parameter, the information obtaining unit 32 executes the preset script to obtain the first-level connection information, that is, the SSH skip connection information of this time. In this embodiment, the information obtaining unit 32 can obtain, through a preset script, an IP address of the first device as first flag information, and obtain an IP address of the second device as second flag information, where a source object of the SSH jump is the first device, and a target object is the second device. For example, if the preset script is executed to obtain that the IP address of the first device is X1 and the IP address of the second device is X2, the primary connection information is (X1, X2).
The processing module 4 is configured to perform supplementary configuration on the initial variable parameter based on the first-level connection information to obtain a first variable parameter.
Specifically, after acquiring the primary connection information, the processing module 4 performs complementary configuration on the initial variable parameter based on the primary connection information, and as can be seen from the above, the initial variable parameter is M = { }, and the primary connection information is (X1, X2), then the processing module 4 performs complementary configuration on M = { } according to (X1, X2) to obtain a first variable parameter M = M + (X1, X2) = { (X1, X2) }, one () indicates that a primary SSH jump has been performed, a source object of the jump is a first device with an IP address of X1, and a destination object is a second device with an IP address of X2.
When the first device jumps to a third device through 2 levels, the sending module 2 controls the second SSH client to send a first variable parameter M = { (X1, X2) } to the third SSH server, the obtaining module 3 controls the third SSH server to obtain second-level connection information (X2, X3) by executing a preset script, that is, the source object is the second device, and the destination object is the third device, and at this time, the processing module 4 controls the third SSH server to perform supplemental configuration on the first variable parameter according to the second-level connection information, so as to obtain a second variable parameter M = { (X1, X2), (X2, X3) }.
After the first device jumps to the N +1 th device through the N-level SSH, where N is an integer greater than 2, it can be known that the obtaining module 3 controls the N +1 th SSH server to obtain N-level connection information (XN, XN + 1), and the processing module 4 performs supplementary configuration on the N-1 th variable parameter according to the N-level connection information, so as to obtain an N-th variable parameter M = { (X1, X2), (X2, X3) … … (XN, XN + 1) }.
The output module 5 obtains an initial variable parameter or a first variable parameter or an nth variable parameter as SSH multi-level jump path information on an SSH server of the current device. And outputting the initial variable parameter or the first variable parameter or the Nth variable parameter as SSH multi-stage jump path information, namely judging whether the current operation is from local equipment or equipment subjected to multi-stage SSH jump.
It can be known that, if the initial variable parameter M = { }isobtained from the current device, it indicates a local operation;
if a first variable parameter M = { (X1, X2) } is acquired from the current device, it is described that the device is subjected to jump login via the 1-level SSH, and the jump path is: first device > > > second device;
if the nth variable parameter M = { (X1, X2), (X2, X3) … … (XN, XN + 1) } is acquired from the current device, the content in the M information represents the path where the user operation device performs the multi-level SSH jump.
So far, the SSH user jump information logged onto the nth device is already maintained in the SSH _ TTY terminal environment variable on the nth device, any module in the operating system is accessible, and any operation instruction of the user can also perform path tracing.
The implementation principle of the construction system of the SSH multi-level jump path in the embodiment of the application is as follows: when a user jumps to log in different equipment each time, the acquisition module 3 acquires current connection information, the processing module 4 updates the initial variable parameter according to the connection information, and finally obtains the Nth variable parameter, and the connection information at each time can be acquired by analyzing the Nth variable parameter, so that the SSH multi-level jump path can be determined.
The embodiment of the application further discloses a terminal device, which comprises a memory, a processor and a computer program which is stored in the memory and can run on the processor, wherein when the processor executes the computer program, the method for constructing the SSH multi-level jump path in the embodiment is adopted.
The terminal device may adopt a computer device such as a desktop computer, a notebook computer, or a cloud server, and the terminal device includes but is not limited to a processor and a memory, for example, the terminal device may further include an input/output device, a network access device, a bus, and the like.
The processor may be a Central Processing Unit (CPU), and of course, according to an actual use situation, other general processors, Digital Signal Processors (DSPs), Application Specific Integrated Circuits (ASICs), Field Programmable Gate Arrays (FPGAs) or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components, and the like may also be used, and the general processor may be a microprocessor or any conventional processor, and the present application does not limit the present invention.
The memory may be an internal storage unit of the terminal device, for example, a hard disk or a memory of the terminal device, or an external storage device of the terminal device, for example, a plug-in hard disk, a smart card memory (SMC), a secure digital card (SD) or a flash memory card (FC) equipped on the terminal device, and the memory may also be a combination of the internal storage unit of the terminal device and the external storage device, and the memory is used for storing a computer program and other programs and data required by the terminal device, and the memory may also be used for temporarily storing data that has been output or will be output, which is not limited in this application.
The construction method of the SSH multi-level jump path in the above embodiment is stored in a memory of the terminal device by the terminal device, and is loaded and executed on a processor of the terminal device, which is convenient for use.
The embodiment of the application further discloses a computer-readable storage medium, and the computer-readable storage medium stores a computer program, wherein when the computer program is executed by a processor, the method for constructing the SSH multi-level jump path in the above embodiment is adopted.
The computer program may be stored in a computer readable medium, the computer program includes computer program code, the computer program code may be in a source code form, an object code form, an executable file or some intermediate form, and the like, the computer readable medium includes any entity or device capable of carrying the computer program code, a recording medium, a usb disk, a removable hard disk, a magnetic disk, an optical disk, a computer memory, a Read Only Memory (ROM), a Random Access Memory (RAM), an electrical carrier signal, a telecommunication signal, a software distribution medium, and the like, and the computer readable medium includes but is not limited to the above components.
The method for constructing the SSH multi-level jump path in the above embodiment is stored in a computer-readable storage medium through the computer-readable storage medium, and is loaded and executed on a processor, so as to facilitate storage and application of the method.
The above embodiments are preferred embodiments of the present application, and the protection scope of the present application is not limited by the above embodiments, so: all equivalent changes made according to the structure, shape and principle of the present application shall be covered by the protection scope of the present application.
Claims (10)
1. A construction method of SSH multi-level jump paths is characterized by comprising the following steps:
acquiring target variable parameters of an SSH client;
performing initial configuration on the target variable parameter based on an SSH server to obtain an initial variable parameter, wherein the initial variable parameter is a null value when the SSH server is not subjected to SSH skip login;
when the first equipment jumps to the second equipment through the level 1 SSH, the initial variable parameters are sent to a second SSH server through the first SSH client;
acquiring first-level connection information through the second SSH server;
performing supplementary configuration on the initial variable parameter based on the primary connection information to obtain a first variable parameter;
after the first device jumps to the (N + 1) th device through the N-level SSH, obtaining N-level connection information through the (N + 1) th SSH server, wherein N is an integer greater than or equal to 2;
performing supplementary configuration on the N-1 variable parameter based on the N-level connection information to obtain an Nth variable parameter;
and taking the initial variable parameter or the first variable parameter or the Nth variable parameter as SSH multi-level jump path information.
2. The method for constructing an SSH multi-stage hop path according to claim 1, wherein the initial configuration of the target variable parameter based on the SSH server side to obtain an initial variable parameter includes the following steps:
acquiring matching parameters from the SSH server;
and carrying out initial configuration on the target variable parameters based on the matching parameters to obtain initial variable parameters.
3. The method as claimed in claim 1, wherein the primary connection information includes first flag information of the first device and second flag information of the second device, and the N-level connection information includes nth flag information of an nth device and N +1 th flag information of an N +1 th device.
4. The method as claimed in claim 3, wherein the step of obtaining the first-level connection information through the second SSH server comprises the steps of:
acquiring the initial variable parameters through the second SSH server;
and acquiring first mark information and second mark information through the second SSH server based on a preset script.
5. The construction system of the SSH multi-level jump path is characterized by comprising an initialization module (1), a sending module (2), an acquisition module (3), a processing module (4) and an output module (5), wherein the sending module (2) is connected with the initialization module (1), the acquisition module (3) is connected with the sending module (2), the processing module (4) is connected with the acquisition module (3), and the output module (5) is connected with the initialization module (1) and the processing module (4):
the initialization module (1) is used for initially configuring the target variable parameter based on an SSH server to obtain an initial variable parameter, and the initial variable parameter is a null value when the SSH jump login is not performed;
when the first device jumps to the second device via the level 1 SSH:
the sending module (2) is used for sending the initial variable parameter to a second SSH server through the first SSH client;
the acquisition module (3) is used for acquiring primary connection information through the second SSH server;
the processing module (4) is used for performing supplementary configuration on the initial variable parameter based on the primary connection information to obtain a first variable parameter;
after the first device jumps to the N +1 th device after the N-level SSH:
the obtaining module (3) is further configured to obtain N-level connection information through the N +1 SSH server, where N is an integer greater than or equal to 2;
the processing module (4) is further configured to perform supplementary configuration on the (N-1) th variable parameter based on the N-level connection information to obtain an Nth variable parameter;
the output module (5) is configured to use the initial variable parameter or the first variable parameter or the nth variable parameter as SSH multi-level jump path information and output the SSH multi-level jump path information.
6. The SSH multi-level jump path construction system according to claim 5, characterized in that the initialization module (1) comprises an acquisition unit and a configuration unit, the configuration unit is connected with the acquisition unit;
the initial acquisition unit (11) is used for acquiring target variable parameters of an SSH client and acquiring matching parameters from the SSH server;
the initial configuration unit (12) is configured to perform initial configuration on the target variable parameter based on the matching parameter to obtain an initial variable parameter.
7. The SSH multi-level jump path construction system according to claim 5, wherein the first level connection information comprises first flag information of the first device and second flag information of the second device, and the N level connection information comprises Nth flag information of the Nth device and N +1 th flag information of the N +1 th device.
8. The SSH multi-level jump path construction system according to claim 7, characterized in that the acquisition module (3) comprises a receiving unit (31) and an information acquisition unit (32), the information acquisition unit (32) is connected to the receiving unit (31);
the receiving unit (31) is configured to obtain the initial variable parameter through the second SSH server;
the information obtaining unit (32) is configured to obtain first flag information and second flag information through the second SSH server based on a preset script.
9. A terminal device comprising a memory, a processor and a computer program stored in the memory and being executable on the processor, characterized in that the method of any of claims 1-4 is used when the computer program is loaded and executed by the processor.
10. A computer-readable storage medium, in which a computer program is stored, which, when loaded and executed by a processor, carries out the method of any one of claims 1 to 4.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210405407.7A CN114866455A (en) | 2022-04-18 | 2022-04-18 | Construction method, system, terminal and medium for SSH multi-level jump path |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210405407.7A CN114866455A (en) | 2022-04-18 | 2022-04-18 | Construction method, system, terminal and medium for SSH multi-level jump path |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN114866455A true CN114866455A (en) | 2022-08-05 |
Family
ID=82631344
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210405407.7A Pending CN114866455A (en) | 2022-04-18 | 2022-04-18 | Construction method, system, terminal and medium for SSH multi-level jump path |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114866455A (en) |
Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20050144474A1 (en) * | 2003-11-26 | 2005-06-30 | F-Secure Oyj | Securing a data transmission channel |
| CN101771614A (en) * | 2010-01-15 | 2010-07-07 | 瑞斯康达科技发展股份有限公司 | DHCP route tracing method and DHCP relay equipment |
| CN103458060A (en) * | 2012-06-05 | 2013-12-18 | 中兴通讯股份有限公司 | Method and device for transmitting host machine identifiers under multistage network address translation (NAT) |
| WO2015154473A1 (en) * | 2014-07-16 | 2015-10-15 | 中兴通讯股份有限公司 | Springboard processing method and apparatus |
| CN106686014A (en) * | 2017-03-14 | 2017-05-17 | 北京深思数盾科技股份有限公司 | Prevention method and prevention device of cyber attacks |
| CN107135235A (en) * | 2017-07-05 | 2017-09-05 | 湖北鑫英泰系统技术股份有限公司 | A kind of multistage redirect after SSH connections source method for tracing and device |
| CN110933032A (en) * | 2019-10-25 | 2020-03-27 | 湖南麒麟信安科技有限公司 | SSH path tracking method, system and medium |
| CN112491839A (en) * | 2020-11-17 | 2021-03-12 | 中国平安人寿保险股份有限公司 | Cross-system-based login processing method and device, computer equipment and medium |
| CN113259391A (en) * | 2021-06-25 | 2021-08-13 | 北京华云安信息技术有限公司 | Data transmission method and device applied to multi-level node network |
-
2022
- 2022-04-18 CN CN202210405407.7A patent/CN114866455A/en active Pending
Patent Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20050144474A1 (en) * | 2003-11-26 | 2005-06-30 | F-Secure Oyj | Securing a data transmission channel |
| CN101771614A (en) * | 2010-01-15 | 2010-07-07 | 瑞斯康达科技发展股份有限公司 | DHCP route tracing method and DHCP relay equipment |
| CN103458060A (en) * | 2012-06-05 | 2013-12-18 | 中兴通讯股份有限公司 | Method and device for transmitting host machine identifiers under multistage network address translation (NAT) |
| WO2015154473A1 (en) * | 2014-07-16 | 2015-10-15 | 中兴通讯股份有限公司 | Springboard processing method and apparatus |
| CN105323088A (en) * | 2014-07-16 | 2016-02-10 | 中兴通讯股份有限公司 | Springboard processing method and springboard processing device |
| CN106686014A (en) * | 2017-03-14 | 2017-05-17 | 北京深思数盾科技股份有限公司 | Prevention method and prevention device of cyber attacks |
| CN107135235A (en) * | 2017-07-05 | 2017-09-05 | 湖北鑫英泰系统技术股份有限公司 | A kind of multistage redirect after SSH connections source method for tracing and device |
| CN110933032A (en) * | 2019-10-25 | 2020-03-27 | 湖南麒麟信安科技有限公司 | SSH path tracking method, system and medium |
| CN112491839A (en) * | 2020-11-17 | 2021-03-12 | 中国平安人寿保险股份有限公司 | Cross-system-based login processing method and device, computer equipment and medium |
| CN113259391A (en) * | 2021-06-25 | 2021-08-13 | 北京华云安信息技术有限公司 | Data transmission method and device applied to multi-level node network |
Non-Patent Citations (1)
| Title |
|---|
| 王瑶等: "基于蜜标和蜜罐的追踪溯源技术研究与实现", 《信息技术》 * |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109067728B (en) | Access control method and device for application program interface, server and storage medium | |
| CN108173938B (en) | Server load distribution method and device | |
| CN110764807B (en) | Upgrading method, system, server and terminal equipment | |
| CN112199652B (en) | Login method, terminal, server, system, medium and equipment of application program | |
| US20170171301A1 (en) | Method, device and system for load balancing configuration | |
| CN106254319B (en) | Light application login control method and device | |
| CN115208951B (en) | Request processing method, request processing device, electronic equipment and computer readable storage medium | |
| US20170270561A1 (en) | Method, terminal and server for monitoring advertisement exhibition | |
| CN113992755A (en) | Request processing method, system, equipment and storage medium based on micro service gateway | |
| CN108595574B (en) | Database cluster connection method, device, equipment and storage medium | |
| CN106992893A (en) | The management method and device of router | |
| CN111459819B (en) | Software testing method and device, electronic equipment and computer readable medium | |
| CN113742300A (en) | Log management method, device, server and system | |
| CN114866455A (en) | Construction method, system, terminal and medium for SSH multi-level jump path | |
| CN114449523B (en) | Flow filtering method, device, equipment and medium for satellite measurement and control system | |
| CN111614676B (en) | Login method, device, equipment and medium | |
| US20070136301A1 (en) | Systems and methods for enforcing protocol in a network using natural language messaging | |
| CN112069292B (en) | Data permission verification method and device | |
| CN114745185A (en) | Cluster access method and device | |
| CN114567678A (en) | Resource calling method and device of cloud security service and electronic equipment | |
| CN115914219A (en) | Task request processing method, device and system, readable storage medium and electronic equipment | |
| CN113518133A (en) | Information configuration method and device and communication equipment | |
| CN110099096B (en) | Application program configuration method, device, computer equipment and storage medium | |
| CN113448652A (en) | Request processing method and device | |
| KR20150123074A (en) | Function module modularizing method in data distribution service and modularizing apparatus thereof |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20220805 |