基于网络的 Dante 身份验证

基于网络的 Dante 身份验证

我想配置一个 dante (danted) 服务器,允许在本地主机上不进行身份验证(用于 ssh 隧道),并在其他每个连接上要求输入用户名/密码。这是我的配置文件,但它不接受来自互联网的经过身份验证的连接。有什么想法吗?

# /etc/danted.conf

#logoutput: syslog
debug: 0
logoutput: /log/danted.log
user.privileged: root
user.unprivileged: socks

# The listening network interface or address.
internal: 0.0.0.0 port=1080

# The proxying network interface or address.
external: 192.168.1.11

# socks-rules determine what is proxied through the external interface.
# The default of "none" permits anonymous access.
socksmethod: username none

# client-rules determine who can connect to the internal interface.
# The default of "none" permits anonymous access.
clientmethod: rfc931 none

#method: none

client pass {
    from: 127.0.0.1/0 to: 127.0.0.1/0
    log: connect disconnect error
    clientmethod: none
}

socks pass {
        from: 127.0.0.1/0  to: 127.0.0.1/0
        log: connect disconnect error
        socksmethod: none
}

client block {
        from: 0.0.0.0/0 to: 0.0.0.0/0
        log: connect disconnect error
        clientmethod:none
}

client pass {
        from: 0.0.0.0/0 to: 0.0.0.0/0
        log: connect disconnect error
        clientmethod: rfc931
}

socks block {
        from: 0.0.0.0/0 to: 0.0.0.0/0
        log: connect disconnect error
        socksmethod: none
}


socks pass {
        from: 0.0.0.0/0 to: 0.0.0.0/0
        log: connect disconnect error
        socksmethod: username
user:banana
}

答案1

问题出在您的 Dante 配置文件 (sockd.conf) 中。

您使用的可能是零位网络掩码,而您可能想要指定完整的网络掩码。例如,来自上述配置的此地址语句:“from: 127.0.0.1/0”。“/”后面的零“/0”使其等同于“0.0.0.0/0”,因此它将匹配所有内容。您可能指的是“/32”。

相关内容