试题二(共20分)
阅读下列说明,回答问题1至问题5,将解答填入答题纸的对应栏内。
【说明】
通常由于机房电磁环境复杂,运维人员很少在现场进行运维工作,在出现安全事件需要紧急处理时,需要运维人员随时随地运程开展处置工作。
SSH(安全外壳协议)是一种加密的网络传输协议,提供安全方式访问远程计算机。李工作为公司的安全运维工程师,也经常使用SSH远程登录到公司的Ubuntu18.04服务器中进行安全维护。
【问题1】(2分)
SSH协议默认工作的端口号是多少?
【问题2】(2分)
网络设备之间的远程运维可以采用两种安全通信方式:一种是SSH,还有一种是什么?
【问题3】(4分)
日志包含设备、系统和应用软件的各种运行信息,是安全运维的重点关注对象。李工在定期巡检服务器的SSH日志时,发现了以下可疑记录:
Jul 22 17: 17: 52 humen systed-logiad [1182] : Waching sytem buttons on/dev/input/evet0 (Power Button)
Jul 22 17: 17: 52 humen systed-logiad [1182] : Waching sytem buttons on/dev/input/evet1(AT Translated Set 2 keyboard)
Jul 23 09: 33: 41 humen sshd [5423] :pam_unix (sshd:auth) authentication failure, Iogame= uid=0 euid=0 tty=ssh ruser=rhost=192.168.107.130 user=humen
Jul 23 09: 33: 43 humen sshd [5423] :Failed password for humen from 192.168.107.130 port 40231 ssh2
Jul 23 09: 33: 43 humen sshd [5423] :Connection closed by authenticating user humen 192.168.107.130 port 40231[preauth]
Jul 23 09: 33: 43 humen sshd [5425] :pam_unix (sshd:auth) :authentication failure; logname= uid=0 euid=0 tty=ssh ruser=rhost=192.168.107.130 user=humen
Jul 23 09: 33: 45 humen sshd [5425] : Failed password for humen from 192.168.107.130 port 37223 ssh2
Jul 23 09: 33: 45 humen sshd [5425] : Connection closed by authenticating user humen192.168.107.130 port 37223 [preauth]
Jul 23 09: 33: 45 humen sshd [5427] : pam_unix (sshd:auth) :authentication failure;logname= uid=0 euid=0 tty=ssh ruser=rhost=192.168.107.130 user=humen
Jul 23 09: 33: 47 humen sshd [5427] : Failed password for humen from 192.168.107.130 port 41365 ssh2
Jul 23 09: 33: 47 humen sshd [5427] :Connection closed by authenticating user humen 192.168.107.130 port 41365 [preauth]
Jul 23 09: 33: 47 humen sshd [5429] : pam_unix (sshd:auth) :authentication failure;logname= uid=0 euid=0 tty=ssh ruser=rhost=192.168.107.130 user=humen
Jul 23 09: 33: 49 humen sshd [5429] : Failed password for humen from 192.168.107.130 port 45627 ssh2
Jul 23 09: 33: 49 humen sshd [5429] :Connection closed by authenticating user humen 192.168.107.130 port 45627 [preauth]
Jul 23 09: 33: 49 humen sshd [5431] : pam_unix (sshd:auth) :authentication failure;logname= uid=0 euid=0 tty=ssh ruser=rhost=192.168.107.130 user=humen
Jul 23 09: 33: 51 humen sshd [5431] : Failed password for humen from192.168.107.130 port 42271 ssh2
Jul 23 09: 33: 51 humen sshd [5431] :Connection closed by authenticating user humen 192.168.107.130 port 42271 [preauth]
Jul 23 09: 33: 51 humen sshd [5433] : pam_unix (sshd:auth) :authentication failure;logname= uid=0 euid=0 tty=ssh ruser=rhost=192.168.107.130 user=humen
Jul 23 09: 33: 53 humen sshd [5433] : Failed password for humen from 192.168.107.130 port 45149 ssh2
Jul 23 09: 33: 53 humen sshd [5433] :Connection closed by authenticating user humen 192.168.107.130 port 45149[preauth]
Jul 23 09: 33:54 humen sshd [5435] :Accepted password for humen from 192.168.107.130 port 45671 ssh2
Jul 23 09: 33: 54 humen sshd [5435] : pam_unix (sshd:auth) : session opened for user humen by (uid=0)
( )请问李工打开的系统日志文件的路径和名称?
( )李工怀疑有黑客在攻击该系统,请给出判断攻击成功与否的命令以便李工评估攻击的影响。
【问题5】(2分)
SSH之所以可以实现安全的远程访问,归根结底还是密码技术的有效使用。对于SSH协议,不管是李工刚开始使用的基于口令的认证还是后来的基于密钥的免密认证,都是密码算法和密码协议在为李工的远程访问保驾护航。请问上述安全能力是基于对称密码体制还是非对称密码体制来实现的?