45 results about "Jump server" patented technology

The invention belongs to the technical fields of computers and network security auditing, and discloses a remote desktop protocol (RDP)-based remote machine auditing data positioning and playback system and an RDP-based remote machine auditing data positioning and playback method. The system comprises an auditing manager, auditing data storage equipment, an auditing host, an operation and maintenance client and equipment to be operated and maintained, wherein the auditing manager comprises a WEB browser and an auditing player; the auditing data storage equipment comprises a WEB server, a database, an auditing data storage component and a streaming media server; and the auditing host comprises an RDP server, an RDP session management component, an auditing core component, an auditing data transmission component and operation and maintenance tool software. By the system and the method, the client can perform operation and maintenance operations and be audited only by accessing the auditing host which is a remote machine without installing auditing plug-in, relatively higher compatibility and robustness are ensured, and fewer resources such as network bandwidth and the like are seized.

The present invention discloses a server management method and system. The method comprises the steps of: establishing an LDAP (Lightweight Directory Access Protocol) server and a jump server; configuring an SSH (Secure Shell) and LDAP network service on the jump server; establishing SSH connection between a user and the jump server through a terminal, wherein the same type of users are equipped with the same common account and the same secret keys which are stored in the jump server and configured to log in an application server; obtaining user information from the terminal by the jump server, and obtaining user right corresponding to the user information from the LDAP server; generating an application server list which can be accessible by the user by employing the jump server accordingto the user right, and sending the application serve list to the terminal; selecting a target application server from the application server list on the terminal by the user, and sending the target application server to the jump server; and employing the common account and the secret keys corresponding to the user by the jump server, allowing the SSH to remotely log in the target application server. According to the technical scheme, the server management method and system can conveniently and rapidly perform connection and checking for the server and can ensure the safety of the server.

The invention discloses an access method among isolated clusters. The method is used for enabling a client in a second cluster to access a target server in a first cluster. The client only allows access to a node in the second cluster, and the target server only allows access to a node in the first cluster. The method is characterized by comprising the following steps: establishing a mapping relationship between the target server and a client B in the second cluster through a gangplank machine A in the first cluster; receiving an access request of the client to the target server; and controlling the client to access the target server through the mapping relationship. According to the access method provided by the invention, data access between isolated clusters can be realized under the condition of ensuring data security, the security and interoperability of the data are improved, and user requirements are met.

The present disclosure provides a jumping URL generating method, a jumping URL system, and a jumping server; a resolving method and a system for resolving a domain-name resolution request, and a DNS server; and a 302 jumping method and a network system that support HTTPS. A client terminal sends a first HTTP request. The jumping server specifies a content server, convert an IP address of the content server to a prefix of a jumping domain name, uses a service domain name as a suffix of the jumping domain name, combines the jumping domain name and a URL, in the first HTTP to form the jumping URL, and sends the jumping URL to the client terminal. The client terminal requests for resolving of the jumping domain name. The DNS server recognizes a domain name in the domain-name resolution request and performs an inverse converting on the prefix of the jumping domain name to obtain an IP address of the content server and sends the IP address of the content server to the client terminal. The client terminal sends a second HTTP request containing the jumping URL to the content server; and sends an IP generated by resolving and in correspondence of the first HTTP request to the client terminal.

The embodiment of the invention provides a container management method and device and a readable storage medium, and the method comprises the steps: requesting a server to generate a first login billof a target user under the condition that the target user is determined to have a springboard login authority; under the condition that the springboard machine receives a first login bill sent by theserver, enabling the springboard machine to log in; obtaining a container login instruction which is input by a target user and comprises container identification information of the target container,further, querying operator identification information of an operator where the target container is located from a server according to the container identification information, furthermore, sending a container login request to the operator, wherein the container login request is used for indicating the operator to establish communication connection between the target container and the terminal device corresponding to the target user after the operator verifies the identification information of the target user and the first login bill. By adopting the container management method, the convenienceand safety of container login can be improved.

The embodiment of the invention provides a docker technology based cloud jump server system. The docker technology based cloud jump server system comprises a central management module which deploys an operating environment of a docker container server for establishment of thedocker container server, establishes a docker container management module, sends an instruction of establishing a main docker jump server to the docker container management module when a preset condition is satisfied, and deploys the operating environment of the main docker jump server; the docker container management module which establishes and starts a corresponding main docker jump server when the instruction of establishing the main docker jump server is received and maps a port of the docker container server to an interactive service port of the main docker jump server; and the main docker jump server which adds servers requiring management, monitors and records access behaviors of a user for the servers which require management. According to the scheme, cost for deployment of a virtual jump server can be reduced.

The invention relates to the field of access control, and realizes safe login of other hosts through a gangplank machine without manually inputting a password. The host login method and device based on the springboard machine, the equipment and the storage medium are specifically disclosed, and the method comprises the steps: acquiring login information of at least one associated host, wherein thelogin information comprises address information, a user name and a login password; respectively encrypting the address information, the user name and the login password of the associated host to generate an encrypted address, an encrypted name and a password ciphertext of the associated host; if a login instruction including address information and a user name is obtained, encrypting the addressinformation and the user name in the login instruction respectively to generate a target address and a target name corresponding to the login instruction; if the encrypted address of the associated host is the same as the target address and the encrypted name is the same as the target name, logging in the associated host according to the password ciphertext of the associated host.

The invention provides a cloud server access method and system, an OpenVPN server and an LDAP authentication system. The method applied to the OpenVPN server comprises the following steps: establishing a local area network consisting of the OpenVPN server, an LDAP authentication system, a springboard machine and at least one cloud server, setting a unique extranet port capable of accessing an extranet, and receiving an access request input by a current worker through the extranet port; sending the to-be-verified identity information in the access request to an LDAP authentication system, thereby enabling the LDAP authentication system to determine whether a current worker has an authority to access to-be-accessed cloud servers in the cloud servers or not; and when access authorization information sent by the LDAP authentication system is received, sending the target identifier of the to-be-accessed cloud server in the access request to the springboard machine, so that the springboard machine accesses the to-be-accessed cloud server, and the access authorization information indicates that the current worker has the authority to access the to-be-accessed cloud server. According to the scheme, the security of the cloud server can be improved.

The invention discloses a server user authority control method, device and system and a springboard machine. The method applied to the springboard machine comprises the following steps: obtaining thelogin operation of a user, and extracting the authority information of a user account and the login server information; according to a preset role information configuration file and the authority information, judging whether the user has the authority of logging in the server or not; wherein authority information of at least one server allowed to log in by the user is stored in the preset role information configuration file; and if the user has the authority of logging in the server, passing the verification, and enabling the user to log in the server. By implementing the invention, the problems of authority control of the server for a large number of users and complex authority management of the server users are solved.

The invention discloses a data processing method of a gangplank machine system and the gangplank machine system, and the method comprises the steps that a load balancing device receives a service request and sends the service request to a target gangplank machine according to a preset load balancing strategy; the target gangplank machine acquires authority data information corresponding to the service request from the authority data storage device, and verifies the service request; and if the verification is passed, the target springboard machine determines a target server corresponding to theservice request and sends the service request to the target server. The gangplank machine system provided by the invention can be used for quickly expanding / reducing the capacity and quickly coping with the condition of flow increase / decrease.

The embodiment of the invention provides a data processing method, device and apparatust and a computer readable storage medium, and the method comprises the steps: responding to a bastion host request of a user, and creating a springboard machine Docker for the user, the springboard machine Docker being used for realizing a bastion host function; and in response to an access request of the user for a target IP, accessing the target IP through the springboard machine Docker of the user. According to the method provided by the embodiment of the invention, when the user requests the bastion host, the springboard machine Docker for realizing the bastion host function is dynamically created for the user, and when the user accesses the target IP, the user can access the corresponding target IP through the exclusive springboard machine Docker, so that the containerization of the bastion host is realized, the on-demand distribution of the bastion host resources can be realized, and the utilization rate of the bastion host is improved. In addition, as the springboard machine Docker is exclusively shared by the user, the stability and the safety of the bastion host service are ensured.

The invention discloses a universal method for an anti-springboard machine based on an Ethernet bridge rule, which adopts a configuration mode of filtering a data packet by an Ethernet bridge, and utilizes a configuration tool ebtables for filtering the data packet for the flow of a data link layer in a Linux kernel, when the data packet is sent to a Linux host machine, the host machine detects and processes the filtering rule of the data packet and filters the data packet; because the honeypot deployed by multiple vlan is bridged on the Linux host machine, when an attacker attacks the honeypot, the FORWARD chain is limited by utilizing ebtables, and the FORWARD chain rule does not enter a user control and is responsible for forwarding a data packet which flows through the host machine but does not enter the local machine. According to the method, an Ethernet bridge rule is adopted, multiple vlans are bridged on a Linux host machine to create a large number of honeypots, a honeynet deployed in a large range is formed, and through the operation of limiting and allowing port flow, the honeypots are independent of real services, and anti-springboard operation is carried out.

The embodiment of the invention relates to the technical field of computers, and discloses a user login method and a springboard machine. The user login method comprises the following steps: acquiringencrypted password information corresponding to login information in response to the login information of a remote server sent by a user side; decrypting the password information according to a preset mode to obtain a login password; and logging in the remote server according to the login information and the login password. According to the invention, leakage of a login password can be avoided toa certain extent, and safe password-free login is realized; moreover, when password-free login is realized based on the password, the password-free login does not depend on a third-party tool or a library file, so that the learning cost is reduced.

The invention discloses a Guacamole-based bastion host application operation and maintenance method and device, electronic equipment and a computer storage medium, relates to the technical field of computers, and aims to solve the problem of low security in current operation and maintenance management. The method comprises the following steps: configuring an application operation and maintenance script on a pre-configured springboard machine; submitting an installation path of an issue tool to the springboard machine and adding a development tool of a remote control application; and submittingan operation and maintenance request containing the URL of the target application program to the springboard machine, calling the application operation and maintenance script by the springboard machine to obtain a transmission parameter of the operation and maintenance request and a preset account and password of the target application program, performing automatic login of the target applicationprogram, and performing operation and maintenance operation of the target application program based on Guacamole deployed by the springboard machine.

The invention relates to the technical field of access control of cloud servers, in particular to a cloud server access method and device, electronic equipment and a storage medium, a second access link between each cloud server and a springboard machine is established in advance, and the springboard machine obtains a server access request sent by a user terminal; if the user has the authority of accessing the cloud server, establishing a first access link with the user terminal; obtaining a cloud server list corresponding to the user identifier; matching the search information with identification information in a cloud server list; if the matching is successful, accessing the cloud server through a second access link corresponding to the link identifier; through the above mode, an account number and a secret key of the cloud server do not need to be set, after the user passes verification according to the user identifier and the verification information, the user can access the springboard machine, and then the target cloud server is determined through the search information, so that the login process and the connection process are simplified, and the user experience is improved. And low login efficiency caused by account and password maintenance for each cloud server is avoided.

The invention discloses a port forwarding setting system and a jump server. The system is applied to the jump server. The system comprises an obtaining unit and a port forwarding generation unit which are established through utilization of batch processing codes of a windows operating system, wherein the obtaining unit is used for obtaining an IP address and a port needing to be forwarded and the IP address and the port needing to be connected. The port forwarding generation unit is used for generating a port forwarding mapping relationship according to the IP address and the port needing to be forwarded and the IP address and the port needing to be connected. According to the system and the jump server, on the basis of the batch processing codes of the windows, a user does not need to additionally install and deploy any software, hardware and environment on a windows computer and the port forwarding can be set rapidly directly through the port forwarding setting system, so a non-specialized person has a capability of managing a computer port as well, and a purpose of rapidly setting the port forwarding is achieved.

The invention discloses a shell script method for jump server user management. The method comprises the following steps of: creating a universal user on a template machine; setting the authority of the universal user; configuring a jump server SSH public key according to the user; cloning the set template machine into a plurality of managed server nodes; performing IP grouping on the managed servers on a jump server; and writing a jump script needing to be executed on the jump server. According to the method, a root super user does not need to get through all managed servers, so that the method is relatively safe and meets auditing requirements; operation and maintenance demand users are divided and designed, general configuration users are more suitable for batch configuration and operation, and maintenance and management with more users and large authority difference are reduced; a simple login registration function provides an analysis basis for a subsequent troubleshooting operation time period; and a managed server list is grouped more clearly and clearly, and the division level of the managed server list can achieve a group level.

The embodiment of the invention discloses a unified login method and device for a server, relates to the technical field of data processing, and can solve the problem that unified login of the servercannot be realized in the prior art. The method mainly comprises the following steps: receiving a login request by a proxy client on a jump server; judging whether a local server or a remote server isrequested to be logged in by the proxy client; if the logged server is the local server, sending the login request to the local server by the proxy client; and if the logged server is the remote server, then sending the login request to the remote server by the proxy client. The unified login method for the server provided by the invention is mainly applicable to a scene to log in to the server based on the jump server.

The invention relates to a unified SQL execution and query method and system. The method comprises the following steps: obtaining database related information, inquiring a matching database, selectingthe database, wherein the database is used for executing SQL statements; receiving an SQL statement, checking whether the SQL statement is in a white list; if the SQL statement is in the white list,checking the SQL grammar, and if the grammar is correct, analyzing the type of the SQL statement; and transferring the SQL statement into a server for execution, and returning a result set. Accordingto the invention, a related information instance name or ip is input; database operation and maintenance personnel can execute SQL without logging in the database; the database ip, the port, the username, the password and other information do not need to be owned, a bastion host and a springboard machine are not needed, the SQL can be issued to different database instances in a unified mode, batch databases are supported to execute the unified SQL, and in addition, a white list is arranged, so that the safety of a database system is improved.

The invention discloses a method for preventing a honeypot from being controlled to become a jump server based on virtual switching, which comprises the following steps of: utilizing an SDN controller to interact with an Openswitch switch through an OpenFlow protocol; defining a flow table item according to a rule; matching all messages entering the switch with a source MAC address in the flow table item of the switch according to a flow table; determining the validity / invalidity of the messages; matching the valid message determined according to the MAC address with the source IP in the switch flow table item according to the flow table, continuing to determining the validity / invalidity of the messages, and finally transferring the messages to a honeypot. Based on the OpenFlow protocol, the message passing through the switch is determined in the protocol, the determined invalid message is transferred to the honeypot, all attacks are limited in the range of the honeypot, then the message passing through the honeypot is periodically cleaned, so that the honeypot is prevented from being controlled to become a jump server to invade a real server, and the safety of a network system is guaranteed.

The invention discloses an IoT (Internet of Things) system remote test method, system and equipment. The method comprises the following steps: establishing a communication connection channel between a safety test server and a springboard machine, and confirming network information accessed by the IoT system through the springboard machine; a safety test server obtains fingerprint information of equipment in the IoT system; and the safety test server receives the abnormal communication flow between the devices in the IoT system captured by the springboard machine, analyzes the abnormal communication flow according to the fingerprint information of the devices, and determines and outputs the cause of abnormality. The safety test server and the gangplank machine are in communication connection with the IoT system to realize automatic safety test, manual code auditing and recognition are not needed, the response is fast, the recognition accuracy is high, and the method can be suitable for safety test and protection of the large IoT system.

The invention discloses a batch deployment method and system of a server cluster and a computer readable storage medium. The batch deployment method comprises the following steps of selecting an installation package according to a nat mapping mode in the server cluster; pre-storing a deployment tool and the installation package in a gangplank machine; establishing ssh connection between the springboard machine and a first server in the server cluster; the springboard machine uploading the deployment tool and the installation package to the first server through a remote scp deployment tool; thefirst server issuing installation packages to other servers in the server cluster in batches and carries out automatic installation, and then issuing the configuration information in batches; and thefirst server deploying other servers in the server cluster in batches. According to the batch deployment method and system of the server cluster and the computer readable storage medium, batch automatic deployment of video media forwarding services can be realized, and efficiency is greatly improved.

The invention discloses an operation execution method, a jump host, a cluster authentication server and a bastion host system. The method comprises the following steps: receiving the login information of a user sent by a client; carrying out dual identity authentication to the user based on the login information of the user; when the dual identity authentication is successful, receiving the operation information of a target server in a server cluster sent by the client; and sending the operation information to the server cluster to ensure that the cluster authentication server in the server cluster carries out identity authentication to the user, enabling the user to jump to login the corresponding target server in the server cluster when the cluster authentication server carries out successful identity authentication to the user, and executing the above corresponding operation to the corresponding target server. According to the above scheme, the security of the bastion host system can be increased.

The invention provides an alarm pushing method and system of a service platform, a terminal and a storage medium. The method comprises the following steps: establishing communication connection with a springboard machine connected with an external network; classifying the generated alarm information, and pushing the alarm information to a client through a local area network; and waiting for a receiving identifier returned by the client, and if the waiting time exceeds a set time threshold, calling a springboard machine to send the alarm information to the client through an external network. According to the invention, the springboard machine pushes the alarm information which is not successfully pushed internally to the client through the external network, so that the alarm is sent from the internal network to the external network mailbox and the mobile equipment, and 24-hour notification is facilitated. And the operation and maintenance personnel can receive the alarm of the intranet at any place in a multidirectional manner. According to the alarm mechanism, a user does not need to actively open corresponding software for alarm checking, excessive manual operation is not needed, the system is more intelligent and convenient, the overall stability of a service platform is enhanced, and the maintenance cost is saved for a company to a certain extent.