大佬们, ssh 设置密钥登陆, lastb 还能看到异常 IP 尝试访问,是啥原因,谢谢
symbolic 2019-06-27 14:43:27 +08:00 4081 次点击这是一个创建于 2304 天前的主题,其中的信息可能已经有所发展或是发生改变。
[[email protected] ~]# grep "Password" /etc/ssh/sshd_config
#PermitEmptyPasswords no
PasswordAuthentication no
[[email protected] ~]# lastb admin ssh:notty 37.76.137.129 Thu Jun 27 08:27 - 08:27 (00:00)
admin ssh:notty 200.196.45.145 Thu Jun 27 08:27 - 08:27 (00:00)
admin ssh:notty 189.112.49.210 Wed Jun 26 12:04 - 12:04 (00:00)
admin ssh:notty 119.42.81.142 Tue Jun 25 15:40 - 15:40 (00:00)
admin ssh:notty 172.220.1.94 Tue Jun 25 15:40 - 15:40 (00:00)
admin ssh:notty 113.184.184.54 Mon Jun 24 00:58 - 00:58 (00:00)
admin ssh:notty 117.244.91.88 Mon Jun 24 00:58 - 00:58 (00:00)
admin ssh:notty 197.35.198.235 Sun Jun 23 04:37 - 04:37 (00:00)
admin ssh:notty 103.124.146.222 Sun Jun 23 04:37 - 04:37 (00:00)
admin ssh:notty 123.20.233.224 Sat Jun 22 08:01 - 08:01 (00:00)
admin ssh:notty 113.186.135.4 Sat Jun 22 08:01 - 08:01 (00:00)
admin ssh:notty 152.246.169.166 Fri Jun 21 07:38 - 07:38 (00:00)
admin ssh:notty 156.194.228.224 Thu Jun 20 18:01 - 18:01 (00:00)
admin ssh:notty 188.124.211.191 Thu Jun 20 04:24 - 04:24 (00:00)
secure log Jun 25 15:40:24 production sshd[31521]: Invalid user admin from 172.220.1.94 port 48677
Jun 25 15:40:24 production sshd[31521]: input_userauth_request: invalid user admin [preauth]
Jun 25 15:40:28 production sshd[31525]: Invalid user admin from 119.42.81.142 port 35310
Jun 25 15:40:28 production sshd[31525]: input_userauth_request: invalid user admin [preauth]
Jun 25 15:40:29 production sshd[31525]: Connection closed by 119.42.81.142 port 35310 [preauth]
Jun 26 08:32:34 production sshd[16352]: Did not receive identification string from 47.94.39.226 port 35456
Jun 26 12:04:14 production sshd[26726]: Invalid user admin from 189.112.49.210 port 38888
Jun 26 12:04:14 production sshd[26726]: input_userauth_request: invalid user admin [preauth]
Jun 26 12:04:15 production sshd[26726]: Connection closed by 189.112.49.210 port 38888 [preauth]
Jun 26 13:55:57 production sshd[32213]: Did not receive identification string from 47.97.21.76 port 47988
Jun 26 20:37:33 production sshd[19534]: Did not receive identification string from 106.15.76.92 port 52986
Jun 27 00:30:54 production sshd[30959]: Did not receive identification string from 47.100.130.114 port 38736
Jun 27 01:33:21 production sshd[1568]: Connection closed by 27.122.59.100 port 43122 [preauth]
Jun 27 01:33:24 production sshd[1573]: Connection closed by 27.122.59.100 port 33213 [preauth]
Jun 27 05:01:55 production sshd[11880]: Connection closed by 132.68.74.160 port 40820 [preauth]
Jun 27 05:25:23 production sshd[13021]: Did not receive identification string from 119.23.138.247 port 38410
Jun 27 08:27:50 production sshd[21953]: Invalid user admin from 200.196.45.145 port 47259
Jun 27 08:27:50 production sshd[21953]: input_userauth_request: invalid user admin [preauth]
Jun 27 08:27:52 production sshd[21953]: Connection closed by 200.196.45.145 port 47259 [preauth]
Jun 27 08:27:54 production sshd[21960]: Invalid user admin from 37.76.137.129 port 60114
Jun 27 08:27:54 production sshd[21960]: input_userauth_request: invalid user admin [preauth]
Jun 27 08:27:55 production sshd[21960]: Connection closed by 37.76.137.129 port 60114 [preauth]
Jun 27 11:49:50 production sshd[31855]: Did not receive identification string from 118.31.244.58 port 47726
大佬们懂的话,说下访问者具体怎么做到的,谢谢
8 条回复 2019-06-28 00:38:58 +08:00
 | 1 wqsfree 2019-06-27 15:14:40 +08:00 只是尝试登录失败,系统会记录失败日志,没有密钥是登录不上去的,多年以前我自己写过一个脚本,登录三次失败,会把 IP 加进黑名单,拒绝黑名单 IP 登录,这样就不会显示黑名单的 IP 了。 |
 | 2 julyclyde 2019-06-27 15:25:15 +08:00 呼唤理解能力啊! 你不让进还能不让别人试么? |
 | 3 tankren 2019-06-27 15:41:57 +08:00 端口改了没? 加个 fail2ban |
 | 4 lvzhiqiang 2019-06-27 15:49:17 +08:00 把默认 22 端口修改下呗。 |
 | 5 mingl0280 2019-06-27 15:56:41 +08:00 via Android 加个 fail2ban 也行 |
 | 6 symbolic OP 谢谢各位大佬给出的建议,我这试试 |
 | 7 chinesestudio 2019-06-28 00:07:14 +08:00 via Android @wqsfree csf lfd fail2ban 免费工具 |
 | 8 unknowncheater 2019-06-28 00:38:58 +08:00 fail2ban |
Select Language