1. Linux

ssh安全第一

Written by Posted on Less than 0 min read

查看ssh日志发现,脚本小子又开始爆破操作了

$ sudo tail -99f /var/log/auth.log | grep ssh
Nov 1 22:19:23 localhost sshd[24935]: Failed password for root from 117.158.134.229 port 37634 ssh2
Nov 1 22:19:24 localhost sshd[24935]: Connection closed by authenticating user root 117.158.134.229 port 37634 [preauth]
Nov 1 22:19:24 localhost sshd[24943]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.158.134.229 user=root
Nov 1 22:19:26 localhost sshd[24943]: Failed password for root from 117.158.134.229 port 38300 ssh2
Nov 1 22:19:27 localhost sshd[24943]: Connection closed by authenticating user root 117.158.134.229 port 38300 [preauth]
Nov 1 22:19:27 localhost sshd[24987]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.158.134.229 user=root
Nov 1 22:19:29 localhost sshd[24987]: Failed password for root from 117.158.134.229 port 38795 ssh2
Nov 1 22:19:30 localhost sshd[24987]: Connection closed by authenticating user root 117.158.134.229 port 38795 [preauth]
Nov 1 22:19:30 localhost sshd[25040]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.158.134.229 user=root
Nov 1 22:19:32 localhost sshd[25040]: Failed password for root from 117.158.134.229 port 39269 ssh2
Nov 1 22:19:33 localhost sshd[25040]: Connection closed by authenticating user root 117.158.134.229 port 39269 [preauth]
Nov 1 22:19:33 localhost sshd[25070]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.158.134.229 user=root
Nov 1 22:19:36 localhost sshd[25070]: Failed password for root from 117.158.134.229 port 39816 ssh2
Nov 1 22:19:36 localhost sshd[25070]: Connection closed by authenticating user root 117.158.134.229 port 39816 [preauth]
Nov 1 22:19:36 localhost sshd[25106]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.158.134.229 user=root
Nov 1 22:19:39 localhost sshd[25106]: Failed password for root from 117.158.134.229 port 40212 ssh2
Nov 1 22:19:39 localhost sshd[25106]: Connection closed by authenticating user root 117.158.134.229 port 40212 [preauth]
Nov 1 22:19:40 localhost sshd[25129]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.158.134.229 user=root

虽然我的密码很复杂,但是这些该死的爆破脚本,天天这样搞也很烦人,记得我之前写过一篇[转] SSH 配置密钥登录,今天就再部署一下吧!

生成rsa密钥对就不过多赘述了,生成好密钥对之后把私钥复制到本地,公钥留在服务器上即可。最好把默认端口号22也给改了,世界清净了!

Related articles

Next