大佬们, ssh 设置密钥登陆, lastb 还能看到异常 IP 尝试访问,是啥原因,谢谢

2019-06-27 14:43:27 +08:00
 symbolic

[root@172.21.139.45 ~]# grep "Password" /etc/ssh/sshd_config
#PermitEmptyPasswords no
PasswordAuthentication no

[root@172.21.139.45 ~]# lastb admin ssh:notty 37.76.137.129 Thu Jun 27 08:27 - 08:27 (00:00)
admin ssh:notty 200.196.45.145 Thu Jun 27 08:27 - 08:27 (00:00)
admin ssh:notty 189.112.49.210 Wed Jun 26 12:04 - 12:04 (00:00)
admin ssh:notty 119.42.81.142 Tue Jun 25 15:40 - 15:40 (00:00)
admin ssh:notty 172.220.1.94 Tue Jun 25 15:40 - 15:40 (00:00)
admin ssh:notty 113.184.184.54 Mon Jun 24 00:58 - 00:58 (00:00)
admin ssh:notty 117.244.91.88 Mon Jun 24 00:58 - 00:58 (00:00)
admin ssh:notty 197.35.198.235 Sun Jun 23 04:37 - 04:37 (00:00)
admin ssh:notty 103.124.146.222 Sun Jun 23 04:37 - 04:37 (00:00)
admin ssh:notty 123.20.233.224 Sat Jun 22 08:01 - 08:01 (00:00)
admin ssh:notty 113.186.135.4 Sat Jun 22 08:01 - 08:01 (00:00)
admin ssh:notty 152.246.169.166 Fri Jun 21 07:38 - 07:38 (00:00)
admin ssh:notty 156.194.228.224 Thu Jun 20 18:01 - 18:01 (00:00)
admin ssh:notty 188.124.211.191 Thu Jun 20 04:24 - 04:24 (00:00)

secure log Jun 25 15:40:24 production sshd[31521]: Invalid user admin from 172.220.1.94 port 48677
Jun 25 15:40:24 production sshd[31521]: input_userauth_request: invalid user admin [preauth]
Jun 25 15:40:28 production sshd[31525]: Invalid user admin from 119.42.81.142 port 35310
Jun 25 15:40:28 production sshd[31525]: input_userauth_request: invalid user admin [preauth]
Jun 25 15:40:29 production sshd[31525]: Connection closed by 119.42.81.142 port 35310 [preauth]
Jun 26 08:32:34 production sshd[16352]: Did not receive identification string from 47.94.39.226 port 35456
Jun 26 12:04:14 production sshd[26726]: Invalid user admin from 189.112.49.210 port 38888
Jun 26 12:04:14 production sshd[26726]: input_userauth_request: invalid user admin [preauth]
Jun 26 12:04:15 production sshd[26726]: Connection closed by 189.112.49.210 port 38888 [preauth]
Jun 26 13:55:57 production sshd[32213]: Did not receive identification string from 47.97.21.76 port 47988
Jun 26 20:37:33 production sshd[19534]: Did not receive identification string from 106.15.76.92 port 52986
Jun 27 00:30:54 production sshd[30959]: Did not receive identification string from 47.100.130.114 port 38736
Jun 27 01:33:21 production sshd[1568]: Connection closed by 27.122.59.100 port 43122 [preauth]
Jun 27 01:33:24 production sshd[1573]: Connection closed by 27.122.59.100 port 33213 [preauth]
Jun 27 05:01:55 production sshd[11880]: Connection closed by 132.68.74.160 port 40820 [preauth]
Jun 27 05:25:23 production sshd[13021]: Did not receive identification string from 119.23.138.247 port 38410
Jun 27 08:27:50 production sshd[21953]: Invalid user admin from 200.196.45.145 port 47259
Jun 27 08:27:50 production sshd[21953]: input_userauth_request: invalid user admin [preauth]
Jun 27 08:27:52 production sshd[21953]: Connection closed by 200.196.45.145 port 47259 [preauth]
Jun 27 08:27:54 production sshd[21960]: Invalid user admin from 37.76.137.129 port 60114
Jun 27 08:27:54 production sshd[21960]: input_userauth_request: invalid user admin [preauth]
Jun 27 08:27:55 production sshd[21960]: Connection closed by 37.76.137.129 port 60114 [preauth]
Jun 27 11:49:50 production sshd[31855]: Did not receive identification string from 118.31.244.58 port 47726

大佬们懂的话,说下访问者具体怎么做到的,谢谢

3733 次点击
所在节点    Linux
8 条回复
wqsfree
2019-06-27 15:14:40 +08:00
只是尝试登录失败,系统会记录失败日志,没有密钥是登录不上去的,多年以前我自己写过一个脚本,登录三次失败,会把 IP 加进黑名单,拒绝黑名单 IP 登录,这样就不会显示黑名单的 IP 了。
julyclyde
2019-06-27 15:25:15 +08:00
呼唤理解能力啊!
你不让进还能不让别人试么?
tankren
2019-06-27 15:41:57 +08:00
端口改了没?
加个 fail2ban
lvzhiqiang
2019-06-27 15:49:17 +08:00
把默认 22 端口修改下呗。
mingl0280
2019-06-27 15:56:41 +08:00
加个 fail2ban 也行
symbolic
2019-06-27 16:14:37 +08:00
谢谢各位大佬给出的建议,我这试试
chinesestudio
2019-06-28 00:07:14 +08:00
@wqsfree csf lfd fail2ban 免费工具
unknowncheater
2019-06-28 00:38:58 +08:00
fail2ban

这是一个专为移动设备优化的页面(即为了让你能够在 Google 搜索结果里秒开这个页面),如果你希望参与 V2EX 社区的讨论,你可以继续到 V2EX 上打开本讨论主题的完整版本。

https://www.v2ex.com/t/577998

V2EX 是创意工作者们的社区,是一个分享自己正在做的有趣事物、交流想法,可以遇见新朋友甚至新机会的地方。

V2EX is a community of developers, designers and creative people.

© 2021 V2EX