服务器 SSH 端口被不断试探登录,怎么防护?

2020-05-04 11:34:44 +08:00
 godall
每隔几秒就有这样的记录,而且 ip 地址又是变化的,怎么防护啊?


优先层级 日志 日期 & 时间 用户 事件
Warning 连接 2020/05/04 11:21:10 SYSTEM User [winpc] from [36.67.106.109] failed to log in via [SSH] due to authorization failure.
Warning 连接 2020/05/04 11:20:44 SYSTEM User [jack] from [27.115.62.134] failed to log in via [SSH] due to authorization failure.
Warning 连接 2020/05/04 11:20:39 SYSTEM User [root] from [35.200.185.127] failed to log in via [SSH] due to authorization failure.
Warning 连接 2020/05/04 11:20:34 SYSTEM User [internat] from [186.179.103.118] failed to log in via [SSH] due to authorization failure.
Warning 连接 2020/05/04 11:20:32 SYSTEM User [root] from [203.245.41.96] failed to log in via [SSH] due to authorization failure.
Warning 连接 2020/05/04 11:20:28 SYSTEM User [root] from [195.231.4.203] failed to log in via [SSH] due to authorization failure.
Warning 连接 2020/05/04 11:20:25 SYSTEM User [chantal] from [207.154.206.212] failed to log in via [SSH] due to authorization failure.
Warning 连接 2020/05/04 11:20:16 SYSTEM User [root] from [112.5.172.26] failed to log in via [SSH] due to authorization failure.
Warning 连接 2020/05/04 11:20:11 SYSTEM User [testuser] from [122.225.230.10] failed to log in via [SSH] due to authorization failure.
Warning 连接 2020/05/04 11:20:10 SYSTEM User [root] from [62.210.119.215] failed to log in via [SSH] due to authorization failure.
Warning 连接 2020/05/04 11:20:02 SYSTEM User [temp] from [106.12.100.73] failed to log in via [SSH] due to authorization failure.
4825 次点击
所在节点    问与答
31 条回复
godall
2020-05-04 11:35:46 +08:00
补充一下,ssh 端口已经改成其他端口了。
RiESA
2020-05-04 11:47:47 +08:00
用 fail2ban
marcushbs
2020-05-04 11:50:17 +08:00
把密码加长到 30 位以上,10 年内不用愁.....
wangxiaoaer
2020-05-04 11:53:52 +08:00
密码登陆不能关掉吗?
Acoffice
2020-05-04 11:54:08 +08:00
同二楼,或者限制指定用户登录.
gamesbain
2020-05-04 11:55:30 +08:00
用 key 登录。把密码登录关了。万事大吉。
Rehtt
2020-05-04 12:18:01 +08:00
密码登录关掉用证书
Navee
2020-05-04 12:31:53 +08:00
禁止 root 登陆
fail2ban
godall
2020-05-04 12:42:42 +08:00
关闭密码登录后,还是有一堆 TIME_WAIT

(Not all processes could be identified, non-owned process info
will not be shown, you would have to be root to see it all.)
tcp 0 0 0.0.0.0:25072 0.0.0.0:* LISTEN -
tcp 0 0 192.168.1.32:2022 120.53.1.97:47342 TIME_WAIT -
tcp 0 0 192.168.1.32:2022 106.12.100.73:41270 TIME_WAIT -
tcp 0 96 192.168.1.32:2022 192.168.1.161:58356 ESTABLISHED -
tcp 0 0 192.168.1.32:2022 139.199.98.175:41298 TIME_WAIT -
tcp 0 0 192.168.1.32:2022 167.172.49.241:44890 TIME_WAIT -
tcp 0 0 192.168.1.32:2022 202.111.14.122:54199 TIME_WAIT -
tcp 0 0 192.168.1.32:2022 58.212.220.210:54120 TIME_WAIT -
tcp 0 0 192.168.1.32:2022 122.114.249.199:58938 TIME_WAIT -
tcp6 0 0 :::2022 :::* LISTEN -
twl007
2020-05-04 13:49:19 +08:00
fail2ban 可解 我已经 ban 了 20w+的 ip 了
lithiumii
2020-05-04 14:39:21 +08:00
换端口,禁 root 登录,fail2ban,禁密码登录……我一般只做前三
akira
2020-05-04 15:05:20 +08:00
这些都是批量扫的。
服务器拿到手,第一步就是 换端口 + 密钥
vigack
2020-05-04 15:12:26 +08:00
密码够强的话不用在意吧,强迫症患者的话可以 IP 白名单+跳板机登陆。
ieric
2020-05-04 15:13:09 +08:00
真是无聊
root
root 123456
...
能中的机率比买彩票高点吧?
flynaj
2020-05-04 15:46:21 +08:00
在改端口,改高一点。要不就是安装 knockd
Xusually
2020-05-04 15:47:34 +08:00
禁止密码登陆吧
tankren
2020-05-04 16:28:01 +08:00
改端口 关闭密码登录用 key 登录 fail2ban
falcon05
2020-05-04 16:38:00 +08:00
我最近用 v2ray,发现新一个方法,根本不暴露 ssh 端口到外网,服务器安装 v2ray 服务,wss 443 伪装网站访问,然后本地用 v2ray 连接到服务器后,ssh 客户端使用 v2ray 代理端口作代理连接服务器,这时服务器的地址是 127.0.0.1
ZZSZZSZZS
2020-05-04 17:25:41 +08:00
禁止密码登录,只让用 key 登录
tulongtou
2020-05-04 17:28:51 +08:00
@marcushbs 正确的姿势不是应该禁止密码登陆么

这是一个专为移动设备优化的页面(即为了让你能够在 Google 搜索结果里秒开这个页面),如果你希望参与 V2EX 社区的讨论,你可以继续到 V2EX 上打开本讨论主题的完整版本。

https://www.v2ex.com/t/668406

V2EX 是创意工作者们的社区,是一个分享自己正在做的有趣事物、交流想法,可以遇见新朋友甚至新机会的地方。

V2EX is a community of developers, designers and creative people.

© 2021 V2EX