服务器 SSH 端口被不断试探登录,怎么防护?

2020-05-04 11:34:44 +08:00
 godall
每隔几秒就有这样的记录,而且 ip 地址又是变化的,怎么防护啊?


优先层级 日志 日期 & 时间 用户 事件
Warning 连接 2020/05/04 11:21:10 SYSTEM User [winpc] from [36.67.106.109] failed to log in via [SSH] due to authorization failure.
Warning 连接 2020/05/04 11:20:44 SYSTEM User [jack] from [27.115.62.134] failed to log in via [SSH] due to authorization failure.
Warning 连接 2020/05/04 11:20:39 SYSTEM User [root] from [35.200.185.127] failed to log in via [SSH] due to authorization failure.
Warning 连接 2020/05/04 11:20:34 SYSTEM User [internat] from [186.179.103.118] failed to log in via [SSH] due to authorization failure.
Warning 连接 2020/05/04 11:20:32 SYSTEM User [root] from [203.245.41.96] failed to log in via [SSH] due to authorization failure.
Warning 连接 2020/05/04 11:20:28 SYSTEM User [root] from [195.231.4.203] failed to log in via [SSH] due to authorization failure.
Warning 连接 2020/05/04 11:20:25 SYSTEM User [chantal] from [207.154.206.212] failed to log in via [SSH] due to authorization failure.
Warning 连接 2020/05/04 11:20:16 SYSTEM User [root] from [112.5.172.26] failed to log in via [SSH] due to authorization failure.
Warning 连接 2020/05/04 11:20:11 SYSTEM User [testuser] from [122.225.230.10] failed to log in via [SSH] due to authorization failure.
Warning 连接 2020/05/04 11:20:10 SYSTEM User [root] from [62.210.119.215] failed to log in via [SSH] due to authorization failure.
Warning 连接 2020/05/04 11:20:02 SYSTEM User [temp] from [106.12.100.73] failed to log in via [SSH] due to authorization failure.
4826 次点击
所在节点    问与答
31 条回复
marcushbs
2020-05-04 17:50:14 +08:00
@tulongtou 的确如此,但第一有些公司有条件限制,要求必须用密码;第二,key 文件可以近似看作 length 3000 的 password....
sampeng
2020-05-04 18:46:16 +08:00
@marcushbs 限制必须用密码的都是傻子型公司。第二,你家 key 文件像 passowrd 要传到远端去的?还近似…完全是两个不同原理的认证方式
vocaloidchina
2020-05-04 18:55:04 +08:00
最简单的办法就是改端口,也不用证书啥的,就可以让每月尝试登陆数量降至 1-10 次
marcushbs
2020-05-04 19:40:34 +08:00
@sampeng

Initial IV client to server: HASH(K || H || "A" || session_id)
Initial IV server to client: HASH(K || H || "B" || session_id)
Encryption key client to server: HASH(K || H || "C" || session_id)
Encryption key server to client: HASH(K || H || "D" || session_id)
Integrity key client to server: HASH(K || H || "E" || session_id)
Integrity key server to client: HASH(K || H || "F" || session_id)

假设穷举一个 3000bytes 的 id_rsa 文件,所以说“近似”,参见:

https://gravitational.com/blog/ssh-handshake-explained/
ps1aniuge
2020-05-04 19:42:44 +08:00
分享 Linux 中执行的 powershell 脚本:ssh-deny-host
https://www.v2ex.com/t/612075
好吃得话,请给铜板。
ytmsdy
2020-05-04 19:59:19 +08:00
证书登录就行了。
niubee1
2020-05-04 20:05:19 +08:00
证书登录、关闭密码登录、fail2ban 基本上能防住 99%的攻击
wangyuescr
2020-05-04 20:08:40 +08:00
@ieric 曾经学生腾讯云主机还真是这个密码 后来被上了一课
nijux
2020-05-04 20:12:50 +08:00
https://www.sshguard.net/
推荐
isnullstring
2020-05-04 21:53:13 +08:00
换端口,key 登录
ps1aniuge
2020-05-05 16:41:39 +08:00
服务器 SSH 端口被不断试探登录,怎么防护?
答:
我 at 所有看帖人,我用 powershell 写了一个工具《弹性 sshd 端口》,
入 qq 群,183173532,,1 元辛苦费找我购买。
写作目的:
1 富强。
2 防止黑客从端口穷举密码。

脚本特性:
1 弹性 sshd 端口,随机 n 分钟,更换端口。
2 用 powershell 在客户机输出弹性端口,你就可以用 plink 连接此端口。

系统需求:
1 支持 opensshd,支持 dropbear 。支持 linux,支持 win,但你需要告诉我你的 sshd_config 的位置。
2 必须在服务端,客户端安装 powershell 。对于 win 服务端,客户端,这不是问题。因为系统已经集成 powershell 了。

这是一个专为移动设备优化的页面(即为了让你能够在 Google 搜索结果里秒开这个页面),如果你希望参与 V2EX 社区的讨论,你可以继续到 V2EX 上打开本讨论主题的完整版本。

https://www.v2ex.com/t/668406

V2EX 是创意工作者们的社区,是一个分享自己正在做的有趣事物、交流想法,可以遇见新朋友甚至新机会的地方。

V2EX is a community of developers, designers and creative people.

© 2021 V2EX