Nov 3 01:22:06 server sshd[11879]: Failed password for root from 123.127.5.131 port 38917 ssh2
Nov 3 01:22:17 server sshd[11880]: Received disconnect from 123.127.5.131: 13: The user canceled authentication.

Nov 3 03:15:08 server sshd[17524]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2
4.238.47.93.res-cmts.tv13.ptd.net user=root
Nov 3 03:15:11 server sshd[17524]: Failed password for root from 24.238.47.93 port 3033 ssh2
Nov 3 03:15:11 server sshd[17525]: Received disconnect from 24.238.47.93: 11: Bye Bye
Nov 3 05:14:12 server sshd[20460]: Invalid user a from 218.28.4.61
Nov 3 05:14:12 server sshd[20460]: Address 218.28.4.61 maps to pc0.zz.ha.cn, but this does not map back to the address - POS
SIBLE BREAK-IN ATTEMPT!
Nov 3 05:14:12 server sshd[20461]: input_userauth_request: invalid user a
Nov 3 05:14:12 server sshd[20460]: pam_unix(sshd:auth): check pass; user unknown
Nov 3 05:14:12 server sshd[20460]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2
18.28.4.61
Nov 3 05:14:14 server sshd[20460]: Failed password for invalid user a from 218.28.4.61 port 15683 ssh2
Nov 3 05:14:14 server sshd[20461]: Received disconnect from 218.28.4.61: 11: Bye Bye
Nov 3 05:14:16 server sshd[20467]: Invalid user 1 from 218.28.4.61
Nov 3 05:14:16 server sshd[20467]: Address 218.28.4.61 maps to pc0.zz.ha.cn, but this does not map back to the address - POS
SIBLE BREAK-IN ATTEMPT!
Nov 3 05:14:16 server sshd[20468]: input_userauth_request: invalid user 1
Nov 3 05:14:16 server sshd[20467]: pam_unix(sshd:auth): check pass; user unknown
Nov 3 05:14:16 server sshd[20467]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2
18.28.4.61
Nov 3 05:14:18 server sshd[20467]: Failed password for invalid user 1 from 218.28.4.61 port 15817 ssh2
Nov 3 05:14:18 server sshd[20468]: Received disconnect from 218.28.4.61: 11: Bye Bye
Nov 3 05:14:20 server sshd[20473]: Address 218.28.4.61 maps to pc0.zz.ha.cn, but this does not map back to the address - POS
SIBLE BREAK-IN ATTEMPT!
Nov 3 05:14:20 server sshd[20473]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2
18.28.4.61 user=root
Nov 3 05:14:22 server sshd[20473]: Failed password for root from 218.28.4.61 port 15940 ssh2
Nov 3 05:14:22 server sshd[20475]: Received disconnect from 218.28.4.61: 11: Bye Bye
Nov 3 05:14:24 server sshd[21504]: Address 218.28.4.61 maps to pc0.zz.ha.cn, but this does not map back to the address - POS
SIBLE BREAK-IN ATTEMPT!

更多的是类似这样的:

Nov 4 13:09:44 server sshd[9319]: Did not receive identification string from 66.197.176.130
Nov 4 13:15:24 server sshd[10015]: Did not receive identification string from UNKNOWN
Nov 4 13:16:25 server sshd[10200]: Did not receive identification string from UNKNOWN
Nov 4 13:18:28 server sshd[11524]: Did not receive identification string from UNKNOWN
Nov 4 13:19:24 server sshd[11579]: Did not receive identification string from UNKNOWN
Nov 4 13:20:24 server sshd[11707]: Did not receive identification string from UNKNOWN
Nov 4 13:21:24 server sshd[11782]: Did not receive identification string from UNKNOWN
Nov 4 13:22:24 server sshd[11854]: Did not receive identification string from UNKNOWN
Nov 4 13:24:26 server sshd[12036]: Did not receive identification string from UNKNOWN
Nov 4 13:25:26 server sshd[12201]: Did not receive identification string from UNKNOWN
Nov 4 13:26:26 server sshd[13312]: Did not receive identification string from UNKNOWN
Nov 4 13:27:26 server sshd[13400]: Did not receive identification string from UNKNOWN
Nov 4 13:28:26 server sshd[13542]: Did not receive identification string from UNKNOWN

看来安全问题不少,呵呵。于是开始行动,加固安全防线,打造一个安全的服务器,让老美黑客们也歇菜,哈哈。

首先,禁用root 远程登录,改ssh端口

vi /etc/ssh/sshd_config

PermitRootLogin no #禁用root 登录,创建一个普通用户用作远程登录,然后通过su -转为root 用户

#Port 22
Port 36301 #改到一般扫描器扫到累死才能找到的端口(从20 扫到 36301 … 哈哈)

重启 /etc/init.d/sshd restart

上述更改后,安全日志好几天没有动静,除了我自己登录的日志外,成果初现。不过好景不长,过几天后又发现有一试探登录日志:

Nov 9 15:57:02 server sshd[13948]: Did not receive identification string from 66.197.176.130
Nov 9 15:57:02 server sshd[13916]: Did not receive identification string from 66.197.176.130
Nov 9 15:57:02 server sshd[13949]: Did not receive identification string from 66.197.176.130
Nov 9 15:57:02 server sshd[13944]: Did not receive identification string from 66.197.176.130
Nov 9 22:58:17 server sshd[15736]: Did not receive identification string from UNKNOWN

Nov 9 22:59:17 server sshd[15972]: Did not receive identification string from UNKNOWN
Nov 9 23:00:18 server sshd[16163]: Did not receive identification string from UNKNOWN
Nov 9 23:01:18 server sshd[16309]: Did not receive identification string from UNKNOWN
Nov 9 23:02:18 server sshd[17579]: Did not receive identification string from UNKNOWN
Nov 9 23:03:18 server sshd[17736]: Did not receive identification string from UNKNOWN
Nov 9 23:04:17 server sshd[17846]: Did not receive identification string from UNKNOWN
Nov 9 23:05:17 server sshd[18021]: Did not receive identification string from UNKNOWN
Nov 9 23:06:20 server sshd[18103]: Did not receive identification string from UNKNOWN
Nov 9 23:07:20 server sshd[18166]: Did not receive identification string from UNKNOWN
Nov 9 23:08:20 server sshd[18307]: Did not receive identification string from UNKNOWN

嗯,看来这是一位执着的黑客,他的执着没有白费,终于找到我的ssh新端口。(my god,从22 扫描到36301需要多长时间???),看来我只能使出我的杀手剪了。封IPvi /etc/hosts.deny

sshd : ALL EXCEPT xxx.xxx.xxx.0/255.255.255.0 zzz.zzz.zzz.zz yyy.yyy.yyy.0/255.255.255.0

上面的意思是拒绝所有的IP ssh 登录除了我列出的IP
外。我上网是用的ADSL,通常在两个IP池中取得,所以上面的xxx.xxx.xxx.0 和 yyy.yyy.yyy.0 是我的动态ADSL ip
段。另外一个 zzz.zzz.zzz.zz
是我在单位的固定的IP,这个以防万一,万一我的ADSL网段变了,岂不是服务器也拒绝我的登录了?所以做IP拒绝时要慎重小心,不要把自己也锁在门外,
哈哈。

安全上述加固后,再查看日志 tail -fn100 secure

Nov 9 23:48:17 server sshd[30249]: refused connect from ::ffff:66.197.176.130 (::ffff:66.197.176.130)
Nov 9 23:49:17 server sshd[30319]: refused connect from ::ffff:66.197.176.130 (::ffff:66.197.176.130)
Nov 9 23:50:17 server sshd[30475]: refused connect from ::ffff:66.197.176.130 (::ffff:66.197.176.130)
Nov 9 23:51:18 server sshd[30539]: refused connect from ::ffff:66.197.176.130 (::ffff:66.197.176.130)
Nov 9 23:52:17 server sshd[30609]: refused connect from ::ffff:66.197.176.130 (::ffff:66.197.176.130)
Nov 9 23:53:17 server sshd[31752]: refused connect from ::ffff:66.197.176.130 (::ffff:66.197.176.130)
Nov 9 23:54:17 server sshd[31833]: refused connect from ::ffff:66.197.176.130 (::ffff:66.197.176.130)
Nov 9 23:55:17 server sshd[31978]: refused connect from ::ffff:66.197.176.130 (::ffff:66.197.176.130)
Nov 9 23:56:22 server sshd[32045]: refused connect from ::ffff:66.197.176.130 (::ffff:66.197.176.130)
Nov 9 23:57:18 server sshd[32105]: refused connect from ::ffff:66.197.176.130 (::ffff:66.197.176.130)
Nov 9 23:58:18 server sshd[32171]: refused connect from ::ffff:66.197.176.130 (::ffff:66.197.176.130)
Nov 9 23:59:17 server sshd[32238]: refused connect from ::ffff:66.197.176.130 (::ffff:66.197.176.130)
Nov 10 00:00:20 server sshd[32378]: refused connect from ::ffff:66.197.176.130 (::ffff:66.197.176.130)
Nov 10 00:01:20 server sshd[32450]: refused connect from ::ffff:66.197.176.130 (::ffff:66.197.176.130)
Nov 10 00:02:19 server sshd[32484]: refused connect fro

打造坚固的安全的Linux服务器(ssh登录篇)的更多相关文章

  1. Linux服务器---ssh登录

    Ssh登录     Ssh是建立在应用层和传输层的安全协议,专门为远程登录回话和其他网络服务提供安全性.利用ssh可以有效的防止远程管理中的信息泄露问题,同时ssh传输的数据是经过压缩的,可以加快传输 ...

  2. linux中ssh登录Permanently added (RSA) to the list of known hosts问题解决

    文章出自http://www.2cto.com/os/201307/227199.html linux中ssh登录Permanently added (RSA) to the list of know ...

  3. 给Linux设置SSH登录邮件提醒

    给Linux设置SSH登录邮件提醒 心血来潮,用 last 命令查看了登录记录,不看不知道,一看就有问题.竟然有两个陌生的IP ,一个是美国欧莱雅的,一个是北京联通的.真是郁闷,密码简单了真不行 后来 ...

  4. linux服务器ssh、公匙和密钥实战详解

    一..我们先建好一上haiwen用户用来,做为密码钥和SSH对像 二.修改vi /etc/ssh/sshd_config 文件,禁用ROOT远程直接登录. 三.ssh的公钥认证配置,只能用密匙才能登录 ...

  5. 设置多台机器linux服务器ssh相互无密码访问

    在每台服务器上都执行ssh-keygen -t rsa生成密钥对: $ ssh-keygen -t rsa Generating public/private rsa key pair. Enter ...

  6. linux服务器SSH破解预防方法

    1.linux服务器通过配置 /etc/hosts.deny 禁止对方IP通过SSH登录我的服务器 vim /etc/hosts.deny 2.不用SSH服务的默认端口22,重新设置一个新端口,最好设 ...

  7. Mac OS X下配置远程Linux 服务器SSH密钥认证自动登录

    1. 在本地机器创建公钥 打开万能的终端,执行如下命令,无视一切输出,一路欢快地回车即可. ssh-keygen -t rsa -C 'your email@domain.com' -t 指定密钥类型 ...

  8. Mac下配置远程Linux 服务器SSH密钥认证自动登录

    1. 在本地机器创建公钥 打开万能的终端,执行如下命令,无视一切输出,一路欢快地回车即可. ssh-keygen -t rsa -C 'your email@domain.com' -t 指定密钥类型 ...

  9. linux服务器ssh防爆破

    查看爆破次数记录 # cat /var/log/secure | awk '/Failed/{print $(NF-3)}' | sort | uniq -c | awk '{print $2&quo ...

随机推荐

  1. PreparedStatement设置时间

    程序代码里面需要用PreparedStatement来设置时间过滤参数,时间参数中带有时分秒,用ps.setDate来设置的时候,会丢失时间部分,只有日期,用setTimestamp来设置参数,既有日 ...

  2. primary key与unique的区别

    定义了 UNIQUE 约束的字段中不能包含重复值,可以为一个或多个字段定义 UNIQUE 约束.因此,UNIQUE 即可以在字段级也可以在表级定义, 在UNIQUED 约束的字段上可以包含空值.ORA ...

  3. VLC客户端和SDK的简单应用

    VLC_SDK编程指南 VLC 是一款自由.开源的跨平台多媒体播放器及框架,可播放大多数多媒体文件,以及 DVD.音频 CD.VCD 及各类流媒体协议.它可以支持目前市面上大多数的视频解码,除了Rea ...

  4. ubuntu中vim找不到配色方案blackboard

    在ubuntu下启动vim,提示找不到配色方案blackboard(或其他的), 如何挑选自己喜欢的配色方案呢?在/usr/share/vim/vim72/colors中,(这里根据自己的vim版本选 ...

  5. iframe自适应高度的多种方法方法小结(转)

    对于自适应高度的代码有很多,可效率什么的考虑进来好代码就不多见了,不过思路倒是差不多的不带边框的iframe因为能和网页无缝的结合从而不刷新页面的情况下更新页面的部分数据成为可能,可是 iframe的 ...

  6. Python之路第七天,基础(9)-面向对象(上)

    面向对象的编程思想 回想 我们所学过的编程方法: 面向过程:根据业务逻辑从上到下写堆叠代码. 函数式编程:将重复的代码封装到函数中,只需要写一遍,之后仅调用函数即可. 面向过程编程最易被初学者接受,其 ...

  7. 正式学习React(一) 开始学习之前必读

    为什么要加这个必读!因为webpack本身是基于node环境的, 里面会涉及很多路径问题,我们可能对paths怎么写!webpack又是怎么找到这些paths的很迷惑. 本文是我已经写完正式学习Rea ...

  8. (译)"usermod"命令使用完全指导---15个练习例程截图

    "usermod"命令使用完全指导---15个练习例程截图 By Babin Lonston Under: Linux Commands On: November 11, 2014 ...

  9. hdu1588之经典矩阵乘法

    Gauss Fibonacci Time Limit: 1000/1000 MS (Java/Others)    Memory Limit: 32768/32768 K (Java/Others) ...

  10. Hive 4、Hive 的安装配置(远端MyMql模式)

    1.remote一体 这种存储方式需要在远端服务器运行一个mysql服务器,并且需要在Hive服务器启动meta服务.这里用mysql的测试服务器,ip位192.168.1.214,新建hive_re ...