Nov 3 01:22:06 server sshd[11879]: Failed password for root from 123.127.5.131 port 38917 ssh2
Nov 3 01:22:17 server sshd[11880]: Received disconnect from 123.127.5.131: 13: The user canceled authentication.

Nov 3 03:15:08 server sshd[17524]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2
4.238.47.93.res-cmts.tv13.ptd.net user=root
Nov 3 03:15:11 server sshd[17524]: Failed password for root from 24.238.47.93 port 3033 ssh2
Nov 3 03:15:11 server sshd[17525]: Received disconnect from 24.238.47.93: 11: Bye Bye
Nov 3 05:14:12 server sshd[20460]: Invalid user a from 218.28.4.61
Nov 3 05:14:12 server sshd[20460]: Address 218.28.4.61 maps to pc0.zz.ha.cn, but this does not map back to the address - POS
SIBLE BREAK-IN ATTEMPT!
Nov 3 05:14:12 server sshd[20461]: input_userauth_request: invalid user a
Nov 3 05:14:12 server sshd[20460]: pam_unix(sshd:auth): check pass; user unknown
Nov 3 05:14:12 server sshd[20460]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2
18.28.4.61
Nov 3 05:14:14 server sshd[20460]: Failed password for invalid user a from 218.28.4.61 port 15683 ssh2
Nov 3 05:14:14 server sshd[20461]: Received disconnect from 218.28.4.61: 11: Bye Bye
Nov 3 05:14:16 server sshd[20467]: Invalid user 1 from 218.28.4.61
Nov 3 05:14:16 server sshd[20467]: Address 218.28.4.61 maps to pc0.zz.ha.cn, but this does not map back to the address - POS
SIBLE BREAK-IN ATTEMPT!
Nov 3 05:14:16 server sshd[20468]: input_userauth_request: invalid user 1
Nov 3 05:14:16 server sshd[20467]: pam_unix(sshd:auth): check pass; user unknown
Nov 3 05:14:16 server sshd[20467]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2
18.28.4.61
Nov 3 05:14:18 server sshd[20467]: Failed password for invalid user 1 from 218.28.4.61 port 15817 ssh2
Nov 3 05:14:18 server sshd[20468]: Received disconnect from 218.28.4.61: 11: Bye Bye
Nov 3 05:14:20 server sshd[20473]: Address 218.28.4.61 maps to pc0.zz.ha.cn, but this does not map back to the address - POS
SIBLE BREAK-IN ATTEMPT!
Nov 3 05:14:20 server sshd[20473]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2
18.28.4.61 user=root
Nov 3 05:14:22 server sshd[20473]: Failed password for root from 218.28.4.61 port 15940 ssh2
Nov 3 05:14:22 server sshd[20475]: Received disconnect from 218.28.4.61: 11: Bye Bye
Nov 3 05:14:24 server sshd[21504]: Address 218.28.4.61 maps to pc0.zz.ha.cn, but this does not map back to the address - POS
SIBLE BREAK-IN ATTEMPT!

更多的是类似这样的:

Nov 4 13:09:44 server sshd[9319]: Did not receive identification string from 66.197.176.130
Nov 4 13:15:24 server sshd[10015]: Did not receive identification string from UNKNOWN
Nov 4 13:16:25 server sshd[10200]: Did not receive identification string from UNKNOWN
Nov 4 13:18:28 server sshd[11524]: Did not receive identification string from UNKNOWN
Nov 4 13:19:24 server sshd[11579]: Did not receive identification string from UNKNOWN
Nov 4 13:20:24 server sshd[11707]: Did not receive identification string from UNKNOWN
Nov 4 13:21:24 server sshd[11782]: Did not receive identification string from UNKNOWN
Nov 4 13:22:24 server sshd[11854]: Did not receive identification string from UNKNOWN
Nov 4 13:24:26 server sshd[12036]: Did not receive identification string from UNKNOWN
Nov 4 13:25:26 server sshd[12201]: Did not receive identification string from UNKNOWN
Nov 4 13:26:26 server sshd[13312]: Did not receive identification string from UNKNOWN
Nov 4 13:27:26 server sshd[13400]: Did not receive identification string from UNKNOWN
Nov 4 13:28:26 server sshd[13542]: Did not receive identification string from UNKNOWN

看来安全问题不少,呵呵。于是开始行动,加固安全防线,打造一个安全的服务器,让老美黑客们也歇菜,哈哈。

首先,禁用root 远程登录,改ssh端口

vi /etc/ssh/sshd_config

PermitRootLogin no #禁用root 登录,创建一个普通用户用作远程登录,然后通过su -转为root 用户

#Port 22
Port 36301 #改到一般扫描器扫到累死才能找到的端口(从20 扫到 36301 … 哈哈)

重启 /etc/init.d/sshd restart

上述更改后,安全日志好几天没有动静,除了我自己登录的日志外,成果初现。不过好景不长,过几天后又发现有一试探登录日志:

Nov 9 15:57:02 server sshd[13948]: Did not receive identification string from 66.197.176.130
Nov 9 15:57:02 server sshd[13916]: Did not receive identification string from 66.197.176.130
Nov 9 15:57:02 server sshd[13949]: Did not receive identification string from 66.197.176.130
Nov 9 15:57:02 server sshd[13944]: Did not receive identification string from 66.197.176.130
Nov 9 22:58:17 server sshd[15736]: Did not receive identification string from UNKNOWN

Nov 9 22:59:17 server sshd[15972]: Did not receive identification string from UNKNOWN
Nov 9 23:00:18 server sshd[16163]: Did not receive identification string from UNKNOWN
Nov 9 23:01:18 server sshd[16309]: Did not receive identification string from UNKNOWN
Nov 9 23:02:18 server sshd[17579]: Did not receive identification string from UNKNOWN
Nov 9 23:03:18 server sshd[17736]: Did not receive identification string from UNKNOWN
Nov 9 23:04:17 server sshd[17846]: Did not receive identification string from UNKNOWN
Nov 9 23:05:17 server sshd[18021]: Did not receive identification string from UNKNOWN
Nov 9 23:06:20 server sshd[18103]: Did not receive identification string from UNKNOWN
Nov 9 23:07:20 server sshd[18166]: Did not receive identification string from UNKNOWN
Nov 9 23:08:20 server sshd[18307]: Did not receive identification string from UNKNOWN

嗯,看来这是一位执着的黑客,他的执着没有白费,终于找到我的ssh新端口。(my god,从22 扫描到36301需要多长时间???),看来我只能使出我的杀手剪了。封IPvi /etc/hosts.deny

sshd : ALL EXCEPT xxx.xxx.xxx.0/255.255.255.0 zzz.zzz.zzz.zz yyy.yyy.yyy.0/255.255.255.0

上面的意思是拒绝所有的IP ssh 登录除了我列出的IP
外。我上网是用的ADSL,通常在两个IP池中取得,所以上面的xxx.xxx.xxx.0 和 yyy.yyy.yyy.0 是我的动态ADSL ip
段。另外一个 zzz.zzz.zzz.zz
是我在单位的固定的IP,这个以防万一,万一我的ADSL网段变了,岂不是服务器也拒绝我的登录了?所以做IP拒绝时要慎重小心,不要把自己也锁在门外,
哈哈。

安全上述加固后,再查看日志 tail -fn100 secure

Nov 9 23:48:17 server sshd[30249]: refused connect from ::ffff:66.197.176.130 (::ffff:66.197.176.130)
Nov 9 23:49:17 server sshd[30319]: refused connect from ::ffff:66.197.176.130 (::ffff:66.197.176.130)
Nov 9 23:50:17 server sshd[30475]: refused connect from ::ffff:66.197.176.130 (::ffff:66.197.176.130)
Nov 9 23:51:18 server sshd[30539]: refused connect from ::ffff:66.197.176.130 (::ffff:66.197.176.130)
Nov 9 23:52:17 server sshd[30609]: refused connect from ::ffff:66.197.176.130 (::ffff:66.197.176.130)
Nov 9 23:53:17 server sshd[31752]: refused connect from ::ffff:66.197.176.130 (::ffff:66.197.176.130)
Nov 9 23:54:17 server sshd[31833]: refused connect from ::ffff:66.197.176.130 (::ffff:66.197.176.130)
Nov 9 23:55:17 server sshd[31978]: refused connect from ::ffff:66.197.176.130 (::ffff:66.197.176.130)
Nov 9 23:56:22 server sshd[32045]: refused connect from ::ffff:66.197.176.130 (::ffff:66.197.176.130)
Nov 9 23:57:18 server sshd[32105]: refused connect from ::ffff:66.197.176.130 (::ffff:66.197.176.130)
Nov 9 23:58:18 server sshd[32171]: refused connect from ::ffff:66.197.176.130 (::ffff:66.197.176.130)
Nov 9 23:59:17 server sshd[32238]: refused connect from ::ffff:66.197.176.130 (::ffff:66.197.176.130)
Nov 10 00:00:20 server sshd[32378]: refused connect from ::ffff:66.197.176.130 (::ffff:66.197.176.130)
Nov 10 00:01:20 server sshd[32450]: refused connect from ::ffff:66.197.176.130 (::ffff:66.197.176.130)
Nov 10 00:02:19 server sshd[32484]: refused connect fro

打造坚固的安全的Linux服务器(ssh登录篇)的更多相关文章

  1. Linux服务器---ssh登录

    Ssh登录     Ssh是建立在应用层和传输层的安全协议,专门为远程登录回话和其他网络服务提供安全性.利用ssh可以有效的防止远程管理中的信息泄露问题,同时ssh传输的数据是经过压缩的,可以加快传输 ...

  2. linux中ssh登录Permanently added (RSA) to the list of known hosts问题解决

    文章出自http://www.2cto.com/os/201307/227199.html linux中ssh登录Permanently added (RSA) to the list of know ...

  3. 给Linux设置SSH登录邮件提醒

    给Linux设置SSH登录邮件提醒 心血来潮,用 last 命令查看了登录记录,不看不知道,一看就有问题.竟然有两个陌生的IP ,一个是美国欧莱雅的,一个是北京联通的.真是郁闷,密码简单了真不行 后来 ...

  4. linux服务器ssh、公匙和密钥实战详解

    一..我们先建好一上haiwen用户用来,做为密码钥和SSH对像 二.修改vi /etc/ssh/sshd_config 文件,禁用ROOT远程直接登录. 三.ssh的公钥认证配置,只能用密匙才能登录 ...

  5. 设置多台机器linux服务器ssh相互无密码访问

    在每台服务器上都执行ssh-keygen -t rsa生成密钥对: $ ssh-keygen -t rsa Generating public/private rsa key pair. Enter ...

  6. linux服务器SSH破解预防方法

    1.linux服务器通过配置 /etc/hosts.deny 禁止对方IP通过SSH登录我的服务器 vim /etc/hosts.deny 2.不用SSH服务的默认端口22,重新设置一个新端口,最好设 ...

  7. Mac OS X下配置远程Linux 服务器SSH密钥认证自动登录

    1. 在本地机器创建公钥 打开万能的终端,执行如下命令,无视一切输出,一路欢快地回车即可. ssh-keygen -t rsa -C 'your email@domain.com' -t 指定密钥类型 ...

  8. Mac下配置远程Linux 服务器SSH密钥认证自动登录

    1. 在本地机器创建公钥 打开万能的终端,执行如下命令,无视一切输出,一路欢快地回车即可. ssh-keygen -t rsa -C 'your email@domain.com' -t 指定密钥类型 ...

  9. linux服务器ssh防爆破

    查看爆破次数记录 # cat /var/log/secure | awk '/Failed/{print $(NF-3)}' | sort | uniq -c | awk '{print $2&quo ...

随机推荐

  1. 已知要闪回的大致时间使用基于as of scn的闪回查询

    基本判断出要恢复误操作的dml的时间可以使用如下的方法进行数据的恢复: example: 一.创建test表 -------create table flashback_asof------ crea ...

  2. XML新手入门 创建构造良好的XML(2)

    本文描述了构建良好的XML需要遵循的规则.作者详细介绍了构建XML需要考虑的元素,如何命名约定.正确的标记嵌套.属性规则.声明和实体,以及DTD和schema的验证,十分便于新手开始学习了解XML. ...

  3. Python即时网络爬虫:API说明

    API说明——下载gsExtractor内容提取器 1,接口名称 下载内容提取器 2,接口说明 如果您想编写一个网络爬虫程序,您会发现大部分时间耗费在调测网页内容提取规则上,不讲正则表达式的语法如何怪 ...

  4. BootStrap 模态框禁用空白处点击关闭,手动显示隐藏,垂直居中

    $('#ajax_wait').modal({ backdrop: 'static', keyboard: false }); backdrop:static ,空白处不关闭. keyboard:fa ...

  5. How Many Tables--hdu1213(并查集)

    How Many Tables Time Limit: 2000/1000 MS (Java/Others)    Memory Limit: 65536/32768 K (Java/Others)T ...

  6. 【CKEditor ASP.NET】解决360安全浏览器极速模式下不显示

    博主问题只是出在误删了style.js文件 首先我用的是这种模式,在单个页面上导入: <%@ Register Assembly="CKEditor.NET" Namespa ...

  7. UIDatePicker控件

    UIDatePicker继承关系如下: UIDatePicker-->UIControl-->UIView-->UIResponder-->NSObject 1.创建UIDat ...

  8. 【Xamarin挖墙脚系列:Xamarin正式发布了IOS的模拟器在Windows下】

    xamarin 的发展越来越迅速.如果还感觉这玩意儿是个鸡肋,辣么请跟的上时代吧 . (额,对微软产品有严重偏见的请绕行..............其实你可以看看.net 基金会现有的开源项目再说不开 ...

  9. Checkbutton 和 Radiobutton

    The Checkbutton widget is used to display a number of options to a user as toggle buttons. The user ...

  10. git备忘录

    1.git: patch does not apply git apply --ignore-space-change --ignore-whitespace mychanges.patch 2.Ge ...