这是一个创建于 1651 天前的主题,其中的信息可能已经有所发展或是发生改变。
每隔几秒就有这样的记录,而且 ip 地址又是变化的,怎么防护啊?
优先层级 日志 日期 & 时间 用户 事件
Warning 连接 2020/05/04 11:21:10 SYSTEM User [winpc] from [36.67.106.109] failed to log in via [SSH] due to authorization failure.
Warning 连接 2020/05/04 11:20:44 SYSTEM User [jack] from [27.115.62.134] failed to log in via [SSH] due to authorization failure.
Warning 连接 2020/05/04 11:20:39 SYSTEM User [root] from [35.200.185.127] failed to log in via [SSH] due to authorization failure.
Warning 连接 2020/05/04 11:20:34 SYSTEM User [internat] from [186.179.103.118] failed to log in via [SSH] due to authorization failure.
Warning 连接 2020/05/04 11:20:32 SYSTEM User [root] from [203.245.41.96] failed to log in via [SSH] due to authorization failure.
Warning 连接 2020/05/04 11:20:28 SYSTEM User [root] from [195.231.4.203] failed to log in via [SSH] due to authorization failure.
Warning 连接 2020/05/04 11:20:25 SYSTEM User [chantal] from [207.154.206.212] failed to log in via [SSH] due to authorization failure.
Warning 连接 2020/05/04 11:20:16 SYSTEM User [root] from [112.5.172.26] failed to log in via [SSH] due to authorization failure.
Warning 连接 2020/05/04 11:20:11 SYSTEM User [testuser] from [122.225.230.10] failed to log in via [SSH] due to authorization failure.
Warning 连接 2020/05/04 11:20:10 SYSTEM User [root] from [62.210.119.215] failed to log in via [SSH] due to authorization failure.
Warning 连接 2020/05/04 11:20:02 SYSTEM User [temp] from [106.12.100.73] failed to log in via [SSH] due to authorization failure.
优先层级 日志 日期 & 时间 用户 事件
Warning 连接 2020/05/04 11:21:10 SYSTEM User [winpc] from [36.67.106.109] failed to log in via [SSH] due to authorization failure.
Warning 连接 2020/05/04 11:20:44 SYSTEM User [jack] from [27.115.62.134] failed to log in via [SSH] due to authorization failure.
Warning 连接 2020/05/04 11:20:39 SYSTEM User [root] from [35.200.185.127] failed to log in via [SSH] due to authorization failure.
Warning 连接 2020/05/04 11:20:34 SYSTEM User [internat] from [186.179.103.118] failed to log in via [SSH] due to authorization failure.
Warning 连接 2020/05/04 11:20:32 SYSTEM User [root] from [203.245.41.96] failed to log in via [SSH] due to authorization failure.
Warning 连接 2020/05/04 11:20:28 SYSTEM User [root] from [195.231.4.203] failed to log in via [SSH] due to authorization failure.
Warning 连接 2020/05/04 11:20:25 SYSTEM User [chantal] from [207.154.206.212] failed to log in via [SSH] due to authorization failure.
Warning 连接 2020/05/04 11:20:16 SYSTEM User [root] from [112.5.172.26] failed to log in via [SSH] due to authorization failure.
Warning 连接 2020/05/04 11:20:11 SYSTEM User [testuser] from [122.225.230.10] failed to log in via [SSH] due to authorization failure.
Warning 连接 2020/05/04 11:20:10 SYSTEM User [root] from [62.210.119.215] failed to log in via [SSH] due to authorization failure.
Warning 连接 2020/05/04 11:20:02 SYSTEM User [temp] from [106.12.100.73] failed to log in via [SSH] due to authorization failure.
31 条回复 • 2020-05-05 16:41:39 +08:00
 |
1
godall OP 补充一下,ssh 端口已经改成其他端口了。
|
 |
2
RiESA 2020-05-04 11:47:47 +08:00  2
用 fail2ban
|
 |
3
marcushbs 2020-05-04 11:50:17 +08:00
把密码加长到 30 位以上,10 年内不用愁.....
|
 |
4
wangxiaoaer 2020-05-04 11:53:52 +08:00
密码登陆不能关掉吗?
|
 |
5
Acoffice 2020-05-04 11:54:08 +08:00 via Android
同二楼,或者限制指定用户登录.
|
 |
6
gamesbain 2020-05-04 11:55:30 +08:00
用 key 登录。把密码登录关了。万事大吉。
|
 |
7
Rehtt 2020-05-04 12:18:01 +08:00 via Android
密码登录关掉用证书
|
 |
8
Navee 2020-05-04 12:31:53 +08:00
禁止 root 登陆
fail2ban |
|
9
godall OP 关闭密码登录后,还是有一堆 TIME_WAIT
(Not all processes could be identified, non-owned process info will not be shown, you would have to be root to see it all.) tcp 0 0 0.0.0.0:25072 0.0.0.0:* LISTEN - tcp 0 0 192.168.1.32:2022 120.53.1.97:47342 TIME_WAIT - tcp 0 0 192.168.1.32:2022 106.12.100.73:41270 TIME_WAIT - tcp 0 96 192.168.1.32:2022 192.168.1.161:58356 ESTABLISHED - tcp 0 0 192.168.1.32:2022 139.199.98.175:41298 TIME_WAIT - tcp 0 0 192.168.1.32:2022 167.172.49.241:44890 TIME_WAIT - tcp 0 0 192.168.1.32:2022 202.111.14.122:54199 TIME_WAIT - tcp 0 0 192.168.1.32:2022 58.212.220.210:54120 TIME_WAIT - tcp 0 0 192.168.1.32:2022 122.114.249.199:58938 TIME_WAIT - tcp6 0 0 :::2022 :::* LISTEN - |
 |
10
twl007 2020-05-04 13:49:19 +08:00 via iPhone
fail2ban 可解 我已经 ban 了 20w+的 ip 了
|
 |
11
lithiumii 2020-05-04 14:39:21 +08:00 via Android
换端口,禁 root 登录,fail2ban,禁密码登录……我一般只做前三
|
 |
12
akira 2020-05-04 15:05:20 +08:00
这些都是批量扫的。
服务器拿到手,第一步就是 换端口 + 密钥 |
 |
13
vigack 2020-05-04 15:12:26 +08:00
密码够强的话不用在意吧,强迫症患者的话可以 IP 白名单+跳板机登陆。
|
 |
14
ieric 2020-05-04 15:13:09 +08:00 via iPhone
真是无聊
root root 123456 ... 能中的机率比买彩票高点吧? |
 |
15
flynaj 2020-05-04 15:46:21 +08:00 via Android
在改端口,改高一点。要不就是安装 knockd
|
 |
16
Xusually 2020-05-04 15:47:34 +08:00
禁止密码登陆吧
|
 |
17
tankren 2020-05-04 16:28:01 +08:00
改端口 关闭密码登录用 key 登录 fail2ban
|
 |
18
falcon05 2020-05-04 16:38:00 +08:00 via iPhone 1
我最近用 v2ray,发现新一个方法,根本不暴露 ssh 端口到外网,服务器安装 v2ray 服务,wss 443 伪装网站访问,然后本地用 v2ray 连接到服务器后,ssh 客户端使用 v2ray 代理端口作代理连接服务器,这时服务器的地址是 127.0.0.1
|
 |
19
ZZSZZSZZS 2020-05-04 17:25:41 +08:00 via iPhone
禁止密码登录,只让用 key 登录
|
|
21
marcushbs 2020-05-04 17:50:14 +08:00
@tulongtou 的确如此,但第一有些公司有条件限制,要求必须用密码;第二,key 文件可以近似看作 length 3000 的 password....
|
 |
22
sampeng 2020-05-04 18:46:16 +08:00 via iPhone
@marcushbs 限制必须用密码的都是傻子型公司。第二,你家 key 文件像 passowrd 要传到远端去的?还近似…完全是两个不同原理的认证方式
|
 |
23
vocaloidchina 2020-05-04 18:55:04 +08:00
最简单的办法就是改端口,也不用证书啥的,就可以让每月尝试登陆数量降至 1-10 次
|
|
24
marcushbs 2020-05-04 19:40:34 +08:00
@sampeng
Initial IV client to server: HASH(K || H || "A" || session_id) Initial IV server to client: HASH(K || H || "B" || session_id) Encryption key client to server: HASH(K || H || "C" || session_id) Encryption key server to client: HASH(K || H || "D" || session_id) Integrity key client to server: HASH(K || H || "E" || session_id) Integrity key server to client: HASH(K || H || "F" || session_id) 假设穷举一个 3000bytes 的 id_rsa 文件,所以说“近似”,参见: https://gravitational.com/blog/ssh-handshake-explained/ |
 |
25
ps1aniuge 2020-05-04 19:42:44 +08:00
|
 |
26
ytmsdy 2020-05-04 19:59:19 +08:00
证书登录就行了。
|
 |
27
niubee1 2020-05-04 20:05:19 +08:00
证书登录、关闭密码登录、fail2ban 基本上能防住 99%的攻击
|
 |
28
wangyuescr 2020-05-04 20:08:40 +08:00 via Android
@ieric 曾经学生腾讯云主机还真是这个密码 后来被上了一课
|
 |
29
nijux 2020-05-04 20:12:50 +08:00
|
 |
30
isnullstring 2020-05-04 21:53:13 +08:00
换端口,key 登录
|
|
31
ps1aniuge 2020-05-05 16:41:39 +08:00
服务器 SSH 端口被不断试探登录,怎么防护?
答: 我 at 所有看帖人,我用 powershell 写了一个工具《弹性 sshd 端口》, 入 qq 群,183173532,,1 元辛苦费找我购买。 写作目的: 1 富强。 2 防止黑客从端口穷举密码。 脚本特性: 1 弹性 sshd 端口,随机 n 分钟,更换端口。 2 用 powershell 在客户机输出弹性端口,你就可以用 plink 连接此端口。 系统需求: 1 支持 opensshd,支持 dropbear 。支持 linux,支持 win,但你需要告诉我你的 sshd_config 的位置。 2 必须在服务端,客户端安装 powershell 。对于 win 服务端,客户端,这不是问题。因为系统已经集成 powershell 了。 |
Select Language