V2EX = way to explore
V2EX 是一个关于分享和探索的地方
现在注册
已注册用户请  登录
Linode 各机房速度测试
http://www.linode.com/speedtest/
jamesxu
V2EX  ›  Linode

vps服务器差点被入侵

  •  
  •   jamesxu · 2013-07-08 08:48:07 +08:00 · 4222 次点击
    这是一个创建于 4143 天前的主题,其中的信息可能已经有所发展或是发生改变。
    pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.160.207.240 user=root
    Failed password for root from 61.160.207.240 port 52296 ssh2
    Received disconnect from 61.160.207.240: 11: Bye Bye
    Invalid user oracle from 61.160.207.240
    input_userauth_request: invalid user oracle
    pam_unix(sshd:auth): check pass; user unknown
    pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.160.207.240
    pam_succeed_if(sshd:auth): error retrieving information about user oracle
    Failed password for invalid user oracle from 61.160.207.240 port 53392 ssh2
    Received disconnect from 61.160.207.240: 11: Bye Bye
    pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.160.207.240 user=adm
    Failed password for adm from 61.160.207.240 port 43603 ssh2
    Received disconnect from 61.160.207.240: 11: Bye Bye
    pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.160.207.240 user=adm
    Failed password for adm from 61.160.207.240 port 44703 ssh2
    Received disconnect from 61.160.207.240: 11: Bye Bye
    pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.160.207.240 user=adm
    Failed password for adm from 61.160.207.240 port 45640 ssh2
    Received disconnect from 61.160.207.240: 11: Bye Bye
    pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.160.207.240
    pam_succeed_if(sshd:auth): error retrieving information about user testuser
    Failed password for invalid user testuser from 61.160.207.240 port 50198 ssh2
    Received disconnect from 61.160.207.240: 11: Bye Bye
    Invalid user testuser from 61.160.207.240
    input_userauth_request: invalid user testuser
    input_userauth_request: invalid user linux
    pam_unix(sshd:auth): check pass; user unknown
    pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.160.207.240
    pam_succeed_if(sshd:auth): error retrieving information about user linux
    Failed password for invalid user linux from 61.160.207.240 port 54636 ssh2
    Received disconnect from 61.160.207.240: 11: Bye Bye
    Invalid user info from 61.160.207.240
    input_userauth_request: invalid user info
    pam_unix(sshd:auth): check pass; user unknown
    pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.160.207.240
    pam_succeed_if(sshd:auth): error retrieving information about user info
    Failed password for invalid user info from 61.160.207.240 port 59143 ssh2
    Received disconnect from 61.160.207.240: 11: Bye Bye
    Invalid user alex from 61.160.207.240
    pam_unix(sshd:auth): check pass; user unknown
    pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.160.207.240
    pam_succeed_if(sshd:auth): error retrieving information about user alex
    Failed password for invalid user alex from 61.160.207.240 port 34503 ssh2
    Received disconnect from 61.160.207.240: 11: Bye Bye
    Invalid user jack from 61.160.207.240
    pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.160.207.240
    pam_succeed_if(sshd:auth): error retrieving information about user jack
    Failed password for invalid user jack from 61.160.207.240 port 35282 ssh2
    Received disconnect from 61.160.207.240: 11: Bye Bye
    Invalid user jack from 61.160.207.240
    pam_unix(sshd:auth): check pass; user unknown
    pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.160.207.240
    pam_succeed_if(sshd:auth): error retrieving information about user john
    Failed password for invalid user john from 61.160.207.240 port 39991 ssh2
    Received disconnect from 61.160.207.240: 11: Bye Bye
    Invalid user john from 61.160.207.240
    input_userauth_request: invalid user john
    pam_unix(sshd:auth): check pass; user unknown
    pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.160.207.240
    pam_succeed_if(sshd:auth): error retrieving information about user roy
    Failed password for invalid user roy from 61.160.207.240 port 43520 ssh2
    Received disconnect from 61.160.207.240: 11: Bye Bye
    Invalid user roy from 61.160.207.240
    input_userauth_request: invalid user roy
    input_userauth_request: invalid user source
    pam_unix(sshd:auth): check pass; user unknown
    pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.160.207.240
    pam_succeed_if(sshd:auth): error retrieving information about user source
    Failed password for invalid user source from 61.160.207.240 port 45495 ssh2
    Received disconnect from 61.160.207.240: 11: Bye Bye
    pam_unix(sshd:auth): check pass; user unknown
    pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.160.207.240
    pam_succeed_if(sshd:auth): error retrieving information about user sales
    Failed password for invalid user sales from 61.160.207.240 port 46570 ssh2
    Received disconnect from 61.160.207.240: 11: Bye Bye
    Invalid user sales from 61.160.207.240
    input_userauth_request: invalid user sales
    input_userauth_request: invalid user test
    pam_unix(sshd:auth): check pass; user unknown
    pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.160.207.240
    pam_succeed_if(sshd:auth): error retrieving information about user test
    Failed password for invalid user test from 61.160.207.240 port 49939 ssh2
    Received disconnect from 61.160.207.240: 11: Bye Bye
    Invalid user tester from 61.160.207.240
    input_userauth_request: invalid user tester
    pam_unix(sshd:auth): check pass; user unknown
    pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.160.207.240
    pam_succeed_if(sshd:auth): error retrieving information about user tester
    Failed password for invalid user tester from 61.160.207.240 port 51042 ssh2
    Received disconnect from 61.160.207.240: 11: Bye Bye
    Invalid user testing from 61.160.207.240
    input_userauth_request: invalid user testing
    pam_unix(sshd:auth): check pass; user unknown
    pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.160.207.240
    pam_succeed_if(sshd:auth): error retrieving information about user testing
    Failed password for invalid user testing from 61.160.207.240 port 52126 ssh2
    Received disconnect from 61.160.207.240: 11: Bye Bye
    Invalid user mysql from 61.160.207.240
    input_userauth_request: invalid user mysql
    pam_unix(sshd:auth): check pass; user unknown
    pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.160.207.240
    pam_succeed_if(sshd:auth): error retrieving information about user mysql
    Failed password for invalid user mysql from 61.160.207.240 port 53138 ssh2
    Received disconnect from 61.160.207.240: 11: Bye Bye
    pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=250fy4ouo.ni.net.tr user=root
    Failed password for root from 94.102.5.250 port 46965 ssh2
    Received disconnect from 94.102.5.250: 11: Bye Bye
    pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=250fy4ouo.ni.net.tr user=root
    Failed password for root from 94.102.5.250 port 47261 ssh2
    Received disconnect from 94.102.5.250: 11: Bye Bye
    pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=250fy4ouo.ni.net.tr user=root
    Failed password for root from 94.102.5.250 port 47605 ssh2
    Received disconnect from 94.102.5.250: 11: Bye Bye
    pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=250fy4ouo.ni.net.tr user=root
    Failed password for root from 94.102.5.250 port 47927 ssh2
    Received disconnect from 94.102.5.250: 11: Bye Bye
    pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=250fy4ouo.ni.net.tr user=root
    Failed password for root from 94.102.5.250 port 48289 ssh2
    Received disconnect from 94.102.5.250: 11: Bye Bye
    pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=250fy4ouo.ni.net.tr user=root
    Failed password for root from 94.102.5.250 port 48585 ssh2
    Received disconnect from 94.102.5.250: 11: Bye Bye
    pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=250fy4ouo.ni.net.tr user=root
    Failed password for root from 94.102.5.250 port 48925 ssh2
    Received disconnect from 94.102.5.250: 11: Bye Bye
    pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=250fy4ouo.ni.net.tr user=root
    Failed password for root from 94.102.5.250 port 49203 ssh2
    Received disconnect from 94.102.5.250: 11: Bye Bye
    pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=250fy4ouo.ni.net.tr user=root
    Failed password for root from 94.102.5.250 port 49564 ssh2
    Received disconnect from 94.102.5.250: 11: Bye Bye
    pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=250fy4ouo.ni.net.tr user=root
    Failed password for root from 94.102.5.250 port 49869 ssh2
    Received disconnect from 94.102.5.250: 11: Bye Bye

    翻了下/var/log/secure,发现来自江苏省常州市 电信的61.160.207.240估计是个惯犯,而来自土耳其的94.102.5.250一直试图攻破root密码,还好我在sshd_config中将root远程登录关闭了。

    今天登录查看日志后,立马又将root密码改复杂了,另外将远程登录的用户名和密码也改复杂了,又查了下vps开启的服务和端口,发现大部分都管闭了,只运行了一些必要的服务。之后又将系统更新到最新。

    大家还有什么经验要分享的吗?
    53 条回复    1970-01-01 08:00:00 +08:00
    lhx2008
        1
    lhx2008  
       2013-07-08 08:52:47 +08:00   ❤️ 1
    感觉没什么。最简单有效的解决方法就是密钥登录,或者密码设长一点等他慢慢来 。
    summic
        2
    summic  
       2013-07-08 08:54:37 +08:00
    每台机器的secure都会大量被扫,密钥登录或者fail2ban
    juicy
        3
    juicy  
       2013-07-08 08:55:33 +08:00 via Android
    猜密码这种能猜对的概率也太低了吧。。
    fork3rt
        4
    fork3rt  
       2013-07-08 09:00:30 +08:00
    估计是字典爆破,类似MS MSTSC爆破 .
    wjchen
        5
    wjchen  
       2013-07-08 09:14:12 +08:00
    改成key登录,禁止密码登录,改端口就ok了。
    vietor
        6
    vietor  
       2013-07-08 09:37:20 +08:00
    太正常了,一般平均每天都有1000左右这样的扫描。设置一个没在字典里面的密码就行了。
    liheng
        7
    liheng  
       2013-07-08 09:41:15 +08:00
    1、使用密钥登录,禁止密码登录
    2、禁止root 登录
    3、更改ssh端口。
    Numbcoder
        8
    Numbcoder  
       2013-07-08 09:41:42 +08:00
    我擦,刚刚看我 VPS log,貌似也是一直被暴力破解。

    Jul 7 23:42:37 localhost sshd[27508]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.142.106.34 user=root
    Jul 7 23:42:39 localhost sshd[27508]: Failed password for root from 61.142.106.34 port 47903 ssh2
    Jul 7 23:42:39 localhost sshd[27508]: Received disconnect from 61.142.106.34: 11: Bye Bye [preauth]
    csx163
        9
    csx163  
       2013-07-08 09:44:07 +08:00
    撸主大惊小怪了
    vibbow
        10
    vibbow  
       2013-07-08 09:53:46 +08:00
    端口扫描太正常了。
    我在一台windows服务器上装了一个sshd,你就看每天一堆用root账户尝试登陆的(一点也不智能,看到Windows标记也不知道用Administrator...)
    vibbow
        11
    vibbow  
       2013-07-08 09:56:46 +08:00   ❤️ 1
    随便来张日志截图
    http://vsean.net/pic/di-9RKV.png
    caoyue
        12
    caoyue  
       2013-07-08 09:58:31 +08:00   ❤️ 1
    grep "Failed password for root" /var/log/auth.log | awk '{print $11}' | sort | uniq -c | sort -nr | grep -v ";"

    统计来源和次数
    chenshaoju
        13
    chenshaoju  
       2013-07-08 10:03:52 +08:00   ❤️ 1
    这篇文章适合初学者,给你参考:
    http://t.tt/104/
    won
        14
    won  
       2013-07-08 10:13:50 +08:00
    太正常了,也不是针对你为了什么特殊内容。这也就是批量找肉鸡的
    ksc010
        15
    ksc010  
       2013-07-08 10:17:12 +08:00
    fail2ban
    akira
        16
    akira  
       2013-07-08 10:19:50 +08:00
    习惯了就好
    ivanlw
        17
    ivanlw  
       2013-07-08 10:26:28 +08:00
    @chenshaoju 502?
    zhttty
        18
    zhttty  
       2013-07-08 10:53:33 +08:00   ❤️ 1
    刚改了19位的密码...
    BOYPT
        19
    BOYPT  
       2013-07-08 12:57:51 +08:00
    改什么密码都没意义吧,去掉root的密码登录才正道。fail2ban,
    Zhang
        20
    Zhang  
       2013-07-08 13:07:29 +08:00
    再长的密码也是明文传输,也会被截获
    BOYPT
        21
    BOYPT  
       2013-07-08 13:22:59 +08:00
    楼上亮了。
    colorday
        22
    colorday  
       2013-07-08 13:23:13 +08:00
    fail2ban+1
    xunyu
        23
    xunyu  
       2013-07-08 13:36:09 +08:00
    在上面跑个虚拟机,做个蜜罐,看看这厮要怎样
    chenshaoju
        24
    chenshaoju  
       2013-07-08 13:50:29 +08:00
    @ivanlw 挂了……

    @Zhang SSH是加密的,除非你手动指定不加密(一般不允许)。
    DreaMQ
        25
    DreaMQ  
       2013-07-08 13:50:33 +08:00 via iPhone
    禁用SSH,用VNC控制
    Zhang
        26
    Zhang  
       2013-07-08 13:53:52 +08:00
    @chenshaoju 握手阶段还是明文
    ooxxcc
        27
    ooxxcc  
       2013-07-08 14:18:13 +08:00
    denyhosts。。
    chenshaoju
        28
    chenshaoju  
       2013-07-08 14:44:38 +08:00
    @Zhang 握手结束后才会传输认证信息,理论上能确认服务器的公钥正确的情况下,无需担心密码被第三方破译。
    HiVPS
        29
    HiVPS  
       2013-07-08 14:45:02 +08:00
    @juicy 你太忽视一些人爱用用“123abc”做密码的习惯了,并且他们觉得这个密码还不错哦
    PrideChung
        30
    PrideChung  
       2013-07-08 15:21:19 +08:00   ❤️ 4
    禁止root登陆 √
    公钥验证登陆 √
    修改SSH默认端口 √
    fail2ban √
    用ufw关闭所有不使用的端口号 √
    自动安装安全更新 √
    Logwatch每天日报 √

    每天都有人来扫我的VPS,不过还没看见有什么威胁。
    bearqq
        31
    bearqq  
       2013-07-08 16:10:31 +08:00
    让他攻击好了,给他个蜜罐,让他什么也得不到
    比如:

    RKTECH:~# w
    00:33:54 up 5 days, 19:02, 1 user, load average: 0.00, 0.00, 0.00
    USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
    root pts/0 172.158.34.148 00:33 0.00s 0.00s 0.00s w
    RKTECH:~# uname -a
    Linux RKTECH 2.6.26-2-686 #1 SMP Wed Nov 4 20:45:37 UTC 2009 i686 GNU/Linux
    RKTECH:~# php -v
    bash: php: command not found
    RKTECH:~# cat /proc/cpuinfo
    processor : 0
    vendor_id : GenuineIntel
    cpu family : 6
    model : 23
    model name : Intel(R) Core(TM)2 Duo CPU E8200 @ 2.66GHz
    stepping : 6
    cpu MHz : 2133.305
    cache size : 6144 KB
    physical id : 0
    siblings : 2
    core id : 0
    cpu cores : 2
    apicid : 0
    initial apicid : 0
    fpu : yes
    fpu_exception : yes
    cpuid level : 10
    wp : yes
    flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx lm constant_tsc arch_perfmon pebs bts rep_good pni monitor ds_cpl vmx smx est tm2 ssse3 cx16 xtpr sse4_1 lahf_lm
    bogomips : 4270.03
    clflush size : 64
    cache_alignment : 64
    address sizes : 36 bits physical, 48 bits virtual
    power management:

    processor : 1
    vendor_id : GenuineIntel
    cpu family : 6
    model : 23
    model name : Intel(R) Core(TM)2 Duo CPU E8200 @ 2.66GHz
    stepping : 6
    cpu MHz : 2133.305
    cache size : 6144 KB
    physical id : 0
    siblings : 2
    core id : 1
    cpu cores : 2
    apicid : 1
    initial apicid : 1
    fpu : yes
    fpu_exception : yes
    cpuid level : 10
    wp : yes
    flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx lm constant_tsc arch_perfmon pebs bts rep_good pni monitor ds_cpl vmx smx est tm2 ssse3 cx16 xtpr sse4_1 lahf_lm
    bogomips : 4266.61
    clflush size : 64
    cache_alignment : 64
    address sizes : 36 bits physical, 48 bits virtual
    power management:

    RKTECH:~# ps x
    PID TTY STAT TIME COMMAND
    1 ? Ss 0:07 init [2]
    2 ? S< 0:00 [kthreadd]
    3 ? S< 0:00 [migration/0]
    4 ? S< 0:00 [ksoftirqd/0]
    5 ? S< 0:00 [watchdog/0]
    6 ? S< 0:17 [events/0]
    7 ? S< 0:00 [khelper]
    39 ? S< 0:00 [kblockd/0]
    41 ? S< 0:00 [kacpid]
    42 ? S< 0:00 [kacpi_notify]
    170 ? S< 0:00 [kseriod]
    207 ? S 0:01 [pdflush]
    208 ? S 0:00 [pdflush]
    209 ? S< 0:00 [kswapd0]
    210 ? S< 0:00 [aio/0]
    748 ? S< 0:00 [ata/0]
    749 ? S< 0:00 [ata_aux]
    929 ? S< 0:00 [scsi_eh_0]
    1014 ? D< 0:03 [kjournald]
    1087 ? S<s 0:00 udevd --daemon
    1553 ? S< 0:00 [kpsmoused]
    2054 ? Sl 0:01 /usr/sbin/rsyslogd -c3
    2103 tty1 Ss 0:00 /bin/login --
    2105 tty2 Ss+ 0:00 /sbin/getty 38400 tty2
    2107 tty3 Ss+ 0:00 /sbin/getty 38400 tty3
    2109 tty4 Ss+ 0:00 /sbin/getty 38400 tty4
    2110 tty5 Ss+ 0:00 /sbin/getty 38400 tty5
    2112 tty6 Ss+ 0:00 /sbin/getty 38400 tty6
    2133 ? S<s 0:00 dhclient3 -pf /var/run/dhclient.eth0.pid -lf /var/lib
    4969 ? Ss 0:00 /usr/sbin/sshd: root@pts/0
    5673 pts/0 Ss 0:00 -bash
    5679 pts/0 R+ 0:00 ps x
    RKTECH:~# unset ; rm -rf /var/run/utmp /var/log/wtmp /var/log/lastlog /var/log/messages /var/log/secure /var/log/xferlog /var/log/maillog ; touch /var/run/utmp /var/log/wtmp /var/log/lastlog /var/log/messages /var/log/secure /var/log/xferlog /var/log/maillog ; unset HISTFILE ; unset HISTSAVE ; unset HISTLOG ; history -n ; unset WATCH ; export HISTFILE=/dev/null ; export HISTFILE=/dev/null
    1 w
    2 uname -a
    3 php -v
    4 cat /proc/cpuinfo
    5 ps x
    6 unset ; rm -rf /var/run/utmp /var/log/wtmp /var/log/lastlog /var/log/messages /var/log/secure /var/log/xferlog /var/log/maillog ; touch /var/run/utmp /var/log/wtmp /var/log/lastlog /var/log/messages /var/log/secure /var/log/xferlog /var/log/maillog ; unset HISTFILE ; unset HISTSAVE ; unset HISTLOG ; history -n ; unset WATCH ; export HISTFILE=/dev/null ; export HISTFILE=/dev/null
    RKTECH:~#
    andybest
        32
    andybest  
       2013-07-08 16:13:07 +08:00
    有没有办法可以在日志里看到攻击者尝试登录的密码是什么?
    swulling
        33
    swulling  
       2013-07-08 16:15:21 +08:00
    @Zhang 握手阶段又不传密码

    只能做中间人攻击,而中间人攻击会改变服务器的签名,客户端直接连不上的
    chshouyu
        34
    chshouyu  
       2013-07-08 16:43:06 +08:00
    @liheng 这样基本上就很安全了
    annielong
        35
    annielong  
       2013-07-08 16:57:59 +08:00
    都有,windows的也是经常有错误密码登陆的错误提示,
    shierji
        36
    shierji  
       2013-07-08 17:16:39 +08:00
    很正常 我用的denyhosts
    cicku
        37
    cicku  
       2013-07-08 18:13:36 +08:00
    @andybest 没有的(曾经的我一样天真)

    楼主用 @shierji 说的,基本就可以了。我的设置的是只要密码输入错了1次,就直接封禁永久。

    还有,如果你的VPS没有重要数据,你可以使用密码登录,否则最好用证书登录。

    我的服务器进去了是蜜罐,所以不在乎。禁用 root 登录,采用 sudo 提升权限维护服务器的方法是最好的,但是这全看你个人。
    yangzh
        38
    yangzh  
       2013-07-08 19:25:00 +08:00
    @bearqq
    @cicku

    蜜罐这个高端啊,有什么好的架设介绍?比如说我有个放网站的 vps,怎样架设一个蜜罐上去?用一些开源软件?
    bearqq
        39
    bearqq  
       2013-07-08 21:30:50 +08:00
    @yangzh 我用kippo
    alexrezit
        40
    alexrezit  
       2013-07-08 22:23:01 +08:00 via iPhone
    我 I 进来 came in 就是 just 为了 for 吐槽: VPS 的 S 就是服务器的意思.
    janxin
        41
    janxin  
       2013-07-09 17:56:44 +08:00
    建立信任关系,禁用SSH密码登陆
    Showfom
        42
    Showfom  
       2013-07-09 22:10:39 +08:00
    @ivanlw 已经恢复
    Showfom
        43
    Showfom  
       2013-07-09 22:12:38 +08:00
    @juicy 不,概率很高,要是不防护的话,一个10位的密码,没多少天就可以干掉
    juicy
        44
    juicy  
       2013-07-09 23:40:19 +08:00
    @Showfom 是嘛。。。有什么好的防护措施防止暴力破解么?
    Showfom
        45
    Showfom  
       2013-07-10 17:19:49 +08:00
    @juicy 禁止密码登陆就是了。
    juicy
        46
    juicy  
       2013-07-10 17:34:01 +08:00
    @Showfom 私要似乎也就是几百位的密码,如果暴力破解私钥怎么防?
    Showfom
        47
    Showfom  
       2013-07-10 17:35:20 +08:00
    @juicy 私匙再加个密码。。。
    Showfom
        48
    Showfom  
       2013-07-10 17:36:12 +08:00
    @juicy 直接关了 SSH 外网连接,只限制成用内网连接,或者干脆用 KVM IPMI 之类的= =
    ety001
        49
    ety001  
       2013-07-10 22:43:49 +08:00
    撸主大惊小怪了
    vibbow
        50
    vibbow  
       2013-07-11 00:05:08 +08:00
    @Showfom 这等于把密码安全性从SSH转移到了KVM,没有实际意义啊。
    PrideChung
        51
    PrideChung  
       2013-07-11 01:35:22 +08:00
    @juicy 用fail2ban解决暴力破解,你设定成登陆失败3次封锁该IP小时,按RSA的加密等级他得算上好久。
    Showfom
        52
    Showfom  
       2013-07-13 00:46:57 +08:00
    @vibbow 那就用内网才能登陆 SSH 好了,或者指定 IP 才能登陆。。。安全性就变成 VPN 的了。
    twd2
        53
    twd2  
       2013-07-13 02:05:23 +08:00
    关闭ssh, 使用串口
    关于   ·   帮助文档   ·   博客   ·   API   ·   FAQ   ·   实用小工具   ·   2651 人在线   最高记录 6679   ·     Select Language
    创意工作者们的社区
    World is powered by solitude
    VERSION: 3.9.8.5 · 29ms · UTC 10:52 · PVG 18:52 · LAX 02:52 · JFK 05:52
    Developed with CodeLauncher
    ♥ Do have faith in what you're doing.