V2EX = way to explore
V2EX 是一个关于分享和探索的地方
现在注册
已注册用户请  登录
Distributions
Ubuntu
Fedora
CentOS
中文资源站
网易开源镜像站
symbolic
V2EX  ›  Linux

大佬们, ssh 设置密钥登陆, lastb 还能看到异常 IP 尝试访问,是啥原因,谢谢

  •  
  •   symbolic · 2019-06-27 14:43:27 +08:00 · 3704 次点击
    这是一个创建于 1975 天前的主题,其中的信息可能已经有所发展或是发生改变。

    [[email protected] ~]# grep "Password" /etc/ssh/sshd_config
    #PermitEmptyPasswords no
    PasswordAuthentication no

    [[email protected] ~]# lastb admin ssh:notty 37.76.137.129 Thu Jun 27 08:27 - 08:27 (00:00)
    admin ssh:notty 200.196.45.145 Thu Jun 27 08:27 - 08:27 (00:00)
    admin ssh:notty 189.112.49.210 Wed Jun 26 12:04 - 12:04 (00:00)
    admin ssh:notty 119.42.81.142 Tue Jun 25 15:40 - 15:40 (00:00)
    admin ssh:notty 172.220.1.94 Tue Jun 25 15:40 - 15:40 (00:00)
    admin ssh:notty 113.184.184.54 Mon Jun 24 00:58 - 00:58 (00:00)
    admin ssh:notty 117.244.91.88 Mon Jun 24 00:58 - 00:58 (00:00)
    admin ssh:notty 197.35.198.235 Sun Jun 23 04:37 - 04:37 (00:00)
    admin ssh:notty 103.124.146.222 Sun Jun 23 04:37 - 04:37 (00:00)
    admin ssh:notty 123.20.233.224 Sat Jun 22 08:01 - 08:01 (00:00)
    admin ssh:notty 113.186.135.4 Sat Jun 22 08:01 - 08:01 (00:00)
    admin ssh:notty 152.246.169.166 Fri Jun 21 07:38 - 07:38 (00:00)
    admin ssh:notty 156.194.228.224 Thu Jun 20 18:01 - 18:01 (00:00)
    admin ssh:notty 188.124.211.191 Thu Jun 20 04:24 - 04:24 (00:00)

    secure log Jun 25 15:40:24 production sshd[31521]: Invalid user admin from 172.220.1.94 port 48677
    Jun 25 15:40:24 production sshd[31521]: input_userauth_request: invalid user admin [preauth]
    Jun 25 15:40:28 production sshd[31525]: Invalid user admin from 119.42.81.142 port 35310
    Jun 25 15:40:28 production sshd[31525]: input_userauth_request: invalid user admin [preauth]
    Jun 25 15:40:29 production sshd[31525]: Connection closed by 119.42.81.142 port 35310 [preauth]
    Jun 26 08:32:34 production sshd[16352]: Did not receive identification string from 47.94.39.226 port 35456
    Jun 26 12:04:14 production sshd[26726]: Invalid user admin from 189.112.49.210 port 38888
    Jun 26 12:04:14 production sshd[26726]: input_userauth_request: invalid user admin [preauth]
    Jun 26 12:04:15 production sshd[26726]: Connection closed by 189.112.49.210 port 38888 [preauth]
    Jun 26 13:55:57 production sshd[32213]: Did not receive identification string from 47.97.21.76 port 47988
    Jun 26 20:37:33 production sshd[19534]: Did not receive identification string from 106.15.76.92 port 52986
    Jun 27 00:30:54 production sshd[30959]: Did not receive identification string from 47.100.130.114 port 38736
    Jun 27 01:33:21 production sshd[1568]: Connection closed by 27.122.59.100 port 43122 [preauth]
    Jun 27 01:33:24 production sshd[1573]: Connection closed by 27.122.59.100 port 33213 [preauth]
    Jun 27 05:01:55 production sshd[11880]: Connection closed by 132.68.74.160 port 40820 [preauth]
    Jun 27 05:25:23 production sshd[13021]: Did not receive identification string from 119.23.138.247 port 38410
    Jun 27 08:27:50 production sshd[21953]: Invalid user admin from 200.196.45.145 port 47259
    Jun 27 08:27:50 production sshd[21953]: input_userauth_request: invalid user admin [preauth]
    Jun 27 08:27:52 production sshd[21953]: Connection closed by 200.196.45.145 port 47259 [preauth]
    Jun 27 08:27:54 production sshd[21960]: Invalid user admin from 37.76.137.129 port 60114
    Jun 27 08:27:54 production sshd[21960]: input_userauth_request: invalid user admin [preauth]
    Jun 27 08:27:55 production sshd[21960]: Connection closed by 37.76.137.129 port 60114 [preauth]
    Jun 27 11:49:50 production sshd[31855]: Did not receive identification string from 118.31.244.58 port 47726

    大佬们懂的话,说下访问者具体怎么做到的,谢谢

    8 条回复    2019-06-28 00:38:58 +08:00
    wqsfree
        1
    wqsfree  
       2019-06-27 15:14:40 +08:00
    只是尝试登录失败,系统会记录失败日志,没有密钥是登录不上去的,多年以前我自己写过一个脚本,登录三次失败,会把 IP 加进黑名单,拒绝黑名单 IP 登录,这样就不会显示黑名单的 IP 了。
    julyclyde
        2
    julyclyde  
       2019-06-27 15:25:15 +08:00
    呼唤理解能力啊!
    你不让进还能不让别人试么?
    tankren
        3
    tankren  
       2019-06-27 15:41:57 +08:00
    端口改了没?
    加个 fail2ban
    lvzhiqiang
        4
    lvzhiqiang  
       2019-06-27 15:49:17 +08:00
    把默认 22 端口修改下呗。
    mingl0280
        5
    mingl0280  
       2019-06-27 15:56:41 +08:00 via Android
    加个 fail2ban 也行
    symbolic
        6
    symbolic  
    OP
       2019-06-27 16:14:37 +08:00
    谢谢各位大佬给出的建议,我这试试
    chinesestudio
        7
    chinesestudio  
       2019-06-28 00:07:14 +08:00 via Android
    @wqsfree csf lfd fail2ban 免费工具
    unknowncheater
        8
    unknowncheater  
       2019-06-28 00:38:58 +08:00
    fail2ban
    关于   ·   帮助文档   ·   博客   ·   API   ·   FAQ   ·   实用小工具   ·   1114 人在线   最高记录 6679   ·     Select Language
    创意工作者们的社区
    World is powered by solitude
    VERSION: 3.9.8.5 · 22ms · UTC 23:29 · PVG 07:29 · LAX 15:29 · JFK 18:29
    Developed with CodeLauncher
    ♥ Do have faith in what you're doing.