This topic created in 2187 days ago, the information mentioned may be changed or developed.
每隔几秒就有这样的记录,而且 ip 地址又是变化的,怎么防护啊?
优先层级 日志 日期 & 时间 用户 事件
Warning 连接 2020/05/04 11:21:10 SYSTEM User [winpc] from [36.67.106.109] failed to log in via [SSH] due to authorization failure.
Warning 连接 2020/05/04 11:20:44 SYSTEM User [jack] from [27.115.62.134] failed to log in via [SSH] due to authorization failure.
Warning 连接 2020/05/04 11:20:39 SYSTEM User [root] from [35.200.185.127] failed to log in via [SSH] due to authorization failure.
Warning 连接 2020/05/04 11:20:34 SYSTEM User [internat] from [186.179.103.118] failed to log in via [SSH] due to authorization failure.
Warning 连接 2020/05/04 11:20:32 SYSTEM User [root] from [203.245.41.96] failed to log in via [SSH] due to authorization failure.
Warning 连接 2020/05/04 11:20:28 SYSTEM User [root] from [195.231.4.203] failed to log in via [SSH] due to authorization failure.
Warning 连接 2020/05/04 11:20:25 SYSTEM User [chantal] from [207.154.206.212] failed to log in via [SSH] due to authorization failure.
Warning 连接 2020/05/04 11:20:16 SYSTEM User [root] from [112.5.172.26] failed to log in via [SSH] due to authorization failure.
Warning 连接 2020/05/04 11:20:11 SYSTEM User [testuser] from [122.225.230.10] failed to log in via [SSH] due to authorization failure.
Warning 连接 2020/05/04 11:20:10 SYSTEM User [root] from [62.210.119.215] failed to log in via [SSH] due to authorization failure.
Warning 连接 2020/05/04 11:20:02 SYSTEM User [temp] from [106.12.100.73] failed to log in via [SSH] due to authorization failure.
优先层级 日志 日期 & 时间 用户 事件
Warning 连接 2020/05/04 11:21:10 SYSTEM User [winpc] from [36.67.106.109] failed to log in via [SSH] due to authorization failure.
Warning 连接 2020/05/04 11:20:44 SYSTEM User [jack] from [27.115.62.134] failed to log in via [SSH] due to authorization failure.
Warning 连接 2020/05/04 11:20:39 SYSTEM User [root] from [35.200.185.127] failed to log in via [SSH] due to authorization failure.
Warning 连接 2020/05/04 11:20:34 SYSTEM User [internat] from [186.179.103.118] failed to log in via [SSH] due to authorization failure.
Warning 连接 2020/05/04 11:20:32 SYSTEM User [root] from [203.245.41.96] failed to log in via [SSH] due to authorization failure.
Warning 连接 2020/05/04 11:20:28 SYSTEM User [root] from [195.231.4.203] failed to log in via [SSH] due to authorization failure.
Warning 连接 2020/05/04 11:20:25 SYSTEM User [chantal] from [207.154.206.212] failed to log in via [SSH] due to authorization failure.
Warning 连接 2020/05/04 11:20:16 SYSTEM User [root] from [112.5.172.26] failed to log in via [SSH] due to authorization failure.
Warning 连接 2020/05/04 11:20:11 SYSTEM User [testuser] from [122.225.230.10] failed to log in via [SSH] due to authorization failure.
Warning 连接 2020/05/04 11:20:10 SYSTEM User [root] from [62.210.119.215] failed to log in via [SSH] due to authorization failure.
Warning 连接 2020/05/04 11:20:02 SYSTEM User [temp] from [106.12.100.73] failed to log in via [SSH] due to authorization failure.
31 replies 2020-05-05 16:41:39 +08:00
 | 1 godall OP 补充一下,ssh 端口已经改成其他端口了。 |
 | 2 RiESA May 4, 2020  2 用 fail2ban |
 | 3 marcushbs May 4, 2020 把密码加长到 30 位以上,10 年内不用愁..... |
 | 4 wangxiaoaer May 4, 2020 密码登陆不能关掉吗? |
 | 5 Acoffice May 4, 2020 via Android 同二楼,或者限制指定用户登录. |
 | 6 gamesbain May 4, 2020 用 key 登录。把密码登录关了。万事大吉。 |
 | 7 Rehtt May 4, 2020 via Android 密码登录关掉用证书 |
 | 8 Navee May 4, 2020 禁止 root 登陆 fail2ban |
| 9 godall OP 关闭密码登录后,还是有一堆 TIME_WAIT (Not all processes could be identified, non-owned process info will not be shown, you would have to be root to see it all.) tcp 0 0 0.0.0.0:25072 0.0.0.0:* LISTEN - tcp 0 0 192.168.1.32:2022 120.53.1.97:47342 TIME_WAIT - tcp 0 0 192.168.1.32:2022 106.12.100.73:41270 TIME_WAIT - tcp 0 96 192.168.1.32:2022 192.168.1.161:58356 ESTABLISHED - tcp 0 0 192.168.1.32:2022 139.199.98.175:41298 TIME_WAIT - tcp 0 0 192.168.1.32:2022 167.172.49.241:44890 TIME_WAIT - tcp 0 0 192.168.1.32:2022 202.111.14.122:54199 TIME_WAIT - tcp 0 0 192.168.1.32:2022 58.212.220.210:54120 TIME_WAIT - tcp 0 0 192.168.1.32:2022 122.114.249.199:58938 TIME_WAIT - tcp6 0 0 :::2022 :::* LISTEN - |
 | 10 twl007 May 4, 2020 via iPhone fail2ban 可解 我已经 ban 了 20w+的 ip 了 |
 | 11 lithiumii May 4, 2020 via Android 换端口,禁 root 登录,fail2ban,禁密码登录……我一般只做前三 |
 | 12 akira May 4, 2020 这些都是批量扫的。 服务器拿到手,第一步就是 换端口 + 密钥 |
 | 13 vigack May 4, 2020 密码够强的话不用在意吧,强迫症患者的话可以 IP 白名单+跳板机登陆。 |
 | 14 ieric May 4, 2020 via iPhone 真是无聊 root root 123456 ... 能中的机率比买彩票高点吧? |
 | 15 flynaj May 4, 2020 via Android 在改端口,改高一点。要不就是安装 knockd |
 | 16 Xusually May 4, 2020 禁止密码登陆吧 |
 | 17 tankren May 4, 2020 改端口 关闭密码登录用 key 登录 fail2ban |
 | 18 GG668v26Fd55CP5W May 4, 2020 via iPhone 1 我最近用 v2ray,发现新一个方法,根本不暴露 ssh 端口到外网,服务器安装 v2ray 服务,wss 443 伪装网站访问,然后本地用 v2ray 连接到服务器后,ssh 客户端使用 v2ray 代理端口作代理连接服务器,这时服务器的地址是 127.0.0.1 |
 | 19 ZZSZZSZZS May 4, 2020 via iPhone 禁止密码登录,只让用 key 登录 |
 | 20 DonaidTrump May 4, 2020 @marcushbs 正确的姿势不是应该禁止密码登陆么 |
| 21 marcushbs May 4, 2020 @tulongtou 的确如此,但第一有些公司有条件限制,要求必须用密码;第二,key 文件可以近似看作 length 3000 的 password.... |
 | 22 sampeng May 4, 2020 via iPhone @marcushbs 限制必须用密码的都是傻子型公司。第二,你家 key 文件像 passowrd 要传到远端去的?还近似…完全是两个不同原理的认证方式 |
 | 23 vocaloidchina May 4, 2020 最简单的办法就是改端口,也不用证书啥的,就可以让每月尝试登陆数量降至 1-10 次 |
| 24 marcushbs May 4, 2020 @sampeng Initial IV client to server: HASH(K || H || "A" || session_id) Initial IV server to client: HASH(K || H || "B" || session_id) Encryption key client to server: HASH(K || H || "C" || session_id) Encryption key server to client: HASH(K || H || "D" || session_id) Integrity key client to server: HASH(K || H || "E" || session_id) Integrity key server to client: HASH(K || H || "F" || session_id) 假设穷举一个 3000bytes 的 id_rsa 文件,所以说“近似”,参见: https://gravitational.com/blog/ssh-handshake-explained/ |
 | 26 ytmsdy May 4, 2020 证书登录就行了。 |
 | 27 niubee1 May 4, 2020 证书登录、关闭密码登录、fail2ban 基本上能防住 99%的攻击 |
 | 28 wangyuescr May 4, 2020 via Android @ieric 曾经学生腾讯云主机还真是这个密码 后来被上了一课 |
 | 29 nijux May 4, 2020 |
 | 30 isnullstring May 4, 2020 换端口,key 登录 |
 | 31 ps1aniuge May 5, 2020 服务器 SSH 端口被不断试探登录,怎么防护? 答: 我 at 所有看帖人,我用 powershell 写了一个工具《弹性 sshd 端口》, 入 qq 群,183173532,,1 元辛苦费找我购买。 写作目的: 1 富强。 2 防止黑客从端口穷举密码。 脚本特性: 1 弹性 sshd 端口,随机 n 分钟,更换端口。 2 用 powershell 在客户机输出弹性端口,你就可以用 plink 连接此端口。 系统需求: 1 支持 opensshd,支持 dropbear 。支持 linux,支持 win,但你需要告诉我你的 sshd_config 的位置。 2 必须在服务端,客户端安装 powershell 。对于 win 服务端,客户端,这不是问题。因为系统已经集成 powershell 了。 |
Select Language