无意中发现这些数据，是不是有人在暴力破解

leeger

20o的母鸡，才用proxmox。今天在syslog里面发现下图数据，发现一直有 182.100.67.119 （国内的ip）IP的机器连接ssh，但都失败了····
是不是这个ip在猜我的SSH密码？
屏幕快照 2017-08-10 下午2.37.09.png (236.7 KB, 下载次数: 0)

2017-8-10 14:39 上传

点击文件名下载附件

现在是不是需要修改母鸡的ssh端口了？谢谢！~~~~

dadiao们快来啊！

caibrid

我也来水下，楼主可以用fail2ban防暴力破解，比denyhosts更加有效。

iggfree

防破解：
yum install denyhosts
service denyhosts start

Himly

还能改端口？又学会了一招

leopard

安装了DenyHosts，立即见效

1. Aug 10 15:42:49 sd-83572 sshd[8934]: refused connect from 193.201.224.199 (193.201.224.199)
   
2. Aug 10 15:42:57 sd-83572 sshd[8955]: refused connect from 193.201.224.199 (193.201.224.199)
   
3. Aug 10 15:43:00 sd-83572 systemd[1]: Starting Proxmox VE replication runner...
   
4. Aug 10 15:43:01 sd-83572 systemd[1]: Started Proxmox VE replication runner.
   
5. Aug 10 15:43:08 sd-83572 sshd[8983]: refused connect from 193.201.224.199 (193.201.224.199)
   
6. Aug 10 15:43:20 sd-83572 sshd[9008]: refused connect from 193.201.224.199 (193.201.224.199)
   
7. Aug 10 15:43:30 sd-83572 sshd[9031]: refused connect from 193.201.224.199 (193.201.224.199)
   
8. Aug 10 15:43:36 sd-83572 sshd[9050]: refused connect from 193.201.224.199 (193.201.224.199)
   
9. Aug 10 15:43:55 sd-83572 sshd[9099]: refused connect from 193.201.224.199 (193.201.224.199)
   
10. Aug 10 15:44:00 sd-83572 systemd[1]: Starting Proxmox VE replication runner...
    
11. Aug 10 15:44:01 sd-83572 systemd[1]: Started Proxmox VE replication runner.
    
12. Aug 10 15:44:03 sd-83572 sshd[9118]: refused connect from 193.201.224.199 (193.201.224.199)
    
13. Aug 10 15:44:16 sd-83572 sshd[9150]: refused connect from 193.201.224.199 (193.201.224.199)
    
14. Aug 10 15:44:27 sd-83572 sshd[9179]: refused connect from 193.201.224.199 (193.201.224.199)
    
15. Aug 10 15:44:36 sd-83572 sshd[9201]: refused connect from 193.201.224.199 (193.201.224.199)
    
16. Aug 10 15:44:49 sd-83572 sshd[9237]: refused connect from 193.201.224.199 (193.201.224.199)
    
17. Aug 10 15:44:57 sd-83572 sshd[9258]: refused connect from 193.201.224.199 (193.201.224.199)
    
18. Aug 10 15:45:00 sd-83572 systemd[1]: Starting Proxmox VE replication runner...
    
19. Aug 10 15:45:01 sd-83572 systemd[1]: Started Proxmox VE replication runner.
    
20. Aug 10 15:46:00 sd-83572 systemd[1]: Starting Proxmox VE replication runner...
    
21. Aug 10 15:46:01 sd-83572 systemd[1]: Started Proxmox VE replication runner.
    
22. Aug 10 15:47:00 sd-83572 systemd[1]: Starting Proxmox VE replication runner...
    
23. Aug 10 15:47:01 sd-83572 systemd[1]: Started Proxmox VE replication runner.

复制代码

qfdk

话说一直有人在破解 不行上个3ban 脚本

leeger

修改后，消停了~~~~

我设置的密码自己都记不住，不是超算怎么破啊？？

leopard

我的也有人不断尝试
Aug 10 14:53:04 sd-83572 sshd[1425]: pam_unix(sshd:auth): check pass; user unknown
Aug 10 14:53:06 sd-83572 sshd[1425]: Failed password for invalid user  from 193.201.224.199 port 34255 ssh2
Aug 10 14:53:14 sd-83572 sshd[1425]: pam_unix(sshd:auth): check pass; user unknown
Aug 10 14:53:15 sd-83572 sshd[1425]: Failed password for invalid user  from 193.201.224.199 port 34255 ssh2
Aug 10 14:53:16 sd-83572 sshd[1425]: pam_unix(sshd:auth): check pass; user unknown
Aug 10 14:53:18 sd-83572 sshd[1425]: Failed password for invalid user  from 193.201.224.199 port 34255 ssh2
Aug 10 14:53:19 sd-83572 sshd[1425]: pam_unix(sshd:auth): check pass; user unknown
Aug 10 14:53:22 sd-83572 sshd[1425]: Failed password for invalid user  from 193.201.224.199 port 34255 ssh2
Aug 10 14:53:22 sd-83572 sshd[1425]: error: maximum authentication attempts exceeded for invalid user  from 193.201.224.199 port 34255 ssh2 [preauth]
Aug 10 14:53:22 sd-83572 sshd[1425]: Disconnecting: Too many authentication failures [preauth]
Aug 10 14:53:22 sd-83572 sshd[1425]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.199
Aug 10 14:53:22 sd-83572 sshd[1425]: PAM service(sshd) ignoring max retries; 6 > 3
Aug 10 14:53:43 sd-83572 sshd[1564]: Invalid user  from 193.201.224.199 port 40892
Aug 10 14:53:43 sd-83572 sshd[1564]: input_userauth_request: invalid user  [preauth]
Aug 10 14:53:45 sd-83572 sshd[1564]: pam_unix(sshd:auth): check pass; user unknown
Aug 10 14:53:45 sd-83572 sshd[1564]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.199
Aug 10 14:53:47 sd-83572 sshd[1564]: Failed password for invalid user  from 193.201.224.199 port 40892 ssh2
Aug 10 14:53:48 sd-83572 sshd[1564]: pam_unix(sshd:auth): check pass; user unknown
Aug 10 14:53:50 sd-83572 sshd[1564]: Failed password for invalid user  from 193.201.224.199 port 40892 ssh2
Aug 10 14:53:55 sd-83572 sshd[1564]: pam_unix(sshd:auth): check pass; user unknown
Aug 10 14:53:57 sd-83572 sshd[1564]: Failed password for invalid user  from 193.201.224.199 port 40892 ssh2
Aug 10 14:53:59 sd-83572 sshd[1564]: pam_unix(sshd:auth): check pass; user unknown
Aug 10 14:54:00 sd-83572 systemd[1]: Starting Proxmox VE replication runner...
Aug 10 14:54:01 sd-83572 sshd[1564]: Failed password for invalid user  from 193.201.224.199 port 40892 ssh2
Aug 10 14:54:01 sd-83572 sshd[1564]: pam_unix(sshd:auth): check pass; user unknown
Aug 10 14:54:01 sd-83572 systemd[1]: Started Proxmox VE replication runner.
Aug 10 14:54:03 sd-83572 sshd[1564]: Failed password for invalid user  from 193.201.224.199 port 40892 ssh2
Aug 10 14:54:04 sd-83572 sshd[1564]: pam_unix(sshd:auth): check pass; user unknown
Aug 10 14:54:06 sd-83572 sshd[1564]: Failed password for invalid user  from 193.201.224.199 port 40892 ssh2
Aug 10 14:54:06 sd-83572 sshd[1564]: error: maximum authentication attempts exceeded for invalid user  from 193.201.224.199 port 40892 ssh2 [preauth]
Aug 10 14:54:06 sd-83572 sshd[1564]: Disconnecting: Too many authentication failures [preauth]
Aug 10 14:54:06 sd-83572 sshd[1564]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.199
Aug 10 14:54:06 sd-83572 sshd[1564]: PAM service(sshd) ignoring max retries; 6 > 3