ssh登錄linux服務器的時候,經常會有提示
There were * failed login attempts since the last successful login.
說明有大量的非法登錄嘗試,有幾種應對方法
1 換一個sshd端口
不過也經常會被掃到
2 禁止root賬號直接ssh登錄
修改/etc/ssh/sshd_config
PermitRootLogin no
修改之后重啟sshd
systemctl restart sshd
3 使用fail2ban
安裝
yum install fail2ban
修改配置
/etc/fail2ban/jail.conf,找到[sshd],增加enable
[sshd]
# To use more aggressive sshd modes set filter parameter "mode" in jail.local:
# normal (default), ddos, extra or aggressive (combines all).
# See "tests/files/logs/sshd" or "filter.d/sshd.conf" for usage example and details.
#mode = normal
filter = sshd
port = ssh
logpath = %(sshd_log)s
backend = %(sshd_backend)s
enabled = true
啟動
systemctl start fail2ban
配置開機啟動
systemctl enable fail2ban
檢查狀態
fail2ban-client status sshd
對某個ip取消限制
fail2ban-client set sshd unbanip $ip