在公网上开放SSHD服务时常被黑客扫描,可用以下方式封禁其IP:
1. 在/etc/hosts/deny中加:sshd: /etc/sshd.deny.hostguard
echo "sshd: /etc/sshd.deny.hostguard" > /etc/hosts/deny
2. 然后将/var/log/secure中探测密码的远程IP加入到/etc/sshd.deny.hostguard
awk '/rhost=/ {print $14}' /var/log/secure|awk -F = '/rhost/ {print $2}'|sort|uniq -d >> /etc/sshd.deny.hostguard
3. 最后重启sshd
systemctl restart sshd