1、禁止root用户登陆,使用普通用户登陆再切换root用户
2、更改ssh连接端口
3、定期更改系统密码,或使用密钥的方式连接
4、使用堡垒机管理服务器
5、编写脚本防止ssh暴力破解
(1)shell脚本
#!/bin/bash
#Denyhosts SHELL scripts
if [ ! -d "/root/Denyhosts" ];then
mkdir -p /root/Denyhosts
fi
cat /var/log/secure |awk '/Failed/{print $(NF-3)}'|sort |uniq -c |awk '{print $2"=" $1;}' >/root/Denyhosts/Denyhosts.txt
COUNT="5"
for i in `cat /root/Denyhosts/Denyhosts.txt`
do
IP=`echo $i |awk -F= '{print $1}'`
NUM=`echo $i |awk -F= '{print $2}'`
if [ $NUM -gt $COUNT ]
then
ipExists=`grep $IP /etc/hosts.deny |grep -v grep |wc -l`
if [ $ipExists -lt 1 ]
then
echo "sshd:$IP" >> /etc/hosts.deny
fi
fi
done
(2)python脚本
#!/usr/bin/env python
# -*- utf-8 -*-
with open('/etc/hosts.deny') as f:
deny = f.read().split('\n')
with open('/var/log/secure') as f:
log = f.read().split('\n')
ipset = [ ]
for l in log:
if 'Failed password' in l:
ip = l.split(' from ')[1].split(' port ')[0]
ipset.append( ip )
a=set(ipset)
for j in a:
if ipset.count(j) > 5:
with open('/etc/hosts.deny', 'a') as f:
if j not in deny:
f.write(j + '\n')