昨天把自己宿舍电脑暴露出来,
今天看了一下ssh安全设置,
Port xxxx
PermitRootLogin no
LoginGraceTime 20
LogLevel VERBOSE
AllowUsers xxxx
重启
sudo /etc/init.d/ssh restart
连接时,使用:
ssh localhost -p xxxx
日志文件:
/var/log/auth.log
早上看了一下日志,看来被扫描的频率确实很高。。。
Apr 28 02:49:48 xxxxxxxxx sshd[1361]: pam_unix(sshd:auth): check pass; user unknown
Apr 28 02:49:48 xxxxxxxxx sshd[1361]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=58.217.255.103
Apr 28 02:49:50 xxxxxxxxx sshd[1361]: Failed password for invalid user oracle from 58.217.255.103 port 28125 ssh2
Apr 28 02:49:57 xxxxxxxxx sshd[1373]: Invalid user test from 58.217.255.103
Apr 28 02:49:57 xxxxxxxxx sshd[1373]: pam_unix(sshd:auth): check pass; user unknown
Apr 28 02:49:57 xxxxxxxxx sshd[1373]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=58.217.255.103
Apr 28 02:49:59 xxxxxxxxx sshd[1373]: Failed password for invalid user test from 58.217.255.103 port 28657 ssh2
Apr 28 02:50:05 xxxxxxxxx sshd[1385]: Invalid user guest from 58.217.255.103
Apr 28 02:50:05 xxxxxxxxx sshd[1385]: pam_unix(sshd:auth): check pass; user unknown
Apr 28 02:50:05 xxxxxxxxx sshd[1385]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=58.217.255.103
Apr 28 02:50:07 xxxxxxxxx sshd[1385]: Failed password for invalid user guest from 58.217.255.103 port 29060 ssh2
Apr 28 02:50:13 xxxxxxxxx sshd[1397]: Invalid user marta from 58.217.255.103
Apr 28 02:50:13 xxxxxxxxx sshd[1397]: pam_unix(sshd:auth): check pass; user unknown