客服中心
業(yè)務(wù)咨詢
技術(shù)支持
在線客服
打造堅(jiān)固的安全的Linux服務(wù)器(ssh登錄篇)
添加時(shí)間:2011-1-5
添加:
admin
首先,禁用root 遠(yuǎn)程登錄,改ssh端口
vi /etc/ssh/sshd_config
PermitRootLogin no #禁用root 登錄,創(chuàng)建一個(gè)普通用戶用作遠(yuǎn)程登錄,然后通過su -轉(zhuǎn)為root 用戶
#Port 22
Port 36301 #改到一般掃描器掃到累死才能找到的端口(從20 掃到 36301 … 哈哈)
重啟 /etc/init.d/sshd restart
上述更改后,安全日志好幾天沒有動(dòng)靜,除了我自己登錄的日志外,成果初現(xiàn)。不過好景不長(zhǎng),過幾天后又發(fā)現(xiàn)有一試探登錄日志:
Nov 9 15:57:02 server sshd[13948]: Did not receive identification string from 66.197.176.130
Nov 9 15:57:02 server sshd[13916]: Did not receive identification string from 66.197.176.130
Nov 9 15:57:02 server sshd[13949]: Did not receive identification string from 66.197.176.130
Nov 9 15:57:02 server sshd[13944]: Did not receive identification string from 66.197.176.130
Nov 9 22:58:17 server sshd[15736]: Did not receive identification string from UNKNOWN
Nov 9 22:59:17 server sshd[15972]: Did not receive identification string from UNKNOWN
Nov 9 23:00:18 server sshd[16163]: Did not receive identification string from UNKNOWN
Nov 9 23:01:18 server sshd[16309]: Did not receive identification string from UNKNOWN
Nov 9 23:02:18 server sshd[17579]: Did not receive identification string from UNKNOWN
Nov 9 23:03:18 server sshd[17736]: Did not receive identification string from UNKNOWN
Nov 9 23:04:17 server sshd[17846]: Did not receive identification string from UNKNOWN
Nov 9 23:05:17 server sshd[18021]: Did not receive identification string from UNKNOWN
Nov 9 23:06:20 server sshd[18103]: Did not receive identification string from UNKNOWN
Nov 9 23:07:20 server sshd[18166]: Did not receive identification string from UNKNOWN
Nov 9 23:08:20 server sshd[18307]: Did not receive identification string from UNKNOWN
嗯,看來這是一位執(zhí)著的黑客,他的執(zhí)著沒有白費(fèi),終于找到我的ssh新端口。(my god,從22 掃描到36301需要多長(zhǎng)時(shí)間???),看來我只能使出我的殺手剪了。封IP。
vi /etc/hosts.deny
sshd : ALL EXCEPT xxx.xxx.xxx.0/255.255.255.0 zzz.zzz.zzz.zz yyy.yyy.yyy.0/255.255.255.0
上面的意思是拒絕所有的IP ssh 登錄除了我列出的IP 外。我上網(wǎng)是用的ADSL,通常在兩個(gè)IP池中取得,所以上面的xxx.xxx.xxx.0 和 yyy.yyy.yyy.0 是我的動(dòng)態(tài)ADSL ip 段。另外一個(gè) zzz.zzz.zzz.zz 是我在單位的固定的IP,這個(gè)以防萬一,萬一我的ADSL網(wǎng)段變了,豈不是服務(wù)器也拒絕我的登錄了?所以做IP拒絕時(shí)要慎重小心,不要把自己也鎖在門外, 哈哈。
安全上述加固后,再查看日志 tail -fn100 secure
Nov 9 23:48:17 server sshd[30249]: refused connect from ::ffff:66.197.176.130 (::ffff:66.197.176.130)
Nov 9 23:49:17 server sshd[30319]: refused connect from ::ffff:66.197.176.130 (::ffff:66.197.176.130)
Nov 9 23:50:17 server sshd[30475]: refused connect from ::ffff:66.197.176.130 (::ffff:66.197.176.130)
Nov 9 23:51:18 server sshd[30539]: refused connect from ::ffff:66.197.176.130 (::ffff:66.197.176.130)
Nov 9 23:52:17 server sshd[30609]: refused connect from ::ffff:66.197.176.130 (::ffff:66.197.176.130)
Nov 9 23:53:17 server sshd[31752]: refused connect from ::ffff:66.197.176.130 (::ffff:66.197.176.130)
Nov 9 23:54:17 server sshd[31833]: refused connect from ::ffff:66.197.176.130 (::ffff:66.197.176.130)
Nov 9 23:55:17 server sshd[31978]: refused connect from ::ffff:66.197.176.130 (::ffff:66.197.176.130)
Nov 9 23:56:22 server sshd[32045]: refused connect from ::ffff:66.197.176.130 (::ffff:66.197.176.130)
Nov 9 23:57:18 server sshd[32105]: refused connect from ::ffff:66.197.176.130 (::ffff:66.197.176.130)
Nov 9 23:58:18 server sshd[32171]: refused connect from ::ffff:66.197.176.130 (::ffff:66.197.176.130)
Nov 9 23:59:17 server sshd[32238]: refused connect from ::ffff:66.197.176.130 (::ffff:66.197.176.130)
Nov 10 00:00:20 server sshd[32378]: refused connect from ::ffff:66.197
新文章:
- CentOS7下圖形配置網(wǎng)絡(luò)的方法
- CentOS 7如何添加刪除用戶
- 如何解決centos7雙系統(tǒng)后丟失windows啟動(dòng)項(xiàng)
- CentOS單網(wǎng)卡如何批量添加不同IP段
- CentOS下iconv命令的介紹
- Centos7 SSH密鑰登陸及密碼密鑰雙重驗(yàn)證詳解
- CentOS 7.1添加刪除用戶的方法
- CentOS查找/掃描局域網(wǎng)打印機(jī)IP講解
- CentOS7使用hostapd實(shí)現(xiàn)無AP模式的詳解
- su命令不能切換root的解決方法
- 解決VMware下CentOS7網(wǎng)絡(luò)重啟出錯(cuò)
- 解決Centos7雙系統(tǒng)后丟失windows啟動(dòng)項(xiàng)
- CentOS下如何避免文件覆蓋
- CentOS7和CentOS6系統(tǒng)有什么不同呢
- Centos 6.6默認(rèn)iptable規(guī)則詳解
