首先，禁用root 遠程登錄，改ssh端口

vi /etc/ssh/sshd_config

PermitRootLogin no   #禁用root 登錄，創建一個普通用戶用作遠程登錄，然后通過su -轉為root 用戶

#Port 22
Port 36301     #改到一般掃描器掃到累死才能找到的端口（從20 掃到 36301 … 哈哈）

重啟 /etc/init.d/sshd restart

上述更改后，安全日志好幾天沒有動靜，除了我自己登錄的日志外，成果初現。不過好景不長，過幾天后又發現有一試探登錄日志：

Nov  9 15:57:02 server sshd[13948]: Did not receive identification string from 66.197.176.130
Nov  9 15:57:02 server sshd[13916]: Did not receive identification string from 66.197.176.130
Nov  9 15:57:02 server sshd[13949]: Did not receive identification string from 66.197.176.130
Nov  9 15:57:02 server sshd[13944]: Did not receive identification string from 66.197.176.130
Nov  9 22:58:17 server sshd[15736]: Did not receive identification string from UNKNOWN
Nov  9 22:59:17 server sshd[15972]: Did not receive identification string from UNKNOWN
Nov  9 23:00:18 server sshd[16163]: Did not receive identification string from UNKNOWN
Nov  9 23:01:18 server sshd[16309]: Did not receive identification string from UNKNOWN
Nov  9 23:02:18 server sshd[17579]: Did not receive identification string from UNKNOWN
Nov  9 23:03:18 server sshd[17736]: Did not receive identification string from UNKNOWN
Nov  9 23:04:17 server sshd[17846]: Did not receive identification string from UNKNOWN
Nov  9 23:05:17 server sshd[18021]: Did not receive identification string from UNKNOWN
Nov  9 23:06:20 server sshd[18103]: Did not receive identification string from UNKNOWN
Nov  9 23:07:20 server sshd[18166]: Did not receive identification string from UNKNOWN
Nov  9 23:08:20 server sshd[18307]: Did not receive identification string from UNKNOWN

嗯，看來這是一位執著的黑客，他的執著沒有白費，終于找到我的ssh新端口。（my god,從22 掃描到36301需要多長時間？？？），看來我只能使出我的殺手剪了。封IP。

vi /etc/hosts.deny

sshd : ALL EXCEPT xxx.xxx.xxx.0/255.255.255.0 zzz.zzz.zzz.zz yyy.yyy.yyy.0/255.255.255.0

上面的意思是拒絕所有的IP ssh 登錄除了我列出的IP 外。我上網是用的ADSL，通常在兩個IP池中取得，所以上面的xxx.xxx.xxx.0 和 yyy.yyy.yyy.0 是我的動態ADSL ip 段。另外一個 zzz.zzz.zzz.zz 是我在單位的固定的IP，這個以防萬一，萬一我的ADSL網段變了，豈不是服務器也拒絕我的登錄了？所以做IP拒絕時要慎重小心，不要把自己也鎖在門外， 哈哈。

安全上述加固后，再查看日志 tail -fn100 secure

Nov  9 23:48:17 server sshd[30249]: refused connect from ::ffff:66.197.176.130 (::ffff:66.197.176.130)
Nov  9 23:49:17 server sshd[30319]: refused connect from ::ffff:66.197.176.130 (::ffff:66.197.176.130)
Nov  9 23:50:17 server sshd[30475]: refused connect from ::ffff:66.197.176.130 (::ffff:66.197.176.130)
Nov  9 23:51:18 server sshd[30539]: refused connect from ::ffff:66.197.176.130 (::ffff:66.197.176.130)
Nov  9 23:52:17 server sshd[30609]: refused connect from ::ffff:66.197.176.130 (::ffff:66.197.176.130)
Nov  9 23:53:17 server sshd[31752]: refused connect from ::ffff:66.197.176.130 (::ffff:66.197.176.130)
Nov  9 23:54:17 server sshd[31833]: refused connect from ::ffff:66.197.176.130 (::ffff:66.197.176.130)
Nov  9 23:55:17 server sshd[31978]: refused connect from ::ffff:66.197.176.130 (::ffff:66.197.176.130)
Nov  9 23:56:22 server sshd[32045]: refused connect from ::ffff:66.197.176.130 (::ffff:66.197.176.130)
Nov  9 23:57:18 server sshd[32105]: refused connect from ::ffff:66.197.176.130 (::ffff:66.197.176.130)
Nov  9 23:58:18 server sshd[32171]: refused connect from ::ffff:66.197.176.130 (::ffff:66.197.176.130)
Nov  9 23:59:17 server sshd[32238]: refused connect from ::ffff:66.197.176.130 (::ffff:66.197.176.130)
Nov 10 00:00:20 server sshd[32378]: refused connect from ::ffff:66.197