{"id":138,"date":"2023-10-31T14:26:15","date_gmt":"2023-10-31T06:26:15","guid":{"rendered":"https:\/\/www.waidts.com\/?p=138"},"modified":"2023-10-31T14:26:15","modified_gmt":"2023-10-31T06:26:15","slug":"ssh%e5%a4%9a%e6%ac%a1%e5%a4%b1%e6%95%97%e7%99%bb%e9%8c%84%e5%8d%b3%e5%b0%81%e6%8e%89ip%ef%bc%8c%e9%98%b2%e6%ad%a2%e6%9a%b4%e5%8a%9b%e7%a0%b4%e8%a7%a3","status":"publish","type":"post","link":"https:\/\/www.waidts.com\/index.php\/2023\/10\/31\/ssh%e5%a4%9a%e6%ac%a1%e5%a4%b1%e6%95%97%e7%99%bb%e9%8c%84%e5%8d%b3%e5%b0%81%e6%8e%89ip%ef%bc%8c%e9%98%b2%e6%ad%a2%e6%9a%b4%e5%8a%9b%e7%a0%b4%e8%a7%a3\/","title":{"rendered":"ssh\u591a\u6b21\u5931\u6557\u767b\u9304\u5373\u5c01\u6389IP\uff0c\u9632\u6b62\u66b4\u529b\u7834\u89e3\u200b\u200b"},"content":{"rendered":"\n

\u4e00\u3001\u7cfb\u7d71\uff1aCentos6.3 64\u4f4d<\/p>\n\n\n\n

\u4e8c\u3001\u65b9\u6cd5\uff1a\u8b80\u53d6\/var\/log\/secure\uff0c\u67e5\u627e\u95dc\u9375\u5b57 Failed\uff0c\u4f8b\u5982\uff08\u6ce8\uff1a\u6587\u4e2d\u7684IP\u5730\u5740\u7279\u610f\u505a\u4e86\u522a\u6e1b\uff09\uff1a<\/p>\n\n\n\n

Sep 17 09:08:09 localhost sshd[29087]: Failed password for root from 13.7.3.6 port 44367 ssh2<\/p>\n\n\n\n

Sep 17 09:08:20 localhost sshd[29087]: Failed password for root from 13.7.3.6 port 44367 ssh2<\/p>\n\n\n\n

Sep 17 09:10:02 localhost sshd[29223]: Failed password for root from 13.7.3.6 port 56482 ssh2<\/p>\n\n\n\n

Sep 17 09:10:14 localhost sshd[29223]: Failed password for root from 13.7.3.6 port 56482 ssh2<\/p>\n\n\n\n

\u5f9e\u9019\u4e9b\u884c\u4e2d\u63d0\u53d6IP\u5730\u5740\uff0c\u5982\u679c\u6b21\u6578\u9054\u523010\u6b21(\u8173\u672c\u4e2d\u5224\u65b7\u6b21\u6578\u5b57\u5143\u9577\u5ea6\u662f\u5426\u5927\u65bc1)\u5247\u5c07\u8a72IP\u5beb\u5230 \/etc\/hosts.deny\u4e2d\u3002<\/p>\n\n\n\n

\u4e09\u3001\u6b65\u9a5f\uff1a<\/p>\n\n\n\n

1\u3001\u5148\u628a\u59cb\u7d42\u5141\u8a31\u7684IP\u586b\u5165 \/etc\/hosts.allow \uff0c\u9019\u5f88\u91cd\u8981\uff01\u6bd4\u5982\uff1a<\/p>\n\n\n\n

sshd:19.16.18.1:allow<\/p>\n\n\n\n

sshd:19.16.18.2:allow<\/p>\n\n\n\n

2\u3001\u8173\u672c \/usr\/local\/bin\/secure_ssh.sh<\/p>\n\n\n\n

#! \/bin\/bash<\/p>\n\n\n\n

cat \/var\/log\/secure|awk ‘\/Failed\/{print $(NF-3)}’|sort|uniq -c|awk ‘{print $2″=”$1;}’ > \/usr\/local\/bin\/black.list<\/p>\n\n\n\n

for i in `cat  \/usr\/local\/bin\/black.list`<\/p>\n\n\n\n

do<\/p>\n\n\n\n

     IP=`echo $i |awk -F= ‘{print $1}’`<\/p>\n\n\n\n

     NUM=`echo $i|awk -F= ‘{print $2}’`<\/p>\n\n\n\n

     if  [  ${#NUM} -gt  1  ]; then<\/p>\n\n\n\n

         grep $IP \/etc\/hosts.deny > \/dev\/null<\/p>\n\n\n\n

         if  [  $? -gt  0  ];then<\/p>\n\n\n\n

             echo “sshd:$IP:deny” >> \/etc\/hosts.deny<\/p>\n\n\n\n

         fi<\/p>\n\n\n\n

     fi<\/p>\n\n\n\n

done<\/p>\n\n\n\n

3\u3001\u5c07secure_ssh.sh\u8173\u672c\u653e\u5165cron\u8a08\u756b\u4efb\u52d9\uff0c\u6bcf1\u5206\u9418\u57f7\u884c\u4e00\u6b21\u3002<\/p>\n\n\n\n

# crontab -e<\/p>\n\n\n\n

*\/1 * * * *  sh \/usr\/local\/bin\/secure_ssh.sh<\/p>\n\n\n\n

\u56db\u3001\u6e2c\u8a66\uff1a<\/p>\n\n\n\n

1\u3001\u958b\u5169\u500b\u7d42\u7aef\u8996\u7a97\uff0c\u4e00\u500bssh\u9023\u4e0a\u4f3a\u670d\u5668\uff0c\u53e6\u4e00\u500b\u7528\u932f\u8aa4\u7684\u5bc6\u78bc\u9023\u63a5\u4f3a\u670d\u5668\u5e7e\u6b21\u3002<\/p>\n\n\n\n

\u5f88\u5feb\uff0c\u4f3a\u670d\u5668\u4e0a\u9ed1\u540d\u55ae\u6a94\u88e1\u5df2\u7d93\u6709\u8a18\u9304\u4e86\uff1a<\/p>\n\n\n\n

[root@ ~]# $ cat \/usr\/local\/bin\/black.txt <\/p>\n\n\n\n

13.26.21.27=3<\/p>\n\n\n\n

\u518d\u770b\u770b\u4f3a\u670d\u5668\u4e0a\u7684hosts.deny<\/p>\n\n\n\n

[root@ ~]# cat \/etc\/hosts.deny<\/p>\n\n\n\n

sshd:13.7.3.6:deny<\/p>\n\n\n\n

sshd:92.4.0.4:deny<\/p>\n\n\n\n

sshd:94.10.4.2:deny<\/p>\n\n\n\n

sshd:94.4.1.6:deny<\/p>\n\n\n\n

sshd:11.64.11.5:deny<\/p>\n\n\n\n

2\u3001\u5f9e\u53e6\u4e00\u500b\u7d42\u7aef\u8996\u7a97\u7e7c\u7e8c\u201c\u66b4\u529b\u201d\u9023\u63a5\u4f3a\u670d\u5668\u3002<\/p>\n\n\n\n

\u770b\u770b\u4f3a\u670d\u5668\u4e0a\u7684\u9ed1\u540d\u55ae\u6a94\uff1a<\/p>\n\n\n\n

[root@ ~]# cat \/usr\/local\/bin\/black.txt<\/p>\n\n\n\n

13.26.21.27=6<\/p>\n\n\n\n

\u518d\u770b\u770b\u4f3a\u670d\u5668\u4e0a\u7684hosts.deny<\/p>\n\n\n\n

[root@ ~]# cat \/etc\/hosts.deny<\/p>\n\n\n\n

sshd:13.7.3.6:deny<\/p>\n\n\n\n

sshd:92.4.0.4:deny<\/p>\n\n\n\n

sshd:94.10.4.2:deny<\/p>\n\n\n\n

sshd:94.4.1.6:deny<\/p>\n\n\n\n

sshd:11.64.11.5:deny<\/p>\n\n\n\n

sshd:13.26.21.27:deny<\/p>\n\n\n\n

IP \u5df2\u7d93\u88ab\u52a0\u5165\u5230\u4f3a\u670d\u5668\u7684hosts.deny\uff0c\u518d\u7528\u6b63\u78ba\u7684\u5bc6\u78bc\u9023\u63a5\u4f3a\u670d\u5668\uff0c\u88ab\u62d2\u7d55\uff1a<\/p>\n\n\n\n

$ ssh root@myserver.mydomain.com -p 2333<\/p>\n\n\n\n

ssh_exchange_identification: Connection closed by remote host<\/p>\n\n\n\n

\u6ce8\uff1a<\/p>\n\n\n\n

1.\u8173\u672c\u70ba\u540c\u4e8b\u7de8\u5beb\u3002<\/p>\n\n\n\n

2.\u4f3a\u670d\u5668sshd\u57e0\u5df2\u6539\u70ba2333\uff0c\u4e8b\u5be6\u8b49\u660e\uff0c\u6539\u4e86\u57e0\u5f8c\uff0c\u66b4\u529b\u7834\u89e3\u7684ssh\u9023\u63a5\u6578\u92b3\u6e1b\uff0c\u5475\u5475\u3002<\/p>\n","protected":false},"excerpt":{"rendered":"

\u4e00\u3001\u7cfb\u7d71\uff1aCentos6.3 64\u4f4d \u4e8c\u3001\u65b9\u6cd5\uff1a\u8b80\u53d6\/var\/log\/secure\uff0c\u67e5\u627e\u95dc\u9375\u5b57 Failed\uff0c …<\/p>\n

ssh\u591a\u6b21\u5931\u6557\u767b\u9304\u5373\u5c01\u6389IP\uff0c\u9632\u6b62\u66b4\u529b\u7834\u89e3\u200b\u200b<\/span> \u95b1\u8b80\u5168\u6587 »<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","footnotes":""},"categories":[3,6],"tags":[],"class_list":["post-138","post","type-post","status-publish","format-standard","hentry","category-linux","category-linux-script"],"_links":{"self":[{"href":"https:\/\/www.waidts.com\/index.php\/wp-json\/wp\/v2\/posts\/138","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.waidts.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.waidts.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.waidts.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.waidts.com\/index.php\/wp-json\/wp\/v2\/comments?post=138"}],"version-history":[{"count":1,"href":"https:\/\/www.waidts.com\/index.php\/wp-json\/wp\/v2\/posts\/138\/revisions"}],"predecessor-version":[{"id":139,"href":"https:\/\/www.waidts.com\/index.php\/wp-json\/wp\/v2\/posts\/138\/revisions\/139"}],"wp:attachment":[{"href":"https:\/\/www.waidts.com\/index.php\/wp-json\/wp\/v2\/media?parent=138"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.waidts.com\/index.php\/wp-json\/wp\/v2\/categories?post=138"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.waidts.com\/index.php\/wp-json\/wp\/v2\/tags?post=138"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}