尝试登录失败次数过多(相关命令)
-
查看登录失败的信息,包括尝试登录时间、用户名、IP地址和端口号等
grep “Failed password” /var/log/secure | tail -300 -
统计是哪些账号登录失败过(相当于上一个命令的统计):
grep “Failed password” /var/log/secure | grep -v COMMAND | awk ‘{print $9}’ | sort | uniq -c -
登录失败的IP及失败次数
cat /var/log/secure | awk ‘/Failed/{print $(NF-3)}’ | sort | uniq -c | awk ‘{print $2"="$1;}’ -
将登陆失败的IP地址保存下来
cat /var/log/secure | awk ‘/Failed/{print $(NF-3)}’ | sort | uniq -c | awk ‘{print $2"="$1;}’ > xx.txt
可能的解决方案:
-
更加复杂的密码 -
设置 SSH 通过密钥登录,如https://www.runoob.com/w3cnote/set-ssh-login-key.html和https://blog.csdn.net/qq_41750040/article/details/80134691(Xshell连接) -
登录失败后锁定
配置Linux密码策略:尝试密码N次失败后锁定账号
https://blog.csdn.net/bigwood99/article/details/107721744?utm_medium=distribute.pc_relevant.none-task-blog-2defaultbaidujs_title~default-1.no_search_link&spm=1001.2101.3001.4242.2
以及CentOS7中密码登录失败锁定设置
https://blog.csdn.net/qq_40907977/article/details/104836661?utm_medium=distribute.pc_relevant.none-task-blog-2defaultbaidujs_title~default-0.no_search_link&spm=1001.2101.3001.4242.1 -
封禁错误IP:https://cloud.tencent.com/developer/ask/26678?from=14588
摘抄:
1 使用 ssh-keygen,禁用密码登陆
2 使用PAM模块,参考HowTo: Configure Linux To Track and Log Failed Login Attempt Records,其实就是登陆尝试次数设置和延时 我的解决思路如下:
1 通过脚本获取尝试登陆失败的IP
2 将获取的IP写入到/etc/hosts.deny文件,进行屏蔽
3 使用inotify-tools,监控/var/log/secure文件,来实时更新/etc/hosts.deny文件
|