能不能设置sshd非法访问报警

fscyr · 发表于 2005-9-1 14:00:20

最近发现我自己的服务器的sshd端口有恶意访问，请问能不能在这些访问开始的时候就报警，如发邮件等。

BlazingBits · 发表于 2005-9-1 16:06:04

改到一个乱七八糟的端口。基本上就没有这种乱试密码的bot暴力登陆了。

senne · 发表于 2005-9-1 21:21:39

1.use allowusers to restrict users
2.disable password authentication
2.use hosts.allow and deny to restrict host
3.use logcheck to send out alert(not only ssh,other weird staff in log)

szjungle · 发表于 2005-9-1 22:06:15

只采用 key 认证方式，绝对没人能攻破。

fscyr · 发表于 2005-9-2 19:50:16

3.use logcheck to send out alert(not only ssh,other weired staff in log)

请问这个怎么做啊?

senne · 发表于 2005-9-2 21:35:21

apt-get install logcheck

default setup is very usable,if new attack is attempted you'll receive email like this

This email is sent by logcheck. If you wish to no-longer receive it,
you can either deinstall the logcheck package or modify its
configuration file (/etc/logcheck/logcheck.conf).

Security Events
=-=-=-=-=-=-=-=
Aug 13 15:02:08 host sshd[2318]: Illegal user admin from 82.165.249.31
Aug 13 15:02:10 host sshd[2347]: Illegal user admin from 82.165.249.31
Aug 13 15:02:11 host sshd[2384]: Illegal user admin from 82.165.249.31
Aug 13 15:02:12 host sshd[2400]: Illegal user admin from 82.165.249.31
Aug 13 15:02:26 host sshd[2673]: Illegal user admin from 82.165.249.31
Aug 13 15:05:16 host sshd[2970]: Illegal user admin from 82.165.249.31
Aug 13 15:05:17 host sshd[2972]: Illegal user admin from 82.165.249.31
Aug 13 15:05:19 host sshd[2976]: Illegal user admin from 82.165.249.31
Aug 13 15:05:21 host sshd[2978]: Illegal user admin from 82.165.249.31
Aug 13 15:05:22 host sshd[2980]: Illegal user admin from 82.165.249.31
.....

fscyr · 发表于 2005-9-4 11:45:34

非常感谢。

qinling_2008 · 发表于 2007-5-15 15:21:07

不是很明白.

		自动登录	找回密码
密码			注册