打造坚固的安全的Linux服务器(ssh登录篇)

技术文章

客服中心

业务咨询

531199185
61352289
81721488
376585780
872642803
459248018
61352288
380791050

技术支持

714236853

719304487

1208894568

61352289

在线客服

531199185

61352288

983054746

893984210

当前位置：首页 >> 技术文章 >> 文章浏览

添加时间：2011-1-5　添加： admin　

首先，禁用root 远程登录，改ssh端口

vi /etc/ssh/sshd_config

PermitRootLogin no #禁用root 登录，创建一个普通用户用作远程登录，然后通过su -转为root 用户

#Port 22
Port 36301 #改到一般扫描器扫到累死才能找到的端口（从20 扫到 36301 … 哈哈）

重启 /etc/init.d/sshd restart

上述更改后，安全日志好几天没有动静，除了我自己登录的日志外，成果初现。不过好景不长，过几天后又发现有一试探登录日志：

Nov 9 15:57:02 server sshd[13948]: Did not receive identification string from 66.197.176.130
Nov 9 15:57:02 server sshd[13916]: Did not receive identification string from 66.197.176.130
Nov 9 15:57:02 server sshd[13949]: Did not receive identification string from 66.197.176.130
Nov 9 15:57:02 server sshd[13944]: Did not receive identification string from 66.197.176.130
Nov 9 22:58:17 server sshd[15736]: Did not receive identification string from UNKNOWN
Nov 9 22:59:17 server sshd[15972]: Did not receive identification string from UNKNOWN
Nov 9 23:00:18 server sshd[16163]: Did not receive identification string from UNKNOWN
Nov 9 23:01:18 server sshd[16309]: Did not receive identification string from UNKNOWN
Nov 9 23:02:18 server sshd[17579]: Did not receive identification string from UNKNOWN
Nov 9 23:03:18 server sshd[17736]: Did not receive identification string from UNKNOWN
Nov 9 23:04:17 server sshd[17846]: Did not receive identification string from UNKNOWN
Nov 9 23:05:17 server sshd[18021]: Did not receive identification string from UNKNOWN
Nov 9 23:06:20 server sshd[18103]: Did not receive identification string from UNKNOWN
Nov 9 23:07:20 server sshd[18166]: Did not receive identification string from UNKNOWN
Nov 9 23:08:20 server sshd[18307]: Did not receive identification string from UNKNOWN

嗯，看来这是一位执着的黑客，他的执着没有白费，终于找到我的ssh新端口。（my god,从22 扫描到36301需要多长时间？？？），看来我只能使出我的杀手剪了。封IP。

vi /etc/hosts.deny

sshd : ALL EXCEPT xxx.xxx.xxx.0/255.255.255.0 zzz.zzz.zzz.zz yyy.yyy.yyy.0/255.255.255.0

上面的意思是拒绝所有的IP ssh 登录除了我列出的IP 外。我上网是用的ADSL，通常在两个IP池中取得，所以上面的xxx.xxx.xxx.0 和 yyy.yyy.yyy.0 是我的动态ADSL ip 段。另外一个 zzz.zzz.zzz.zz 是我在单位的固定的IP，这个以防万一，万一我的ADSL网段变了，岂不是服务器也拒绝我的登录了？所以做IP拒绝时要慎重小心，不要把自己也锁在门外，哈哈。

安全上述加固后，再查看日志 tail -fn100 secure

Nov 9 23:48:17 server sshd[30249]: refused connect from ::ffff:66.197.176.130 (::ffff:66.197.176.130)
Nov 9 23:49:17 server sshd[30319]: refused connect from ::ffff:66.197.176.130 (::ffff:66.197.176.130)
Nov 9 23:50:17 server sshd[30475]: refused connect from ::ffff:66.197.176.130 (::ffff:66.197.176.130)
Nov 9 23:51:18 server sshd[30539]: refused connect from ::ffff:66.197.176.130 (::ffff:66.197.176.130)
Nov 9 23:52:17 server sshd[30609]: refused connect from ::ffff:66.197.176.130 (::ffff:66.197.176.130)
Nov 9 23:53:17 server sshd[31752]: refused connect from ::ffff:66.197.176.130 (::ffff:66.197.176.130)
Nov 9 23:54:17 server sshd[31833]: refused connect from ::ffff:66.197.176.130 (::ffff:66.197.176.130)
Nov 9 23:55:17 server sshd[31978]: refused connect from ::ffff:66.197.176.130 (::ffff:66.197.176.130)
Nov 9 23:56:22 server sshd[32045]: refused connect from ::ffff:66.197.176.130 (::ffff:66.197.176.130)
Nov 9 23:57:18 server sshd[32105]: refused connect from ::ffff:66.197.176.130 (::ffff:66.197.176.130)
Nov 9 23:58:18 server sshd[32171]: refused connect from ::ffff:66.197.176.130 (::ffff:66.197.176.130)
Nov 9 23:59:17 server sshd[32238]: refused connect from ::ffff:66.197.176.130 (::ffff:66.197.176.130)
Nov 10 00:00:20 server sshd[32378]: refused connect from ::ffff:66.197

分享到：

【顶部】【关闭】

打造坚固的安全的Linux服务器(ssh登录篇)

新文章: