ssh登录linux服务器的时候,经常会有提示
There were * failed login attempts since the last successful login.
说明有大量的非法登录尝试,有几种应对方法
1 换一个sshd端口
不过也经常会被扫到
2 禁止root账号直接ssh登录
修改/etc/ssh/sshd_config
PermitRootLogin no
修改之后重启sshd
systemctl restart sshd
3 使用fail2ban
安装
yum install fail2ban
修改配置
/etc/fail2ban/jail.conf,找到[sshd],增加enable
[sshd]
# To use more aggressive sshd modes set filter parameter "mode" in jail.local:
# normal (default), ddos, extra or aggressive (combines all).
# See "tests/files/logs/sshd" or "filter.d/sshd.conf" for usage example and details.
#mode = normal
filter = sshd
port = ssh
logpath = %(sshd_log)s
backend = %(sshd_backend)s
enabled = true
启动
systemctl start fail2ban
配置开机启动
systemctl enable fail2ban
检查状态
fail2ban-client status sshd
对某个ip取消限制
fail2ban-client set sshd unbanip $ip