当前位置:网站首页>SSH access control, blocking the IP when logging in repeatedly to prevent brute force cracking
SSH access control, blocking the IP when logging in repeatedly to prevent brute force cracking
2022-07-03 14:16:00 【Brother Xing plays with the clouds】
One 、 System :CentOS 6.3 64 position
Two 、 Method : Read /var/log/secure, Find keywords Failed, for example ( notes : In this paper, the IP The address has been deleted ):
Sep 17 09:08:09 localhost sshd[29087]: Failed password for root from 13.7.3.6 port 44367 ssh2 Sep 17 09:08:20 localhost sshd[29087]: Failed password for root from 13.7.3.6 port 44367 ssh2 Sep 17 09:10:02 localhost sshd[29223]: Failed password for root from 13.7.3.6 port 56482 ssh2 Sep 17 09:10:14 localhost sshd[29223]: Failed password for root from 13.7.3.6 port 56482 ssh2
Extract from these lines IP Address , If the number reaches 5 Second, the IP writes /etc/hosts.deny in .
3、 ... and 、 step :
1、 First, always allow IP fill /etc/hosts.allow , It's important ! such as : sshd:19.16.18.1:allow sshd:19.16.18.2:allow
2、 Script /root/secure_ssh.sh
#! /bin/bash cat /var/log/secure|awk '/Failed/{print $(NF-3)}'|sort|uniq -c|awk '{print $2"="$1;}' > /root/black.txt DEFINE="5" for i in `cat /root/black.txt` do IP=`echo $i |awk -F= '{print $1}'` NUM=`echo $i|awk -F= '{print $2}'` if [ $NUM -gt $DEFINE ];then grep $IP /etc/hosts.deny > /dev/null if [ $? -gt 0 ];then echo "sshd:$IP:deny" >> /etc/hosts.deny fi fi done
3、 take secure_ssh.sh Script put in cron Planning tasks , Every time 1 Once per minute . # crontab -e */1 * * * * sh /root/secure_ssh.sh
Four 、 test :
1、 Open two terminal windows , One ssh Even on The server , The other connects with the wrong password The server A few times .
Soon , The server It has been recorded in the blacklist file : [[email protected] ~]# $ cat /root/black.txt 13.26.21.27=3
I want to see others The server Upper hosts.deny [[email protected] ~]# cat /etc/hosts.deny sshd:13.7.3.6:deny sshd:92.4.0.4:deny sshd:94.10.4.2:deny sshd:94.4.1.6:deny sshd:11.64.11.5:deny
2、 Continue from another terminal window “ violence ” Connect The server .
Look at the blacklist file on the server : [[email protected] ~]# cat black.txt 13.26.21.27=6
Look at the server hosts.deny [[email protected] ~]# cat /etc/hosts.deny sshd:13.7.3.6:deny sshd:92.4.0.4:deny sshd:94.10.4.2:deny sshd:94.4.1.6:deny sshd:11.64.11.5:deny sshd:13.26.21.27:deny
IP Has been added to the server hosts.deny, Connect to the server with the correct password , Be rejected : $ ssh [email protected] -p 2333 ssh_exchange_identification: Connection closed by remote host
notes : 1. Scripts are written for colleagues .
2. The server sshd Port changed to 2333, The fact proved that , After changing the port , violence Crack Of ssh The number of connections decreased sharply .
边栏推荐
- Exercise 8-8 moving letters
- 7-28 monkeys choose King (Joseph problem)
- Leetcode (4) -- find the median of two positively ordered arrays
- Article content typesetting and code highlighting
- 战略、战术(和 OKR)
- 7-16 find the set of integers that meet the given conditions
- 虽然不一定最优秀,但一定是最努力的!
- Too many files with unapproved license
- MongoDB数据库入门的常用命令
- 7-23 currency conversion (using array conversion)
猜你喜欢
Exercise 6-1 classify and count the number of characters
QT learning 20 standard dialog box in QT (middle)
Redis:Redis的数据结构、key的操作命令
GRPC的四种数据流以及案例
[email protected] Nanoparticles) | nano metal organic framework carry"/>
Metal organic framework material zif-8 containing curcumin( [email protected] Nanoparticles) | nano metal organic framework carry
Exercise 10-1 judge the three digits that meet the conditions
Page generation QR code
7-9 find a small ball with a balance
Eight sorts
Leetcode(4)——尋找兩個正序數組的中比特數
随机推荐
Although not necessarily the best, it must be the hardest!
The small project (servlet+jsp+mysql+el+jstl) completes a servlet with login function, with the operation of adding, deleting, modifying and querying. Realize login authentication, prevent illegal log
Why are grass-roots colleges and universities with "soil and poverty" called "Northeast small Tsinghua"?
Formation of mil-100 (FE) coated small molecule aspirin [email protected] (FE) | glycyrrhetinic acid modified metal organ
Exercise 8-7 string sorting
Solve the problem of dormitory router campus network sharing login
7-10 calculate salary
7-23 currency conversion (using array conversion)
Raft agreement
7-28 monkeys choose King (Joseph problem)
中国锂电池电解液行业市场专项调研报告(2022版)
Generate directories from web content
7-4 BCD decryption (10 points)
Exercise 6-6 use a function to output an integer in reverse order
Interface for querying IP home
Exercise 10-8 recursive implementation of sequential output of integers
使用并行可微模拟加速策略学习
Comprehensive evaluation of good-looking, easy-to-use and powerful handwriting note taking software: notability, goodnotes, marginnote, handwriting, notes writers, collanote, collanote, prodrafts, not
Redis:Redis的数据结构、key的操作命令
Too many files with unapproved license