Check which ip addresses crack your ssh password and the number of times

Source: Internet
Author: User

On the Internet, there are always boring people who constantly guess the passwords of others' servers every day! As the administrator of a linux server, we should know which IP addresses are constantly scanning our SSH ports to try brute force cracking. Next we will use a command to list which IP addresses are cracking your SSH password and the number of times.

Cat/var/log/secure | awk '/Failed/{print $(NF-3 )} '| sort | uniq-c | awk' {print $2 "=" $1 ;}'


The above picture shows the IP address used to scan the SSH password on this site and the number of scans!
We recommend that you modify the remote connection port of the server to prevent the security of the server from being affected by the scan of your password! If conditions are met, only a fixed IP address can be allowed to connect to the SSH remote connection port, which is much safer. You can also write a script to add the IP address to the hosts. deny file when the number of consecutive scans reaches the specified value, and enable Filtering for sshd in hosts. allow, for example:

Sshd:/etc/hosts. deny: deny sshd: ALL: allow

In this case, after too many wrong password input times, the server is automatically blocked from the outside for security configuration.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.