1. Reasons
Host system: centos7
When you log in to VPS with SSH today, the following information is displayed:
Last failed login: Sat Sep 1 11:55:01 UTC 2018 from 112.85.42.201 on ssh:notty
There were 594 failed login attempts since the last successful login.12
594 failed to log in. It should have been scanned.
The last command is used to display the user's latest login information. If you execute the last command alone, it will read the file of / var / log / wtmp, and display the list of users logging in to the system. Check it with last. Fortunately, only you have logged in.
The lastb command is used to display the login list of user errors. This command can detect the login exception of the system. If you execute the lastb command alone, it will read the file named BTMP in the / var / log directory, and display the list of users who failed to log in. Do the following:
support ssh:notty 59.41.66.141 Sat Sep 1 12:05 - 12:05 (00:00)
support ssh:notty 59.41.66.141 Sat Sep 1 12:05 - 12:05 (00:00)
paul ssh:notty 132.232.23.12 Sat Sep 1 11:57 - 11:57 (00:00)
paul ssh:notty 132.232.23.12 Sat Sep 1 11:57 - 11:57 (00:00)
root ssh:notty 112.85.42.201 Sat Sep 1 11:55 - 11:55 (00:00)
root ssh:notty 112.85.42.201 Sat Sep 1 11:54 - 11:54 (00:00)
root ssh:notty 112.85.42.201 Sat Sep 1 11:54 - 11:54 (00:00)
root ssh:notty 112.85.42.201 Sat Sep 1 11:54 - 11:54 (00:00)
root ssh:notty 112.85.42.201 Sat Sep 1 11:54 - 11:54 (00:00)
root ssh:notty 112.85.42.201 Sat Sep 1 11:54 - 11:54 (00:00)
root ssh:notty 112.85.42.201 Sat Sep 1 11:54 - 11:54 (00:00)
root ssh:notty 112.85.42.201 Sat Sep 1 11:54 - 11:54 (00:00)
root ssh:notty 112.85.42.201 Sat Sep 1 11:54 - 11:54 (00:00) 12345678910111213
Terrible. It's been scanned all the time. Check how many records there are:
# lastb > loginFuailure.log
# wc -l loginFuailure.log
one thousand and eight loginFuailure.log123
There have been 1008 attempts.
2. Common solutions
The following methods are adopted:
-Replace port 22
-Use the key and public key pair to log in SSH instead of password login
-Limit the number of password errors
-Disable root login
2.1 modify port 22
Reference: centos7 adds or modifies SSH port number
1). Modify the configuration file:
$ vim /etc/ssh/sshd_ config1
Find the line ා port 22, remove the comment, open port 22, and then copy a line to change to another port. First, port 22 is reserved to prevent access to port 22 due to various permissions and configuration problems, which will be out of play. When you can log in with another port, close port 22.
After the restart, do not rush to exit the terminal to try to log in. If I open a new terminal to try whether I can log in, I forget to modify the firewall and log out directly, so I can't log in, even if the port is right. Fortunately, vultr provides a console with a web page to log in with a password.
2).SELinux
To check whether SELinux is on:
# getenforce
Disabled12
I'm closed here. I don't need to configure it.
3). Firewall:
# firewall-cmd --permanent --query-port=xxxxx/tcp
No
# firewall-cmd --permanent --add-port=xxxxx/tcp
success
# firewall-cmd --reload
success
# firewall-cmd --permanent --query-port=xxxxx/tcp
yes12345678
4). Restart:
# systemctl restart sshd
# systemctl restart firewalld.service12
You can't log on using the default port
#ssh root@xx.xx.xx.xx -p 22
ssh: connect to host xx.xx.xx .xx port 22: Connection refused12
The modified port must be used.
2.2 no password login
Note: you need to configure the private key login, or you can't log in if you disable password login.
Edit / etc / SSH / sshd_ config
Change the passwordauthentication parameter value to No: passwordauthentication No
Restart SSH service: systemctl restart sshd
2.3 limit the number of password errors
reference resources
#vim /etc/pam.d/sshd
#%PAM-1.0
auth required pam_ tally2.so deny=3 lock_ time=300 even_ deny_ root root
A kind of unlock_ time=10001234
Disable root login:
Add users if necessary:
# adduser name
# passwd name12
Modify the configuration file:
Edit / etc / SSH / sshd_ config :
Permitrotlogin no / / prevent root from logging in
Allowusers name / / allow specified users to log in Using SSH, and change the name to your allowed user name 123
Restart service:
#systemctl restart sshd
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.
