本文介绍了如何在Linux服务器上新建用户,设置密码,修改SSH配置以禁止root直接登录,并通过修改`/etc/hosts.allow`文件拉黑尝试暴力破解的IP。此外,还演示了如何禁用密码登录,增强服务器的安全性。
查看试图暴力破解你的主机ssh的坏蛋们:
>>> grep "Failed password for invalid user" /var/log/secure | awk '{print $13}' | sort | uniq -c | sort -nr
611 51.210.247.118
75 107.182.110.105
30 91.134.242.66
30 64.225.36.142
30 61.218.5.190
30 34.72.163.246
30 218.149.128.186
30 167.99.209.119
30 1.220.90.53
...
把这些 ip 拉黑
>>> cat /var/log/secure | grep "Failed password for invalid user" | awk '{print $13}' | sort | uniq -c | sort -n | tail -10 |awk '{print "sshd:"$2":deny"}' >> /etc/hosts.allow
>>> tail -20 /etc/hosts.allow
# allow or deny connections to network services that
# either use the tcp_wrappers library or that have been
# started through a tcp_wrappers-enabled xinetd.
#
# See 'man 5 hosts_options' and 'man 5 hosts_access'
# for information on rule syntax.
# See 'man tcpd' for information on tcp_wrappers
#
sshd:218.149.128.186:deny
sshd:222.122.82.135:deny
sshd:34.72.163.246:deny
sshd:51.255.163.60:deny
sshd:61.218.5.190:deny
sshd:64.225.36.142:deny
sshd:80.227.134.221:deny
sshd:91.134.242.66:deny
sshd:107.182.110.105:deny
sshd:51.210.247.118:deny
新建一个用户
>>> useradd xxx (xxx为你要新建的用户名)
为新用户设置密码
>>> passwd xxx (xxx为你要新建的用户名)
修改SSHD配置,禁止root直接登录
>>> vi /etc/ssh/sshd_config
查找#PermitRootLogin yes,
将前面的#去掉,“Yes”改为“No”,并保存文件。
重启sshd服务
>>> systemctl restart sshd.service
禁用密码登录
还可以做得更绝一点,开启密钥登录,然后禁用密码登陆:
>>> vim /etc/ssh/sshd_config #修改 PasswordAuthentication yes/no
>>> systemctl restart sshd.service
扫一扫
4009
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
