在 CentOS 8 下,我试图查找 SSH 失败的登录尝试。最后返回:
# lastb
btmp begins Thu Jul 9 10:53:49 2020
Aureport 返回一些记录(一个例子是):
# aureport -au -i --failed
Authentication Report
============================================
# date time acct host term exe success event
============================================
1. 06/25/2020 13:46:36 root 10.10.0.2 ssh /usr/sbin/sshd no 66
当我尝试使用错误的凭据登录时,aureport 或 lastb 不显示新记录。在哪里可以找到失败的 SSH 登录?
由于 sshd 服务由 systemd 管理,因此您应该查看日志。例如:
$ journalctl -u sshd
Jul 19 05:24:07 xx-1 sshd[30983]: Received disconnect from 43.254.220.207 port 59846:11: Bye Bye [preauth]
Jul 19 05:24:07 xx-fsn1-1 sshd[30983]: Disconnected from invalid user ik 43.254.220.207 port 59846 [preauth]
Jul 19 05:26:25 xx-1 sshd[30986]: Invalid user test from 139.213.220.70 port 62857
Jul 19 05:26:25 xx-1 sshd[30986]: Received disconnect from 139.213.220.70 port 62857:11: Bye Bye [preauth]
Jul 19 05:26:25 xx-1 sshd[30986]: Disconnected from invalid user test 139.213.220.70 port 62857 [preauth]
| 归档时间: |
|
| 查看次数: |
9721 次 |
| 最近记录: |