khe*_*aud 10 ssh authentication logs
我的 ssh 守护进程设置为侦听端口 2221。我还禁用了 ssh 的 root 登录。
我不明白为什么在auth.log我看到尝试登录其他端口(此处为 4627 的示例)。
May 17 15:36:04 srv01 sshd[21682]: PAM service(sshd) ignoring max retries; 6 > 3
May 17 15:36:08 srv01 sshd[21706]: User root from 218.10.19.134 not allowed because none of user's groups are listed in AllowGroups
May 17 15:36:08 srv01 sshd[21706]: input_userauth_request: invalid user root [preauth]
May 17 15:36:10 srv01 sshd[21706]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.10.19.134 user=root
May 17 15:36:12 srv01 sshd[21706]: Failed password for invalid user root from 218.10.19.134 port 4627 ssh2
May 17 15:36:15 srv01 sshd[21706]: Failed password for invalid user root from 218.10.19.134 port 4627 ssh2
May 17 15:36:17 srv01 sshd[21706]: Failed password for invalid user root from 218.10.19.134 port 4627 ssh2
May 17 15:36:19 srv01 sshd[21706]: Failed password for invalid user root from 218.10.19.134 port 4627 ssh2
May 17 15:36:24 srv01 sshd[21706]: Failed password for invalid user root from 218.10.19.134 port 4627 ssh2
May 17 15:36:27 srv01 sshd[21706]: Failed password for invalid user root from 218.10.19.134 port 4627 ssh2
May 17 15:36:27 srv01 sshd[21706]: Disconnecting: Too many authentication failures for root [preauth]
SSHD 应该考虑到这些尝试。为什么日志说用户/密码不匹配而它不应该接收请求(错误的端口)?我错过了什么吗?
eri*_*rik 14
日志告诉你:
拥有 IP218.10.19.134和端口的4627人多次尝试使用密码以 root 用户身份登录。但:
invalid无论如何,用户 root 是,日志只是通知您登录尝试password身份验证(不是公钥或其他任何东西)4627,目标端口为2221(未写入日志,因为 sshd 仅侦听2221sshd 不会注意到其他端口上的任何其他尝试)disconnecting了 tcp 连接的登录除了2221.
| 归档时间: |
|
| 查看次数: |
16099 次 |
| 最近记录: |