{"id":523093,"date":"2021-08-09T14:50:20","date_gmt":"2021-08-09T06:50:20","guid":{"rendered":"http:\/\/4563.org\/?p=523093"},"modified":"2021-08-09T14:50:20","modified_gmt":"2021-08-09T06:50:20","slug":"ssh%e7%88%86%e7%a0%b410%e6%ac%a1%e5%a4%b1%e8%b4%a5%e5%b0%b1%e6%8b%89%e9%bb%91","status":"publish","type":"post","link":"http:\/\/4563.org\/?p=523093","title":{"rendered":"ssh\u7206\u783410\u6b21\u5931\u8d25\u5c31\u62c9\u9ed1"},"content":{"rendered":"\n

\t\t\t\t\tKDE<\/strong> \t\t\t\t\u5927\u4f6c\u6709\u8bdd\u8bf4 : \t<\/p>\n

ssh\u7206\u783410\u6b21\u5931\u8d25\u5c31\u62c9\u9ed1<\/h3>\n

#! \/bin\/bash
cat \/var\/log\/secure|awk ‘\/Failed\/{print $(NF-3)}’|sort|uniq -c|awk ‘{print $2"="$1;}’ > \/usr\/local\/bin\/black.txt
for i in `cat\/usr\/local\/bin\/black.txt`
do
      IP=`echo $i |awk -F= ‘{print $1}’`
      NUM=`echo $i|awk -F= ‘{print $2}’`
      result=$(cat \/etc\/hosts.deny | grep $IP)
      if [[ $NUM -gt 10 ]];then
                if [[ $result = "" ]];then
                        echo "sshd: $IP" >> \/etc\/hosts.deny
                fi
      fi<\/p>\n

2.<\/p>\n

\u5b9a\u65f6\u4efb\u52a1\uff1a10\u5206\u949f\u6267\u884c\u4e00\u6b21\uff0ccrontab -e<\/p>\n

*\/10 * * * * bash \/usr\/local\/bin\/secure_ssh.sh<\/p>\n

\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014
\u7248\u6743\u58f0\u660e\uff1a\u672c\u6587\u4e3aCSDN\u535a\u4e3b\u300c\u8df3\u8df3\u6295\u300d\u7684\u539f\u521b\u6587\u7ae0\uff0c\u9075\u5faaCC 4.0 BY-SA\u7248\u6743\u534f\u8bae\uff0c\u8f6c\u8f7d\u8bf7\u9644\u4e0a\u539f\u6587\u51fa\u5904\u94fe\u63a5\u53ca\u672c\u58f0\u660e\u3002
\u539f\u6587\u94fe\u63a5\uff1ahttps:\/\/blog.csdn.net\/u013230234\/article\/details\/103375984\t\t\t\t<\/p>\n

\t\t\t\t\tbbsbbs<\/strong> \t\t\t\t\u5927\u4f6c\u6709\u8bdd\u8bf4 : \t<\/p>\n

<\/h3>\n

\t\t \u672c\u5e16\u6700\u540e\u7531 bbsbbs \u4e8e 2021-8-9 12:53 \u7f16\u8f91 <\/p>\n

fail2ban :victory:
sudo apt-get -y update
sudo apt-get install -y fail2ban
cp \/etc\/fail2ban\/jail.conf \/etc\/fail2ban\/jail.local
sed -i ‘s\/^bantime= 600$\/bantime= 3600\/g’ \/etc\/fail2ban\/jail.local
sudo \/etc\/init.d\/fail2ban start\t\t\t\t<\/p>\n

\t\t\t\t\tparadise<\/strong> \t\t\t\t\u5927\u4f6c\u6709\u8bdd\u8bf4 : \t<\/p>\n

<\/h3>\n

\t\t\u6539\u7aef\u53e3 + \u516c\u94a5\uff0c0\u7206\u7834\t\t\t\t<\/p>\n

\t\t\t\t\tmgwx<\/strong> \t\t\t\t\u5927\u4f6c\u6709\u8bdd\u8bf4 : \t<\/p>\n

<\/h3>\n

\t\t\u6709\u6ca1\u6709ssh\u5931\u8d2510\u6b21\u5c31\u5220\u5e93\u7684\u811a\u672c\t\t\t\t<\/p>\n

\t\t\t\t\tyadiman<\/strong> \t\t\t\t\u5927\u4f6c\u6709\u8bdd\u8bf4 : \t<\/p>\n

<\/h3>\n

\t\t\u53e6\u5916\u4e00\u4e2a\u65b9\u6848\u5c31\u662f fail2ban\t\t\t\t<\/p>\n

\t\t\t\t\tKDE<\/strong> \t\t\t\t\u5927\u4f6c\u6709\u8bdd\u8bf4 : \t<\/p>\n

<\/h3>\n

\t\tmgwx \u5927\u4f6c\u6709\u8bdd\u8bf4 : 2021-8-9 11:46
\u6709\u6ca1\u6709ssh\u5931\u8d2510\u6b21\u5c31\u5220\u5e93\u7684\u811a\u672c<\/p>\n

echo "sshd: $IP" >> \/etc\/hosts.deny
\u6539\u6210\u9700\u8981\u6267\u884c\u7684\u811a\u672c…\t\t\t\t<\/p>\n

\t\t\t\t\tKDE<\/strong> \t\t\t\t\u5927\u4f6c\u6709\u8bdd\u8bf4 : \t<\/p>\n

<\/h3>\n

\t\t\u4e0d\u89c1\u6709\u4eba\u7206\u7834\u6211\u7684<\/p>\n

WARNING! The remote SSH server rejected X11 forwarding request.
Last login: Sun Aug1 12:47:22 2021 from 171.109.x.xx
# \t\t\t\t<\/p>\n

\t\t\t\t\tsebaobao1205<\/strong> \t\t\t\t\u5927\u4f6c\u6709\u8bdd\u8bf4 : \t<\/p>\n

<\/h3>\n

\t\t\u7ed1\u5b9a!\t\t\t\t<\/p>\n

\t\t\t\t\thcyme<\/strong> \t\t\t\t\u5927\u4f6c\u6709\u8bdd\u8bf4 : \t<\/p>\n

<\/h3>\n

\t\t\u6ca1\u770b\u8fc7\u65e5\u5fd7\uff0c\u5f00\u673a\u5148\u8bbe\u7f6e\u871c\u6708\uff0c\u5176\u4ed6\u7167\u65e7\t\t\t\t<\/p>\n

\t\t\t\t\ttomcb<\/strong> \t\t\t\t\u5927\u4f6c\u6709\u8bdd\u8bf4 : \t<\/p>\n

<\/h3>\n

\t\t\u7528fail2ban\u7b80\u5355\u65b9\u4fbf\t\t\t\t<\/p>\n

\t\t\t\t\tbigexiu<\/strong> \t\t\t\t\u5927\u4f6c\u6709\u8bdd\u8bf4 : \t<\/p>\n

<\/h3>\n

\t\tiptables -A INPUT -p tcp -s 0.0.0.0\/0 –dport22 -j DROP
iptables -I INPUT -p tcp -s \u4f60\u7684ip –dport 22 -j ACCEPT
\u81ea\u5df1\u5fd8\u4e86 \u76f4\u63a5\u91cd\u542f\u5c0f\u9e21\u5c31\u597d\u4e86https:\/\/cdn.jsdelivr.net\/gh\/hishis\/forum-master\/public\/images\/patch.gif\t\t\t <\/p>\n","protected":false},"excerpt":{"rendered":"

KDE \u5927\u4f6c\u6709\u8bdd\u8bf4 : ssh\u7206\u7834…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[],"tags":[],"_links":{"self":[{"href":"http:\/\/4563.org\/index.php?rest_route=\/wp\/v2\/posts\/523093"}],"collection":[{"href":"http:\/\/4563.org\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/4563.org\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/4563.org\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/4563.org\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=523093"}],"version-history":[{"count":0,"href":"http:\/\/4563.org\/index.php?rest_route=\/wp\/v2\/posts\/523093\/revisions"}],"wp:attachment":[{"href":"http:\/\/4563.org\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=523093"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/4563.org\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=523093"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/4563.org\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=523093"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}