{"id":69,"date":"2019-05-21T10:20:40","date_gmt":"2019-05-21T02:20:40","guid":{"rendered":"http:\/\/www.cgh0610.cn\/?p=69"},"modified":"2019-05-21T10:21:31","modified_gmt":"2019-05-21T02:21:31","slug":"%e9%98%b2%e6%ad%a2ssh%e6%9a%b4%e5%8a%9b%e7%a0%b4%e8%a7%a3%ef%bc%8c%e8%87%aa%e5%8a%a8%e6%8f%90%e4%ba%a4%e9%bb%91%e5%90%8d%e5%8d%95","status":"publish","type":"post","link":"https:\/\/www.cgh0610.cn\/?p=69","title":{"rendered":"\u9632\u6b62ssh\u66b4\u529b\u7834\u89e3\uff0c\u81ea\u52a8\u63d0\u4ea4\u9ed1\u540d\u5355"},"content":{"rendered":"<p>\u8fd1\u65e5\u7cfb\u7edf\u53d1\u73b0\u591a\u4f8bssh\u767b\u5f55\u5931\u8d25\u8bb0\u5f55\uff0c\u660e\u663e\u662f\u6709\u4ebassh\u66b4\u529b\u7834\u89e3\uff0c\u767e\u5ea6\u4e86\u4e0b<a href=\"https:\/\/www.cnblogs.com\/panblack\/p\/secure_ssh_auto_block.html\" title=\"\u9632\u6b62ssh\u8bbf\u95ee\u66b4\u529b\u7834\u89e3\uff0c\u5c01\u7981IP\">[1]\u53c2\u8003<\/a>\uff0c\u505a\u4e86\u4ee5\u4e0b\u5904\u7406<br \/>\n\u4e00\u3001\u7cfb\u7edf\uff1aCentos<\/p>\n<p>\u4e8c\u3001\u65b9\u6cd5\uff1a\u8bfb\u53d6\/var\/log\/secure\uff0c\u67e5\u627e\u5173\u952e\u5b57 Failed\uff0c\u4f8b\u5982\uff08\u6ce8\uff1a\u6587\u4e2d\u7684IP\u5730\u5740\u7279\u610f\u505a\u4e86\u5220\u51cf\uff09\uff1a<\/p>\n<p>Sep 17 09:08:09 localhost sshd[29087]: Failed password for root from 13.7.3.6 port 44367 ssh2<br \/>\nSep 17 09:08:20 localhost sshd[29087]: Failed password for root from 13.7.3.6 port 44367 ssh2<br \/>\nSep 17 09:10:02 localhost sshd[29223]: Failed password for root from 13.7.3.6 port 56482 ssh2<br \/>\nSep 17 09:10:14 localhost sshd[29223]: Failed password for root from 13.7.3.6 port 56482 ssh2<\/p>\n<p>\u4ece\u8fd9\u4e9b\u884c\u4e2d\u63d0\u53d6IP\u5730\u5740\uff0c\u5982\u679c\u6b21\u6570\u8fbe\u523010\u6b21(\u811a\u672c\u4e2d\u5224\u65ad\u6b21\u6570\u5b57\u7b26\u957f\u5ea6\u662f\u5426\u5927\u4e8e1)\u5219\u5c06\u8be5IP\u5199\u5230 \/etc\/hosts.deny\u4e2d\u3002<\/p>\n<p>\u4e09\u3001\u6b65\u9aa4\uff1a<\/p>\n<p>1\u3001\u5148\u628a\u59cb\u7ec8\u5141\u8bb8\u7684IP\u586b\u5165 \/etc\/hosts.allow \uff0c\u8fd9\u5f88\u91cd\u8981\uff01\u6bd4\u5982\uff1a<br \/>\nsshd:19.16.18.1:allow<br \/>\nsshd:19.16.18.2:allow<\/p>\n<p>2\u3001\u811a\u672c \/usr\/local\/bin\/secure_ssh.sh<\/p>\n<pre><code class=\"language-c line-numbers\">#! \/bin\/bash\ncat \/var\/log\/secure|awk '\/Failed\/{print <span class=\"katex math inline\">(NF-3)}'|sort|uniq -c|awk '{print<\/span>2\"=\"<span class=\"katex math inline\">1;}'>\/usr\/local\/bin\/black.list\nfor i in `cat  \/usr\/local\/bin\/black.list`\ndo\n  IP=`echo<\/span>i |awk -F= '{print <span class=\"katex math inline\">1}'`\n  NUM=`echo<\/span>i|awk -F= '{print <span class=\"katex math inline\">2}'`\n  if [<\/span>{#NUM} -gt 1 ]; then\n    grep <span class=\"katex math inline\">IP \/etc\/hosts.deny>\/dev\/null\n    if [<\/span>? -gt 0 ];then\n      echo \"sshd:$IP:deny\" &gt;&gt; \/etc\/hosts.deny\n    fi\n  fi\ndone\n<\/code><\/pre>\n<p>3\u3001\u5c06secure_ssh.sh\u811a\u672c\u653e\u5165cron\u8ba1\u5212\u4efb\u52a1\uff0c\u6bcf1\u5206\u949f\u6267\u884c\u4e00\u6b21\u3002<\/p>\n<h1>crontab -e<\/h1>\n<p>*\/1 * * * *  sh \/usr\/local\/bin\/secure_ssh.sh<\/p>\n<hr \/>\n<p>\u8fd9\u6837\u811a\u672c\u68c0\u67e5\u5230\u66b4\u529b\u7834\u89e3ip\u5c31\u4f1a\u81ea\u52a8\u63d0\u4ea4\u5230\u9ed1\u540d\u5355\u7981\u6b62\u8bbf\u95ee<br \/>\n\u6700\u540e\u505a\u51fa\u603b\u7ed3\uff1a<br \/>\n&#8211; \u4fee\u6539\u9ed8\u8ba422\u7aef\u53e3<br \/>\n&#8211; \u7981\u6b62root\u7528\u6237\u767b\u5f55\uff0c\u4f7f\u7528\u5176\u4ed6\u7528\u6237\u64cd\u4f5croot\u547d\u4ee4<a href=\"https:\/\/blog.csdn.net\/gammey\/article\/details\/80404375\" title=\"\u4f7f\u7528\u975eroot\u7528\u6237\u767b\u5f55\">[2]<\/a><br \/>\n&#8211; \u4f7f\u7528\u79d8\u94a5\u767b\u5f55ssh\uff0c\u4e0d\u4f7f\u7528\u5bc6\u7801\u767b\u5f55<br \/>\n&#8211; \u6dfb\u52a0\u4e0a\u8bc9\u811a\u672c\u81ea\u52a8\u63d0\u4ea4\u9ed1\u540d\u5355\uff0c\u5c01\u7981IP<\/p>\n","protected":false},"excerpt":{"rendered":"<p>\u8fd1\u65e5\u7cfb\u7edf\u53d1\u73b0\u591a\u4f8bssh\u767b\u5f55\u5931\u8d25\u8bb0\u5f55\uff0c\u660e\u663e\u662f\u6709\u4ebassh\u66b4\u529b\u7834\u89e3\uff0c\u767e\u5ea6\u4e86\u4e0b[1]\u53c2\u8003\uff0c\u505a\u4e86\u4ee5\u4e0b\u5904\u7406 \u4e00\u3001\u7cfb\u7edf\uff1aCe &hellip; <a href=\"https:\/\/www.cgh0610.cn\/?p=69\" class=\"more-link\">\u7ee7\u7eed\u9605\u8bfb<span class=\"screen-reader-text\">\u9632\u6b62ssh\u66b4\u529b\u7834\u89e3\uff0c\u81ea\u52a8\u63d0\u4ea4\u9ed1\u540d\u5355<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"aside","meta":[],"categories":[1],"tags":[],"_links":{"self":[{"href":"https:\/\/www.cgh0610.cn\/index.php?rest_route=\/wp\/v2\/posts\/69"}],"collection":[{"href":"https:\/\/www.cgh0610.cn\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.cgh0610.cn\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.cgh0610.cn\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.cgh0610.cn\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=69"}],"version-history":[{"count":3,"href":"https:\/\/www.cgh0610.cn\/index.php?rest_route=\/wp\/v2\/posts\/69\/revisions"}],"predecessor-version":[{"id":72,"href":"https:\/\/www.cgh0610.cn\/index.php?rest_route=\/wp\/v2\/posts\/69\/revisions\/72"}],"wp:attachment":[{"href":"https:\/\/www.cgh0610.cn\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=69"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.cgh0610.cn\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=69"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.cgh0610.cn\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=69"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}