看一下是不是在远程猜解？

roofers

UID: 15081
帖子: 121
积分: 278
在线时间: 20 小时

1^# roofers 发表于 2008-02-15 00:19

看一下是不是在远程猜解？

复制内容到剪贴板

代码:

Apr 12 20:09:33 debian sshd[19640]: Failed password for invalid user noel from 221.0.187.2 port 34657 ssh2
Apr 12 20:09:34 debian sshd[19645]: Invalid user noel from 221.0.187.2
Apr 12 20:09:34 debian sshd[19645]: (pam_unix) check pass; user unknown
Apr 12 20:09:34 debian sshd[19645]: (pam_unix) authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=221.0.187.2
Apr 12 20:09:36 debian sshd[19645]: Failed password for invalid user noel from 221.0.187.2 port 34863 ssh2
Apr 12 20:09:37 debian sshd[19649]: Invalid user noel from 221.0.187.2
Apr 12 20:09:37 debian sshd[19649]: (pam_unix) check pass; user unknown
Apr 12 20:09:37 debian sshd[19649]: (pam_unix) authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=221.0.187.2
Apr 12 20:09:39 debian sshd[19649]: Failed password for invalid user noel from 221.0.187.2 port 35082 ssh2
Apr 12 20:09:40 debian sshd[19653]: Invalid user noel from 221.0.187.2
Apr 12 20:09:40 debian sshd[19653]: (pam_unix) check pass; user unknown
Apr 12 20:09:40 debian sshd[19653]: (pam_unix) authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=221.0.187.2
Apr 12 20:09:42 debian sshd[19653]: Failed password for invalid user noel from 221.0.187.2 port 35286 ssh2
Apr 12 20:09:43 debian sshd[19657]: Invalid user noel from 221.0.187.2
Apr 12 20:09:43 debian sshd[19657]: (pam_unix) check pass; user unknown
Apr 12 20:09:43 debian sshd[19657]: (pam_unix) authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=221.0.187.2
Apr 12 20:09:45 debian sshd[19657]: Failed password for invalid user noel from 221.0.187.2 port 35518 ssh2
Apr 12 20:09:46 debian sshd[19661]: Invalid user noel from 221.0.187.2
Apr 12 20:09:46 debian sshd[19661]: (pam_unix) check pass; user unknown
Apr 12 20:09:46 debian sshd[19661]: (pam_unix) authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=221.0.187.2
Apr 12 20:09:48 debian sshd[19661]: Failed password for invalid user noel from 221.0.187.2 port 35697 ssh2
Apr 12 20:09:49 debian sshd[19665]: Invalid user oceance from 221.0.187.2
Apr 12 20:09:49 debian sshd[19665]: (pam_unix) check pass; user unknown
Apr 12 20:09:49 debian sshd[19665]: (pam_unix) authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=221.0.187.2
Apr 12 20:09:49 debian sudo: dwj : TTY=pts/0 ; PWD=/home/dwj ; USER=root ; COMMAND=/usr/bin/tail -n 80 /var/log/auth.log

最后一条命令是我输入的。　　　　　　

bwb

UID: 15097
帖子: 113
积分: 259
在线时间: 17 小时

2^# bwb 发表于 2008-02-15 09:43

看看这个：
http://www.linuxeden.com/forum/thread-161996-1-1.html

还是改成普通用户登录比较好。　　　　　　

bwb

UID: 15097
帖子: 113
积分: 259
在线时间: 17 小时

3^# bwb 发表于 2008-02-15 10:36

如果你一定要root登录，也不是不行，改一下/etc/ssh/sshd_config这个文件：

复制内容到剪贴板

代码:

...
# Authentication:

PermitRootLogin no
...

将PermitRootLogin no改成PermitRootLogin yes然后重起sshd：

复制内容到剪贴板

代码:

#sshd restart

不过这是在RHES上的命令，不知debian是不是一样。而且安全性下降了。　　　　　　

roofers

UID: 15081
帖子: 121
积分: 278
在线时间: 20 小时

4^# roofers 发表于 2008-02-15 11:45

呵呵，谢了啊，我的安装的时候默认是yes的，可以root登陆。
用iptables 怎么限制对ssh的连接，使他只能用内网的一台主机192.168.1.3连接，而外网的不允许连接。。。　　　　　　

bwb

UID: 15097
帖子: 113
积分: 259
在线时间: 17 小时

5^# bwb 发表于 2008-02-15 12:43

把22端口disable了。　　　　　　