Linux:There were 635 failed login attempts since the last successful login 收藏 评论


There were 635 failed login attempts since the last successful login.


解决办法, 直接禁止root登录。

1. 添加普通用户,并给sudo权限

 useradd -s /bin/sh  Tom
 passwd Tom

2. 禁止root用户登录



vi /etc/ssh/sshd_config



查找“#PermitRootLogin yes”,将前面的“#”去掉,短尾“Yes”改为“No”,并保存文件。



systemctl restart  sshd


You will only get "failed login attempt" messages on accounts that you're actually logging into. Since SSH scanners typically try some common names of people, and also known system accounts like 'root', what that message tells me is that you're logging in as root directly over SSH. You should not do this.

The first thing to do is create a regular user account for yourself and then grant that user sudo rights. Then disable 'root' account login through SSH in the /etc/ssh/sshd_config file (and restart sshd). This will prevent anyone from logging in as root, even if they happen to guess the password.

创建一个其他的普通用户登录。并禁止root用户登录,可sudo 登录。

Further, you should disable password-based logins and only allow SSH keys, however this can be a bit of a pain, so make sure you are comfortable with it before doing that.

You can also change the port that ssh listens on (default 22). This will reduce the noise in the log, but it does not add extra security. The only purpose of doing this is to reduce log noise.

Another option to to disable SSH access from the Internet altogether (block the port at the firewall), but then you'll need a VPN into the firewall before you can access the server via SSH.

You are always going to get scanned if you have a server on the Internet, it's just a fact of life.


发表于 @ 2017年01月06日 | 浏览2036次| 编辑 |评论(loading... ) | 分享到:QQ空间新浪微博腾讯微博微信