Linux:There were 635 failed login attempts since the last successful login 收藏 评论
2017年01月06日


root登录后,发现多了一条信息:


There were 635 failed login attempts since the last successful login.

看来是有人尝试root登录啊。

解决办法, 直接禁止root登录。


1. 添加普通用户,并给sudo权限


 useradd -s /bin/sh  Tom
 passwd Tom

2. 禁止root用户登录


 三、不允许root直接登陆

1、修改相关文件

vi /etc/ssh/sshd_config

SSH执行以上命令,修改sshd_config文件

2、禁止root登陆

查找“#PermitRootLogin yes”,将前面的“#”去掉,短尾“Yes”改为“No”,并保存文件。

 

3、重启sshd

systemctl restart  sshd


参考:

http://serverfault.com/questions/675030/large-number-of-ssh-login-attempts


You will only get "failed login attempt" messages on accounts that you're actually logging into. Since SSH scanners typically try some common names of people, and also known system accounts like 'root', what that message tells me is that you're logging in as root directly over SSH. You should not do this.

The first thing to do is create a regular user account for yourself and then grant that user sudo rights. Then disable 'root' account login through SSH in the /etc/ssh/sshd_config file (and restart sshd). This will prevent anyone from logging in as root, even if they happen to guess the password.

创建一个其他的普通用户登录。并禁止root用户登录,可sudo 登录。

Further, you should disable password-based logins and only allow SSH keys, however this can be a bit of a pain, so make sure you are comfortable with it before doing that.


You can also change the port that ssh listens on (default 22). This will reduce the noise in the log, but it does not add extra security. The only purpose of doing this is to reduce log noise.

Another option to to disable SSH access from the Internet altogether (block the port at the firewall), but then you'll need a VPN into the firewall before you can access the server via SSH.

You are always going to get scanned if you have a server on the Internet, it's just a fact of life.


http://blog.webinno.cn/article/view/158

本文地址:http://blog.webinno.cn/article/view/158

发表于 @ 2017年01月06日 | 浏览843次| 编辑 |评论(loading... ) | 分享到:QQ空间新浪微博腾讯微博微信

评论列表

发表评论