{"id":2152,"date":"2021-02-28T14:26:00","date_gmt":"2021-02-28T06:26:00","guid":{"rendered":"https:\/\/www.eumz.com\/?p=2152"},"modified":"2021-02-28T14:26:00","modified_gmt":"2021-02-28T06:26:00","slug":"linux-ssh%e7%88%86%e7%a0%b4%e5%ba%94%e6%80%a5%e5%93%8d%e5%ba%94%e7%9b%b8%e5%85%b3%e5%91%bd%e4%bb%a4","status":"publish","type":"post","link":"https:\/\/www.wxcn.com\/?p=2152","title":{"rendered":"linux ssh\u7206\u7834\u5e94\u6025\u54cd\u5e94\u76f8\u5173\u547d\u4ee4"},"content":{"rendered":"\n

1\u3001\u67e5\u770bssh\u7aef\u53e3\uff08\u9ed8\u8ba422\uff09\u53ef\u7591\u8fde\u63a5
[root@host ~]#netstat -anplt |grep 22<\/p>\n\n\n\n

2\u3001\u67e5\u770b\u9664root\u5916\u662f\u5426\u6709\u7279\u6743\u8d26\u6237
awk -F: ‘$3==0{print $1}’ \/etc\/passwd<\/p>\n\n\n\n

3\u3001\u67e5\u770b\u53ef\u7591\u8fdc\u7a0b\u767b\u5f55\u7684\u8d26\u53f7\u4fe1\u606f
awk ‘\/$1|$6\/{print $1}’ \/etc\/shadow<\/p>\n\n\n\n

4\u3001\u67e5\u770bssh\u767b\u5f55\u5931\u8d25\u7684\u8bb0\u5f55
grep -o “Failed password” \/var\/log\/secure|uniq -c<\/p>\n\n\n\n

5\u3001\u67e5\u770b\u767b\u5f55\u7206\u7834\u7684\u65f6\u95f4\u8303\u56f4
grep “Failed password” \/var\/log\/secure|head -1
grep “Failed password” \/var\/log\/secure|tail -1<\/p>\n\n\n\n

6\u3001\u67e5\u770b\u7206\u7834\u7684\u6e90IP
grep “Failed password” \/var\/log\/secure|grep -E -o
“(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?).(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?).(25
[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?).(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)”|uniq -c
| sort -nr<\/p>\n\n\n\n

7\u3001\u67e5\u770b\u7206\u7834\u7528\u6237\u540d\u5b57\u5178
grep “Failed password” \/var\/log\/secure|
perl -e ‘while($_=<>){ \/for(.*?) from\/; print “$1n”;}’
|uniq -c|sort -nr<\/p>\n\n\n\n

8\u3001\u67e5\u770b\u767b\u5f55\u6210\u529f\u7684\u65e5\u671f\u3001\u7528\u6237\u540d\u3001IP\u65e5\u5fd7
grep “Accepted ” \/var\/log\/secure | awk
‘{print $1,$2,$3,$9,$11}’<\/p>\n\n\n\n

9\u3001\u67e5\u770b\u767b\u5f55\u6210\u529f\u7684IP
grep “Accepted ” \/var\/log\/secure | awk ‘{print $11}’
| sort | uniq -c | sort -nr | more<\/p>\n\n\n\n


<\/p>\n","protected":false},"excerpt":{"rendered":"

1\u3001\u67e5\u770bssh\u7aef\u53e3\uff08\u9ed8\u8ba422\uff09\u53ef\u7591\u8fde\u63a5[root@host ~]#netstat -anplt |grep 2 […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3,6],"tags":[183,270,422,424,438],"class_list":["post-2152","post","type-post","status-publish","format-standard","hentry","category-operating-system","category-sec","tag-linux-2","tag-ssh","tag-422","tag-424","tag-438"],"_links":{"self":[{"href":"https:\/\/www.wxcn.com\/index.php?rest_route=\/wp\/v2\/posts\/2152","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.wxcn.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.wxcn.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.wxcn.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.wxcn.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=2152"}],"version-history":[{"count":0,"href":"https:\/\/www.wxcn.com\/index.php?rest_route=\/wp\/v2\/posts\/2152\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.wxcn.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=2152"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.wxcn.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=2152"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.wxcn.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=2152"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}