{"id":2256,"date":"2021-11-17T21:37:14","date_gmt":"2021-11-17T13:37:14","guid":{"rendered":"https:\/\/www.eumz.com\/?p=2256"},"modified":"2021-11-17T21:37:14","modified_gmt":"2021-11-17T13:37:14","slug":"linux-ssh%e7%88%86%e7%a0%b4%e5%ba%94%e6%80%a5%e5%93%8d%e5%ba%94%e7%9b%b8%e5%85%b3%e5%91%bd%e4%bb%a4-2","status":"publish","type":"post","link":"https:\/\/www.wxcn.com\/?p=2256","title":{"rendered":"linux ssh\u7206\u7834\u5e94\u6025\u54cd\u5e94\u76f8\u5173\u547d\u4ee4"},"content":{"rendered":"\n<p>1\u3001\u67e5\u770bssh\u7aef\u53e3\uff08\u9ed8\u8ba422\uff09\u53ef\u7591\u8fde\u63a5<br>[root@host ~]#netstat -anplt |grep 22<\/p>\n\n\n\n<p>2\u3001\u67e5\u770b\u9664root\u5916\u662f\u5426\u6709\u7279\u6743\u8d26\u6237<br>awk -F: \u2018$3==0{print $1}\u2019 \/etc\/passwd<\/p>\n\n\n\n<p>3\u3001\u67e5\u770b\u53ef\u7591\u8fdc\u7a0b\u767b\u5f55\u7684\u8d26\u53f7\u4fe1\u606f<br>awk \u2018\/$1|$6\/{print $1}\u2019 \/etc\/shadow<\/p>\n\n\n\n<p>4\u3001\u67e5\u770bssh\u767b\u5f55\u5931\u8d25\u7684\u8bb0\u5f55<br>grep -o \u201cFailed password\u201d \/var\/log\/secure|uniq -c<\/p>\n\n\n\n<p>5\u3001\u67e5\u770b\u767b\u5f55\u7206\u7834\u7684\u65f6\u95f4\u8303\u56f4<br>grep \u201cFailed password\u201d \/var\/log\/secure|head -1<br>grep \u201cFailed password\u201d \/var\/log\/secure|tail -1<\/p>\n\n\n\n<p>6\u3001\u67e5\u770b\u7206\u7834\u7684\u6e90IP<br>grep \u201cFailed password\u201d \/var\/log\/secure|grep -E -o<br>\u201c(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?).(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?).(25<br>[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?).(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\u201d|uniq -c<br>| sort -nr<\/p>\n\n\n\n<p>7\u3001\u67e5\u770b\u7206\u7834\u7528\u6237\u540d\u5b57\u5178<br>grep \u201cFailed password\u201d \/var\/log\/secure|<br>perl -e \u2018while($_=&lt;&gt;){ \/for(.*?) from\/; print \u201c$1n\u201d;}\u2019<br>|uniq -c|sort -nr<\/p>\n\n\n\n<p>8\u3001\u67e5\u770b\u767b\u5f55\u6210\u529f\u7684\u65e5\u671f\u3001\u7528\u6237\u540d\u3001IP\u65e5\u5fd7<br>grep \u201cAccepted \u201d \/var\/log\/secure | awk<br>\u2018{print $1,$2,$3,$9,$11}\u2019<\/p>\n\n\n\n<p>9\u3001\u67e5\u770b\u767b\u5f55\u6210\u529f\u7684IP<br>grep \u201cAccepted \u201d \/var\/log\/secure | awk \u2018{print $11}\u2019<br>| sort | uniq -c | sort -nr | more<\/p>\n","protected":false},"excerpt":{"rendered":"<p>1\u3001\u67e5\u770bssh\u7aef\u53e3\uff08\u9ed8\u8ba422\uff09\u53ef\u7591\u8fde\u63a5[root@host ~]#netstat -anplt |grep 2 [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3,6],"tags":[183,245,270,438],"class_list":["post-2256","post","type-post","status-publish","format-standard","hentry","category-operating-system","category-sec","tag-linux-2","tag-root","tag-ssh","tag-438"],"_links":{"self":[{"href":"https:\/\/www.wxcn.com\/index.php?rest_route=\/wp\/v2\/posts\/2256","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.wxcn.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.wxcn.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.wxcn.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.wxcn.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=2256"}],"version-history":[{"count":0,"href":"https:\/\/www.wxcn.com\/index.php?rest_route=\/wp\/v2\/posts\/2256\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.wxcn.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=2256"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.wxcn.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=2256"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.wxcn.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=2256"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}