当我查询具有公共 IP 的 ssh 服务器的状态时,它显示以下内容:
user@mypc:~$ sudo systemctl status ssh
● ssh.service - OpenBSD Secure Shell server
Loaded: loaded (/lib/systemd/system/ssh.service; enabled; vendor preset: enabled)
Active: active (running) since Sat 2019-01-19 15:10:47 CET; 1 day 8h ago
Process: 16582 ExecStartPre=/usr/sbin/sshd -t (code=exited, status=0/SUCCESS)
Main PID: 16585 (sshd)
Tasks: 1
Memory: 7.9M
CPU: 1.677s
CGroup: /system.slice/ssh.service
└─16585 /usr/sbin/sshd -D
Jan 19 23:48:05 mypc sshd[31641]: Received disconnect from 159.65.228.248 port 56938:11: Normal Shutdown, Thank you for playing [preauth]
Jan 19 23:48:05 mypc sshd[31641]: Disconnected from 159.65.228.248 port 56938 [preauth]
Jan 19 23:48:06 mypc sshd[31643]: Invalid user dev from 159.65.228.248
Jan 19 23:48:06 mypc sshd[31643]: input_userauth_request: invalid user dev [preauth]
Jan 19 23:48:06 mypc sshd[31643]: Received disconnect from 159.65.228.248 port 57616:11: Normal Shutdown, Thank you for playing [preauth]
Jan 19 23:48:06 mypc sshd[31643]: Disconnected from 159.65.228.248 port 57616 [preauth]
Jan 19 23:48:07 mypc sshd[31645]: Invalid user dev from 159.65.228.248
Jan 19 23:48:07 mypc sshd[31645]: input_userauth_request: invalid user dev [preauth]
Jan 19 23:48:07 mypc sshd[31645]: Received disconnect from 159.65.228.248 port 58294:11: Normal Shutdown, Thank you for playing [preauth]
Jan 19 23:48:07 mypc sshd[31645]: Disconnected from 159.65.228.248 port 58294 [preauth]
然而,当我尝试获取更多日志和详细信息时
user@mypc:~$ cat /var/log/auth.log | grep sshd
Jan 20 16:45:34 mypc sshd[26979]: Did not receive identification string from 185.253.157.108
Jan 20 19:09:42 mypc sshd[27809]: Did not receive identification string from 185.253.157.111
这两次都是合法的登录尝试,并且没有systemctl
显示任何失败的预授权尝试。
我如何像 sshd 那样检索输入用户身份验证请求?