我有一个使用 ssh 密钥对身份验证的邮件服务器。在日志文件中,我总是注意到这些类型的登录尝试。有人能解释一下我犯了什么错误吗?
debug1: session_input_channel_req: session 0 req [email protected]
Jan 16 10:44:58 mail sshd[20519]: debug1: Forked child 18504.
Jan 16 10:44:58 mail sshd[18504]: debug1: Set /proc/self/oom_score_adj to 0
Jan 16 10:44:58 mail sshd[18504]: debug1: rexec start in 4 out 4 newsock 4 pipe 6 sock 7
Jan 16 10:44:58 mail sshd[18504]: debug1: inetd sockets after dupping: 3, 3
Jan 16 10:44:58 mail sshd[18504]: Connection from 211.222.177.29 port 58735 on 192.168.88.10 port 22
Jan 16 10:45:01 mail CRON[18510]: pam_unix(cron:session): session opened for user root by (uid=0)
Jan 16 10:45:01 mail CRON[18510]: pam_unix(cron:session): session closed for user root
Jan 16 10:45:18 mail sshd[18504]: Did not receive identification string from 211.222.177.29
答案1
将默认的 SSH 端口 22 更改为其他端口,此类尝试将显著减少。
安装并配置
fail2ban
将会监视此类尝试并在防火墙中阻止后续尝试。~/.ssh/authorized_keys
您还可以通过在公钥前面添加“from”节来设置允许访问您的 SSH 服务的 IP 范围,如下所示:
from="1.2.3.0/24,44.55.66.77" ssh-rsa ...key content...