我的 ubuntu 服务器经常受到攻击。我安装了 Fail2Ban,禁用了 root 密码登录和 ssh 密钥对身份验证,并设置了 ufw 防火墙,但没有任何效果。
如何解决这个问题?
这是 /var/log/auth.log 的日志
Sep 8 19:30:02 olas sshd[30871]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=153.36.242.143 user=root
Sep 8 19:30:02 olas sshd[30873]: pamunix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=112.85.42.178 user=root
Sep 8 19:30:04 olas sshd[30875]: pamunix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=153.36.242.143 user=root
Sep 8 19:30:05 olas sshd[30873]: Failed password for root from 112.85.42.178 port 7539 ssh2
Sep 8 19:30:05 olas sshd[30875]: Failed password for root from 153.36.242.143 port 48063 ssh2
Sep 8 19:30:07 olas sshd[30875]: Failed password for root from 153.36.242.143 port 48063 ssh2
Sep 8 19:30:07 olas sshd[30873]: Failed password for root from 112.85.42.178 port 7539 ssh2
Sep 8 19:30:08 olas sshd[30875]: Failed password for root from 153.36.242.143 port 48063 ssh2
Sep 8 19:30:09 olas sshd[30875]: Received disconnect from 153.36.242.143 port 48063:11: [preauth]
Sep 8 19:30:09 olas sshd[30875]: Disconnected from authenticating user root 153.36.242.143 port 48063 [preauth]
Sep 8 19:30:09 olas sshd[30875]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=153.36.242.143 user=root
Sep 8 19:30:09 olas sshd[30873]: Failed password for root from 112.85.42.178 port 7539 ssh2
Sep 8 19:30:18 olas sshd[30873]: message repeated 3 times: [ Failed password for root from 112.85.42.178 port 7539 ssh2]
Sep 8 19:30:18 olas sshd[30873]: error: maximum authentication attempts exceeded for root from 112.85.42.178 port 7539 ssh2 [preauth]
Sep 8 19:30:18 olas sshd[30873]: Disconnecting authenticating user root 112.85.42.178 port 7539: Too many authentication failures [preauth]
Sep 8 19:30:18 olas sshd[30873]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=112.85.42.178 user=root
Sep 8 19:30:18 olas sshd[30873]: PAM service(sshd) ignoring max retries; 6 > 3
Sep 8 19:30:19 olas sudo: revo : TTY=pts/0 ; PWD=/home/revo ; USER=root ; COMMAND=/usr/bin/tail /var/log/auth.log
Sep 8 19:30:19 olas sudo: pamunix(sudo:session): session opened for user root by revo(uid=0)
Sep 8 19:30:19 olas sudo: pamunix(sudo:session): session closed for user root
Sep 8 19:30:21 olas sshd[30877]: pamunix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=112.85.42.178 user=root
Sep 8 19:30:23 olas sshd[30877]: Failed password for root from 112.85.42.178 port 28357 ssh2
Sep 8 19:30:24 olas sshd[30881]: Invalid user admin4 from 52.163.221.85 port 49400
Sep 8 19:30:24 olas sshd[30881]: pamunix(sshd:auth): check pass; user unknown
Sep 8 19:30:24 olas sshd[30881]: pamunix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=52.163.221.85
Sep 8 19:30:25 olas sshd[30877]: Failed password for root from 112.85.42.178 port 28357 ssh2
Sep 8 19:30:26 olas sshd[30881]: Failed password for invalid user admin4 from 52.163.221.85 port 49400 ssh2
Sep 8 19:30:26 olas sshd[30881]: Received disconnect from 52.163.221.85 port 49400:11: Bye Bye [preauth]
Sep 8 19:30:26 olas sshd[30881]: Disconnected from invalid user admin4 52.163.221.85 port 49400 [preauth]
Sep 8 19:30:28 olas sshd[30877]: Failed password for root from 112.85.42.178 port 28357 ssh2
Sep 8 19:30:36 olas sshd[30877]: message repeated 3 times: [ Failed password for root from 112.85.42.178 port 28357 ssh2]
Sep 8 19:30:36 olas sshd[30877]: error: maximum authentication attempts exceeded for root from 112.85.42.178 port 28357 ssh2 [preauth]
Sep 8 19:30:36 olas sshd[30877]: Disconnecting authenticating user root 112.85.42.178 port 28357: Too many authentication failures [preauth]
Sep 8 19:30:36 olas sshd[30877]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=112.85.42.178 user=root
Sep 8 19:30:36 olas sshd[30877]: PAM service(sshd) ignoring max retries; 6 > 3
Sep 8 19:30:39 olas sshd[30883]: pamunix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=112.85.42.178 user=root
Sep 8 19:30:40 olas sshd[30883]: Failed password for root from 112.85.42.178 port 49564 ssh2
Sep 8 19:30:43 olas sshd[30883]: Failed password for root from 112.85.42.178 port 49564 ssh2
Sep 8 19:30:45 olas sshd[30885]: Invalid user ftpuser from 157.230.208.92 port 51008
Sep 8 19:30:45 olas sshd[30885]: pamunix(sshd:auth): check pass; user unknown
Sep 8 19:30:45 olas sshd[30885]: pamunix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.230.208.92
Sep 8 19:30:46 olas sshd[30883]: Failed password for root from 112.85.42.178 port 49564 ssh2
Sep 8 19:30:47 olas sshd[30885]: Failed password for invalid user ftpuser from 157.230.208.92 port 51008 ssh2
Sep 8 19:30:47 olas sshd[30885]: Received disconnect from 157.230.208.92 port 51008:11: Bye Bye [preauth]
Sep 8 19:30:47 olas sshd[30885]: Disconnected from invalid user ftpuser 157.230.208.92 port 51008 [preauth]
Sep 8 19:30:48 olas sshd[30883]: Failed password for root from 112.85.42.178 port 49564 ssh2
Sep 8 19:30:54 olas sshd[30883]: message repeated 2 times: [ Failed password for root from 112.85.42.178 port 49564 ssh2]
Sep 8 19:30:54 olas sshd[30883]: error: maximum authentication attempts exceeded for root from 112.85.42.178 port 49564 ssh2 [preauth]
Sep 8 19:30:54 olas sshd[30883]: Disconnecting authenticating user root 112.85.42.178 port 49564: Too many authentication failures [preauth]
Sep 8 19:30:54 olas sshd[30883]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=112.85.42.178 user=root
Sep 8 19:30:54 olas sshd[30883]: PAM service(sshd) ignoring max retries; 6 > 3
Sep 8 19:30:56 olas sshd[30887]: pamunix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=112.85.42.178 user=root
Sep 8 19:30:59 olas sshd[30887]: Failed password for root from 112.85.42.178 port 6329 ssh2
Sep 8 19:31:00 olas sshd[30889]: pamunix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=183.212.176.50 user=root
Sep 8 19:31:01 olas sshd[30887]: Failed password for root from 112.85.42.178 port 6329 ssh2
Sep 8 19:31:02 olas sshd[30889]: Failed password for root from 183.212.176.50 port 21090 ssh2
Sep 8 19:31:03 olas sshd[30887]: Failed password for root from 112.85.42.178 port 6329 ssh2
Sep 8 19:31:05 olas sshd[30889]: Failed password for root from 183.212.176.50 port 21090 ssh2
Sep 8 19:31:05 olas sshd[30887]: Failed password for root from 112.85.42.178 port 6329 ssh2
Sep 8 19:31:06 olas sshd[30889]: Failed password for root from 183.212.176.50 port 21090 ssh2
Sep 8 19:31:08 olas sshd[30887]: Failed password for root from 112.85.42.178 port 6329 ssh2
Sep 8 19:31:08 olas sshd[30889]: Failed password for root from 183.212.176.50 port 21090 ssh2
Sep 8 19:31:10 olas sshd[30889]: Failed password for root from 183.212.176.50 port 21090 ssh2
Sep 8 19:31:10 olas sshd[30887]: Failed password for root from 112.85.42.178 port 6329 ssh2
Sep 8 19:31:10 olas sshd[30887]: error: maximum authentication attempts exceeded for root from 112.85.42.178 port 6329 ssh2 [preauth]
Sep 8 19:31:10 olas sshd[30887]: Disconnecting authenticating user root 112.85.42.178 port 6329: Too many authentication failures [preauth]
Sep 8 19:31:10 olas sshd[30887]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=112.85.42.178 user=root
Sep 8 19:31:10 olas sshd[30887]: PAM service(sshd) ignoring max retries; 6 > 3
Sep 8 19:31:11 olas sshd[30889]: Failed password for root from 183.212.176.50 port 21090 ssh2
Sep 8 19:31:11 olas sshd[30889]: error: maximum authentication attempts exceeded for root from 183.212.176.50 port 21090 ssh2 [preauth]
Sep 8 19:31:11 olas sshd[30889]: Disconnecting authenticating user root 183.212.176.50 port 21090: Too many authentication failures [preauth]
Sep 8 19:31:11 olas sshd[30889]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=183.212.176.50 user=root
Sep 8 19:31:11 olas sshd[30889]: PAM service(sshd) ignoring max retries; 6 > 3
Sep 8 19:31:14 olas sshd[30891]: pamunix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=112.85.42.178 user=root
Sep 8 19:31:16 olas sshd[30891]: Failed password for root from 112.85.42.178 port 26292 ssh2
Sep 8 19:31:29 olas sshd[30891]: message repeated 5 times: [ Failed password for root from 112.85.42.178 port 26292 ssh2]
Sep 8 19:31:29 olas sshd[30891]: error: maximum authentication attempts exceeded for root from 112.85.42.178 port 26292 ssh2 [preauth]
Sep 8 19:31:29 olas sshd[30891]: Disconnecting authenticating user root 112.85.42.178 port 26292: Too many authentication failures [preauth]
Sep 8 19:31:29 olas sshd[30891]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=112.85.42.178 user=root
Sep 8 19:31:29 olas sshd[30891]: PAM service(sshd) ignoring max retries; 6 > 3
Sep 8 19:31:32 olas sshd[30893]: pamunix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=112.85.42.178 user=root
Sep 8 19:31:34 olas sshd[30893]: Failed password for root from 112.85.42.178 port 49179 ssh2
Sep 8 19:31:48 olas sshd[30893]: message repeated 5 times: [ Failed password for root from 112.85.42.178 port 49179 ssh2]
Sep 8 19:31:48 olas sshd[30893]: error: maximum authentication attempts exceeded for root from 112.85.42.178 port 49179 ssh2 [preauth]
Sep 8 19:31:48 olas sshd[30893]: Disconnecting authenticating user root 112.85.42.178 port 49179: Too many authentication failures [preauth]
Sep 8 19:31:48 olas sshd[30893]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=112.85.42.178 user=root
Sep 8 19:31:48 olas sshd[30893]: PAM service(sshd) ignoring max retries; 6 > 3
Sep 8 19:31:50 olas sshd[30895]: pamunix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=112.85.42.178 user=root
Sep 8 19:31:53 olas sshd[30895]: Failed password for root from 112.85.42.178 port 6144 ssh2
Sep 8 19:31:54 olas sshd[30897]: Invalid user test from 134.209.187.43 port 55388
Sep 8 19:31:54 olas sshd[30897]: pamunix(sshd:auth): check pass; user unknown
Sep 8 19:31:54 olas sshd[30897]: pamunix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.209.187.43
Sep 8 19:31:55 olas sshd[30895]: Failed password for root from 112.85.42.178 port 6144 ssh2
Sep 8 19:31:56 olas sshd[30897]: Failed password for invalid user test from 134.209.187.43 port 55388 ssh2
Sep 8 19:31:56 olas sshd[30897]: Received disconnect from 134.209.187.43 port 55388:11: Bye Bye [preauth]
Sep 8 19:31:56 olas sshd[30897]: Disconnected from invalid user test 134.209.187.43 port 55388 [preauth]
Sep 8 19:31:57 olas sshd[30895]: Failed password for root from 112.85.42.178 port 6144 ssh2
Sep 8 19:32:02 olas sshd[30895]: message repeated 2 times: [ Failed password for root from 112.85.42.178 port 6144 ssh2]
Sep 8 19:32:03 olas sshd[30901]: Invalid user ftpadmin from 142.93.155.194 port 56054
Sep 8 19:32:03 olas sshd[30901]: pamunix(sshd:auth): check pass; user unknown
Sep 8 19:32:03 olas sshd[30901]: pamunix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=142.93.155.194
Sep 8 19:32:05 olas sshd[30895]: Failed password for root from 112.85.42.178 port 6144 ssh2
Sep 8 19:32:05 olas sshd[30895]: error: maximum authentication attempts exceeded for root from 112.85.42.178 port 6144 ssh2 [preauth]
Sep 8 19:32:05 olas sshd[30895]: Disconnecting authenticating user root 112.85.42.178 port 6144: Too many authentication failures [preauth]
Sep 8 19:32:05 olas sshd[30895]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=112.85.42.178 user=root
Sep 8 19:32:05 olas sshd[30895]: PAM service(sshd) ignoring max retries; 6 > 3
Sep 8 19:32:05 olas sshd[30901]: Failed password for invalid user ftpadmin from 142.93.155.194 port 56054 ssh2
Sep 8 19:32:05 olas sshd[30901]: Received disconnect from 142.93.155.194 port 56054:11: Bye Bye [preauth]
Sep 8 19:32:05 olas sshd[30901]: Disconnected from invalid user ftpadmin 142.93.155.194 port 56054 [preauth]
Sep 8 19:32:08 olas sshd[30903]: pamunix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=112.85.42.178 user=root
Sep 8 19:32:08 olas sshd[30899]: pamunix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.92.16.94 user=root
Sep 8 19:32:09 olas sshd[30903]: Failed password for root from 112.85.42.178 port 26908 ssh2
Sep 8 19:32:10 olas sshd[30899]: Failed password for root from 220.92.16.94 port 56924 ssh2
Sep 8 19:32:10 olas sshd[30899]: Received disconnect from 220.92.16.94 port 56924:11: Bye Bye [preauth]
Sep 8 19:32:10 olas sshd[30899]: Disconnected from authenticating user root 220.92.16.94 port 56924 [preauth]
Sep 8 19:32:10 olas sshd[30905]: Invalid user p@$$wOrd from 52.230.68.68 port 41692
Sep 8 19:32:10 olas sshd[30905]: pamunix(sshd:auth): check pass; user unknown
Sep 8 19:32:10 olas sshd[30905]: pamunix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=52.230.68.68
Sep 8 19:32:12 olas sshd[30903]: Failed password for root from 112.85.42.178 port 26908 ssh2
Sep 8 19:32:12 olas sshd[30905]: Failed password for invalid user p@$$wOrd from 52.230.68.68 port 41692 ssh2
Sep 8 19:32:12 olas sshd[30905]: Received disconnect from 52.230.68.68 port 41692:11: Bye Bye [preauth]
Sep 8 19:32:12 olas sshd[30905]: Disconnected from invalid user p@$$wOrd 52.230.68.68 port 41692 [preauth]
Sep 8 19:32:14 olas sshd[30903]: Failed password for root from 112.85.42.178 port 26908 ssh2
Sep 8 19:32:23 olas sshd[30903]: message repeated 3 times: [ Failed password for root from 112.85.42.178 port 26908 ssh2]
Sep 8 19:32:23 olas sshd[30903]: error: maximum authentication attempts exceeded for root from 112.85.42.178 port 26908 ssh2 [preauth]
Sep 8 19:32:23 olas sshd[30903]: Disconnecting authenticating user root 112.85.42.178 port 26908: Too many authentication failures [preauth]
Sep 8 19:32:23 olas sshd[30903]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=112.85.42.178 user=root
Sep 8 19:32:23 olas sshd[30903]: PAM service(sshd) ignoring max retries; 6 > 3
Sep 8 19:32:23 olas sshd[30908]: Invalid user student2 from 178.128.104.246 port 64683
Sep 8 19:32:23 olas sshd[30908]: pamunix(sshd:auth): check pass; user unknown
Sep 8 19:32:23 olas sshd[30908]: pamunix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.128.104.246
Sep 8 19:32:24 olas sshd[30908]: Failed password for invalid user student2 from 178.128.104.246 port 64683 ssh2
Sep 8 19:32:24 olas sshd[30908]: Received disconnect from 178.128.104.246 port 64683:11: Bye Bye [preauth]
Sep 8 19:32:24 olas sshd[30908]: Disconnected from invalid user student2 178.128.104.246 port 64683 [preauth]
Sep 8 19:32:25 olas sshd[30907]: Invalid user vbox from 111.231.202.61 port 33124
Sep 8 19:32:25 olas sshd[30907]: pamunix(sshd:auth): check pass; user unknown
Sep 8 19:32:25 olas sshd[30907]: pamunix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=111.231.202.61
Sep 8 19:32:25 olas sshd[30913]: Invalid user ts3 from 159.65.140.148 port 51662
Sep 8 19:32:25 olas sshd[30913]: pamunix(sshd:auth): check pass; user unknown
Sep 8 19:32:25 olas sshd[30913]: pamunix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.65.140.148
Sep 8 19:32:26 olas sshd[30911]: pamunix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=112.85.42.178 user=root
Sep 8 19:32:27 olas sshd[30907]: Failed password for invalid user vbox from 111.231.202.61 port 33124 ssh2
Sep 8 19:32:27 olas sshd[30913]: Failed password for invalid user ts3 from 159.65.140.148 port 51662 ssh2
Sep 8 19:32:27 olas sshd[30913]: Received disconnect from 159.65.140.148 port 51662:11: Bye Bye [preauth]
Sep 8 19:32:27 olas sshd[30913]: Disconnected from invalid user ts3 159.65.140.148 port 51662 [preauth]
Sep 8 19:32:28 olas sshd[30911]: Failed password for root from 112.85.42.178 port 47503 ssh2
Sep 8 19:32:29 olas sshd[30907]: Received disconnect from 111.231.202.61 port 33124:11: Bye Bye [preauth]
Sep 8 19:32:29 olas sshd[30907]: Disconnected from invalid user vbox 111.231.202.61 port 33124 [preauth]
Sep 8 19:32:31 olas sshd[30911]: Failed password for root from 112.85.42.178 port 47503 ssh2
Sep 8 19:32:39 olas sshd[30911]: message repeated 3 times: [ Failed password for root from 112.85.42.178 port 47503 ssh2]
Sep 8 19:32:40 olas sshd[30915]: Invalid user admin from 45.55.47.149 port 60875
Sep 8 19:32:40 olas sshd[30915]: pamunix(sshd:auth): check pass; user unknown
Sep 8 19:32:40 olas sshd[30915]: pamunix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.55.47.149
Sep 8 19:32:41 olas sshd[30911]: Failed password for root from 112.85.42.178 port 47503 ssh2
Sep 8 19:32:41 olas sshd[30911]: error: maximum authentication attempts exceeded for root from 112.85.42.178 port 47503 ssh2 [preauth]
Sep 8 19:32:41 olas sshd[30911]: Disconnecting authenticating user root 112.85.42.178 port 47503: Too many authentication failures [preauth]
Sep 8 19:32:41 olas sshd[30911]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=112.85.42.178 user=root
Sep 8 19:32:41 olas sshd[30911]: PAM service(sshd) ignoring max retries; 6 > 3
Sep 8 19:32:42 olas sshd[30917]: Invalid user xbmc from 157.230.174.111 port 39560
Sep 8 19:32:42 olas sshd[30917]: pamunix(sshd:auth): check pass; user unknown
Sep 8 19:32:42 olas sshd[30917]: pamunix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.230.174.111
Sep 8 19:32:42 olas sshd[30915]: Failed password for invalid user admin from 45.55.47.149 port 60875 ssh2
Sep 8 19:32:42 olas sshd[30915]: Received disconnect from 45.55.47.149 port 60875:11: Bye Bye [preauth]
Sep 8 19:32:42 olas sshd[30915]: Disconnected from invalid user admin 45.55.47.149 port 60875 [preauth]
Sep 8 19:32:43 olas sshd[30917]: Failed password for invalid user xbmc from 157.230.174.111 port 39560 ssh2
Sep 8 19:32:43 olas sshd[30917]: Received disconnect from 157.230.174.111 port 39560:11: Bye Bye [preauth]
Sep 8 19:32:43 olas sshd[30917]: Disconnected from invalid user xbmc 157.230.174.111 port 39560 [preauth]
Sep 8 19:32:44 olas sshd[30919]: pamunix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=112.85.42.178 user=root
Sep 8 19:32:46 olas sshd[30919]: Failed password for root from 112.85.42.178 port 4441 ssh2
Sep 8 19:32:54 olas sshd[30919]: message repeated 3 times: [ Failed password for root from 112.85.42.178 port 4441 ssh2]
Sep 8 19:32:56 olas sshd[30921]: Invalid user p@55wOrd from 75.87.52.203 port 33004
Sep 8 19:32:56 olas sshd[30921]: pamunix(sshd:auth): check pass; user unknown
Sep 8 19:32:56 olas sshd[30921]: pamunix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=75.87.52.203
Sep 8 19:32:57 olas sshd[30919]: Failed password for root from 112.85.42.178 port 4441 ssh2
Sep 8 19:32:58 olas sshd[30921]: Failed password for invalid user p@55wOrd from 75.87.52.203 port 33004 ssh2
Sep 8 19:32:58 olas sshd[30921]: Received disconnect from 75.87.52.203 port 33004:11: Bye Bye [preauth]
Sep 8 19:32:58 olas sshd[30921]: Disconnected from invalid user p@55wOrd 75.87.52.203 port 33004 [preauth]
Sep 8 19:33:00 olas sshd[30919]: Failed password for root from 112.85.42.178 port 4441 ssh2
Sep 8 19:33:00 olas sshd[30919]: error: maximum authentication attempts exceeded for root from 112.85.42.178 port 4441 ssh2 [preauth]
Sep 8 19:33:00 olas sshd[30919]: Disconnecting authenticating user root 112.85.42.178 port 4441: Too many authentication failures [preauth]
Sep 8 19:33:00 olas sshd[30919]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=112.85.42.178 user=root
Sep 8 19:33:00 olas sshd[30919]: PAM service(sshd) ignoring max retries; 6 > 3
Sep 8 19:33:02 olas sshd[30923]: pamunix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=112.85.42.178 user=root
Sep 8 19:33:05 olas sshd[30923]: Failed password for root from 112.85.42.178 port 27863 ssh2
Sep 8 19:33:15 olas sshd[30923]: message repeated 4 times: [ Failed password for root from 112.85.42.178 port 27863 ssh2]
Sep 8 19:33:15 olas sudo: revo : TTY=pts/0 ; PWD=/home/revo ; USER=root ; COMMAND=/bin/cat /var/log/auth.log
Sep 8 19:33:15 olas sudo: pam_unix(sudo:session): session opened for user root by revo(uid=0)
答案1
99% 的暴力攻击都是脚本小子干的,他们甚至没有编辑脚本。他们寻找端口 22,如果连接成功,他们就会运行暴力登录脚本。对于这些攻击,只需将 ssh 端口移至新端口“2200、2220”即可。虽然我通常不推荐通过隐蔽性来实现安全,但这种方法确实有效。
然后修复新端口的 fail2ban,然后按照 @dirdi 的建议设置 knockd 或使用 VPN(如 @davidgo 建议的那样)。选择哪种方式取决于您需要/想要的安全级别。您甚至可以同时使用两者。
安全不是安装完就可以完成的问题。安全涉及多层保护,而不仅仅是一个应用程序。