我正在调试我的 RPI4,目前我已进入 Fail2ban。我禁用了 SSH 服务器上的密码验证,并导入了公钥验证的密钥。出于某种原因,我仍然会偶尔收到有关 IP 被禁止的电子邮件通知。以下是此类禁令的日志示例。
Lines containing failures of 116.105.77.108
Jul 4 11:39:14 pollux sshd[11482]: Connection from 116.105.77.108 port 54936 on 192.168.3.18 port 32
Jul 4 11:39:15 pollux sshd[11482]: Invalid user admin from 116.105.77.108 port 54936
Jul 4 11:39:16 pollux sshd[11482]: Connection closed by invalid user admin 116.105.77.108 port 54936 [preauth]
Jul 4 11:39:41 pollux sshd[11487]: Connection from 116.105.77.108 port 46524 on 192.168.3.18 port 32
Jul 4 11:39:43 pollux sshd[11487]: Invalid user user from 116.105.77.108 port 46524
Jul 4 11:39:43 pollux sshd[11487]: Connection closed by invalid user user 116.105.77.108 port 46524 [preauth]
Jul 4 11:39:52 pollux sshd[11492]: Connection from 116.105.77.108 port 47862 on 192.168.3.18 port 32
Jul 4 11:39:53 pollux sshd[11492]: Invalid user ubnt from 116.105.77.108 port 47862
Jul 4 11:39:54 pollux sshd[11492]: Connection closed by invalid user ubnt 116.105.77.108 port 47862 [preauth]
我读过一些关于预先授权和宽限时间但我仍然不完全理解为什么会发生禁令。日志还显示身份验证尝试次数增加了约 30 或 40 倍。
答案1
当你禁用密码验证时,仍然有可能证明密码错误(即不存在)用户名- 这就是您的日志片段中发生的事情。
在实践中,它的意思是:某人尝试过,但失败了。