我似乎在我通过 sshed 连接的 Ubuntu 服务器上获得了很多不同的连接 (ssh)。这些只是暴力尝试吗?
运行时netstat -tnpa | grep 'ESTABLISHED.*sshd'
为什么我在每行末尾分别得到“root@p”和“[accep”?
此外,在运行时grep sshd.\*Failed /var/log/auth.log | tail -20
我似乎遇到了很多不同的“无效用户”。为什么会这样?最后ps auxwww | grep sshd:
输出两个“[accepted]”。为什么会这样?
谢谢
更新:
现在又发生了一件有趣的事情。我 netstat -tnpa | grep 'ESTABLISHED.*sshd'
再次运行,显然列出了来自香港的“103.100.xxxx”形式的IP。然后我跑了cat /var/log/auth.log | tail -100
并得到以下内容
Feb 16 17:58:25 838396123831 sshd[227710]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.100.210.xxx user=root
Feb 16 17:58:26 838396123831 sshd[227708]: Received disconnect from 103.136.xxxxp ort 33268:11: Bye Bye [preauth]
Feb 16 17:58:26 838396123831 sshd[227708]: Disconnected from invalid user hero 103.136.xxxx port 33268 [preauth]
Feb 16 17:58:27 838396123831 sshd[227710]: Failed password for root from 103.100.xxxx port 40810 ssh2
Feb 16 17:58:27 838396123831 sshd[227710]: Received disconnect from 103.100.xxxx port 40810:11: Bye Bye [preauth]
Feb 16 17:58:27 838396123831 sshd[227710]: Disconnected from authenticating user root 103.100.xxxx port 40810 [preauth]
然后我跑过去grep sshd.\*Failed /var/log/auth.log | tail -20
发现Feb 16 18:00:42 838396123831 sshd[227760]: Failed password for invalid user ircbot from 103.136.xxxxx port 47546 ssh2
然后我跑过去grep sshd.\*Failed /var/log/auth.log | tail -100
看看
Feb 16 17:53:24 838396123831 sshd[227596]: Failed password for root from 103.136.xxxx port 33470 ssh2
Feb 16 17:55:57 838396123831 sshd[227652]: Failed password for root from 103.136.xxxxx port 47406 ssh2
Feb 16 17:58:24 838396123831 sshd[227708]: Failed password for invalid user hero from 103.136.xxxxx port 33268 ssh2
Feb 16 18:00:42 838396123831 sshd[227760]: Failed password for invalid user ircbot from 103.136.xxxxx port 47546 ssh2
这是什么意思?怎么了?是否有任何其他人能够通过 ssh 登录到服务器? “最后”命令不会列出除我的 IP 地址之外的任何其他 IP 地址,所以...