我的服务器上的日志充满了如下条目:
input_userauth_request: invalid user dennis [preauth]
Received disconnect from xxx.xxx.xxx.xxx: 11: Bye Bye [preauth]
Invalid user park from xxx.xxx.xxx.xxx
input_userauth_request: invalid user park [preauth]
Received disconnect from xxx.xxx.xxx.xxx: 11: Bye Bye [preauth]
Invalid user stu from xxx.xxx.xxx.xxx
input_userauth_request: invalid user stu [preauth]
Received disconnect from xxx.xxx.xxx.xxx: 11: Bye Bye [preauth]
Invalid user diego from xxx.xxx.xxx.xxx
input_userauth_request: invalid user diego [preauth]
Received disconnect from xxx.xxx.xxx.xxx: 11: Bye Bye [preauth]
Invalid user deploy from xxx.xxx.xxx.xxx
input_userauth_request: invalid user deploy [preauth]
Received disconnect from xxx.xxx.xxx.xxx: 11: Bye Bye [preauth]
我在配置中禁用了密码验证sshd
。
我尝试使用以下命令复制到连接尝试,但没有写入此类日志条目randomuser
(我得到Permission denied (publickey)
):
ssh -o PreferredAuthentications=keyboard-interactive -o PubkeyAuthentication=no [email protected]
我想知道这些登录尝试是如何进行的?
答案1
我相信脚本建立连接的方式与尝试在命令行上建立连接的方式不同。我假设这不是用户/机器人在该命令行上发出的交互式请求,而是在一个请求中发送整个身份验证请求(IP 地址、用户名、密码)。
SSH 守护进程可能不喜欢连接请求的发出方式(因为所有内容都在一起而不是交互式),因此会基于此删除连接。