sshd 日志满是“未收到来自”的识别字符串

tag-icon tag-icon ssh
sshd 日志满是“未收到来自”的识别字符串 
Mar  2 02:34:02 freetalker3 sshd[28436]: Did not receive identification string from 211.110.33.50
Mar  2 02:34:08 freetalker3 sshd[28439]: Did not receive identification string from 211.110.33.50
Mar  2 02:34:13 freetalker3 sshd[28442]: Did not receive identification string from 211.110.33.50
Mar  2 02:34:19 freetalker3 sshd[28445]: Did not receive identification string from 211.110.33.50
Mar  2 02:34:24 freetalker3 sshd[28448]: Did not receive identification string from 211.110.33.50
Mar  2 02:34:30 freetalker3 sshd[28451]: Did not receive identification string from 211.110.33.50
Mar  2 02:34:35 freetalker3 sshd[28454]: Did not receive identification string from 211.110.33.50
Mar  2 02:34:41 freetalker3 sshd[28457]: Did not receive identification string from 211.110.33.50
Mar  2 02:34:46 freetalker3 sshd[28460]: Did not receive identification string from 211.110.33.50
Mar  2 02:34:52 freetalker3 sshd[28463]: Did not receive identification string from 211.110.33.50
Mar  2 02:34:57 freetalker3 sshd[28466]: Did not receive identification string from 211.110.33.50
Mar  2 02:35:03 freetalker3 sshd[28469]: Did not receive identification string from 211.110.33.50
Mar  2 02:35:08 freetalker3 sshd[28472]: Did not receive identification string from 211.110.33.50
Mar  2 02:35:14 freetalker3 sshd[28475]: Did not receive identification string from 211.110.33.50
Mar  2 02:35:20 freetalker3 sshd[28478]: Did not receive identification string from 211.110.33.50
Mar  2 02:35:25 freetalker3 sshd[28481]: Did not receive identification string from 211.110.33.50
Mar  2 02:35:31 freetalker3 sshd[28484]: Did not receive identification string from 211.110.33.50
Mar  2 02:35:36 freetalker3 sshd[28488]: Did not receive identification string from 211.110.33.50

我的 /var/log/auth.log 充满了这些消息,每 6 秒发送一次。我的服务器在 vps 上,并且 ip 看起来像是一个内部 ip。什么可能是导致这个问题的原因?

答案1

一些恶意人士(惊讶!)正在敲打 ssh 以尝试找到可以进入系统的用户名/密码组合。可能来自某个僵尸网络,他们正在对不知道有多少其他毫无戒心的受害者做同样的事情。

安装类似失败2ban或者拒绝主机(任何 Linux 发行版都应该有这两种方法),或者设置本地防火墙来限制 SSH 连接尝试。更改 SSH 端口会使愚蠢的暴力尝试失败,但也会使合法使用失败。

答案2

实际上,这是来自我的托管服务提供商 - 他们每 6 秒向我的 VPS 发送一次垃圾邮件,以在他们的 Web 控制台上显示我的服务器状态。如果我的 sshd 响应它们,我的服务器就会显示为活动状态。

我刚刚安装了 OpenVPN 并仅通过它允许 SSH - 因此,根据我的提供商的说法,我的服务器停机时间为 100%。

答案3

这很可能是来自通信设备的保持活动(验证服务器是否响应)。

答案4

尝试将 ssh 端口从 22 更改为另一个sshd_config

sudo nano /etc/ssh/sshd_config

如果它没有停止消息,则问题也可能由以下原因引起:Freebpx 导致 /var/log/secure 日志文件中出现 sshd 错误或者参见此处的讨论auth.log 中显示“未收到识别字符串”在 Ubuntu 论坛上。

相关内容