海岸墙:阻止在22端口反复填充ips
海岸墙:阻止在22端口反复填充ips
提问于 2015-06-06 19:19:09
我在Fedora 21上,端口22对ssh连接开放。
我使用基于密钥的身份验证,禁用密码和根登录。
我的日志中充斥着类似文章末尾附加的消息。
我正在使用海岸墙,在3次失败连接之后,是否有一种本地的方法将一个IP列入2天的黑名单?
如果不是,那么fail2ban的正则表达式会是什么样的呢?
$ journalctl -u sshd
Jun 06 10:16:01 fedora sshd[27659]: input_userauth_request: invalid user admin [preauth]
Jun 06 10:16:01 fedora sshd[27659]: error: Received disconnect from 195.154.56.58: 3: com.jcraft.jsch.JSchException: Auth fail [preauth]
Jun 06 10:16:02 fedora sshd[27661]: Invalid user support from 195.154.56.58
Jun 06 10:16:02 fedora sshd[27661]: input_userauth_request: invalid user support [preauth]
Jun 06 10:16:02 fedora sshd[27661]: error: Received disconnect from 195.154.56.58: 3: com.jcraft.jsch.JSchException: Auth fail [preauth]
Jun 06 10:16:14 fedora sshd[27663]: Invalid user ubnt from 195.154.56.58
Jun 06 10:16:14 fedora sshd[27663]: input_userauth_request: invalid user ubnt [preauth]
Jun 06 10:16:14 fedora sshd[27663]: error: Received disconnect from 195.154.56.58: 3: com.jcraft.jsch.JSchException: Auth fail [preauth]
Jun 06 10:16:18 fedora sshd[27665]: error: Received disconnect from 195.154.56.58: 3: com.jcraft.jsch.JSchException: Auth fail [preauth]
Jun 06 10:16:21 fedora sshd[27668]: Invalid user user from 195.154.56.58
Jun 06 10:16:21 fedora sshd[27668]: input_userauth_request: invalid user user [preauth]
Jun 06 10:16:21 fedora sshd[27668]: error: Received disconnect from 195.154.56.58: 3: com.jcraft.jsch.JSchException: Auth fail [preauth]
Jun 06 10:16:32 fedora sshd[27670]: Did not receive identification string from 195.154.56.58
Jun 06 11:25:38 fedora sshd[27832]: Did not receive identification string from 92.27.215.72
Jun 06 11:26:52 fedora sshd[27836]: Invalid user usuario from 92.27.215.72
Jun 06 11:26:52 fedora sshd[27836]: input_userauth_request: invalid user usuario [preauth]
Jun 06 11:26:52 fedora sshd[27836]: Connection closed by 92.27.215.72 [preauth]
Jun 06 11:40:39 fedora sshd[27865]: reverse mapping checking getaddrinfo for 62-210-7-55.rev.poneytelecom.eu [62.210.7.55] failed - POSSIBLE BREAK-IN ATTEMPT!
Jun 06 11:40:39 fedora sshd[27865]: Invalid user admin from 62.210.7.55
Jun 06 11:40:39 fedora sshd[27865]: input_userauth_request: invalid user admin [preauth]
Jun 06 11:40:39 fedora sshd[27865]: error: Received disconnect from 62.210.7.55: 3: com.jcraft.jsch.JSchException: Auth fail [preauth]
Jun 06 11:40:44 fedora sshd[27867]: reverse mapping checking getaddrinfo for 62-210-7-55.rev.poneytelecom.eu [62.210.7.55] failed - POSSIBLE BREAK-IN ATTEMPT!
Jun 06 11:40:44 fedora sshd[27867]: Invalid user support from 62.210.7.55
Jun 06 11:40:44 fedora sshd[27867]: input_userauth_request: invalid user support [preauth]回答 1
Server Fault用户
发布于 2015-06-07 12:07:18
下面的配置似乎正在开箱即用,并执行所需的工作。
自从我将[DEFAULT]编写为[default]以来,我的原始配置被错误配置了。
$ cat /etc/fail2ban/jail.local
[DEFAULT]
bantime = 172800
findtime=3600
maxretry = 3
backend = systemd
action = shorewall
[sshd]
enabled = true
[sshd-ddos]
enabled = true页面原文内容由Server Fault提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://serverfault.com/questions/697133
复制相关文章
相似问题
腾讯云开发者
Copyright © 2013 - 2026 Tencent Cloud. All Rights Reserved. 腾讯云 版权所有
深圳市腾讯计算机系统有限公司 ICP备案/许可证号:粤B2-20090059 
粤公网安备44030502008569号
腾讯云计算(北京)有限责任公司 京ICP证150476号 | 京ICP备11018762号