我目前已将我的raspberry pi端口转发为SSH连接,因此我可以在工作时访问它。
在查看'journalctl -xe'时,我看到了大量失败的SSH登录请求。
我已将我的覆盆子pi更改为密钥登录而不是基于密码。还有什么我可以阻止这个家伙试图闯入吗?或者更好的安全性来阻止他访问它?
Dec 20 19:46:36 raspberrypi sshd[1929]: Received disconnect from 106.250.183.218 port 20371:11: Bye Bye [preauth]
Dec 20 19:46:36 raspberrypi sshd[1929]: Disconnected from 106.250.183.218 port 20371 [preauth]
Dec 20 19:47:58 raspberrypi sshd[1931]: Received disconnect from 221.194.47.245 port 37247:11: [preauth]
Dec 20 19:47:58 raspberrypi sshd[1931]: Disconnected from 221.194.47.245 port 37247 [preauth]
Dec 20 19:48:50 raspberrypi sshd[1934]: Did not receive identification string from 23.254.161.114 port 51435
Dec 20 19:50:15 raspberrypi sshd[1935]: Did not receive identification string from 195.154.60.109 port 64642
Dec 20 19:50:15 raspberrypi sshd[1936]: Invalid user user from 195.154.60.109 port 64943
Dec 20 19:50:15 raspberrypi sshd[1936]: input_userauth_request: invalid user user [preauth]
Dec 20 19:50:15 raspberrypi sshd[1936]: error: Received disconnect from 195.154.60.109 port 64943:3: com.jcraft.jsch.JSchException: Auth fail [preauth]
Dec 20 19:50:15 raspberrypi sshd[1936]: Disconnected from 195.154.60.109 port 64943 [preauth]
Dec 20 20:02:05 raspberrypi sshd[1997]: Did not receive identification string from 195.154.60.109 port 51264
Dec 20 20:02:06 raspberrypi sshd[1998]: Invalid user user from 195.154.60.109 port 51418
Dec 20 20:02:06 raspberrypi sshd[1998]: input_userauth_request: invalid user user [preauth]
Dec 20 20:02:06 raspberrypi sshd[1998]: error: Received disconnect from 195.154.60.109 port 51418:3: com.jcraft.jsch.JSchException: Auth fail [preauth]
Dec 20 20:02:06 raspberrypi sshd[1998]: Disconnected from 195.154.60.109 port 51418 [preauth]
Dec 20 20:02:31 raspberrypi sshd[2002]: Did not receive identification string from 91.227.47.234 port 53975
Dec 20 20:02:32 raspberrypi sshd[2003]: Invalid user user from 91.227.47.234 port 53982
Dec 20 20:02:32 raspberrypi sshd[2003]: input_userauth_request: invalid user user [preauth]
Dec 20 20:02:32 raspberrypi sshd[2003]: Received disconnect from 91.227.47.234 port 53982:11: Bye Bye [preauth]
Dec 20 20:02:32 raspberrypi sshd[2003]: Disconnected from 91.227.47.234 port 53982 [preauth]
Dec 20 20:03:05 raspberrypi sshd[2023]: Did not receive identification string from 103.79.142.58 port 50841
Dec 20 20:03:08 raspberrypi sshd[2024]: Invalid user user from 103.79.142.58 port 52943
Dec 20 20:03:08 raspberrypi sshd[2024]: input_userauth_request: invalid user user [preauth]
Dec 20 20:03:08 raspberrypi sshd[2024]: error: Received disconnect from 103.79.142.58 port 52943:3: com.jcraft.jsch.JSchException: Auth fail [preauth]
答案 0 :(得分:1)
您还可以使用fail2ban限制尝试次数。
默认配置适用于ssh服务器。
sudo apt-get update
sudo apt-get install fail2ban
答案 1 :(得分:1)
如果您不想禁用所有帐户的密码访问权限,则通过sshd_config文件禁用root登录(如@ramrunner所述)肯定会减少绝大多数SSH强力尝试。尽管如此,这仍然会使您的其他登录帐户容易受到攻击。
缓解这种情况的一种方法是将iptables配置为仅允许来自某些IP地址或IP块的外部SSH尝试。如果您的外部工作IP地址没有更改,您可以配置iptables以阻止除工作IP之外的所有外部SSH尝试。
答案 2 :(得分:1)
SSH暴力攻击可以通过最少量的处理器(CPU)和内存(RAM)从低功耗服务器中吸取资源。这可能是你的覆盆子pi的情况。
我们开发了一个名为am-deny-hosts的解决方案,可以帮助阻止这些攻击。它下载已知SSH攻击者的IP地址黑名单,并将其添加到/etc/hosts.deny文件中。
它作为GitHub上的开源项目发布。您将获得一组shell脚本来保护您的raspberry PI,而不会占用大量时间,CPU或内存。更重要的是我们安装起来非常简单。
答案 3 :(得分:0)
这个问题可能会更好地迁移到serverfault或security.stackexchange。
正如@larsks所说,如果您禁用了密码登录,这些自动攻击都是徒劳的。确保你也有
PermitRootLogin no
。如果你不想根据@larsks链接自己从iptables限制它,你可以安装fail2ban。 最后我发现在非标准端口上运行sshd也有助于自动扫描。