Linux雲主機無法遠端登入

2021-10-24 12:27:32 字數 2958 閱讀 4963

centos

ubuntu的和centos有點區別

connecting to 43.240.247.107:22...


connection established.


server closed connection.


pleaseclose dialog to finalize this session.


connection closing...socket close.


connection  closed by foreign host
大概率是因為被暴力破解導致,先登入雲平台,使用雲平台的vnc控制台登入

輸入cat /var/log/secure | grep "failed password" -c

[root@dcxfvbhbnghj97 ~]


# cat /var/log/secure | grep "failed password" -c


1429


[root@dcxfvbhbnghj97 ~]


#
pam_tally2 -u root

[root@dcxfvbhbnghj97 ~]


# pam_tally2 -u root


login           failures latest failure     from


root              890    09/09/20 07:56:11  35.226.189.158


[root@dcxfvbhbnghj97 ~]


#
find /var/log -name 'secure*' -type f | while read line;do awk '/failed/' $line;done | awk 'end' | sort -n -t'=' -k 2

[root@dcxfvbhbnghj97 ~]


# find /var/log -name 'secure*' -type f | while read line;do awk '/failed/' $line;done | awk 'end' | sort -n -t'=' -k 2


161.97.110.90=35


177.78.135.87=54


116.153.32.212=106


75.97.246.254=180


36.41.174.139=952


[root@dcxfvbhbnghj97 ~]


#
解除鎖定後才能用ssh登入pam_tally2 -u root -r

[root@dcxfvbhbnghj97 ~]


# pam_tally2 -u root -r


login           failures latest failure     from


root              890    09/09/20 07:56:11  35.226.189.158


[root@dcxfvbhbnghj97 ~]


# pam_tally2 -u root


login           failures latest failure     from


root                0    


[root@dcxfvbhbnghj97 ~]


#
ubuntu安全日誌不在secure裡面,在auth.log裡面

cat /var/log/auth.log | grep 'invalid' | awk '' | sort | uniq -c | sort -bn

root@vultr:/var/log# cat /var/log/auth.log | grep 'invalid' -c


1693


root@vultr:/var/log#
cat /var/log/auth.log | grep 'invalid' | awk '' | sort | uniq -c | sort -bn

詳細點的(每個使用者嘗試次數)


....


....


30 dev


30 server


30 ts3


34 debian


35 postgres


35 weblogic


37 git


37 odoo


37 www


38 guest


40 svn


42 oracle


42 test


42 ubuntu


58 user


91 admin


....


..
cat /var/log/auth.log | grep 'invalid' | awk '' | sort | uniq -c | sort -bn

..


....


84.22.49.174	informix


84.92.92.196	minecraft


85.209.0.50	admin


85.234.166.93	pi


89.144.47.28	ubnt


91.121.211.34	dup


91.134.214.153	vcsa


92.253.40.158	support


92.39.62.17	administrator


93.237.47.100	pi


93.237.47.100	pi


93.64.5.34	splunk


93.91.171.250	admin


.....

初探雲主機 遠端登入

看到京東雲挺實惠的,忍不住購買了一年京東雲的低配練手。使用ssh登入 安裝完成,開啟xshell,並點選新建,根據要求輸入相應引數 名稱 自定義設定 協議 ssh 主機 例項所繫結的公網ip,可在例項列表查詢 埠號 22 選擇使用者身份認證 方法選擇 password 使用者名稱 預設使用者名為ro...

遠端主機登入

可以通過使用 telnet 命令登入到遠端主機。為此,必須擁有乙個該遠端主機的有效使用者標識和密碼。要登入到遠端主機 此例中為 host1 請輸入 telnet host1螢幕上顯示與以下類似的資訊 trying connected to host1 escape character is t ai...

SSH登入遠端主機

ssh遠端登入 方法 遠端主機 1.grep permitrootlogin etc ssh sshd config確定 permitrootlogin 是否未開啟,若permitrootlogin為no,則通過以下命令將permitrootlogin修改為yes vim etc ssh sshd ...