通过Auth.log查看服务器ssh暴力破解记录

Linux下/var/中有很多系统日志信息,例如auth.log

The Authorization Log tracks usage of authorization systems, the mechanisms for authorizing users which prompt for user passwords, such as the Pluggable Authentication Module (PAM) system, the sudo command, remote logins to sshd and so on. The Authorization Log file may be accessed at /var/log/auth.log. This log is useful for learning about user logins and usage of the sudo command.

如果失败登录的IP地址和次数过多,需要考虑更换SSH端口和密码,并使用密钥登录。

Published with Ghost | Moegi