在CentOS 8中,失败或错误的SSH登录

分享于 

2分钟阅读

互联网

  繁體

问题:


# lastb



btmp begins Thu Jul 9 10:53:49 2020



Aureport返回一些记录:


# aureport -au -i --failed 



Authentication Report


============================================


# date time acct host term exe success event


============================================


1. 06/25/2020 13:46:36 root 10.10.0.2 ssh /usr/sbin/sshd no 66




答案1:

sshd服务由systemd管理,你应该查看日志,例如:


$ journalctl -u sshd


 Jul 19 05:24:07 xx-1 sshd[30983]: Received disconnect from 43.254.220.207 port 59846:11: Bye Bye [preauth]


 Jul 19 05:24:07 xx-fsn1-1 sshd[30983]: Disconnected from invalid user ik 43.254.220.207 port 59846 [preauth]


 Jul 19 05:26:25 xx-1 sshd[30986]: Invalid user test from 139.213.220.70 port 62857


 Jul 19 05:26:25 xx-1 sshd[30986]: Received disconnect from 139.213.220.70 port 62857:11: Bye Bye [preauth]


 Jul 19 05:26:25 xx-1 sshd[30986]: Disconnected from invalid user test 139.213.220.70 port 62857 [preauth]




答案2:

你可以查看/var/log/secure日志来查找ssh日志,可以使用grep列出确切的详细信息, grep -i "failed" /var/log/secure



log  显示  ATT  SSH  Centos  login-attempts