无意中发现这些数据，是不是有人在暴力破解

leeger

20o的母鸡，才用proxmox。今天在syslog里面发现下图数据，发现一直有 182.100.67.119 （国内的ip）IP的机器连接ssh，但都失败了····
是不是这个ip在猜我的SSH密码？
屏幕快照 2017-08-10 下午2.37.09.png (236.7 KB, 下载次数: 0)

2017-8-10 14:39 上传

点击文件名下载附件

现在是不是需要修改母鸡的ssh端口了？谢谢！~~~~

dadiao们快来啊！

流河旱树

应该是有人在尝试登录root

hipopboy

是的，改端口。

leeger

hipopboy 发表于 2017-8-10 14:42
是的，改端口。

这个root是不是proxmox的root？

还是母鸡ssh的root？？

matt7751

上次有人破解我的小鸡   我改了用户名
问下大佬   这样他会不会继续傻不拉几的试密码

leopard

我的也有人不断尝试
Aug 10 14:53:04 sd-83572 sshd[1425]: pam_unix(sshd:auth): check pass; user unknown
Aug 10 14:53:06 sd-83572 sshd[1425]: Failed password for invalid user  from 193.201.224.199 port 34255 ssh2
Aug 10 14:53:14 sd-83572 sshd[1425]: pam_unix(sshd:auth): check pass; user unknown
Aug 10 14:53:15 sd-83572 sshd[1425]: Failed password for invalid user  from 193.201.224.199 port 34255 ssh2
Aug 10 14:53:16 sd-83572 sshd[1425]: pam_unix(sshd:auth): check pass; user unknown
Aug 10 14:53:18 sd-83572 sshd[1425]: Failed password for invalid user  from 193.201.224.199 port 34255 ssh2
Aug 10 14:53:19 sd-83572 sshd[1425]: pam_unix(sshd:auth): check pass; user unknown
Aug 10 14:53:22 sd-83572 sshd[1425]: Failed password for invalid user  from 193.201.224.199 port 34255 ssh2
Aug 10 14:53:22 sd-83572 sshd[1425]: error: maximum authentication attempts exceeded for invalid user  from 193.201.224.199 port 34255 ssh2 [preauth]
Aug 10 14:53:22 sd-83572 sshd[1425]: Disconnecting: Too many authentication failures [preauth]
Aug 10 14:53:22 sd-83572 sshd[1425]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.199
Aug 10 14:53:22 sd-83572 sshd[1425]: PAM service(sshd) ignoring max retries; 6 > 3
Aug 10 14:53:43 sd-83572 sshd[1564]: Invalid user  from 193.201.224.199 port 40892
Aug 10 14:53:43 sd-83572 sshd[1564]: input_userauth_request: invalid user  [preauth]
Aug 10 14:53:45 sd-83572 sshd[1564]: pam_unix(sshd:auth): check pass; user unknown
Aug 10 14:53:45 sd-83572 sshd[1564]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.199
Aug 10 14:53:47 sd-83572 sshd[1564]: Failed password for invalid user  from 193.201.224.199 port 40892 ssh2
Aug 10 14:53:48 sd-83572 sshd[1564]: pam_unix(sshd:auth): check pass; user unknown
Aug 10 14:53:50 sd-83572 sshd[1564]: Failed password for invalid user  from 193.201.224.199 port 40892 ssh2
Aug 10 14:53:55 sd-83572 sshd[1564]: pam_unix(sshd:auth): check pass; user unknown
Aug 10 14:53:57 sd-83572 sshd[1564]: Failed password for invalid user  from 193.201.224.199 port 40892 ssh2
Aug 10 14:53:59 sd-83572 sshd[1564]: pam_unix(sshd:auth): check pass; user unknown
Aug 10 14:54:00 sd-83572 systemd[1]: Starting Proxmox VE replication runner...
Aug 10 14:54:01 sd-83572 sshd[1564]: Failed password for invalid user  from 193.201.224.199 port 40892 ssh2
Aug 10 14:54:01 sd-83572 sshd[1564]: pam_unix(sshd:auth): check pass; user unknown
Aug 10 14:54:01 sd-83572 systemd[1]: Started Proxmox VE replication runner.
Aug 10 14:54:03 sd-83572 sshd[1564]: Failed password for invalid user  from 193.201.224.199 port 40892 ssh2
Aug 10 14:54:04 sd-83572 sshd[1564]: pam_unix(sshd:auth): check pass; user unknown
Aug 10 14:54:06 sd-83572 sshd[1564]: Failed password for invalid user  from 193.201.224.199 port 40892 ssh2
Aug 10 14:54:06 sd-83572 sshd[1564]: error: maximum authentication attempts exceeded for invalid user  from 193.201.224.199 port 40892 ssh2 [preauth]
Aug 10 14:54:06 sd-83572 sshd[1564]: Disconnecting: Too many authentication failures [preauth]
Aug 10 14:54:06 sd-83572 sshd[1564]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.199
Aug 10 14:54:06 sd-83572 sshd[1564]: PAM service(sshd) ignoring max retries; 6 > 3

leeger

修改后，消停了~~~~

我设置的密码自己都记不住，不是超算怎么破啊？？

qfdk

话说一直有人在破解 不行上个3ban 脚本