Ssh

SSH 密碼登錄失敗 - 登錄密碼

  • June 30, 2016

今天我檢查了我的 sshd 的日誌,發現了很多行,例如:Oct 12

 Oct 12 12:31:34 my_user sshd[15324]: Failed password for invalid user admin from 104.194.25.135 port 2683 ssh2
Oct 12 12:31:37 my_user sshd[15324]: Failed password for invalid user admin from 104.194.25.135 port 2683 ssh2
Oct 12 12:31:39 my_user sshd[15324]: Failed password for invalid user admin from 104.194.25.135 port 2683 ssh2
Oct 12 12:31:41 my_user sshd[15324]: Failed password for invalid user admin from 104.194.25.135 port 2683 ssh2
Oct 12 12:31:45 my_user sshd[15324]: Failed password for invalid user admin from 104.194.25.135 port 2683 ssh2
Oct 12 12:31:53 my_user sshd[15326]: Failed password for invalid user admin from 104.194.25.135 port 4049 ssh2
Oct 12 12:31:55 my_user sshd[15326]: Failed password for invalid user admin from 104.194.25.135 port 4049 ssh2
Oct 12 12:31:57 my_user sshd[15326]: Failed password for invalid user admin from 104.194.25.135 port 4049 ssh2
Oct 12 12:31:59 my_user sshd[15326]: Failed password for invalid user admin from 104.194.25.135 port 4049 ssh2
Oct 12 12:32:01 my_user sshd[15326]: Failed password for invalid user admin from 104.194.25.135 port 4049 ssh2
Oct 12 12:32:04 my_user sshd[15326]: Failed password for invalid user admin from 104.194.25.135 port 4049 ssh2
Oct 12 12:32:09 my_user sshd[15329]: Failed password for invalid user admin from 104.194.25.135 port 1793 ssh2
Oct 12 12:32:12 my_user sshd[15329]: Failed password for invalid user admin from 104.194.25.135 port 1793 ssh2
Oct 12 12:32:14 my_user sshd[15329]: Failed password for invalid user admin from 104.194.25.135 port 1793 ssh2

我想知道是否可以要求 SSH 記錄他們嘗試過的密碼以及使用者名。

沒有openssh做不到。您可以修改源,但通常對於此類研究,設置像kippo這樣的honeypot很有用。如果攻擊者成功進入您的伺服器,您將能夠看到他在做什麼。

您可以查看這篇好文章http://www.adeptus-mechanicus.com/codex/logsshp/logsshp.html 這是關於另一種選擇 - 使用記錄密碼的非標準 PAM 模組。

關於 Python PAM 模組的另一篇精彩文章http://www.chokepoint.net/2014/01/more-fun-with-pam-python-failed.html

我最終用 Python 編寫 PAM 模組只是因為我個人了解 Python。honeypot對我來說有點矯枉過正。

引用自:https://serverfault.com/questions/636412