Come proteggere il mio server da tentativi di accesso continui (Ubuntu)

2

Questo è il registro del mio server:

Mar 25 16:49:51 f4arelay sshd[10831]: input_userauth_request: invalid user git [preauth] 
Mar 25 16:49:51 f4arelay sshd[10831]: pam_unix(sshd:auth): check pass; user unknown 
Mar 25 16:49:51 f4arelay sshd[10831]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.29.194.97 
Mar 25 16:49:54 f4arelay sshd[10831]: Failed password for invalid user git from 115.29.194.97 port 43574 ssh2 
Mar 25 16:49:54 f4arelay sshd[10831]: Received disconnect from 115.29.194.97: 11: Bye Bye [preauth] 
Mar 25 16:50:08 f4arelay sshd[10473]: pam_unix(sshd:session): session closed for user root 
Mar 25 16:52:49 f4arelay sshd[10841]: Invalid user vagrant from 115.29.194.97 
Mar 25 16:52:49 f4arelay sshd[10841]: input_userauth_request: invalid user vagrant [preauth] 
Mar 25 16:52:49 f4arelay sshd[10841]: pam_unix(sshd:auth): check pass; user unknown 
Mar 25 16:52:49 f4arelay sshd[10841]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.29.194.97 
Mar 25 16:52:51 f4arelay sshd[10841]: Failed password for invalid user vagrant from 115.29.194.97 port 35672 ssh2 
Mar 25 16:52:51 f4arelay sshd[10841]: Received disconnect from 115.29.194.97: 11: Bye Bye [preauth] 
Mar 25 16:55:45 f4arelay sshd[10845]: Invalid user vnc from 115.29.194.97 
Mar 25 16:55:45 f4arelay sshd[10845]: input_userauth_request: invalid user vnc [preauth] 
Mar 25 16:55:45 f4arelay sshd[10845]: pam_unix(sshd:auth): check pass; user unknown 
Mar 25 16:55:45 f4arelay sshd[10845]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.29.194.97 
Mar 25 16:55:47 f4arelay sshd[10845]: Failed password for invalid user vnc from 115.29.194.97 port 56011 ssh2 
Mar 25 16:55:47 f4arelay sshd[10845]: Received disconnect from 115.29.194.97: 11: Bye Bye [preauth] 
Mar 25 16:56:38 f4arelay sshd[10849]: Accepted password for root from 37.134.155.106 port 62645 ssh2 
Mar 25 16:56:38 f4arelay sshd[10849]: pam_unix(sshd:session): session opened for user root by (uid=0) 
Mar 25 16:56:38 f4arelay sshd[10849]: pam_env(sshd:session): Unable to open env file: /etc/default/locale: No such file or directory 
Mar 25 16:57:23 f4arelay sudo: root : TTY=pts/0 ; PWD=/root ; USER=root ; COMMAND=/usr/bin/less /var/log/auth.log 
Mar 25 16:57:23 f4arelay sudo: pam_unix(sudo:session): session opened for user root by root(uid=0) 
Mar 25 16:58:48 f4arelay sshd[10900]: Invalid user test from 115.29.194.97 
Mar 25 16:58:48 f4arelay sshd[10900]: input_userauth_request: invalid user test [preauth] 
Mar 25 16:58:48 f4arelay sshd[10900]: pam_unix(sshd:auth): check pass; user unknown 
Mar 25 16:58:48 f4arelay sshd[10900]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.29.194.97 
Mar 25 16:58:50 f4arelay sshd[10900]: Failed password for invalid user test from 115.29.194.97 port 48110 ssh2 
Mar 25 16:58:50 f4arelay sshd[10900]: Received disconnect from 115.29.194.97: 11: Bye Bye [preauth] 
Mar 25 16:59:48 f4arelay sudo: pam_unix(sudo:session): session closed for user root 
Mar 25 17:00:12 f4arelay sudo: root : TTY=pts/0 ; PWD=/root ; USER=root ; COMMAND=/usr/bin/less /var/log/auth.log 
Mar 25 17:00:12 f4arelay sudo: pam_unix(sudo:session): session opened for user root by root(uid=0)

Come puoi vedere, c'è un bot che tenta di connettersi continuamente al mio server.

Mi piacerebbe sapere come proteggerlo da persone come lui, so che non è possibile fermare tutte quelle persone che voglio solo assicurarmi che non vengano loggate nel mio server.

    
posta Javi B 25.03.2016 - 22:06
fonte

1 risposta

7
  1. Utilizzare autenticazione basata su chiave per SSH anziché autenticazione con password
  2. Cambia la tua porta SSHd con qualcosa di diverso da 22. Questa è sicurezza attraverso l'oscurità, ma è probabilmente giustificabile in questo caso.
  3. fail2ban utenti che tentano di connettersi sulla porta 22 o prova l'autenticazione della password
risposta data 25.03.2016 - 22:18
fonte

Leggi altre domande sui tag