易陆发现互联网技术论坛

 找回密码
 开始注册
查看: 458|回复: 2
收起左侧

ssh 登录用户日志信息限制用户登录,防止SSH爆破,系统某些用户登录失败error: 认证失败(用户名或密码错误)

[复制链接]
发表于 2023-8-3 10:35:35 | 显示全部楼层 |阅读模式

马上注册,结交更多好友,享用更多功能,让你轻松玩转社区。

您需要 登录 才可以下载或查看,没有账号?开始注册

x
Aug  3 10:26:41 devops-prod-ansible-02 filebeat: 2023-08-03T10:26:41.608+0800#011INFO#011[monitoring]#011log/log.go:145#011Non-zero metrics in the last 30s#011{"monitoring": {"metrics": {"beat":{"cpu":{"system":{"ticks":2544390,"time":{"ms":22}},"total":{"ticks":6512570,"time":{"ms":45},"value":6512570},"user":{"ticks":3968180,"time":{"ms":23}}},"handles":{"limit":{"hard":4096,"soft":1024},"open":8},"info":{"ephemeral_id":"8f113502-1487-4c59-b627-114298a25801","uptime":{"ms":11552700039}},"memstats":{"gc_next":4405392,"memory_alloc":3943296,"memory_total":628180232808},"runtime":{"goroutines":43}},"filebeat":{"events":{"active":-1,"added":12,"done":13},"harvester":{"open_files":2,"running":2}},"libbeat":{"config":{"module":{"running":0}},"output":{"events":{"acked":13,"batches":4,"total":13},"read":{"bytes":24},"write":{"bytes":3540}},"pipeline":{"clients":3,"events":{"active":0,"published":12,"total":12},"queue":{"acked":13}}},"registrar":{"states":{"current":6,"update":13},"writes":{"success":4,"total":4}},"system":{"load":{"1":0,"15":0.05,"5":0.01,"norm":{"1":0,"15":0.0125,"5":0.0025}}}}}}$ i1 l9 C% c2 Q4 a, X
Aug  3 10:26:44 devops-prod-ansible-02 filebeat: 2023-08-03T10:26:44.443+0800#011INFO#011log/harvester.go:278#011File is inactive: /.cmdlog/cmdlog.2023-08-03. Closing because close_inactive of 1m0s reached., O1 d' V. ^0 v- b% i+ Z' Z9 j- z
Aug  3 10:27:11 devops-prod-ansible-02 filebeat: 2023-08-03T10:27:11.606+0800#011INFO#011[monitoring]#011log/log.go:145#011Non-zero metrics in the last 30s#011{"monitoring": {"metrics": {"beat":{"cpu":{"system":{"ticks":2544400,"time":{"ms":14}},"total":{"ticks":6512610,"time":{"ms":34},"value":6512610},"user":{"ticks":3968210,"time":{"ms":20}}},"handles":{"limit":{"hard":4096,"soft":1024},"open":7},"info":{"ephemeral_id":"8f113502-1487-4c59-b627-114298a25801","uptime":{"ms":11552730039}},"memstats":{"gc_next":4194304,"memory_alloc":3670936,"memory_total":628185307728},"runtime":{"goroutines":38}},"filebeat":{"events":{"added":5,"done":5},"harvester":{"closed":1,"open_files":1,"running":1}},"libbeat":{"config":{"module":{"running":0}},"output":{"events":{"acked":4,"batches":3,"total":4},"read":{"bytes":18},"write":{"bytes":2223}},"pipeline":{"clients":3,"events":{"active":0,"filtered":1,"published":4,"total":5},"queue":{"acked":4}}},"registrar":{"states":{"current":6,"update":5},"writes":{"success":4,"total":4}},"system":{"load":{"1":0,"15":0.05,"5":0.01,"norm":{"1":0,"15":0.0125,"5":0.0025}}}}}}
- Y" d4 m$ o! nAug  3 10:27:41 devops-prod-ansible-02 filebeat: 2023-08-03T10:27:41.606+0800#011INFO#011[monitoring]#011log/log.go:145#011Non-zero metrics in the last 30s#011{"monitoring": {"metrics": {"beat":{"cpu":{"system":{"ticks":2544410,"time":{"ms":9}},"total":{"ticks":6512640,"time":{"ms":38},"value":6512640},"user":{"ticks":3968230,"time":{"ms":29}}},"handles":{"limit":{"hard":4096,"soft":1024},"open":7},"info":{"ephemeral_id":"8f113502-1487-4c59-b627-114298a25801","uptime":{"ms":11552760038}},"memstats":{"gc_next":7016112,"memory_alloc":3764776,"memory_total":628190777232},"runtime":{"goroutines":38}},"filebeat":{"events":{"added":5,"done":5},"harvester":{"open_files":1,"running":1}},"libbeat":{"config":{"module":{"running":0}},"output":{"events":{"acked":5,"batches":3,"total":5},"read":{"bytes":18},"write":{"bytes":2362}},"pipeline":{"clients":3,"events":{"active":0,"published":5,"total":5},"queue":{"acked":5}}},"registrar":{"states":{"current":6,"update":5},"writes":{"success":3,"total":3}},"system":{"load":{"1":0,"15":0.05,"5":0.01,"norm":{"1":0,"15":0.0125,"5":0.0025}}}}}}
7 b7 M8 w7 A* j# v3 Y' Q  A. \8 n5 P: F
$ Y, D0 B1 F, n+ p7 w8 h( [  }
( `3 N' k/ v9 n* d* @' d
Aug  3 10:28:11 devops-prod-ansible-02 filebeat: 2023-08-03T10:28:11.606+0800#011INFO#011[monitoring]#011log/log.go:145#011Non-zero metrics in the last 30s#011{"monitoring": {"metrics": {"beat":{"cpu":{"system":{"ticks":2544420,"time":{"ms":8}},"total":{"ticks":6512660,"time":{"ms":11},"value":6512660},"user":{"ticks":3968240,"time":{"ms":3}}},"handles":{"limit":{"hard":4096,"soft":1024},"open":7},"info":{"ephemeral_id":"8f113502-1487-4c59-b627-114298a25801","uptime":{"ms":11552790038}},"memstats":{"gc_next":7016112,"memory_alloc":4294680,"memory_total":628191307136},"runtime":{"goroutines":38}},"filebeat":{"harvester":{"open_files":1,"running":1}},"libbeat":{"config":{"module":{"running":0}},"pipeline":{"clients":3,"events":{"active":0}}},"registrar":{"states":{"current":6}},"system":{"load":{"1":0,"15":0.05,"5":0.01,"norm":{"1":0,"15":0.0125,"5":0.0025}}}}}}0 i% _* p. x4 R7 T' O

% w4 o8 }) o8 h  n# z0 rAug  3 10:28:11 devops-prod-ansible-02 filebeat: 2023-08-03T10:28:11.606+0800#011INFO#011[monitoring]#011log/log.go:145#011Non-zero metrics in the last 30s#011{"monitoring": {"metrics": {"beat":{"cpu":{"system":{"ticks":2544420,"time":{"ms":8}},"total":{"ticks":6512660,"time":{"ms":11},"value":6512660},"user":{"ticks":3968240,"time":{"ms":3}}},"handles":{"limit":{"hard":4096,"soft":1024},"open":7},"info":{"ephemeral_id":"8f113502-1487-4c59-b627-114298a25801","uptime":{"ms":11552790038}},"memstats":{"gc_next":7016112,"memory_alloc":4294680,"memory_total":628191307136},"runtime":{"goroutines":38}},"filebeat":{"harvester":{"open_files":1,"running":1}},"libbeat":{"config":{"module":{"running":0}},"pipeline":{"clients":3,"events":{"active":0}}},"registrar":{"states":{"current":6}},"system":{"load":{"1":0,"15":0.05,"5":0.01,"norm":{"1":0,"15":0.0125,"5":0.0025}}}}}}
+ x( W8 j3 [9 hAug  3 10:28:25 devops-prod-ansible-02 filebeat: 2023-08-03T10:28:25.085+0800#011INFO#011log/harvester.go:278#011File is inactive: /var/log/secure. Closing because close_inactive of 1m0s reached.2 s6 N5 R& \4 \' V# m2 O% u* t
Aug  3 10:28:41 devops-prod-ansible-02 filebeat: 2023-08-03T10:28:41.607+0800#011INFO#011[monitoring]#011log/log.go:145#011Non-zero metrics in the last 30s#011{"monitoring": {"metrics": {"beat":{"cpu":{"system":{"ticks":2544430,"time":{"ms":13}},"total":{"ticks":6512670,"time":{"ms":20},"value":6512670},"user":{"ticks":3968240,"time":{"ms":7}}},"handles":{"limit":{"hard":4096,"soft":1024},"open":6},"info":{"ephemeral_id":"8f113502-1487-4c59-b627-114298a25801","uptime":{"ms":11552820039}},"memstats":{"gc_next":7016112,"memory_alloc":4647992,"memory_total":628191660448},"runtime":{"goroutines":33}},"filebeat":{"events":{"added":1,"done":1},"harvester":{"closed":1,"open_files":0,"running":0}},"libbeat":{"config":{"module":{"running":0}},"pipeline":{"clients":3,"events":{"active":0,"filtered":1,"total":1}}},"registrar":{"states":{"current":6,"update":1},"writes":{"success":1,"total":1}},"system":{"load":{"1":0,"15":0.05,"5":0.01,"norm":{"1":0,"15":0.0125,"5":0.0025}}}}}}
4 a! h# b# i; P
( x4 N; [% G, v8 u% z# [! g3 r! `' [6 h4 i5 u
Aug  3 10:29:11 devops-prod-ansible-02 filebeat: 2023-08-03T10:29:11.606+0800#011INFO#011[monitoring]#011log/log.go:145#011Non-zero metrics in the last 30s#011{"monitoring": {"metrics": {"beat":{"cpu":{"system":{"ticks":2544440,"time":{"ms":8}},"total":{"ticks":6512690,"time":{"ms":10},"value":6512690},"user":{"ticks":3968250,"time":{"ms":2}}},"handles":{"limit":{"hard":4096,"soft":1024},"open":6},"info":{"ephemeral_id":"8f113502-1487-4c59-b627-114298a25801","uptime":{"ms":11552850039}},"memstats":{"gc_next":7016112,"memory_alloc":5171960,"memory_total":628192184416},"runtime":{"goroutines":33}},"filebeat":{"harvester":{"open_files":0,"running":0}},"libbeat":{"config":{"module":{"running":0}},"pipeline":{"clients":3,"events":{"active":0}}},"registrar":{"states":{"current":6}},"system":{"load":{"1":0,"15":0.05,"5":0.01,"norm":{"1":0,"15":0.0125,"5":0.0025}}}}}}
+ }+ G& b) ]' ~% M6 {8 i% ?6 l5 J( t7 g+ X# b) F# s6 h% E

1 X1 x, C1 x2 d$ ^& j) A, ~查看audit.log日志! c0 M! y( J& N: i- w

7 b1 Z: `" B0 Otype=USER_AUTH msg=audit(1691029637.510:4371430): pid=30116 uid=0 auid=4294967295 ses=4294967295 msg='op=PAM:authentication grantors=? acct="devops" exe="/usr/sbin/sshd" hostname=172.24.21.6 addr=172.24.21.6 terminal=ssh res=failed'
$ n' K( w: X9 d1 N" ]- q) e- e
% P9 [% e. `( f, N$ h
5 F  e- n' j1 f
4 R  Z3 m" p* r% W! c
* Q, b& t% _( d' z6 Q6 E- D. {; L/ k! y7 P

; E' ~1 G5 G& C: i/ N3 H5 q" d
 楼主| 发表于 2023-8-3 14:18:01 | 显示全部楼层
vim /etc/pam.d/sshdvim /etc/pam.d/sshd
. G! ]5 E  O( Oauth       required     pam_tally2.so onerr=fail deny=5 unlock_time=1800 even_deny_root
# k" c; _5 o/ f9 l注释掉之后
5 [2 t0 J& Z. g9 C1 A: Y" `#auth       required     pam_tally2.so onerr=fail deny=5 unlock_time=1800 even_deny_root
+ U: h. v) E( r8 K, T& Q
- m$ O9 ^* q4 |/ W2 ~1 v; h即可正常登录。
) n2 V( R4 ]" B$ M8 ?' }2 v
- G$ c! g* J* _& w. ]3 z: S5 L+ jvim /etc/pam.d/login
. E0 r) a9 R$ V+ k* Q% u0 A- j#%PAM-1.04 `( U8 q  [  X. I7 Y% j: s
#auth required pam_tally2.so onerr=fail deny=5 unlock_time=1800 even_deny_root
# I% n; t* Z7 r' K
) i% c' B1 G  B) |, W/ {% w
 楼主| 发表于 2023-8-3 14:18:35 | 显示全部楼层
把上面的二楼的注释掉,然后就可以正常的登录了。
' g+ j0 s  W* B! Y! U3 R问题解决。
您需要登录后才可以回帖 登录 | 开始注册

本版积分规则

关闭

站长推荐上一条 /4 下一条

北京云银创陇科技有限公司以云计算运维,代码开发

QQ|返回首页|Archiver|小黑屋|易陆发现技术论坛 ( 蜀ICP备2026014127号-1 )点击这里给我发消息

GMT+8, 2026-4-9 01:12 , Processed in 0.055846 second(s), 23 queries .

Powered by Discuz! X3.4 Licensed

© 2012-2025 Discuz! Team.

快速回复 返回顶部 返回列表