将设为首页浏览此站
收藏本站联系我们相册切换到窄版

易陆发现互联网技术论坛

 找回密码
 开始注册
易陆发现互联网技术论坛»首页 操作系统区 非桌面系统 Redhat/Centos Linux系统 ssh 登录用户日志信息限制用户登录,防止SSH爆破,系统 ...
查看: 456|回复: 2
收起左侧

ssh 登录用户日志信息限制用户登录,防止SSH爆破,系统某些用户登录失败error: 认证失败(用户名或密码错误)

[复制链接]
admin
发表于 2023-8-3 10:35:35 | 显示全部楼层 |阅读模式

马上注册,结交更多好友,享用更多功能,让你轻松玩转社区。

您需要 登录 才可以下载或查看,没有账号?开始注册

x
Aug  3 10:26:41 devops-prod-ansible-02 filebeat: 2023-08-03T10:26:41.608+0800#011INFO#011[monitoring]#011log/log.go:145#011Non-zero metrics in the last 30s#011{"monitoring": {"metrics": {"beat":{"cpu":{"system":{"ticks":2544390,"time":{"ms":22}},"total":{"ticks":6512570,"time":{"ms":45},"value":6512570},"user":{"ticks":3968180,"time":{"ms":23}}},"handles":{"limit":{"hard":4096,"soft":1024},"open":8},"info":{"ephemeral_id":"8f113502-1487-4c59-b627-114298a25801","uptime":{"ms":11552700039}},"memstats":{"gc_next":4405392,"memory_alloc":3943296,"memory_total":628180232808},"runtime":{"goroutines":43}},"filebeat":{"events":{"active":-1,"added":12,"done":13},"harvester":{"open_files":2,"running":2}},"libbeat":{"config":{"module":{"running":0}},"output":{"events":{"acked":13,"batches":4,"total":13},"read":{"bytes":24},"write":{"bytes":3540}},"pipeline":{"clients":3,"events":{"active":0,"published":12,"total":12},"queue":{"acked":13}}},"registrar":{"states":{"current":6,"update":13},"writes":{"success":4,"total":4}},"system":{"load":{"1":0,"15":0.05,"5":0.01,"norm":{"1":0,"15":0.0125,"5":0.0025}}}}}}0 E% u: ^9 C0 V1 a# C" J! Q
Aug  3 10:26:44 devops-prod-ansible-02 filebeat: 2023-08-03T10:26:44.443+0800#011INFO#011log/harvester.go:278#011File is inactive: /.cmdlog/cmdlog.2023-08-03. Closing because close_inactive of 1m0s reached.$ `. `' J3 i; L' o0 ]; _
Aug  3 10:27:11 devops-prod-ansible-02 filebeat: 2023-08-03T10:27:11.606+0800#011INFO#011[monitoring]#011log/log.go:145#011Non-zero metrics in the last 30s#011{"monitoring": {"metrics": {"beat":{"cpu":{"system":{"ticks":2544400,"time":{"ms":14}},"total":{"ticks":6512610,"time":{"ms":34},"value":6512610},"user":{"ticks":3968210,"time":{"ms":20}}},"handles":{"limit":{"hard":4096,"soft":1024},"open":7},"info":{"ephemeral_id":"8f113502-1487-4c59-b627-114298a25801","uptime":{"ms":11552730039}},"memstats":{"gc_next":4194304,"memory_alloc":3670936,"memory_total":628185307728},"runtime":{"goroutines":38}},"filebeat":{"events":{"added":5,"done":5},"harvester":{"closed":1,"open_files":1,"running":1}},"libbeat":{"config":{"module":{"running":0}},"output":{"events":{"acked":4,"batches":3,"total":4},"read":{"bytes":18},"write":{"bytes":2223}},"pipeline":{"clients":3,"events":{"active":0,"filtered":1,"published":4,"total":5},"queue":{"acked":4}}},"registrar":{"states":{"current":6,"update":5},"writes":{"success":4,"total":4}},"system":{"load":{"1":0,"15":0.05,"5":0.01,"norm":{"1":0,"15":0.0125,"5":0.0025}}}}}}8 W7 g+ x$ `( w- u) O9 Q9 A5 i
Aug  3 10:27:41 devops-prod-ansible-02 filebeat: 2023-08-03T10:27:41.606+0800#011INFO#011[monitoring]#011log/log.go:145#011Non-zero metrics in the last 30s#011{"monitoring": {"metrics": {"beat":{"cpu":{"system":{"ticks":2544410,"time":{"ms":9}},"total":{"ticks":6512640,"time":{"ms":38},"value":6512640},"user":{"ticks":3968230,"time":{"ms":29}}},"handles":{"limit":{"hard":4096,"soft":1024},"open":7},"info":{"ephemeral_id":"8f113502-1487-4c59-b627-114298a25801","uptime":{"ms":11552760038}},"memstats":{"gc_next":7016112,"memory_alloc":3764776,"memory_total":628190777232},"runtime":{"goroutines":38}},"filebeat":{"events":{"added":5,"done":5},"harvester":{"open_files":1,"running":1}},"libbeat":{"config":{"module":{"running":0}},"output":{"events":{"acked":5,"batches":3,"total":5},"read":{"bytes":18},"write":{"bytes":2362}},"pipeline":{"clients":3,"events":{"active":0,"published":5,"total":5},"queue":{"acked":5}}},"registrar":{"states":{"current":6,"update":5},"writes":{"success":3,"total":3}},"system":{"load":{"1":0,"15":0.05,"5":0.01,"norm":{"1":0,"15":0.0125,"5":0.0025}}}}}}, X: Z( j/ z. e$ X, u( M, M
( m6 |, J3 K& }2 W" k
1 z& p2 h0 i& F/ s: D

& K5 D* X, [) m6 V9 I" xAug  3 10:28:11 devops-prod-ansible-02 filebeat: 2023-08-03T10:28:11.606+0800#011INFO#011[monitoring]#011log/log.go:145#011Non-zero metrics in the last 30s#011{"monitoring": {"metrics": {"beat":{"cpu":{"system":{"ticks":2544420,"time":{"ms":8}},"total":{"ticks":6512660,"time":{"ms":11},"value":6512660},"user":{"ticks":3968240,"time":{"ms":3}}},"handles":{"limit":{"hard":4096,"soft":1024},"open":7},"info":{"ephemeral_id":"8f113502-1487-4c59-b627-114298a25801","uptime":{"ms":11552790038}},"memstats":{"gc_next":7016112,"memory_alloc":4294680,"memory_total":628191307136},"runtime":{"goroutines":38}},"filebeat":{"harvester":{"open_files":1,"running":1}},"libbeat":{"config":{"module":{"running":0}},"pipeline":{"clients":3,"events":{"active":0}}},"registrar":{"states":{"current":6}},"system":{"load":{"1":0,"15":0.05,"5":0.01,"norm":{"1":0,"15":0.0125,"5":0.0025}}}}}}
6 M0 t9 ]6 G! C0 x) X" s, f$ s3 F. C, `
Aug  3 10:28:11 devops-prod-ansible-02 filebeat: 2023-08-03T10:28:11.606+0800#011INFO#011[monitoring]#011log/log.go:145#011Non-zero metrics in the last 30s#011{"monitoring": {"metrics": {"beat":{"cpu":{"system":{"ticks":2544420,"time":{"ms":8}},"total":{"ticks":6512660,"time":{"ms":11},"value":6512660},"user":{"ticks":3968240,"time":{"ms":3}}},"handles":{"limit":{"hard":4096,"soft":1024},"open":7},"info":{"ephemeral_id":"8f113502-1487-4c59-b627-114298a25801","uptime":{"ms":11552790038}},"memstats":{"gc_next":7016112,"memory_alloc":4294680,"memory_total":628191307136},"runtime":{"goroutines":38}},"filebeat":{"harvester":{"open_files":1,"running":1}},"libbeat":{"config":{"module":{"running":0}},"pipeline":{"clients":3,"events":{"active":0}}},"registrar":{"states":{"current":6}},"system":{"load":{"1":0,"15":0.05,"5":0.01,"norm":{"1":0,"15":0.0125,"5":0.0025}}}}}}2 k  v8 Q- \9 g) O7 @3 J
Aug  3 10:28:25 devops-prod-ansible-02 filebeat: 2023-08-03T10:28:25.085+0800#011INFO#011log/harvester.go:278#011File is inactive: /var/log/secure. Closing because close_inactive of 1m0s reached., n  G. r2 n3 d$ i* k
Aug  3 10:28:41 devops-prod-ansible-02 filebeat: 2023-08-03T10:28:41.607+0800#011INFO#011[monitoring]#011log/log.go:145#011Non-zero metrics in the last 30s#011{"monitoring": {"metrics": {"beat":{"cpu":{"system":{"ticks":2544430,"time":{"ms":13}},"total":{"ticks":6512670,"time":{"ms":20},"value":6512670},"user":{"ticks":3968240,"time":{"ms":7}}},"handles":{"limit":{"hard":4096,"soft":1024},"open":6},"info":{"ephemeral_id":"8f113502-1487-4c59-b627-114298a25801","uptime":{"ms":11552820039}},"memstats":{"gc_next":7016112,"memory_alloc":4647992,"memory_total":628191660448},"runtime":{"goroutines":33}},"filebeat":{"events":{"added":1,"done":1},"harvester":{"closed":1,"open_files":0,"running":0}},"libbeat":{"config":{"module":{"running":0}},"pipeline":{"clients":3,"events":{"active":0,"filtered":1,"total":1}}},"registrar":{"states":{"current":6,"update":1},"writes":{"success":1,"total":1}},"system":{"load":{"1":0,"15":0.05,"5":0.01,"norm":{"1":0,"15":0.0125,"5":0.0025}}}}}}
6 ]4 a2 K5 k# ]* V) L6 v. [" ]; R; m8 E
" \' }/ a+ w; {" P. J# i. D* `3 c8 T  X5 @9 Y
Aug  3 10:29:11 devops-prod-ansible-02 filebeat: 2023-08-03T10:29:11.606+0800#011INFO#011[monitoring]#011log/log.go:145#011Non-zero metrics in the last 30s#011{"monitoring": {"metrics": {"beat":{"cpu":{"system":{"ticks":2544440,"time":{"ms":8}},"total":{"ticks":6512690,"time":{"ms":10},"value":6512690},"user":{"ticks":3968250,"time":{"ms":2}}},"handles":{"limit":{"hard":4096,"soft":1024},"open":6},"info":{"ephemeral_id":"8f113502-1487-4c59-b627-114298a25801","uptime":{"ms":11552850039}},"memstats":{"gc_next":7016112,"memory_alloc":5171960,"memory_total":628192184416},"runtime":{"goroutines":33}},"filebeat":{"harvester":{"open_files":0,"running":0}},"libbeat":{"config":{"module":{"running":0}},"pipeline":{"clients":3,"events":{"active":0}}},"registrar":{"states":{"current":6}},"system":{"load":{"1":0,"15":0.05,"5":0.01,"norm":{"1":0,"15":0.0125,"5":0.0025}}}}}}1 E2 Z8 J# ~! S3 V
3 P2 n7 w' U4 u2 z

  G& G+ \2 ]4 N2 N查看audit.log日志' ^2 N2 Y% J0 |

( N" K9 @! w7 H  K' M  r" [type=USER_AUTH msg=audit(1691029637.510:4371430): pid=30116 uid=0 auid=4294967295 ses=4294967295 msg='op=PAM:authentication grantors=? acct="devops" exe="/usr/sbin/sshd" hostname=172.24.21.6 addr=172.24.21.6 terminal=ssh res=failed'8 a" Z: N; E  v( r+ j5 o

& \( R, e' ^0 Z5 ?3 _+ G
2 r9 v& f$ P8 S9 K
3 H+ n7 B. ]. K% j5 }
+ G) ]3 E! R  n! i0 J
4 n2 O0 J" q6 U* m! z& S
- V% A, z2 m& m# h( _  ~
回复

使用道具 举报

admin
 楼主| 发表于 2023-8-3 14:18:01 | 显示全部楼层
vim /etc/pam.d/sshdvim /etc/pam.d/sshd, r; n# _( G$ i3 v; L
auth       required     pam_tally2.so onerr=fail deny=5 unlock_time=1800 even_deny_root
/ j# Q5 L' c1 C& d+ b: z7 j$ E注释掉之后3 {6 e; E) B& f6 f& |: i
#auth       required     pam_tally2.so onerr=fail deny=5 unlock_time=1800 even_deny_root# a( Z' ]3 c! K. U

4 ~# z3 O+ t1 J即可正常登录。# g: {& F/ ?: b: |4 v( j
# S, C: V. j8 `* @# t& K: o
vim /etc/pam.d/login" _' p6 f0 d( \! u6 p
#%PAM-1.0
8 P) T4 t7 F+ h9 Z2 N4 K#auth required pam_tally2.so onerr=fail deny=5 unlock_time=1800 even_deny_root) J7 q9 e! x$ N" G1 @) ?; {0 k0 ?: j
4 \" X- s- [& W5 J6 p1 s
回复 支持 反对

使用道具 举报

admin
 楼主| 发表于 2023-8-3 14:18:35 | 显示全部楼层
把上面的二楼的注释掉,然后就可以正常的登录了。  h& ?" M' k( l( d
问题解决。
回复 支持 反对

使用道具 举报

返回列表 发新帖
高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 | 开始注册

本版积分规则

关闭

站长推荐上一条 /4 下一条

北京云银创陇科技有限公司以云计算运维,代码开发

QQ|返回首页|Archiver|小黑屋|易陆发现技术论坛 ( 蜀ICP备2026014127号-1 )点击这里给我发消息

GMT+8, 2026-4-9 00:02 , Processed in 0.054402 second(s), 23 queries .

Powered by Discuz! X3.4 Licensed

© 2012-2025 Discuz! Team.

快速回复 返回顶部 返回列表