История изменений
Исправление edigaryev, (текущая версия) :
а что, часто долбят в 22-й порт?
Часто, у меня на домашнем ПК за два года около 31,000 попыток входа, учитывая что включен он не постоянно.
Бывало и такое:
$ grep 'Jan 18.*Name: ' messages-archive | wc -l
972
972 попытки за день — не DoS конечно, но довольно агрессивно.
Jan 18 06:47:20 localhost sshd[21774]: SSH: Server;Ltype: Authname;Remote: 61.143.160.148-43799;Name: root [preauth]
Jan 18 06:47:21 localhost sshd[21776]: SSH: Server;Ltype: Authname;Remote: 61.143.160.148-44441;Name: root [preauth]
Jan 18 06:47:23 localhost sshd[21778]: SSH: Server;Ltype: Authname;Remote: 61.143.160.148-45128;Name: root [preauth]
Jan 18 06:47:25 localhost sshd[21780]: SSH: Server;Ltype: Authname;Remote: 61.143.160.148-45780;Name: root [preauth]
Jan 18 06:47:27 localhost sshd[21782]: SSH: Server;Ltype: Authname;Remote: 61.143.160.148-46630;Name: root [preauth]
Jan 18 06:47:28 localhost sshd[21784]: SSH: Server;Ltype: Authname;Remote: 61.143.160.148-47523;Name: root [preauth]
Jan 18 06:47:30 localhost sshd[21786]: SSH: Server;Ltype: Authname;Remote: 61.143.160.148-48138;Name: root [preauth]
Jan 18 06:47:31 localhost sshd[21788]: SSH: Server;Ltype: Authname;Remote: 61.143.160.148-49013;Name: root [preauth]
Jan 18 06:47:33 localhost sshd[21790]: SSH: Server;Ltype: Authname;Remote: 61.143.160.148-49597;Name: root [preauth]
Jan 18 06:47:35 localhost sshd[21792]: SSH: Server;Ltype: Authname;Remote: 61.143.160.148-50449;Name: root [preauth]
Jan 18 06:47:37 localhost sshd[21794]: SSH: Server;Ltype: Authname;Remote: 61.143.160.148-51318;Name: root [preauth]
Jan 18 06:47:39 localhost sshd[21796]: SSH: Server;Ltype: Authname;Remote: 61.143.160.148-51952;Name: root [preauth]
Jan 18 06:47:40 localhost sshd[21798]: SSH: Server;Ltype: Authname;Remote: 61.143.160.148-52766;Name: root [preauth]
Jan 18 06:47:42 localhost sshd[21800]: SSH: Server;Ltype: Authname;Remote: 61.143.160.148-53628;Name: root [preauth]
Jan 18 06:47:44 localhost sshd[21802]: SSH: Server;Ltype: Authname;Remote: 61.143.160.148-54479;Name: root [preauth]
Jan 18 06:47:46 localhost sshd[21804]: SSH: Server;Ltype: Authname;Remote: 61.143.160.148-55331;Name: root [preauth]
Jan 18 06:47:47 localhost sshd[21810]: SSH: Server;Ltype: Authname;Remote: 61.143.160.148-55951;Name: root [preauth]
Jan 18 06:47:49 localhost sshd[21812]: SSH: Server;Ltype: Authname;Remote: 61.143.160.148-56592;Name: nagios [preauth]
Исходная версия edigaryev, :
а что, часто долбят в 22-й порт?
Часто, у меня на домашнем ПК за два года около 31,000 попыток входа, учитывая что включен он не постоянно.
Бывало и такое:
$ grep 'Jan 18.*Name: ' messages-archive | wc -l
972
Jan 18 06:47:20 localhost sshd[21774]: SSH: Server;Ltype: Authname;Remote: 61.143.160.148-43799;Name: root [preauth]
Jan 18 06:47:21 localhost sshd[21776]: SSH: Server;Ltype: Authname;Remote: 61.143.160.148-44441;Name: root [preauth]
Jan 18 06:47:23 localhost sshd[21778]: SSH: Server;Ltype: Authname;Remote: 61.143.160.148-45128;Name: root [preauth]
Jan 18 06:47:25 localhost sshd[21780]: SSH: Server;Ltype: Authname;Remote: 61.143.160.148-45780;Name: root [preauth]
Jan 18 06:47:27 localhost sshd[21782]: SSH: Server;Ltype: Authname;Remote: 61.143.160.148-46630;Name: root [preauth]
Jan 18 06:47:28 localhost sshd[21784]: SSH: Server;Ltype: Authname;Remote: 61.143.160.148-47523;Name: root [preauth]
Jan 18 06:47:30 localhost sshd[21786]: SSH: Server;Ltype: Authname;Remote: 61.143.160.148-48138;Name: root [preauth]
Jan 18 06:47:31 localhost sshd[21788]: SSH: Server;Ltype: Authname;Remote: 61.143.160.148-49013;Name: root [preauth]
Jan 18 06:47:33 localhost sshd[21790]: SSH: Server;Ltype: Authname;Remote: 61.143.160.148-49597;Name: root [preauth]
Jan 18 06:47:35 localhost sshd[21792]: SSH: Server;Ltype: Authname;Remote: 61.143.160.148-50449;Name: root [preauth]
Jan 18 06:47:37 localhost sshd[21794]: SSH: Server;Ltype: Authname;Remote: 61.143.160.148-51318;Name: root [preauth]
Jan 18 06:47:39 localhost sshd[21796]: SSH: Server;Ltype: Authname;Remote: 61.143.160.148-51952;Name: root [preauth]
Jan 18 06:47:40 localhost sshd[21798]: SSH: Server;Ltype: Authname;Remote: 61.143.160.148-52766;Name: root [preauth]
Jan 18 06:47:42 localhost sshd[21800]: SSH: Server;Ltype: Authname;Remote: 61.143.160.148-53628;Name: root [preauth]
Jan 18 06:47:44 localhost sshd[21802]: SSH: Server;Ltype: Authname;Remote: 61.143.160.148-54479;Name: root [preauth]
Jan 18 06:47:46 localhost sshd[21804]: SSH: Server;Ltype: Authname;Remote: 61.143.160.148-55331;Name: root [preauth]
Jan 18 06:47:47 localhost sshd[21810]: SSH: Server;Ltype: Authname;Remote: 61.143.160.148-55951;Name: root [preauth]
Jan 18 06:47:49 localhost sshd[21812]: SSH: Server;Ltype: Authname;Remote: 61.143.160.148-56592;Name: nagios [preauth]