服务器系统:Ubuntu 22.04
相关服务: open-ssh
问题
最近服务器进行ssh连接往往需要多次尝试连接才能够成功,失败的连接报错如下:
C:\Users\xx> ssh ab@[IP]
kex_exchange_identification: Connection closed by remote host
Connection closed by [IP] port 22
或者输入密码后需要等待很久才能重新连接
原因
-
/etc/ssh/sshd_config 为ssh服务的参数,其中有一条为:
MaxStartups 10:30:100其含义如下:
10:未验证连接数达到10开始进行连接drop (以一定概率拒绝新的连接)
30:基础drop概率值,线性增大
100: 未验证连接数达到100则拒绝所有新连接 -
使用命令 systemctl status ssh 发现有大量标记为[priv]的连接,每秒有多次连接失败尝试
├─2109811 "sshd: unknown [priv]"├─2109812 "sshd: unknown [priv]"├─2109813 "sshd: unknown [net]" ""├─2109814 "sshd: unknown [priv]"├─2109815 "sshd: unknown [net]" ""├─2109816 "sshd: unknown [net]" ""├─2109817 "sshd: unknown [priv]"├─2109818 "sshd: unknown [net]" ""├─2109819 "sshd: unknown [priv]"├─2109820 "sshd: unknown [net]" ""├─2109821 "sshd: root [priv]" "" "" ""├─2109822 "sshd: root [net]" "" "" "" ""├─2109823 "sshd: unknown [priv]"├─2109824 "sshd: unknown [net]" ""├─2109827 "sshd: unknown [priv]"├─2109829 "sshd: unknown [net]" ""├─2109830 "sshd: unknown [priv]"├─2109831 "sshd: unknown [priv]"├─2109832 "sshd: unknown [net]" ""├─2109833 "sshd: unknown [net]" ""├─2109834 "sshd: unknown [priv]"├─2109835 "sshd: unknown [net]" ""├─2109837 "sshd: unknown [priv]"├─2109838 "sshd: unknown [net]" ""├─2109839 "sshd: unknown [priv]"├─2109842 "sshd: unknown [net]" ""├─2109843 "sshd: unknown [priv]"├─2109844 "sshd: root [priv]" "" "" ""
1月 10 04:23:22 w4 sshd[1938612]: Connection closed by invalid user ljb
1月 10 04:23:22 w4 sshd[1938803]: pam_unix(sshd:auth): check pass; user unknown
1月 10 04:23:22 w4 sshd[1938803]: pam_unix(sshd:auth): authentication failure; logname= uid=0
1月 10 04:23:22 w4 sshd[1938658]: Failed password for root from
1月 10 04:23:22 w4 sshd[1938657]: Failed password for invalid user umscloud from
1月 10 04:23:22 w4 sshd[1938805]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser04:23:22 w4 ssh
1月 10 04:23:22 w4 sshd[1938693]: Failed password for invalid user
1月 10 04:23:22 w4 sshd[1938661]: Failed password for invalid user dzq818
1月 10 04:23:22 w4 sshd[1938807]: Invalid user d_user from
解决方案
- 令所有用户配置秘钥登录,ssh配置设置为禁止使用账户密码登录
- 使用fail2ban工具,ban掉短时间内多次登录失败的ip地址
fail2ban详细安装教程
 -创建图文投票实现)
)
-----pod的亲和性和反亲和性)
![[VSCode] VSCode 常用快捷键](http://pic.xiahunao.cn/[VSCode] VSCode 常用快捷键)
)
)
