寫一個計劃任務腳本，每分鐘檢測一下，把連接本機ssh失敗次數達10次的IP地址封掉。要求用awk做。

一、系統：centos6

二、方法：讀取/var/log/secure，查找關鍵字Failed,例如

[root@centos6 .ssh]#tailf /var/log/secure Sep 3 00:41:28 centos6 sshd[11963]: error: connect_to 74.125.204.113 port 443: failed.Sep 3 00:49:31 centos6 sshd[12021]: Failed password for root from 172.18.254.13 port 59012 ssh2Sep 3 00:49:31 centos6 sshd[12021]: Failed password for root from 172.18.254.13 port 59012 ssh2Sep 3 00:49:31 centos6 sshd[12022]: Connection closed by 172.18.254.13Sep 3 00:49:51 centos6 sshd[12023]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=www.google.com user=rootSep 3 00:49:53 centos6 sshd[12023]: Failed password for root from 172.18.254.13 port 59014 ssh2Sep 3 00:50:02 centos6 sshd[12023]: Failed password for root from 172.18.254.13 port 59014 ssh2Sep 3 00:50:12 centos6 sshd[12023]: Accepted password for root from 172.18.254.13 port 59014 ssh2

三、步驟

1、可以先把某些常用的ip填入/etc/hosts.allow,這很重要，防止某些常用的ip由于輸錯了密碼而登不上

[root@centos6 .ssh]#cat /etc/hosts.allow # # hosts.allow This file contains access rules which are used to# allow or deny connections to network services that# either use the tcp_wrappers library or that have been# started through a tcp_wrappers-enabled xinetd.# # See 'man 5 hosts_options' and 'man 5 hosts_access'# for information on rule syntax.# See 'man tcpd' for information on tcp_wrappers# sshd:172.18.254.13:allowsshd:172.18.252.54:allow

2、編寫腳本/root/bin/secure_ssh.sh

[root@centos6 bin]#cat secure_ssh.sh #!/bin/bashcat /var/log/secure|awk '/Failed/{print $(NF-3)}'|sort|uniq -c|awk '{print $2"="$1;}'>/root/black.txtdefine=10for i in `cat /root/black.txt`doip=`echo $i|awk -F= '{print $1}'`num=`echo $i|awk -F= '{print $2}'`if [ $num -gt 10 ];thengrep $ip /etc/hosts.deny > /dev/nullif [ $? -gt 0 ];thenecho "sshd:$ip:deny">> /etc/hosts.denyfifidone

3、將secure_ssh.sh放入cron計劃任務，每一分鐘執行一次

[root@centos6 bin]#crontab -l*/1 * * * * /root/bin/secure_ssh.sh

注意：腳本的地址必須寫絕對路徑！！！

四、測試

1、開兩個終端窗口，一個ssh連上服務器，另一個用錯誤的密碼連接服務器幾次。

[root@localhost .ssh]# ssh 172.18.250.42root@172.18.250.42's password: Permission denied, please try again.root@172.18.250.42's password: Permission denied, please try again.root@172.18.250.42's password: Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).[root@localhost .ssh]# ssh 172.18.250.42 [root@localhost .ssh]# ssh 172.18.250.42root@172.18.250.42's password: Permission denied, please try again.root@172.18.250.42's password: Permission denied, please try again.root@172.18.250.42's password: Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).

很快，服務器上黑名單文件里已經有記錄了：

[root@centos6 bin]#cat /root/black.txt 172.18.252.54=6172.18.254.13=15

再看看服務器上的hosts.deny

[root@centos6 bin]#cat /etc/hosts.deny # # hosts.deny This file contains access rules which are used to# deny connections to network services that either use# the tcp_wrappers library or that have been# started through a tcp_wrappers-enabled xinetd.# # The rules in this file can also be set up in# /etc/hosts.allow with a 'deny' option instead.# # See 'man 5 hosts_options' and 'man 5 hosts_access'# for information on rule syntax.# See 'man tcpd' for information on tcp_wrappers# sshd:172.18.254.13:deny

IP 已經被加入到服務器的hosts.deny，再用正確連接服務器時，被拒絕：

[root@localhost .ssh]# ssh 172.18.250.42ssh_exchange_identification: read: Connection reset by peer

?

轉載于:https://www.cnblogs.com/f-h-j-11-7/p/9651895.html

總結

以上是生活随笔為你收集整理的ssh访问控制，封杀ip，防止暴力破解的全部內容，希望文章能夠幫你解決所遇到的問題。

如果覺得生活随笔網站內容還不錯，歡迎將生活随笔推薦給好友。