1.修改登錄失敗驗證次數爲3
vi /etc/ssh/sshd_config
將#MaxAuthTries 6 改爲
MaxAuthTries 3
2.將#Port 22 改爲
Port 22
Port 12345(你想改的端口號)
測試通過後將Port 22刪掉
3.重啓SSH服務
systemctl restart sshd.service
4.先把始終允許的IP填入 /etc/hosts.allow ,重點! 例如:
vi /etc/hosts.allow
sshd:123.123.123.123:allow
sshd:8.8.8.8:allow
5.三次後直接封IP腳本
[root@localhost ~]# vi /usr/local/bin/secure_ssh.sh
#!/bin/bash
cat /var/log/secure | awk '/Failed/{print $(NF-3)}' | sort | uniq -c |awk '{print $2"="$1}' > /tmp/blacklist
MAXCOUNT="3"
for i in `cat /tmp/blacklist`
do
IP=`echo $i | awk -F= '{print $1}'`
NUM=`echo $i | awk -F= '{print $2}'`
if [ $NUM -gt $MAXCOUNT ];then
grep $IP /etc/hosts.deny > /dev/null
if [ $? -gt 0 ];then
echo "sshd:$IP" >> /etc/hosts.deny
fi
fi
done6.將secure_ssh.sh腳本放入cron計劃任務,每天5:20執行一次。
[root@localhost ~]# crontab -e
20 05 * sh /usr/local/bin/secure_ssh.sh
查看IP黑名單
cat /etc/hosts.deny
head -50 /etc/hosts.deny
直接執行腳本
sh /usr/local/bin/secure_ssh.sh