Cómo proteger mi servidor de intentos de inicio de sesión continuo (Ubuntu)

2

Este es el registro de mi servidor:

Mar 25 16:49:51 f4arelay sshd[10831]: input_userauth_request: invalid user git [preauth] 
Mar 25 16:49:51 f4arelay sshd[10831]: pam_unix(sshd:auth): check pass; user unknown 
Mar 25 16:49:51 f4arelay sshd[10831]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.29.194.97 
Mar 25 16:49:54 f4arelay sshd[10831]: Failed password for invalid user git from 115.29.194.97 port 43574 ssh2 
Mar 25 16:49:54 f4arelay sshd[10831]: Received disconnect from 115.29.194.97: 11: Bye Bye [preauth] 
Mar 25 16:50:08 f4arelay sshd[10473]: pam_unix(sshd:session): session closed for user root 
Mar 25 16:52:49 f4arelay sshd[10841]: Invalid user vagrant from 115.29.194.97 
Mar 25 16:52:49 f4arelay sshd[10841]: input_userauth_request: invalid user vagrant [preauth] 
Mar 25 16:52:49 f4arelay sshd[10841]: pam_unix(sshd:auth): check pass; user unknown 
Mar 25 16:52:49 f4arelay sshd[10841]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.29.194.97 
Mar 25 16:52:51 f4arelay sshd[10841]: Failed password for invalid user vagrant from 115.29.194.97 port 35672 ssh2 
Mar 25 16:52:51 f4arelay sshd[10841]: Received disconnect from 115.29.194.97: 11: Bye Bye [preauth] 
Mar 25 16:55:45 f4arelay sshd[10845]: Invalid user vnc from 115.29.194.97 
Mar 25 16:55:45 f4arelay sshd[10845]: input_userauth_request: invalid user vnc [preauth] 
Mar 25 16:55:45 f4arelay sshd[10845]: pam_unix(sshd:auth): check pass; user unknown 
Mar 25 16:55:45 f4arelay sshd[10845]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.29.194.97 
Mar 25 16:55:47 f4arelay sshd[10845]: Failed password for invalid user vnc from 115.29.194.97 port 56011 ssh2 
Mar 25 16:55:47 f4arelay sshd[10845]: Received disconnect from 115.29.194.97: 11: Bye Bye [preauth] 
Mar 25 16:56:38 f4arelay sshd[10849]: Accepted password for root from 37.134.155.106 port 62645 ssh2 
Mar 25 16:56:38 f4arelay sshd[10849]: pam_unix(sshd:session): session opened for user root by (uid=0) 
Mar 25 16:56:38 f4arelay sshd[10849]: pam_env(sshd:session): Unable to open env file: /etc/default/locale: No such file or directory 
Mar 25 16:57:23 f4arelay sudo: root : TTY=pts/0 ; PWD=/root ; USER=root ; COMMAND=/usr/bin/less /var/log/auth.log 
Mar 25 16:57:23 f4arelay sudo: pam_unix(sudo:session): session opened for user root by root(uid=0) 
Mar 25 16:58:48 f4arelay sshd[10900]: Invalid user test from 115.29.194.97 
Mar 25 16:58:48 f4arelay sshd[10900]: input_userauth_request: invalid user test [preauth] 
Mar 25 16:58:48 f4arelay sshd[10900]: pam_unix(sshd:auth): check pass; user unknown 
Mar 25 16:58:48 f4arelay sshd[10900]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.29.194.97 
Mar 25 16:58:50 f4arelay sshd[10900]: Failed password for invalid user test from 115.29.194.97 port 48110 ssh2 
Mar 25 16:58:50 f4arelay sshd[10900]: Received disconnect from 115.29.194.97: 11: Bye Bye [preauth] 
Mar 25 16:59:48 f4arelay sudo: pam_unix(sudo:session): session closed for user root 
Mar 25 17:00:12 f4arelay sudo: root : TTY=pts/0 ; PWD=/root ; USER=root ; COMMAND=/usr/bin/less /var/log/auth.log 
Mar 25 17:00:12 f4arelay sudo: pam_unix(sudo:session): session opened for user root by root(uid=0)

Como puede ver, hay un bot que intenta conectarse continuamente a mi servidor.

Me gustaría saber cómo protegerlo de personas como él, sé que no es posible detener a todas esas personas, solo quiero asegurarme de que no se registren en mi servidor.

    
pregunta Javi B 25.03.2016 - 22:06
fuente

1 respuesta

7
  1. Utilice autenticación basada en clave para SSH en lugar de autenticación de contraseña
  2. Cambie su puerto SSHd a algo distinto a 22. Esto es seguridad a través de la oscuridad, pero probablemente sea justificable en este caso.
  3. fail2ban usuarios que intentan conectarse en el puerto 22 o pruebe la autenticación de contraseña
respondido por el Neil McGuigan 25.03.2016 - 22:18
fuente

Lea otras preguntas en las etiquetas