使用DenyHosts保护你的vps免于被SSH暴力攻击

Update: 除了DenyHosts,可以试一下fail2ban,这货貌似更加有名气。另外,修改sshd默认端口22也是明智之举。

vi /etc/ssh/sshd_config
service sshd restart

 

原文:

最近遇到了几次ssh暴力破解密码攻击,服务器明显变得卡顿无比。用iptables可以阻止ip地址,但毕竟不是长久之计,网上搜了一下,找到个DenyHosts,试了一下,不知效果如何,这里记录一下安装和配置的步骤。

官网链接:http://denyhosts.sourceforge.net/

下载安装包:最新版是2.6

wget http://nchc.dl.sourceforge.net/project/denyhosts/denyhosts/2.6/DenyHosts-2.6.tar.gz

解压安装:

tar zxvf DenyHosts-2.6.tar.gz
cd DenyHosts-2.6
python setup.py install

配置开机自动启动:

cd /usr/share/denyhosts/
cp daemon-control-dist daemon-control -a
chown root daemon-control
chmod 755 daemon-control
ln -s /usr/share/denyhosts/daemon-control /etc/init.d/denyhosts
chkconfig denyhosts on

创建/修改配置文件,直接用默认的即可,如果实在有需要,自行查找官网的说明:

cd /usr/share/denyhosts/
cp denyhosts.cfg-dist denyhosts.cfg -a

启动服务:(在我的vps上卡了好一会才启动成功 🙁  是我的机器太屎了吗? )

service denyhosts start

默认配置的情况下,查看/etc/hosts.deny文件,就可以看到被阻止的记录。

 

  • 移除被阻止的记录

如果你想移除某个被阻止的ip,答案是:很麻烦,想不通,原作者怎么这么呆,不提供一条命令呢。

1- # Stop DenyHosts

$ services denyhosts stop

2- # Remove the IP address from /etc/hosts.deny

3- Edit /usr/share/denyhosts/data/hosts and remove the lines containing the IP address. Save the file.

4- Edit /usr/share/denyhosts/data/hosts-restricted and remove the lines containing the IP address. Save the file.

5- Edit /usr/share/denyhosts/data/hosts-root and remove the lines containing the IP address. Save the file.

6- Edit /usr/share/denyhosts/data/hosts-valid and remove the lines containing the IP address. Save the file.

7- Edit /usr/share/denyhosts/data/users-hosts and remove the lines containing the IP address. Save the file. (optional) Consider adding the IP address to /usr/share/denyhosts/data/allowed-hosts

8- Start DenyHosts

$ services denyhosts start

 

  • 添加白名单

上面第七条中其实有提到,adding the IP address to /usr/share/denyhosts/data/allowed-hosts,每行一个ip

发表评论

电子邮件地址不会被公开。 必填项已用*标注

此站点使用Akismet来减少垃圾评论。了解我们如何处理您的评论数据